HUAWEI 1. Getting Started 2. Port 3. VLAN 4. Multicast 5. QoS/ACL 6. Integrated Management 7. STP 8. Security 9. Network Protocol 10. System Management 11. Remote Power-feeding 12. Appendix Quidway S3000-EI Series Ethernet Switches Operation Manual VRP3.
Quidway S3000-EI Series Ethernet Switches Operation Manual Manual Version T2-081691-20050625-C-1.04 Product Version VRP3.10 BOM 31161091 Huawei Technologies Co., Ltd. provides customers with comprehensive technical support and service. If you purchase the products from the sales agent of Huawei Technologies Co., Ltd., please contact our sales agent. If you purchase the products from Huawei Technologies Co., Ltd.
Copyright © 2005 Huawei Technologies Co., Ltd. All Rights Reserved No part of this manual may be reproduced or transmitted in any form or by any means without prior written consent of Huawei Technologies Co., Ltd.
About This Manual Release Notes The product version that corresponds to the manual is VRP3.10. Related Manuals The following manuals provide more information about the Quidway S3000-EI Series Ethernet Switches. Manual Content Quidway S3026C-PWR Ethernet Switch Installation Manual Introduces the system installation, booting, configuration and maintenance of S3026C-PWR Ethernet Switch.
QoS/ACL z This module introduces QoS/ACL configuration. Integrated Management z This module introduces integrated configuration. STP z This module introduces STP configuration. Security z This module introduces security configuration. Network Protocol z This module introduces network protocol configuration, including ARP, DHCP Snooping, and IP performance configuration.
II. Command conventions Convention Description Boldface The keywords of a command line are in Boldface. italic Command arguments are in italic. [] Items (keywords or arguments) in square brackets [ ] are optional. { x | y | ... } Alternative items are grouped in braces and separated by vertical bars. One is selected. [ x | y | ... ] Optional alternative items are grouped in square brackets and separated by vertical bars. One or none is selected. { x | y | ...
V. Mouse operation Action Description Select Press and hold the primary mouse button (left mouse button by default). Click Select and release the primary mouse button without moving the pointer. Double-Click Press the primary mouse button twice continuously and quickly without moving the pointer. Drag Press and hold the primary mouse button and move the pointer to a certain position. VI.
Operation Manual - Getting Started Quidway S3000-EI Series Ethernet Switches Table of Contents Table of Contents Chapter 1 Product Overview ........................................................................................................ 1-1 1.1 Product Overview............................................................................................................... 1-1 1.2 Function Features .......................................................................................................
Operation Manual - Getting Started Quidway S3000-EI Series Ethernet Switches Table of Contents 5.2.3 Setting/Deleting the Management VLAN Interface Description Character String... 5-5 5.2.4 Enabling/Disabling a Management VLAN Interface................................................ 5-6 5.2.5 Configuring the Hostname and Host IP Address .................................................... 5-6 5.2.6 Configuring a Static Route ................................................................................
Operation Manual - Getting Started Quidway S3000-EI Series Ethernet Switches Chapter 1 Product Overview Chapter 1 Product Overview 1.1 Product Overview Quidway S3000-EI Series Ethernet Switches, the L2 Ethernet Switches independently developed by Huawei, provide wire-speed L2 switching function.
Operation Manual - Getting Started Quidway S3000-EI Series Ethernet Switches Chapter 1 Product Overview 1.2 Function Features Table 1-1 Function features Features Implementation Supports VLAN compliant with IEEE 802.1Q Standard Supports port-based VLAN VLAN Supports GARP VLAN Registration Protocol (GVRP) STP protocol Flow control Broadcast Suppression Supports Spanning Tree Protocol (STP) / Rapid Spanning Tree Protocol (RSTP)/ Multiple Spanning Tree Protocol (MSTP), compliant with IEEE 802.
Operation Manual - Getting Started Quidway S3000-EI Series Ethernet Switches Chapter 1 Product Overview Features Implementation Supports command line interface configuration Supports configuration via Console port Supports remote configuration via Telnet or SSH Supports configuration through dialing the Modem Management and Maintenance Supports SNMP management (Supports Quidview NMS and RMON MIB Group 1, 2, 3 and 9) Supports system log Supports level alarms Supports Huawei Group Management Protocol (HG
Operation Manual - Getting Started Quidway S3000-EI Series Ethernet Switches Chapter 2 Logging in Switch Chapter 2 Logging in Switch 2.1 Setting up Configuration Environment via the Console Port Step 1: As shown in the figure below, to set up the local configuration environment, connect the serial port of a PC (or a terminal) to the Console port of the switch with the Console cable.
Operation Manual - Getting Started Quidway S3000-EI Series Ethernet Switches Chapter 2 Logging in Switch Figure 2-3 Configuring the port for connection Figure 2-4 Setting communication parameters Step 3: The switch is powered on. Display self-test information of the switch and prompt you to press Enter to show the command line prompt such as . Step 4: Input a command to configure the switch or view the operation state. Input a “?” for an immediate help.
Operation Manual - Getting Started Quidway S3000-EI Series Ethernet Switches Chapter 2 Logging in Switch 2.2 Setting up Configuration Environment through Telnet 2.2.1 Connecting a PC to the Switch through Telnet After you have correctly configured IP address of a VLAN interface for a switch via Console port (using ip address command in VLAN interface view), and added the port (that connects to a terminal) to this VLAN (using port command in VLAN view), you can telnet this switch and configure it.
Operation Manual - Getting Started Quidway S3000-EI Series Ethernet Switches Chapter 2 Logging in Switch Figure 2-6 Running Telnet Step 4: The terminal displays “Login authentication” and prompts the user to input the logon password. After you input the correct password, it displays the command line prompt (such as ). If the prompt “All user interfaces are used, please try later!” appears, it indicates that too many users are connected to the switch through the Telnet at this moment.
Operation Manual - Getting Started Quidway S3000-EI Series Ethernet Switches PC Telnet Client Chapter 2 Logging in Switch Telnet Server Figure 2-7 Providing Telnet Client service Step 1: Authenticate the Telnet user via the Console port on the Telnet Server (switch) before login. Note: By default, the password is required for authenticating the Telnet user to log in the switch. If a user logs in via the Telnet without password, he will see the prompt “Login password has not been set !”.
Operation Manual - Getting Started Quidway S3000-EI Series Ethernet Switches Chapter 2 Logging in Switch Note: By default, the password is required for authenticating the Modem user to log in the switch. If a user logs in via the Modem without password, he will see an error prompt. system-view [Quidway] user-interface aux 0 [Quidway-ui-aux0] set authentication password simple xxxx (xxxx is the preset login password of the Modem user.
Operation Manual - Getting Started Quidway S3000-EI Series Ethernet Switches Chapter 2 Logging in Switch Modem serial port line Modem Telephone line PSTN Modem Console port Remote tel: 82882285 Figure 2-8 Setting up remote configuration environment Step 4: Dial for connection to the switch, using the terminal emulator and Modem on the remote end. The number dialed shall be the telephone number of the Modem connected to the switch. See the two figures below.
Operation Manual - Getting Started Quidway S3000-EI Series Ethernet Switches Chapter 2 Logging in Switch Figure 2-10 Dialing on the remote PC Step 5: Enter the preset login password on the remote terminal emulator and wait for the prompt such as . Then you can configure and manage the switch. Enter “?” to get the immediate help. For details of specific commands, refer to the following chapters. Note: By default, when a Modem user logs in, he can access the commands at Level 0.
Operation Manual - Getting Started Quidway S3000-EI Series Ethernet Switches Chapter 3 Command Line Interface Chapter 3 Command Line Interface 3.1 Command Line Interface Quidway series switches provide a series of configuration commands and command line interfaces for configuring and managing the switch. The command line interface has the following characteristics: z Local configuration via the Console port. z Local or remote configuration via Telnet or SSH.
Operation Manual - Getting Started Quidway S3000-EI Series Ethernet Switches z Chapter 3 Command Line Interface System level: Service configuration commands, including routing command and commands on each network layer, are used to provide direct network service to the user. z Management level: They are commands that influence basis operation of the system and system support module, which plays a support role on service.
Operation Manual - Getting Started Quidway S3000-EI Series Ethernet Switches Chapter 3 Command Line Interface z Layer-2 ACL view z User-defined ACL view z RADIUS server group view z ISP domain view The following table describes the function features of different views and the ways to enter or quit.
Operation Manual - Getting Started Quidway S3000-EI Series Ethernet Switches Command view Function FTP Client view Configure FTP Client parameters Chapter 3 Command Line Interface Prompt Command to enter Key in ftp in user view [ftp] Command to exit quit returns system view to quit returns system view to Cluster view Configure Cluster parameters [Quidway-clust er] Key in cluster in system view MST region view Configure MST region parameters [Quidway-mst-r egion] Key in stp region-configu
Operation Manual - Getting Started Quidway S3000-EI Series Ethernet Switches Command view Function Chapter 3 Command Line Interface Prompt Command to enter WRED index view Configure WRED parameters [Quidway-wred -0] Key in wred 0 in system view RADIUS server group view Configure parameters radius [Quidway-radiu s-1] Key in radius scheme 1 in system view [Quidway-isp-h uawei163.net] Key in domain huawei163.
Operation Manual - Getting Started Quidway S3000-EI Series Ethernet Switches 3) Chapter 3 Command Line Interface Input a command with a “?” separated by a space. If this position is for parameters, all the parameters and their brief descriptions will be listed. [Quidway] interface vlan ? <1-4094> VLAN interface number [Quidway] interface vlan 1 ? indicates no parameter in this position. The next command line repeats the command, you can press to execute it directly.
Operation Manual - Getting Started Quidway S3000-EI Series Ethernet Switches Chapter 3 Command Line Interface 3.3.3 History Command of Command Line Command line interface provides the function similar to that of DosKey. The commands entered by users can be automatically saved by the command line interface and you can invoke and execute them at any time later. History command buffer is defaulted as 10. That is, the command line interface can store 10 history commands for each user.
Operation Manual - Getting Started Quidway S3000-EI Series Ethernet Switches Ambiguous command Chapter 3 Command Line Interface The parameters entered are not specific. 3.3.5 Editing Characteristics of Command Line Command line interface provides the basic command editing function and supports to edit multiple lines. A command cannot longer than 256 characters. See the table below.
Operation Manual - Getting Started Quidway S3000-EI Series Ethernet Switches Chapter 4 User Interface Configuration Chapter 4 User Interface Configuration 4.1 User Interface Overview User interface configuration is another way provided by the switch to configure and manage the port data.
Operation Manual - Getting Started Quidway S3000-EI Series Ethernet Switches Chapter 4 User Interface Configuration 4.2 User Interface Configuration User interface configuration includes: z Entering user interface view z Configuring the user interface-supported protocol z Configuring the attributes of AUX (Console) port z Configuring the terminal attributes z Managing users z redirection 4.2.1 Entering User Interface View The following command is used for entering a user interface view.
Operation Manual - Getting Started Quidway S3000-EI Series Ethernet Switches Chapter 4 User Interface Configuration Caution: z If Telnet protocol is specified, to ensure a successful login via the Telnet, you must configure the password by default. z If SSH protocol is specified, to ensure a successful login, you must configure the local or remote authentication authentication-mode scheme of username command.
Operation Manual - Getting Started Quidway S3000-EI Series Ethernet Switches Chapter 4 User Interface Configuration III. Configuring parity on the AUX (Console) port Table 4-5 Configuring parity on the AUX (Console) port Operation Command Configure parity mode on the AUX (Console) port parity { even | mark | none | odd | space } Restore the default parity mode undo parity By default, the parity on the AUX (Console) port is none, that is, no parity bit. IV.
Operation Manual - Getting Started Quidway S3000-EI Series Ethernet Switches Chapter 4 User Interface Configuration out, he cannot log in again. In this case, a user can log in to the switch through the user interface only when the terminal service is enabled again. Table 4-8 Enabling/disabling terminal service Operation Command Enable terminal service shell Disable terminal service undo shell By default, terminal service is enabled on all the user interfaces.
Operation Manual - Getting Started Quidway S3000-EI Series Ethernet Switches Chapter 4 User Interface Configuration If a command displays more than one screen of information, you can use the following command to set how many lines to be displayed in a screen, so that the information can be separated in different screens and you can view it more conveniently.
Operation Manual - Getting Started Quidway S3000-EI Series Ethernet Switches Chapter 4 User Interface Configuration By default, terminal authentication is not required for users log in via the Console port, whereas the password is required for authenticating the Modem and Telnet users when they log in. 1) Perform local password authentication to the user interface Using authentication-mode password command, you can perform local password authentication.
Operation Manual - Getting Started Quidway S3000-EI Series Ethernet Switches Chapter 4 User Interface Configuration Note: By default, the password is required for authenticating the Modem and Telnet users when they log in. If the password has not been set, when a user logs in, he will see the prompt “Login password has not been set !”. If the authentication-mode none command is used, the Modem and Telnet users will not be required to input password. II.
Operation Manual - Getting Started Quidway S3000-EI Series Ethernet Switches Chapter 4 User Interface Configuration By default, a user can access the commands at Level 3 after logging in through the AUX user interface, and the commands at Level 0 after logging in through the VTY user interface. Note: When users log into the switch, the commands they can use depend jointly on the user level settings and the command level settings on the user interface.
Operation Manual - Getting Started Quidway S3000-EI Series Ethernet Switches Chapter 4 User Interface Configuration Perform the following configuration in user view. Table 4-18 Configuring to send messages between different user interfaces. Operation Command Configuring to send messages between different user interfaces. send { all | number | type number } II. auto-execute command The following command is used to automatically run a command after you log in.
Operation Manual - Getting Started Quidway S3000-EI Series Ethernet Switches Chapter 4 User Interface Configuration Table 4-20 Displaying and debugging user interface Operation Command Clear a specified user interface free user-interface [ type ] number Display the user application information of the user interface display users [ all ] Display the physical attributes configurations of the user interface display user-interface [ type number ] [ number ] and some Huawei Technologies Proprietary 4
Operation Manual - Getting Started Quidway S3000-EI Series Ethernet Switches Chapter 5 System IP Configuration Chapter 5 System IP Configuration 5.1 System IP Overview 5.1.1 Management VLAN Before performing remote management such as Telnet and web management, the IP address of the switch has to be configured first. For the Quidway series Layer 2 Ethernet switch, only one VLAN interface can be configured with an IP address, and the VLAN that corresponds to this interface becomes the management VLAN. 5.1.
Operation Manual - Getting Started Quidway S3000-EI Series Ethernet Switches Chapter 5 System IP Configuration When using IP addresses, it should also be noted that some of them are reserved for special uses, and are seldom used. The IP addresses you can use are listed in the following table. Table 5-1 IP address classes and ranges Network class Address range IP network range Note Host ID with all the digits being 0 indicates that the IP address is the network address, and is used for network routing.
Operation Manual - Getting Started Quidway S3000-EI Series Ethernet Switches Chapter 5 System IP Configuration Network class Address range IP network range Note Other addresses 255.255.2 55.255 255.255.255.2 55 255.255.255.255 is used as LAN broadcast address. II. Subnet and mask Nowadays, with rapid development of the Internet, IP addresses are depleting very fast. The traditional IP address allocation method wastes IP addresses greatly.
Operation Manual - Getting Started Quidway S3000-EI Series Ethernet Switches Chapter 5 System IP Configuration ClassB 138.38.0.0 10001010, 00100110, 000 00000, 00000000 Standard mask 255.255.0.0 11111111, 11111111, 000 00000, 00000000 Subnet mask 11111111, 11111111, 111 00000, 00000000 255.255.224.0 Subnet Host number number Subnet address: 000 001 010 011 100 101 110 111 Subnet address: 138.38. 0. Subnet address: 138.38. 32. Subnet address: 138.38. 64. Subnet address: 138.38. 96.
Operation Manual - Getting Started Quidway S3000-EI Series Ethernet Switches Chapter 5 System IP Configuration Table 5-2 Creating/deleting a management VLAN interface Operation Command Create a management VLAN interface and enter its view interface vlan-interface vlan-id Delete a management VLAN interface undo interface vlan-interface vlan-id Note that, user create a VLAN specified with the vlan-id parameter before perform this configuration task.
Operation Manual - Getting Started Quidway S3000-EI Series Ethernet Switches Chapter 5 System IP Configuration By default, the description character string is HUAWEI, Quidway Series, Vlan-interface1 Interface. Vlan-interface1 is the management VLAN interface name. 5.2.4 Enabling/Disabling a Management VLAN Interface The following command can be used for disabling or enabling the management VLAN interface.
Operation Manual - Getting Started Quidway S3000-EI Series Ethernet Switches Chapter 5 System IP Configuration 5.2.6 Configuring a Static Route You can use the following command to configure a static route for login to the switch via the network. Perform the following configuration in system view.
Operation Manual - Getting Started Quidway S3000-EI Series Ethernet Switches Chapter 5 System IP Configuration Table 5-9 Displaying and debugging system IP Operation Command View all the hosts and their IP addresses on the network display ip host View related IP information of the management VLAN interface display ip interface vlan-interface vlan-id View related information management VLAN interface display interface [ vlan_id ] of the vlan-interface View routing table summary display ip routi
Operation Manual - Port Quidway S3000-EI Series Ethernet Switches Table of Contents Table of Contents Chapter 1 Ethernet Port Configuration ....................................................................................... 1-1 1.1 Ethernet Port Overview...................................................................................................... 1-1 1.2 Ethernet Port Configuration ............................................................................................... 1-2 1.2.
Operation Manual - Port Quidway S3000-EI Series Ethernet Switches Chapter 1 Ethernet Port Configuration Chapter 1 Ethernet Port Configuration 1.1 Ethernet Port Overview S3026G Ethernet Switch provides 24 10/100Base-T fixed Ethernet ports and two GBIC uplink ports. You can select the gigabit optical module.
Operation Manual - Port Quidway S3000-EI Series Ethernet Switches Chapter 1 Ethernet Port Configuration (auto-negotiation) and its speed can be set to 100 (100Mbps) and auto (auto-negotiation). z Gigabit Ethernet port operates in gigabit full-duplex mode. The operating mode can be set to full (full-duplex) and auto (auto-negotiation) and its speed can be set to 1000 (1000Mbps) and auto (auto-negotiation).
Operation Manual - Port Quidway S3000-EI Series Ethernet Switches Chapter 1 Ethernet Port Configuration enable the port. If you do not want a port to forward data any more, use the command to disable it. Perform the following configuration in Ethernet port view. Table 1-2 Enable/Disable an Ethernet port Operation Command Disable an Ethernet port shutdown Enable an Ethernet port undo shutdown By default, the port is enabled. 1.
Operation Manual - Port Quidway S3000-EI Series Ethernet Switches Chapter 1 Ethernet Port Configuration Note that, 100M electrical Ethernet port can operate in full-duplex, half-duplex or auto-negotiation mode, which can be set as per the requirements. The optical 100M/Gigabit Ethernet ports support full duplex and can be set to operate in full (full duplex) or auto (auto-negotiation) mode. The Gigabit electrical Ethernet port can operate in full duplex, half duplex or auto-negotiation mode.
Operation Manual - Port Quidway S3000-EI Series Ethernet Switches Chapter 1 Ethernet Port Configuration Table 1-6 Set the type of the cable connected to the Ethernet port Operation Command Set the type of the cable connected to the Ethernet port. mdi { across | auto | normal } Restore the default type of the cable connected to the Ethernet port. undo mdi Note that, the settings only take effect on 10/100Base-T and 1000Base-T ports. By default, the cable type is auto (auto-recognized).
Operation Manual - Port Quidway S3000-EI Series Ethernet Switches Chapter 1 Ethernet Port Configuration Table 1-8 Set Ethernet port broadcast suppression ratio Operation Command Set Ethernet port broadcast suppression ratio broadcast-suppression ratio Restore the default Ethernet port broadcast suppression ratio undo broadcast-suppression By default, 100% broadcast traffic is allowed to pass through, that is, no broadcast suppression will be performed. 1.3.
Operation Manual - Port Quidway S3000-EI Series Ethernet Switches Chapter 1 Ethernet Port Configuration Perform the following configuration in Ethernet port view.
Operation Manual - Port Quidway S3000-EI Series Ethernet Switches Chapter 1 Ethernet Port Configuration Operation Command Restore the default VLAN ID of the hybrid port to the default value undo port hybrid pvid Restore the default VLAN ID of the trunk port to the default value undo port trunk pvid Note that: z The Trunk port and isolate-user-vlan cannot be configured simultaneously, while the hybrid port and isolate-user-vlan can be thus configured.
Operation Manual - Port Quidway S3000-EI Series Ethernet Switches Chapter 1 Ethernet Port Configuration Operation Command Configure that the system performs loopback detection to all VLANs on Trunk and Hybrid ports (Ethernet port view) loopback-detection per-vlan enable Configure that the system only performs loopback detection to the default VLANs on the port (Ethernet port view) undo loopback-detection per-vlan enable By default, the port loopback detection is enabled and the detection interval is
Operation Manual - Port Quidway S3000-EI Series Ethernet Switches Chapter 1 Ethernet Port Configuration I.
Operation Manual - Port Quidway S3000-EI Series Ethernet Switches Chapter 1 Ethernet Port Configuration 1.4 Display and Debug Ethernet Port After the above configuration, execute display command in any view to display the running of the Ethernet port configuration, and to verify the effect of the configuration. Execute reset command in user view to clear the statistics information of the port. Execute loopback command in Ethernet port view to check whether the Ethernet port works normally.
Operation Manual - Port Quidway S3000-EI Series Ethernet Switches Chapter 1 Ethernet Port Configuration II. Networking diagram Switch A Switch B Figure 1-1 Configure the default VLAN for a trunk port III. Configuration procedure The following configurations are used for Switch A. Please configure Switch B in the similar way. # Enter the Ethernet port view of Ethernet0/18. [Quidway] interface ethernet0/18 # Set the Ethernet0/18 as a trunk port and allows VLAN 2, 6 through 50, and 100 to pass through.
Operation Manual - Port Quidway S3000-EI Series Ethernet Switches Chapter 2 Link Aggregation Configuration Chapter 2 Link Aggregation Configuration 2.1 Link Aggregation Overview The link aggregation means aggregating several ports together to implement the outgoing/incoming payload balance among the member ports and enhance the connection reliability.
Operation Manual - Port Quidway S3000-EI Series Ethernet Switches Chapter 2 Link Aggregation Configuration Table 2-1 Aggregating Ethernet ports Operation Command Aggregate Ethernet ports link-aggregation port_num1 to port_num2 { both | ingress } Remove a configured link aggregation undo link-aggregation { master_port_num | all } Note that the Ethernet ports to be aggregated can not work in auto-negotiation mode and must work in the same mode, which can be 10M_FULL (10Mbps speed, full duplex), 100M_F
Operation Manual - Port Quidway S3000-EI Series Ethernet Switches Chapter 2 Link Aggregation Configuration II. Networking diagram Switch B Link aggregation Switch A Switch C Figure 2-1 Configure link aggregation III. Configuration procedure The following configurations are used for Switch A, please configure Switch B in the similar way to activate aggregation. # Aggregate Ethernet0/1 through Ethernet0/3.
Operation Manual - VLAN Quidway S3000-EI Series Ethernet Switches Table of Contents Table of Contents Chapter 1 VLAN Configuration .................................................................................................... 1-1 1.1 VLAN Overview.................................................................................................................. 1-1 1.2 Configure VLAN .................................................................................................................
Operation Manual - VLAN Quidway S3000-EI Series Ethernet Switches Table of Contents 4.2.4 Enabling/Disabling Voice VLAN Security Mode...................................................... 4-4 4.2.5 Enabling/Disabling Voice VLAN Auto Mode ........................................................... 4-4 4.2.6 Setting the Aging Time of Voice VLAN ................................................................... 4-5 4.3 Displaying and Debugging of Voice VLAN ..................................................
Operation Manual - VLAN Quidway S3000-EI Series Ethernet Switches Chapter 1 VLAN Configuration Chapter 1 VLAN Configuration 1.1 VLAN Overview Virtual Local Area Network (VLAN) groups the devices of a LAN logically but not physically into segments to implement the virtual workgroups. IEEE issued the IEEE 802.1Q in 1999, which was intended to standardize VLAN implementation solutions. Through VLAN technology, network managers can logically divide the physical LAN into different broadcast domains.
Operation Manual - VLAN Quidway S3000-EI Series Ethernet Switches Chapter 1 VLAN Configuration By default, VLAN feature is enabled on the switch. Note that you will see error prompt when creating VLAN after VLAN feature is disabled. 1.2.2 Create/Delete a VLAN You can use the following command to create/delete a VLAN. Perform the following configurations in system view.
Operation Manual - VLAN Quidway S3000-EI Series Ethernet Switches Chapter 1 VLAN Configuration Table 1-4 Set/Delete VLAN description character string Operation Command Set the description character string for VLAN description string Restore the default description of current VLAN undo description By default, VLAN description character string is VLAN ID of the VLAN, e.g. VLAN 0001. 1.
Operation Manual - VLAN Quidway S3000-EI Series Ethernet Switches Chapter 1 VLAN Configuration [Quidway] vlan 2 # Add Ethernet 0/1 and Ethernet 0/2 to VLAN2. [Quidway-vlan2] port ethernet 0/1 to ethernet 0/2 # Create VLAN 3 and enters its view. [Quidway-vlan2] vlan 3 # Add Ethernet 0/3 and Ethernet 0/4 to VLAN3.
Operation Manual - VLAN Quidway S3000-EI Series Ethernet Switches Chapter 2 Isolate-User-Vlan Configuration Chapter 2 Isolate-User-Vlan Configuration 2.1 Isolate-user-vlan Overview Isolate-user-vlan is a new feature of the Ethernet Switches launched by Huawei Technologies Co., Ltd., through which can save the VLAN source. isolate-user-vlan adopts the Layer-2 VLAN architecture. (On an Ethernet Switch configure the isolate-user-vlan and Secondary VLAN.
Operation Manual - VLAN Quidway S3000-EI Series Ethernet Switches Chapter 2 Isolate-User-Vlan Configuration Add new ports to isolate-user-vlan port interface-list An Ethernet switch can have several isolate-user-vlans, each of which can include more than one port. isolate-user-vlan cannot be configured together with the Trunk port. That is to say, you cannot configure a Trunk port on the Ethernet switch already configured with the isolate-user-vlan, and vise versa.
Operation Manual - VLAN Quidway S3000-EI Series Ethernet Switches Chapter 2 Isolate-User-Vlan Configuration After the mapping relationship is configured, the system does not allow you to add/remove any ports to/from the isolate-user-vlan or Secondary VLAN or remove a VLAN. You can perform these operations after removing the mapping relationship.
Operation Manual - VLAN Quidway S3000-EI Series Ethernet Switches Chapter 2 Isolate-User-Vlan Configuration 2.4 isolate-user-vlan Configuration Example I. Networking requirements Switch A is connected to Switch B and Switch C in the downstream. The VLAN5 carried by Switch B is the isolate-user-vlan, including the Uplink Ethernet1/1 and two Secondary VLANs, VLAN2 and VLAN3. VLAN3 includes Ethernet0/1 and VLAN2 includes Ethernet0/2.
Operation Manual - VLAN Quidway S3000-EI Series Ethernet Switches Chapter 2 Isolate-User-Vlan Configuration Configure Switch C: # Configure isolate-user-vlan [Quidway] vlan 6 [Quidway-vlan6] isolate-user-vlan enable [Quidway-vlan6] port ethernet1/1 # Configure Secondary VLAN [Quidway-vlan6] vlan 3 [Quidway-vlan3] port ethernet0/3 [Quidway-vlan3] vlan 4 [Quidway-vlan4] port ethernet0/4 # Configure the isolate-user-vlan to Map the Secondary VLAN [Quidway-vlan4] quit [Quidway] isolate-user-vlan 6 secondary
Operation Manual - VLAN Quidway S3000-EI Series Ethernet Switches Chapter 3 GARP/GVRP Configuration Chapter 3 GARP/GVRP Configuration 3.1 Configure GARP 3.1.1 GARP Overview Generic Attribute Registration Protocol (GARP) offers a mechanism that is used by the members in the same switching network to distribute, propagate and register such information as VLAN and multicast addresses. GARP dose not exist in a switch as an entity. A GARP participant is called GARP application.
Operation Manual - VLAN Quidway S3000-EI Series Ethernet Switches Chapter 3 GARP/GVRP Configuration Note: z The value of GARP timer will be used in all the GARP applications, including GVRP and GMRP, running in one switching network. z In one switching network, the GARP timers on all the switching devices should be set to the same value. Otherwise, GARP application cannot work normally. 3.1.2 Set GARP Timer GARP timers include Hold timer, Join timer, Leave timer and LeaveAll timer.
Operation Manual - VLAN Quidway S3000-EI Series Ethernet Switches Chapter 3 GARP/GVRP Configuration Note that, the value of Join timer should be no less than the doubled value of Hold timer, and the value of Leave timer should be greater than the doubled value of Join timer and smaller than the Leaveall timer value. Otherwise, the system will prompt message of error.
Operation Manual - VLAN Quidway S3000-EI Series Ethernet Switches Chapter 3 GARP/GVRP Configuration GVRP is described in details in the IEEE 802.1Q standard. Quidway Series Ethernet Switches fully support the GARP compliant with the IEEE standards. Main GVRP configuration includes: z Enable/Disable global GVRP z Enable/Disable port GVRP z Set GVRP registration type In the above-mentioned configuration tasks, GVRP should be enabled globally before it is enabled on the port.
Operation Manual - VLAN Quidway S3000-EI Series Ethernet Switches z Chapter 3 GARP/GVRP Configuration When an Ethernet port is set to be in Normal registration mode, the dynamic and manual creation, registration and logout of VLAN are allowed on this port. z When one Trunk port is set as fixed, the system will add the port to the VLAN if a static VLAN is created on the switch and the Trunk port allows the VLAN passing.
Operation Manual - VLAN Quidway S3000-EI Series Ethernet Switches Chapter 3 GARP/GVRP Configuration 3.2.6 GVRP Configuration Example I. Networking requirements To dynamically register and update VLAN information among switches, GVRP needs to be enabled on the switches. II. Networking diagram E0/10 E0/11 Sw itch A Sw itch B Figure 3-1 GVRP configuration example III. Configuration procedure Configure Switch A: # Enable GVRP globally.
Operation Manual - VLAN Quidway S3000-EI Series Ethernet Switches Chapter 4 Voice VLAN Configuration Chapter 4 Voice VLAN Configuration 4.1 Introduction to Voice VLAN Voice VLAN is specially designed for user’s voice flow, and it distributes different port precedence in different cases. The system uses the source MAC of the traffic traveling through the port to identify the IP Phone data flow. You can either preset an OUI address or adopt the default OUI address as the standard.
Operation Manual - VLAN Quidway S3000-EI Series Ethernet Switches Chapter 4 Voice VLAN Configuration Table 4-1 The corresponding relation between port mode and IP Phone Voice VLAN Mode Type of IP Phone Port Mode Access: Do not support Tagged IP Phone Trunk: Support, but the default VLAN of the connected port must exist and cannot be the voice VLAN. The default VLAN is allowed to pass the connected port.
Operation Manual - VLAN Quidway S3000-EI Series Ethernet Switches Chapter 4 Voice VLAN Configuration If you change the status of Voice VLAN security mode, you must first enable Voice VLAN features globally. 4.2.1 Enabling/Disabling Voice VLAN Features Enable/disable the Voice VLAN in system view.
Operation Manual - VLAN Quidway S3000-EI Series Ethernet Switches Chapter 4 Voice VLAN Configuration Table 4-4 Configuring the OUI address learned by Voice VLAN Operation command Set the OUI address learned by Voice VLAN voice vlan mac-address oui mask oui-mask [ description string ] Remove the OUI address learned by Voice VLAN undo voice vlan mac-address oui There are four default OUI addresses after the system starts: Table 4-5 Default OUI addresses No.
Operation Manual - VLAN Quidway S3000-EI Series Ethernet Switches Chapter 4 Voice VLAN Configuration Table 4-7 Configuring the Voice VLAN auto mode Operation Command Enable the Voice VLAN auto mode voice vlan mode auto Disable the Voice VLAN auto mode (that is, to enable manual mode) undo voice vlan mode auto By default, the Voice VLAN auto mode is enabled. 4.2.6 Setting the Aging Time of Voice VLAN In auto mode, using the follow command, you can set the aging time of Voice VLAN.
Operation Manual - VLAN Quidway S3000-EI Series Ethernet Switches Chapter 4 Voice VLAN Configuration 4.4 Voice VLAN Configuration Example I. Networking Requirements Create VLAN 2 as the Voice VLAN in manual mode and enable its security mode. It is required to set the aging time to 100 minutes, the OUI address to 0011-2200-0000, and configure the port Ethernet1/0/2 as the IP Phone access port. The type of IP Phone is untagged. II. Network Diagram None III.
Operation Manual - Multicast Quidway S3000-EI Series Ethernet Switches Table of Contents Table of Contents Chapter 1 GMRP Configuration ................................................................................................... 1-1 1.1 GMRP Overview ................................................................................................................ 1-1 1.2 Configure GMRP................................................................................................................
Operation Manual - Multicast Quidway S3000-EI Series Ethernet Switches Chapter 1 GMRP Configuration Chapter 1 GMRP Configuration 1.1 GMRP Overview GMRP (GARP Multicast Registration Protocol), based on GARP, is used for maintaining dynamic multicast registration information of the switch. All the switches supporting GMRP can receive multicast registration information from other switches and dynamically update local multicast registration information.
Operation Manual - Multicast Quidway S3000-EI Series Ethernet Switches Chapter 1 GMRP Configuration By default, GMRP is disabled. 1.2.2 Enable/Disable GMRP on the Port Perform the following configuration in Ethernet port view. Table 1-2 Enable/Disable GMRP on the port Operation Command Enable GMRP on the port gmrp Disable GMRP on the port undo gmrp GMRP should be enabled globally before enabled on a port. By default, GMRP is disabled on the port. 1.
Operation Manual - Multicast Quidway S3000-EI Series Ethernet Switches Chapter 1 GMRP Configuration II. Networking diagram Switch_B Switch_A Figure 1-1 GMRP networking III. Configuration procedure 1) Configure LS_A: # Enable GMRP globally. [Quidway] gmrp # Enable GMRP on the port. [Quidway] interface Ethernet 0/1 [Quidway-Ethernet0/1] gmrp 2) Configure LS_B: # Enable GMRP globally. [Quidway] gmrp # Enable GMRP on the port.
Operation Manual - Multicast Quidway S3000-EI Series Ethernet Switches Chapter 2 IGMP Snooping Configuration Chapter 2 IGMP Snooping Configuration 2.1 IGMP Snooping Overview 2.1.1 IGMP Snooping Principle IGMP Snooping (Internet Group Management Protocol Snooping) is a multicast control mechanism running on the Layer 2 Ethernet switch and it is used for multicast group management and control. IGMP Snooping runs on the link layer.
Operation Manual - Multicast Quidway S3000-EI Series Ethernet Switches Chapter 2 IGMP Snooping Configuration Video stream Internet / Intranet Multicast router Video stream VOD Server Layer 2 Ethernet Switch Video stream Multicast group member Video stream Non-multicast group member Video stream Non-multicast group member Figure 2-2 Multicast packet transmission when IGMP Snooping runs 2.1.2 Implement IGMP Snooping I.
Operation Manual - Multicast Quidway S3000-EI Series Ethernet Switches Chapter 2 IGMP Snooping Configuration II. Implement Layer 2 multicast with IGMP Snooping The Ethernet switch runs IGMP Snooping to listen to the IGMP messages and map the host and its ports to the corresponding multicast group address.
Operation Manual - Multicast Quidway S3000-EI Series Ethernet Switches Chapter 2 IGMP Snooping Configuration multicast group exists but does not contains the port received the report message, the switch adds the port into the multicast group and starts the port aging timer. And then the switch checks if the corresponding IP multicast group exists. If it does not exist, the switch creates a new IP multicast group and adds the port received the report message to it.
Operation Manual - Multicast Quidway S3000-EI Series Ethernet Switches Chapter 2 IGMP Snooping Configuration IGMP Snooping and GMRP cannot run at the same time. You can check if GMRP is running, using the display gmrp status command, in any view, before enabling IGMP Snooping. By default, IGMP Snooping is disabled. 2.2.2 Configure Router Port Aging Time This task is to manually configure the router port aging time.
Operation Manual - Multicast Quidway S3000-EI Series Ethernet Switches Chapter 2 IGMP Snooping Configuration it will transmit the specific query message to that port and starts a maximum response timer. Perform the following configuration in system view.
Operation Manual - Multicast Quidway S3000-EI Series Ethernet Switches Chapter 2 IGMP Snooping Configuration Note: z this function takes effect on condition that the client supports IGMP V2. z After configuring this command, when there are multiple users at one port, the leaving of one user may cause the loss of multicast service of other users in this group. 2.2.6 Setting the maximum number of multicast groups permited on a port Perform the following configuration in Ethernet port view.
Operation Manual - Multicast Quidway S3000-EI Series Ethernet Switches Chapter 2 IGMP Snooping Configuration By default, no filtering configured on the switch. Note: z Each VLAN of each port can only be configured with one ACL rule. z If no ACL rule is configured or the configured port doesn’t belong to the specified VLAN, the filtering configured by this command will not take effect.
Operation Manual - Multicast Quidway S3000-EI Series Ethernet Switches Chapter 2 IGMP Snooping Configuration Table 2-9 Display and debug multicast source port suppression Operation Command Display statistics about multicast source port suppression display multicast-source-deny [ interface { interface_type [ interface_number ] | interface_name } ] If the port type and port number are not specified, the multicast source port checking information about all ports on the switch is displayed; if only the po
Operation Manual - Multicast Quidway S3000-EI Series Ethernet Switches Chapter 2 IGMP Snooping Configuration II. Networking diagram Internet Router Multicast Switch Figure 2-4 IGMP Snooping configuration networking III. Configuration procedure # Display the status of GMRP. display gmrp status # Display the current status of IGMP Snooping when GMRP is disabled. display igmp-snooping configuration # Enable IGMP Snooping if it is disabled. [Quidway] igmp-snooping enable 2.
Operation Manual - Multicast Quidway S3000-EI Series Ethernet Switches z Chapter 2 IGMP Snooping Configuration Enable IGMP Snooping group in user view and then input the command display igmp-snooping group to check if MAC multicast forwarding table in the bottom layer and that created by IGMP Snooping is consistent. You may also input the display mac vlan command in any view to check if MAC multicast forwarding table under vlanid in the bottom layer and that created by IGMP Snooping is consistent.
Operation Manual - Multicast Quidway S3000-EI Series Ethernet Switches Chapter 3 Unknown Multicast Dropping Configuration Chapter 3 Unknown Multicast Dropping Configuration 3.1 Introduction to Unknown Multicast Dropping Normally, if the multicast address of multicast data packet received by the switch is not registered on this switch, this packet will be broadcasted within this VLAN.
Operation Manual - Multicast Quidway S3000-EI Series Ethernet Switches Chapter 4 Adding Multicast MAC Address Configuration Chapter 4 Adding Multicast MAC Address Configuration 4.1 Introduction In Layer 2 multicast, you can not only dynamically create multicast forwarding entries using the Layer 2 multicast protocol, but also set manually the multicast MAC address and bind multicast entries to ports.
Operation Manual - Multicast Quidway S3000-EI Series Ethernet Switches z Chapter 4 Adding Multicast MAC Address Configuration To add a port to the multicast MAC address entry which is manually added, you need first delete the entry and create it again, and then add the specified port as the forwarding port of the entry.
Operation Manual - Multicast Quidway S3000-EI Series Ethernet Switches Chapter 5 Multicast VLAN Configuration Chapter 5 Multicast VLAN Configuration 5.1 Introduction to Multicast VLAN Generally, when users in different virtual LANs (VLANs) order a multicast stream, each of these VLANs copies the same multicast stream to itself. In this method, a great deal of bandwidth is wasted. Multicast VLAN is used to solve this problem.
Operation Manual - Multicast Quidway S3000-EI Series Ethernet Switches Chapter 5 Multicast VLAN Configuration Item Command Setting the default VLAN ID of the Ethernet port port hybrid vlan vlan_id_list { tagged | untagged } Description Required port trunk pvid vlan vlan_id Table 5-2 Multicast VLAN configuration tasks on layer 2 switch Item Command Description Entering the system view system-view - Enabling IGMP Snooping function in system view igmp-snooping enable Required Entering a VLAN
Operation Manual - Multicast Quidway S3000-EI Series Ethernet Switches Chapter 5 Multicast VLAN Configuration Note: z The isolate vlan cannot be set to a multicast VLAN. z Only one multicast VLAN can be specified for a port. z The type of the ports connected with user terminals can only be hybrid. 5.3 Multicast VLAN Configuration Example I.
Operation Manual - Multicast Quidway S3000-EI Series Ethernet Switches Chapter 5 Multicast VLAN Configuration II. Network diagram Switch A Workstation Switch B PC 1 PC 2 Figure 5-1 Network diagram for multicast VLAN III. Configuration procedure This procedure supposes that the IP addresses have been configured and the devices are properly connected. 1) Configure switch A as follows: # Configure the IP address of the VLAN 20 interface to 168.10.1.1 and enable the PIM DM protocol.
Operation Manual - Multicast Quidway S3000-EI Series Ethernet Switches Chapter 5 Multicast VLAN Configuration [Switch A] multicast routing-enable [Switch A] interface Vlan-interface 10 [Switch A-Vlan-interface10] pim dm [Switch A-Vlan-interface10] igmp enable 2) Configure switch B as follows: # Enable IGMP Snooping system-view [Switch B] igmp-snooping enable # Set VLAN 10 to multicast VLAN and enable IGMP Snooping.
Operation Manual - QoS/ACL Quidway S3000-EI Series Ethernet Switches Table of Contents Table of Contents Chapter 1 ACL Configuration....................................................................................................... 1-1 1.1 Brief Introduction to ACL.................................................................................................... 1-1 1.1.1 ACL Overview ......................................................................................................... 1-1 1.1.
Operation Manual - QoS/ACL Quidway S3000-EI Series Ethernet Switches Table of Contents 2.2.11 QoS Configuration Example................................................................................ 2-11 Chapter 3 Logon User ACL Control Configuration.................................................................... 3-1 3.1 Overview ............................................................................................................................ 3-1 3.
Operation Manual - QoS/ACL Quidway S3000-EI Series Ethernet Switches Chapter 1 ACL Configuration Chapter 1 ACL Configuration 1.1 Brief Introduction to ACL 1.1.1 ACL Overview A series of matching rules are required for the network devices to identify the packets to be filtered. After identifying the packets, the switch can permit or deny them to pass through according to the defined policy. Access Control List (ACL) is used to implement such functions.
Operation Manual - QoS/ACL Quidway S3000-EI Series Ethernet Switches Chapter 1 ACL Configuration the rule) and auto (according to the system sorting automatically when matching the rule, i.e. in depth-first order). Once the user specifies the match-order of an access control rule, he cannot modify it later, unless he deletes all the content and specifies the match-order again. The case includes: ACL cited by route policy function, ACL used for control logon user, etc.
Operation Manual - QoS/ACL Quidway S3000-EI Series Ethernet Switches Chapter 1 ACL Configuration Table 1-2 Quantitative limitation to ACL Item Value range Numbered basic ACL. 2000 to 2999 Numbered advanced ACL. 3000 to 3999 Numbered Layer-2 ACL. 4000 to 4999 Numbered user-defined ACL. 5000 to 5999 Named basic ACL. - Named advanced ACL. - Named Layer-2 ACL. - Named user-defined ACL. - The sub items of an ACL 0 to 127 1.
Operation Manual - QoS/ACL Quidway S3000-EI Series Ethernet Switches Chapter 1 ACL Configuration Operation Command Delete the absolute time range undo time-range time-name [ start-time to end-time days-of-the-week | from start-time start-date ]* [ to end-time end-date ] When the start-time and end-time are not configured, it will be all the time for one day. The end time shall be later than the start time.
Operation Manual - QoS/ACL Quidway S3000-EI Series Ethernet Switches Chapter 1 ACL Configuration Table 1-4 Defining the basic ACL Operation Enter basic system view) ACL Command view(from acl { number acl-number | name acl-name basic } [ match-order { config | auto } ] add a sub-item to the ACL(from basic ACL view) rule [ rule-id ] { permit | deny } [ source { source-addr wildcard | any } | fragment | time-range name ]* delete a sub-item from ACL(from basic ACL view) the undo rule rule-id [ source
Operation Manual - QoS/ACL Quidway S3000-EI Series Ethernet Switches Chapter 1 ACL Configuration the mnemonic symbols as shortcut. For example, “bgp” can represent the TCP number 179 used by BGP. III. Defining the Layer-2 ACL The rules of Layer-2 ACL are defined on the basis of the Layer-2 information such as source MAC address, source VLAN ID, Layer-2 protocol type, Layer-2 ports receiving and forwarding the packet and destination MAC address to process the data packets.
Operation Manual - QoS/ACL Quidway S3000-EI Series Ethernet Switches Chapter 1 ACL Configuration Figure 1-1 The first 64 bytes of data frame The table below lists the meaning and offset of each letter. Table 1-7 Letters and their meanings Letter Meaning Meaning Offs et Offset Letter 0 O TTL field 34 6 P Protocol number (6 is TCP and 17 is UDP).
Operation Manual - QoS/ACL Quidway S3000-EI Series Ethernet Switches Chapter 1 ACL Configuration the TCP packets, you can define the rule as “06”, the rule mask as “FF” and the offset as 35. In this case, the rule mask coordinates with the offset and picks up the TCP protocol number field from the data frame and compares it with the user-defined rule string to get all the TCP packets.
Operation Manual - QoS/ACL Quidway S3000-EI Series Ethernet Switches Chapter 1 ACL Configuration Table 1-9 Activating ACL Operation Activate ACL an Deactivate an ACL Command packet-filter { user-group { acl-number | acl-name } [ rule rule ] | { ip-group { acl-number | acl-name } [ rule rule ] | link-group { acl-number | acl-name } [ rule rule ] }* } undo packet-filter { user-group { acl-number | acl-name } [ rule rule ] | { ip-group { acl-number | acl-name } [ rule rule ] | link-group { acl-number | ac
Operation Manual - QoS/ACL Quidway S3000-EI Series Ethernet Switches Chapter 1 ACL Configuration 1.3 ACL Configuration Example 1.3.1 Advanced ACL Configuration Example I. Networking requirements The interconnection between different departments on a company network is implemented through the 100M ports of the Ethernet Switch. The payment query server of the Financial Dept. is accessed via Ethernet1/1 (at 129.110.1.2).
Operation Manual - QoS/ACL Quidway S3000-EI Series Ethernet Switches Chapter 1 ACL Configuration # Define the rules for other department to access the payment server. [Quidway-acl-adv-traffic-of-payserver] rule 1 deny ip source any destination 129.110.1.2 0.0.0.0 time-range huawei # Define the rules for the Office of President to access the payment server. [Quidway-acl-adv-traffic-of-payserver] rule 2 permit ip source 129.111.1.2 0.0.0.0 destination 129.110.1.2 0.0.0.0 3) Activate ACL.
Operation Manual - QoS/ACL Quidway S3000-EI Series Ethernet Switches Chapter 1 ACL Configuration [Quidway-acl-basic-traffic-of-host] rule 1 deny source 10.1.1.1 0 time-range huawei 3) Activate ACL. # Activate the ACL traffic-of-host . [Quidway] packet-filter ip-group traffic-of-host 1.3.3 Link ACL Configuration Example I.
Operation Manual - QoS/ACL Quidway S3000-EI Series Ethernet Switches 3) Chapter 1 ACL Configuration Activate ACL. # Activate the ACL traffic-of-link . [Quidway] packet-filter link-group traffic-of-link 1.3.4 User-defined ACL Configuration Example I. Networking requirements Using user-defined ACL, filter the TCP packet during time range 8:00 ~ 18:00 every day. II. Networking diagram #1 connect to Router Switch Figure 1-5 Access control configuration example III.
Operation Manual - QoS/ACL Quidway S3000-EI Series Ethernet Switches Chapter 2 QoS Configuration Chapter 2 QoS Configuration 2.1 QoS Overview In the traditional IP network, all the packets are treated equally without priority difference. Every switch/router handles the packets following the First In First Out (FIFO) policy.
Operation Manual - QoS/ACL Quidway S3000-EI Series Ethernet Switches Chapter 2 QoS Configuration standards are encapsulated in the header of the packets. The packet content is seldom used as the classification standard. 2.1.3 Packet Filter Packet filter is to filter traffic. For example, the operation “deny” discards the traffic that is matched with a traffic classification rule, while allowing other traffic to pass through.
Operation Manual - QoS/ACL Quidway S3000-EI Series Ethernet Switches Chapter 2 QoS Configuration high queue Packets sent via this interface Packets sent middle queue normal queue Classify bottom queue Dequeue Sending queue Figure 2-1 SP The SP is specially designed for the key service application. A significant feature of the key service is requiring for priority to enjoy the service to reduce the responding delay when congestion occurs.
Operation Manual - QoS/ACL Quidway S3000-EI Series Ethernet Switches Chapter 2 QoS Configuration Comparing to the common WRR, the Delay bounded WRR also guarantee the packets in the highest-priority queue to leave the queue before the configured delay. 2.1.9 Traffic Mirroring The traffic mirroring function is carried out by copying the specified data packets to the monitoring port for network diagnosis and troubleshooting. 2.1.
Operation Manual - QoS/ACL Quidway S3000-EI Series Ethernet Switches Chapter 2 QoS Configuration The port of Ethernet Switch supports 8 priority levels. You can configure the port priority at your requirements. priority-level ranges from 0 to 7. By default, the port priority is 0 and switch replaces the priority carried by a packet with the port priority. 2.2.2 Configuring Trust Packet Priority The switch will tag the packet using the VLAN the received port belong to if the packet has no VLAN tag.
Operation Manual - QoS/ACL Quidway S3000-EI Series Ethernet Switches Chapter 2 QoS Configuration The purpose of this configuration task is to implement the traffic policing over the data flow matching the ACL. The traffic beyond the limit will be dealt with in some other way, such as discarding. For details about the command, refer to the Command Manual. 2.2.4 Port Traffic Limit The port traffic limit is the port-based line rate used for limiting the general speed of packet output on the port.
Operation Manual - QoS/ACL Quidway S3000-EI Series Ethernet Switches Chapter 2 QoS Configuration Note: The configuration of redirection only takes effects on the rules with action permit. For details about the command, refer to the Command Manual. 2.2.6 Configuring Priority Marking The priority marking configuration is a policy to tag the priority for the packets matching the ACL. The new priority can be filled in the priority field of the packet header.
Operation Manual - QoS/ACL Quidway S3000-EI Series Ethernet Switches Chapter 2 QoS Configuration Table 2-7 Default “CoS → Local-precedence” mapping table CoS Value Local Precedence 0 2 1 0 2 1 3 3 4 4 5 5 6 6 7 7 Table 2-8 Relationship between 802.1p priority and output queue 802.1p priority Queue ID 1,2 0 0,3 1 4,5 2 6,7 3 Table 2-9 Relationship between local-precedence and output queue Local-precedence Queue ID 0,1 0 2,3 1 4,5 2 6,7 3 I.
Operation Manual - QoS/ACL Quidway S3000-EI Series Ethernet Switches Chapter 2 QoS Configuration CoS Value Local Precedence 2 1 3 3 4 4 5 5 6 6 7 7 Using the following commands, you can configure the maps. Perform the following configuration in system view.
Operation Manual - QoS/ACL Quidway S3000-EI Series Ethernet Switches Chapter 2 QoS Configuration For details about the command, refer to the Command Manual. 2.2.8 Configuring Traffic Mirroring The function of Traffic mirroring is to copy the traffic matching ACL rule to the designated observing port to analyze and monitor the packets. You can use the following command to configure the traffic mirroring. Perform the following configuration in system view.
Operation Manual - QoS/ACL Quidway S3000-EI Series Ethernet Switches Chapter 2 QoS Configuration 2.2.10 Displaying and Debugging QoS After the above configuration, execute display command in all views to display the running of the QoS configuration, and to verify the effect of the configuration. Execute reset command in user view to clear the statistics of QoS module.
Operation Manual - QoS/ACL Quidway S3000-EI Series Ethernet Switches Chapter 2 QoS Configuration preferences of those not match the rules to 4. And It is required to limit the traffic from other department to the server to no more than 20M. II. Networking diagram Pay query server 129.110.1.2 #3 #1 #4 E0/1 #2 Switch Connected to a router Figure 2-2 Access control configuration example III.
Operation Manual - QoS/ACL Quidway S3000-EI Series Ethernet Switches Chapter 3 Logon User ACL Control Configuration Chapter 3 Logon User ACL Control Configuration 3.1 Overview As the Ethernet switches launched by Huawei Technologies are used more and more widely over the networks, the security issue becomes even more important. The switches provide several logon and device accessing measures, mainly including TELNET access, SNMP access, and HTTP access.
Operation Manual - QoS/ACL Quidway S3000-EI Series Ethernet Switches Chapter 3 Logon User ACL Control Configuration Table 3-1 Defining the basic ACL Operation Enter basic system view) ACL Command view(from acl { number acl-number | name acl-name basic } [ match-order { config | auto } ] add a sub-item to the ACL(from basic ACL view) rule [ rule-id ] { permit | deny } [ source source-addr wildcard | any ] [ fragment ] [ time-range name ] delete a sub-item from ACL(from basic ACL view) the undo rule
Operation Manual - QoS/ACL Quidway S3000-EI Series Ethernet Switches Chapter 3 Logon User ACL Control Configuration II. Networking diagram Internet Switch Figure 3-1 Control TELNET users with ACL III. Configuration procedure # Define the basic ACLs. [Quidway] acl number 2020 match-order config [Quidway-acl-basic-2020] rule 1 permit source 10.110.100.52 0 [Quidway-acl-basic-2020] rule 2 permit source 10.110.100.46 0 [Quidway-acl-basic-2020] quit # Call an ACL.
Operation Manual - QoS/ACL Quidway S3000-EI Series Ethernet Switches Chapter 3 Logon User ACL Control Configuration 3.3.2 Calling ACL to Control SNMP Users To control the NM users with ACL, call the defined ACL when configuring SNMP community name, username, and group name. You can use the following commands to call an ACL. Perform the following configuration in system view. Table 3-3 Defining a numbered basic ACL Operation Command Call an ACL when configuring SNMP community name.
Operation Manual - QoS/ACL Quidway S3000-EI Series Ethernet Switches Chapter 3 Logon User ACL Control Configuration Note: Only the numbered basic ACL can be called for network management user control. 3.3.3 Configuration Example I. Networking requirements Only permit SNMP user from 10.110.100.52 and 10.110.100.46 access switch. II. Networking diagram Internet Switch Figure 3-2 Controlling SNMP users with ACL III. Configuration procedure # Define the basic ACLs.
Operation Manual - QoS/ACL Quidway S3000-EI Series Ethernet Switches 2) Chapter 3 Logon User ACL Control Configuration Calling ACL to control HTTP users The follow section introduces the configuration procedures. 3.4.1 Defining ACL So far, you can only call the numbered basic ACL, ranging from 2000 to 2999, to implement ACL control function. Use the same configuration commands introduced in the last section. 3.4.
Operation Manual - QoS/ACL Quidway S3000-EI Series Ethernet Switches Chapter 3 Logon User ACL Control Configuration II. Networking diagram Internet Switch Figure 3-3 Control WEB NM user with ACL III. Configuration procedure # Define the basic ACL. [Quidway] acl number 2030 match-order config [Quidway-acl-basic-2030] rule 1 permit source 10.110.100.46 0 [Quidway-acl-basic-2030] quit # Call the basic ACL.
Operation Manual - Integrated Management Quidway S3000-EI Series Ethernet Switches Table of Contents Table of Contents Chapter 1 Stack Function Configuration .................................................................................... 1-1 1.1 Stack Function Overview ................................................................................................... 1-1 1.2 Configure Stack Function ..................................................................................................
Operation Manual - Integrated Management Quidway S3000-EI Series Ethernet Switches Table of Contents 2.4.7 Set up a Cluster Automatically. ............................................................................. 2-14 2.4.8 Set Cluster Holdtime ............................................................................................. 2-15 2.4.9 Set Cluster Timer to Specify the Handshaking Message Interval......................... 2-15 2.4.10 Configure Remote Control over the Member device..........
Operation Manual - Integrated Management Quidway S3000-EI Series Ethernet Switches Chapter 1 Stack Function Configuration Chapter 1 Stack Function Configuration 1.1 Stack Function Overview A stack is a management domain including several Ethernet switches (one main switch and some slave switches) connected through stack ports. These Ethernet switches stacked together can act as one set of equipment and the user can manage them through the main switch.
Operation Manual - Integrated Management Quidway S3000-EI Series Ethernet Switches Chapter 1 Stack Function Configuration Table 1-1 Configure IP address pool for the stack Operation Command Configure IP address range for a stack stacking ip-pool from-ip-address ip-address-number [ ip-mask ] Restore to the default IP address range undo stacking ip-pool Before setting up a stack, the user should configure a public IP address pool for the slave switch of the stack.
Operation Manual - Integrated Management Quidway S3000-EI Series Ethernet Switches Chapter 1 Stack Function Configuration 1.3 Display and Debug Stack Function After the above configuration, execute display command in any view to display the running of the stack configuration, and to verify the effect of the configuration.
Operation Manual - Integrated Management Quidway S3000-EI Series Ethernet Switches Chapter 1 Stack Function Configuration III. Configuration procedure # Configure IP address pool for the stack on Switch A. [Quidway] stacking ip-pool 129.10.1.1 5 # Enable a stack on Switch A. [Quidway] stacking enable # Display stack information on the main switch, Switch A. display stacking Main device for stack. Total members:3 # Display stack member information on the main switch, Switch A.
Operation Manual - Integrated Management Quidway S3000-EI Series Ethernet Switches Chapter 1 Stack Function Configuration # Switch to the slave switch, Switch C, to perform the configuration. stacking 2 # Switch back to the main switch, Switch A to perform the configuration. quit
Operation Manual - Integrated Management Quidway S3000-EI Series Ethernet Switches Chapter 2 HGMP V2 Configuration Chapter 2 HGMP V2 Configuration 2.1 HGMP V2 Overview 2.1.1 Overview By HGMP V2 function, the network administrator can manage multiple switches at a managing switch with a public IP address. The managing switch is called administrator device and the managed switches are called member devices. Generally, you do not assign public IP addresses for the member devices.
Operation Manual - Integrated Management Quidway S3000-EI Series Ethernet Switches z Chapter 2 HGMP V2 Configuration Administrator device: Configured with a public network IP address and providing management interface for all the switches in the cluster. The administrator device manages the member device through command redirection, that is, administrator device receives and processes the management commands from the network.
Operation Manual - Integrated Management Quidway S3000-EI Series Ethernet Switches Chapter 2 HGMP V2 Configuration Note: To configure the cluster function, perform the following operations on the administrator device: z Enable system NDP and port NDP z Configure NDP parameter z Enable system NTDP and port NTDP z Configure NTDP parameter z Enable cluster function z Configure cluster parameter And perform the following operations on the member devices and Candidate devices: z Enable system NDP
Operation Manual - Integrated Management Quidway S3000-EI Series Ethernet Switches z Chapter 2 HGMP V2 Configuration Network topology collection is implemented by NTDP. It is used for collecting the information concerning device connection and the Candidate device. It can also be used for setting hops for topology discovery.
Operation Manual - Integrated Management Quidway S3000-EI Series Ethernet Switches Chapter 2 HGMP V2 Configuration Note: On an administrator device, you need to enable system NDP and port NDP, meanwhile configure the NDP parameters as well. However, you only have to enable NDP on a device and the corresponding ports on member device. As the protocol run, the member device will adopt the parameters of the administrator device. 2.2.
Operation Manual - Integrated Management Quidway S3000-EI Series Ethernet Switches Chapter 2 HGMP V2 Configuration 2.2.4 Set NDP Holdtime The NDP holdtime specifies how long the adjacent node can keep the local node information. The adjacent device knows the holdtime from the received NDP packet and will discard the packet when it expires. Perform the following configuration in System view.
Operation Manual - Integrated Management Quidway S3000-EI Series Ethernet Switches Chapter 2 HGMP V2 Configuration Table 2-5 Display and Debug NDP Operation Command Display global NDP configuration information (including NDP timer and holdtime). display ndp Display the information about the port enabled with NDP display ndp interface port-list Clear NDP counters. reset ndp statistics Enable/Disable Debugging NDP [ undo ] debugging ndp packet [ interface port-list ] 2.3 Configure NTDP 2.3.
Operation Manual - Integrated Management Quidway S3000-EI Series Ethernet Switches Chapter 2 HGMP V2 Configuration Note: On an administrator device, you need to enable system NTDP and port NTDP, meanwhile configure the NTDP parameters as well. However, you only have to enable system NTDP and the corresponding port NTDP on member device. As the protocol run, the member device will adopt the parameters of the administrator device. 2.3.
Operation Manual - Integrated Management Quidway S3000-EI Series Ethernet Switches Chapter 2 HGMP V2 Configuration By default, port NTDP is enabled on the ports supporting NDP. If you enable NTDP on a port not supporting NDP, NTDP cannot be run. 2.3.4 Set Hop Number for Topology Collection You can set a limit to the hops for topology collection, so that only the topology information of the devices within the specified hops will be collected and infinitive collection can be avoided.
Operation Manual - Integrated Management Quidway S3000-EI Series Ethernet Switches Chapter 2 HGMP V2 Configuration Table 2-9 Set delay for collected device to forward topology collection request. Operation Command Set delay for collected device to forward topology collection request. ntdp timer hop-delay time Restore the default delay for collected device to forward topology collection request. undo ntdp timer hop-delay Set delay for collected port to forward topology collection request.
Operation Manual - Integrated Management Quidway S3000-EI Series Ethernet Switches Chapter 2 HGMP V2 Configuration Table 2-11 Start topology information collection Operation Command Start topology information collection ntdp explore 2.3.8 Display and Debug NTDP After the above configuration, execute display command in any view to display the running of the NTDP configuration, and to verify the effect of the configuration.
Operation Manual - Integrated Management Quidway S3000-EI Series Ethernet Switches Chapter 2 HGMP V2 Configuration Cluster configuration includes: z Enable/Disable cluster function z Enter cluster view z Configure cluster IP address pool z Name the administrator device and cluster. z Add/delete a cluster member device z Setup a cluster automatically. z Member accessing z Set cluster holdtime. z Set cluster timer to specify the handshaking message interval.
Operation Manual - Integrated Management Quidway S3000-EI Series Ethernet Switches Chapter 2 HGMP V2 Configuration Table 2-14 enter cluster view Operation Command enter cluster view. cluster 2.4.4 Configure Cluster IP Address Pool Before setting up a cluster, you are supposed to configure a private IP address pool. When a Candidate device is added, the administrator device will dynamically assign a private IP address, which can be used for communication inside the cluster.
Operation Manual - Integrated Management Quidway S3000-EI Series Ethernet Switches Chapter 2 HGMP V2 Configuration By default, the switch is not an administrator device and no cluster name has been specified. 2.4.6 Add/Delete a Cluster Member device You can use the following command to add a member device or delete a member device. Perform the following configuration in cluster view. Table 2-17 Add/Delete a cluster member device Operation Command Add a cluster member device.
Operation Manual - Integrated Management Quidway S3000-EI Series Ethernet Switches Chapter 2 HGMP V2 Configuration 2.4.8 Set Cluster Holdtime After a cluster is set up, some communication fault maybe occurs due to network problem or switch reset. If the fault has not been addressed before the hold time configured on switch expires, the member state goes down. When the communication is resumed, such member needs to join the cluster again (this process is conducted automatically).
Operation Manual - Integrated Management Quidway S3000-EI Series Ethernet Switches Chapter 2 HGMP V2 Configuration Table 2-20 Set cluster timer to specify the handshaking message interval. Operation Command Set cluster timer to specify handshaking message interval. Restore the default message interval. the handshaking timer interval undo timer Note that the above command can only be executed on the administrator device, which will advertise the cluster timer value to the member devices.
Operation Manual - Integrated Management Quidway S3000-EI Series Ethernet Switches Chapter 2 HGMP V2 Configuration When using the reboot member command, you can decide to delete the configuration file or not with the eraseflash parameter. 2.4.11 Configure the Cluster Server and Network Management and Log Hosts After a cluster is set up, you can configure the server and network management and log hosts on the administrator device for the entire cluster.
Operation Manual - Integrated Management Quidway S3000-EI Series Ethernet Switches Chapter 2 HGMP V2 Configuration the user password of the member device is different from the administrator device, you cannot configure the member device. The user level will be inherited from the administrator device when you configure the member device on the administrator device. For example, system will retain in as user view when you configure the member device on the administrator device.
Operation Manual - Integrated Management Quidway S3000-EI Series Ethernet Switches Chapter 2 HGMP V2 Configuration Ethernet1/1 carrying VLAN2 at 163.172.55.1. The entire cluster uses the same FTP server and TFTP server at 63.172.55.1 and the NM station and log host at 69.172.55.4. II. Networking diagram FTP server/TFTP server 63.172.55.1 Administrator device E0/1 Cluster SNMP host/ logging host 69.172.55.4 Network E1/1 VLAN interface 2 IP address 163.172.55.
Operation Manual - Integrated Management Quidway S3000-EI Series Ethernet Switches Chapter 2 HGMP V2 Configuration # Configure that the collected device delays for 150 milliseconds before forwarding a topology collection request. [Quidway] ntdp timer hop-delay 150 # Configure that the port on the collected device delays for 15 milliseconds before forwarding a topology collection request. [Quidway] ntdp timer port-delay 15 # Configure to collect topology information every 3 minutes.
Operation Manual - Integrated Management Quidway S3000-EI Series Ethernet Switches Chapter 2 HGMP V2 Configuration [Quidway-Ethernet1/1] ntdp enable # Run the cluster function. [Quidway] cluster enable Note: Upon the completion of the above configurations, you can use the cluster switch-to { member-num | mac-address H-H-H } command to switch to the member device view to maintain and manage the member devices, and use the cluster switch-to administrator command to resume the administrator device view.
Operation Manual - Integrated Management Quidway S3000-EI Series Ethernet Switches Chapter 3 Cluster Multicast MAC Address Configuration Chapter 3 Cluster Multicast MAC Address Configuration 3.1 Configuring Cluster Multicast MAC Address 3.1.1 Configuring Cluster Multicast MAC Address After the establishment of the cluster, you can configure the multicast MAC address which can be learnt by both member and administrative devices for cluster administration.
Operation Manual - STP Quidway S3000-EI Series Ethernet Switches Table of Contents Table of Contents Chapter 1 MSTP Region-configuration ....................................................................................... 1-1 1.1 MSTP Overview ................................................................................................................. 1-1 1.1.1 MSTP Concepts ...................................................................................................... 1-1 1.1.
Operation Manual - STP Quidway S3000-EI Series Ethernet Switches Chapter 1 MSTP Region-configuration Chapter 1 MSTP Region-configuration 1.1 MSTP Overview MSTP stands for Multiple Spanning Tree Protocol, which is compatible with STP and RSTP. STP cannot transit fast. Even on the point-to-point link or the edge port, it has to take an interval as long as twice forward delay before the network converges.
Operation Manual - STP Quidway S3000-EI Series Ethernet Switches Chapter 1 MSTP Region-configuration I. MST region Multiple Spanning Tree Regions: A multiple spanning tree region contains several physically and directly connected MSTP switches sharing the same region name, VLAN-spanning tree mapping configuration, and MSTP revision level configuration, and the network segments between them. There can be several MST regions on a switching network.
Operation Manual - STP Quidway S3000-EI Series Ethernet Switches Chapter 1 MSTP Region-configuration VIII. Common Root Bridge The Common Root Bridge refers to the root bridge of CIST. There is only one common root bridge in the specified network. IX. Edge port The edge port refers to the port located at the MST region edge, connecting different MST regions, MST region and STP region, or MST region and RSTP region. For MSTP calculation, the edge port shall take the same role on MSTI and CIST instance.
Operation Manual - STP Quidway S3000-EI Series Ethernet Switches Chapter 1 MSTP Region-configuration 1.1.2 MSTP Principles MSTP divides the entire Layer 2 network into several MST regions and calculates and generates CST for them. Multiple spanning trees are generated in a region and each of them is called an MSTI. The instance 0 is called IST, and others are called MSTI. I.
Operation Manual - STP Quidway S3000-EI Series Ethernet Switches Chapter 1 MSTP Region-configuration Switch A AP1 AP2 CP1 BP1 Switch C Switch B CP2 BP2 LAN Figure 1-3 Designated switch and designated port For a switch, the designated switch is a switch in charge of forwarding packets to the local switch via a port called the designated port accordingly.
Operation Manual - STP Quidway S3000-EI Series Ethernet Switches Chapter 1 MSTP Region-configuration Switch A with priority 0 AP1 AP2 5 10 BP1 Switch B with priority 1 BP2 4 CP1 CP2 Switch C with priority 2 Figure 1-4 Ethernet switch networking To facilitate the descriptions, only the first four parts of the configuration BPDU are described in the example.
Operation Manual - STP Quidway S3000-EI Series Ethernet Switches Chapter 1 MSTP Region-configuration z The configuration BPDU with a smaller root ID has a higher priority z If the root IDs are the same, perform the comparison based on root path costs. The cost comparison is as follows: the path cost to the root recorded in the configuration BPDU plus the corresponding path cost of the local port is set as S, the configuration BPDU with a smaller S has a higher priority.
Operation Manual - STP Quidway S3000-EI Series Ethernet Switches Chapter 1 MSTP Region-configuration By now the configuration BPDUs of each port are as follows: Configuration BPDU of BP1: {0, 0, 0, AP1}, Configuration BPDU of BP2: {1, 0, 1, BP2}. Switch B compares the configuration BPDUs of the ports and selects the BP1 BPDU as the optimum one. Thus BP1 is elected as the root port and the configuration BPDUs of Switch B ports are updated as follows.
Operation Manual - STP Quidway S3000-EI Series Ethernet Switches Chapter 1 MSTP Region-configuration Switch A with priority 0 AP1 5 BP1 Switch B with priority 1 BP2 4 CP2 Switch C with priority 2 Figure 1-5 The final stabilized spanning tree To facilitate the descriptions, the description of the example is simplified. For example, the root ID and the designated switch ID in actual calculation should comprise both switch priority and switch MAC address.
Operation Manual - STP Quidway S3000-EI Series Ethernet Switches Chapter 1 MSTP Region-configuration secondary root bridge, ROOT PROTECTION, BPDU PROTECTION, protocol hot swapping, master/slave switchover, and so on. 1.
Operation Manual - STP Quidway S3000-EI Series Ethernet Switches Chapter 1 MSTP Region-configuration CIST is spanning tree instance 0. 1.2.1 Configure the MST Region for a Switch Which MST region a switch belongs to is determined with the configurations of the region name, VLAN mapping table, and MSTP revision level. You can perform the following configurations to put a switch into an MST region. Follow the procedure listed in the table below and perform these configurations from system view. I.
Operation Manual - STP Quidway S3000-EI Series Ethernet Switches Chapter 1 MSTP Region-configuration same MST region name, STI-VLAN mapping tables of an MST region, and the MST region revision level. Configuring the related parameters, especially the VLAN mapping table, of the MST region, will lead to the recalculation of spanning tree and network topology flapping.
Operation Manual - STP Quidway S3000-EI Series Ethernet Switches Chapter 1 MSTP Region-configuration Specify current switch as the secondary root switch of the specified spanning tree. stp [ instance secondary [ bridgenum ] centi-senconds ] Specify current switch not to be the primary or secondary root.
Operation Manual - STP Quidway S3000-EI Series Ethernet Switches Chapter 1 MSTP Region-configuration 1.2.3 Configure the MSTP Running Mode MSTP and RSTP are compatible and they can recognize the packets of each other. However, STP cannot recognize MSTP packets. To implement the compatibility, MSTP provides two operation modes, STP-compatible mode and MSTP mode. In STP-compatible mode, the switch sends STP packets via every port and serves as a region itself.
Operation Manual - STP Quidway S3000-EI Series Ethernet Switches Chapter 1 MSTP Region-configuration Restore the default Bridge priority of the designated switch. undo stp [ instance instance-id ] bridge-priority When configuring the switch priority with the instance instance-id parameter as 0, you are configuring the CIST priority of the switch.
Operation Manual - STP Quidway S3000-EI Series Ethernet Switches Chapter 1 MSTP Region-configuration 1.2.6 Configure the Switching Network Diameter Any two hosts on the switching network are connected with a specific path carried by a series of switches. Among these paths, the one passing more switches than all others is the network diameter, expressed as the number of passed switches. You can use the following command to configure the diameter of the switching network.
Operation Manual - STP Quidway S3000-EI Series Ethernet Switches Chapter 1 MSTP Region-configuration Perform the following configuration in system view. Table 1-9 Configure the time parameters of a switch Operation Command Configure Forward Delay on the switch. stp timer forward-delay centiseconds Restore the default Forward Delay of the switch. undo stp timer forward-delay Configure Hello Time on the switch. stp timer hello centiseconds Restore the default Hello Time on the switch.
Operation Manual - STP Quidway S3000-EI Series Ethernet Switches Chapter 1 MSTP Region-configuration 2 * (forward-delay - 1seconds) >= maximum-age maximum-age >= 2 * (hello + 1.0 seconds) You are recommended to use the stp root primary command to specify the network diameter and Hello Time of the switching network, thus MSTP will automatically calculate and give the rather desirable values. By default, Forward Delay is 15 seconds, Hello Time is 2 seconds, and Max Age is 20 seconds. 1.2.
Operation Manual - STP Quidway S3000-EI Series Ethernet Switches Chapter 1 MSTP Region-configuration This parameter only takes a relative value without units. If it is set too large, too many packets will be transmitted during every Hello Time and too many network resourced will be occupied. The default value is recommended. By default, the max transmission speed on every Ethernet port of the switch is 3. 1.2.
Operation Manual - STP Quidway S3000-EI Series Ethernet Switches Chapter 1 MSTP Region-configuration will be disabled. The configuration of this parameter takes effect on all the STIs. In other words, if a port is configured as an EdgedPort or Non- EdgedPort, it is configured the same on all the STIs. It is better to configure the BPDU protection on the edged port, so as to prevent the switch from being attacked.
Operation Manual - STP Quidway S3000-EI Series Ethernet Switches Chapter 1 MSTP Region-configuration Table 1-15 Configure the Path Cost of a port Operation Command Configure the Path Cost of a port stp [ instance instance-id ] cost cost Restore the default path cost of a port. undo stp [ instance instance-id ] cost You can configure the path cost of a port with either of the above-mentioned measures. For more about the commands, refer to the Command Manual.
Operation Manual - STP Quidway S3000-EI Series Ethernet Switches Chapter 1 MSTP Region-configuration You can configure the port priority with either of the above-mentioned measures. For more about the commands, refer to the Command Manual. Upon the change of port priority, MSTP will recalculate the port role and transit the state. Generally, a smaller value represents a higher priority.
Operation Manual - STP Quidway S3000-EI Series Ethernet Switches Chapter 1 MSTP Region-configuration Configure the port not to connect with the point-to-point link. stp force-false Configure MSTP to automatically detect if the port is directly connected with the point-to-point link. stp point-to-point auto Configure MSTP to automatically detect if the port is directly connected with the point-to-point link, as defaulted.
Operation Manual - STP Quidway S3000-EI Series Ethernet Switches Chapter 1 MSTP Region-configuration I. Configure in system view Perform the following configuration in system view. Table 1-20 Configure the mCheck variable of a port Operation Command Perform mCheck operation on a port. stp interface interface-list mcheck II. Configure in Ethernet port view Perform the following configuration in Ethernet port view.
Operation Manual - STP Quidway S3000-EI Series Ethernet Switches Chapter 1 MSTP Region-configuration high-speed link may be pulled to the low-speed link and congestion will occur on the network. Root protection function is used against such problem. III. loop protection The root port and other blocked ports maintain their state according to the BPDUs send by uplink switch. Once the link is blocked or has trouble, then the ports cannot receive BPDUs and the switch will select root port again.
Operation Manual - STP Quidway S3000-EI Series Ethernet Switches Chapter 1 MSTP Region-configuration Restore the disabled Root protection state as defaulted (from Ethernet port view) undo stp root-protection Configure switch loop protection function (from Ethernet port view) stp loop-protection Restore the disabled loop protection state, as defaulted (from Ethernet port view) stp loop-protection Configure switch TC protection (from system view) stp tc-protection enable Disabled TC protection state
Operation Manual - STP Quidway S3000-EI Series Ethernet Switches Chapter 1 MSTP Region-configuration 1.2.16 Enable/Disable MSTP on a Port You can use the following command to enable/disable MSTP on a port. You may disable MSTP on some Ethernet ports of a switch to spare them from spanning tree calculation. This is a measure to flexibly control MSTP operation and save the CPU resources of the switch. MSTP can be enabled/disabled on a port through the following ways. I.
Operation Manual - STP Quidway S3000-EI Series Ethernet Switches Chapter 1 MSTP Region-configuration Table 1-26 Display and Debug MSTP Operation Command Show the configuration information about the current port and the switch. display stp [ instance instance-id ] [ interface interface-list | slot slot-num ] [ brief ] Show the configuration information about the region. display stp region-configuration Clear the information.
Operation Manual - Security Quidway S3000-EI Series Ethernet Switches Table of Contents Table of Contents Chapter 1 802.1x Configuration ................................................................................................... 1-1 1.1 802.1x Overview ................................................................................................................ 1-1 1.1.1 802.1x Standard Overview...................................................................................... 1-1 1.1.2 802.
Operation Manual - Security Quidway S3000-EI Series Ethernet Switches Table of Contents 2.2.8 Configuring Dynamic VLAN with RADIUS Server................................................... 2-8 2.3 Configuring RADIUS Protocol.......................................................................................... 2-10 2.3.1 Creating/Deleting a RADIUS scheme ................................................................... 2-10 2.3.2 Setting IP Address and Port Number of RADIUS Server....................
Operation Manual - Security Quidway S3000-EI Series Ethernet Switches Chapter 1 802.1x Configuration Chapter 1 802.1x Configuration 1.1 802.1x Overview 1.1.1 802.1x Standard Overview IEEE 802.1x (hereinafter simplified as 802.1x) is a port-based network access control protocol that is used as the standard for LAN user access authentication.
Operation Manual - Security Quidway S3000-EI Series Ethernet Switches Chapter 1 802.1x Configuration exchange information through the EAPoL (Extensible Authentication Protocol over LANs) frame defined by IEEE 802.1x. Authentication data are encapsulated in the EAP frame, which is to be encapsulated in the packets of other AAA upper layer protocols (e.g. RADIUS) so as to go through the complicated network to reach the Authentication Server. Such procedure is called EAP Relay.
Operation Manual - Security Quidway S3000-EI Series Ethernet Switches Chapter 1 802.1x Configuration EAPoL-Encapsulated-ASF-Alert is related to the network management information and terminated by the Authenticator. 802.1x provides an implementation solution of user ID authentication. However, 802.1x itself is not enough to implement the scheme. The administrator of the access device should configure the AAA scheme by selecting RADIUS or local authentication so as to assist 802.
Operation Manual - Security Quidway S3000-EI Series Ethernet Switches Chapter 1 802.1x Configuration z Configuring 802.1x dynamic user binding z Setting the maximum times of authentication request message retransmission z Configuring timers z Enabling/disabling a quiet-period timer Among the above tasks, the first one is compulsory, otherwise 802.1x will not take any effect. The other tasks are optional. You can perform the configurations at requirements. 1.2.1 Enabling/Disabling 802.
Operation Manual - Security Quidway S3000-EI Series Ethernet Switches Chapter 1 802.1x Configuration By default, the mode of 802.1x performing access control on the port is auto (automatic identification mode, which is also called protocol control mode). That is, the initial state of the port is unauthorized. It only permits EAPoL packets receiving/transmitting and does not permit the user to access the network resources.
Operation Manual - Security Quidway S3000-EI Series Ethernet Switches Chapter 1 802.1x Configuration globally enabling proxy user detection and control in system view, only if you enable this feature on a specific port can this configuration take effects on the port. 1.2.5 Setting the Supplicant Number on a Port The following commands are used for setting number of users allowed by 802.1x on specified port. When no port is specified, all the ports accept the same number of supplicants.
Operation Manual - Security Quidway S3000-EI Series Ethernet Switches Chapter 1 802.1x Configuration must support PAP authentication), CHAP authentication (RADIUS server must support CHAP authentication), EAP relay authentication (switch send authentication information to RADIUS server in the form of EAP packets directly and RADIUS server must support EAP authentication).
Operation Manual - Security Quidway S3000-EI Series Ethernet Switches Chapter 1 802.1x Configuration Table 1-8 Enabling/disabling Guest VLAN Operation Command Enabling Guest VLAN dot1x guest-vlan vlan-id [ interface interface-list ] Disabling Guest VLAN undo dot1x guest-vlan vlan-id [ interface interface-list ] Note the following: z Guest VLAN is only supported in the port-based authentication mode. z A switch only can be configured with one Guest VLAN.
Operation Manual - Security Quidway S3000-EI Series Ethernet Switches Chapter 1 802.1x Configuration port view, the interface-list parameter cannot be specified, and you can use command only to enable the feature on the current interface. II. Configuring 802.1x re-authentication timeout timer The period of re-authentication is decided by the following two modes: 1) The switch takes the session-timeout value in the access-accept packet as the authentication period.
Operation Manual - Security Quidway S3000-EI Series Ethernet Switches Chapter 1 802.1x Configuration By default, 802.1x client version authentication is disabled on all ports. In system view, if the interface-list parameter is not specified, it means that to enable the 802.1x client version authentication feature on all interfaces; if the interface-list parameter is specified, it means that to enable the feature on the specified interfaces.
Operation Manual - Security Quidway S3000-EI Series Ethernet Switches Chapter 1 802.1x Configuration 1.2.11 Configuring 802.1x Dynamic User Binding I. Overview 802.1x dynamic user binding enables a switch to dynamically bind the IP address, the MAC address, the accessing port, and the VLAN to which the accessing port belongs after an 802.1x user passes the authentication. And the switch then only permits the packets that match all these four items.
Operation Manual - Security Quidway S3000-EI Series Ethernet Switches Chapter 1 802.1x Configuration III. Configuration Procedure Table 1-14 Configure 802.1x dynamic user binding Operation Command Remarks Enter system view system-view — Enable 802.1x dynamic user binding dot1x dynamic-binding-user enable Required. 802.1x dynamic user binding is disabled by default.
Operation Manual - Security Quidway S3000-EI Series Ethernet Switches Chapter 1 802.1x Configuration Table 1-15 Setting the maximum times of the authentication request message retransmission Operation Command Set the maximum times of the authentication request message retransmission dot1x retry max-retry-value Restore the default maximum retransmission times undo dot1x retry By default, the max-retry-value is 3.
Operation Manual - Security Quidway S3000-EI Series Ethernet Switches Chapter 1 802.1x Configuration server-timeout: Specify the timeout timer of an Authentication Server. If an Authentication Server has not responded before the specified period expires, the Authenticator will resend the authentication request. server-timeout-value: Specify how long the duration of a timeout timer of an Authentication Server is. The value ranges from 100 to 300 in units of second and defaults to 100 seconds.
Operation Manual - Security Quidway S3000-EI Series Ethernet Switches Chapter 1 802.1x Configuration Table 1-17 Enabling/disabling a quiet-period timer Operation Command Enable a quiet-period timer dot1x quiet-period Disable a quiet-period timer undo dot1x quiet-period By default, quiet-period timer is disabled. 1.3 Displaying and Debugging 802.
Operation Manual - Security Quidway S3000-EI Series Ethernet Switches Chapter 1 802.1x Configuration accessed, the domain name does not follow the user name. Normally, if the user’s traffic is less than 2kbps consistently over 20 minutes, he will be disconnected. A server group, consisting of two RADIUS servers at 10.11.1.1 and 10.11.1.2 respectively, is connected to the switch. The former one acts as the primary-authentication/secondary-accounting server.
Operation Manual - Security Quidway S3000-EI Series Ethernet Switches Chapter 1 802.1x Configuration # Enable the 802.1x performance on the specified port Ethernet 0/1. [Quidway] dot1x interface Ethernet 0/1 # Set the access control mode. (This command could not be configured, when it is configured as MAC-based by default.) [Quidway] dot1x port-method macbased interface Ethernet 0/1 # Create the RADIUS scheme radius1 and enters its view.
Operation Manual - Security Quidway S3000-EI Series Ethernet Switches Chapter 1 802.1x Configuration # Set a limit of 30 users to the domain huawei163.net. [Quidway-isp-huawei163.net] access-limit enable 30 # Enable idle cut function for the user and set the idle cut parameter in the domain huawei163.net. [Quidway-isp-huawei163.net] idle-cut enable 20 2000 # Add a local supplicant and sets its parameter.
Operation Manual - Security Quidway S3000-EI Series Ethernet Switches Chapter 2 AAA and RADIUS Protocol Configuration Chapter 2 AAA and RADIUS Protocol Configuration 2.1 AAA and RADIUS Protocol Overview 2.1.1 AAA Overview Authentication, Authorization and Accounting (AAA) provide a uniform framework used for configuring these three security functions to implement the network security management.
Operation Manual - Security Quidway S3000-EI Series Ethernet Switches Chapter 2 AAA and RADIUS Protocol Configuration After RADIUS system is started, if the user wants to have right to access other network or consume some network resources through connection to NAS (dial-in access server in PSTN environment or Ethernet switch with access function in Ethernet environment), NAS, namely RADIUS client end, will transmit user AAA request to the RADIUS server.
Operation Manual - Security Quidway S3000-EI Series Ethernet Switches Chapter 2 AAA and RADIUS Protocol Configuration Authentication Server PC user1 PC user2 S3000-EI series ISP1 S2000-SI series Accounting Server1 Accounting Server2 PC user3 S3000-EI series PC user4 Authentication Server Internet Internet ISP2 S2000-SI series Accounting Server Figure 2-1 Networking when S3000-EI Series Ethernet Switches applying RADIUS authentication 2.
Operation Manual - Security Quidway S3000-EI Series Ethernet Switches Chapter 2 AAA and RADIUS Protocol Configuration ISP. Because the attributes of ISP users, such as username and password formats, etc, may be different, it is necessary to differentiate them through setting ISP domain. In Quidway Series Switches ISP domain view, you can configure a complete set of exclusive ISP domain attributes on a per-ISP domain basis, which includes AAA policy ( RADIUS scheme applied etc.
Operation Manual - Security Quidway S3000-EI Series Ethernet Switches z Chapter 2 AAA and RADIUS Protocol Configuration Perform the following configurations in ISP domain view.
Operation Manual - Security Quidway S3000-EI Series Ethernet Switches Chapter 2 AAA and RADIUS Protocol Configuration Restore the messenger alert as the default setting undo messenger time By default, messenger alert is disabled on the switch. 2.2.4 Configuring Self-Service Server URL The self-service-url enable command can be used to configure self-service server uniform resource locator (URL). This command must be incorporated with a RADIUS server that supports self-service.
Operation Manual - Security Quidway S3000-EI Series Ethernet Switches Chapter 2 AAA and RADIUS Protocol Configuration Table 2-5 Creating/Deleting a local user and relevant properties Operation Command Add local users local-user user-name Delete all the local users undo local-user all Delete a local user specifying its type by undo local-user { user-name | all [ service-type { lan-access | ftp | telnet | ssh } ] } By default, there is no local user in the system. 2.2.
Operation Manual - Security Quidway S3000-EI Series Ethernet Switches Chapter 2 AAA and RADIUS Protocol Configuration Operation Command Set a service type for the specified user service-type { ftp [ ftp-directory directory ] | lan-access | { ssh | telnet }* [ level level ] } Cancel the service type of the specified user undo service-type { ftp [ ftp-directory ] | lan-access | { ssh | telnet }* [ level ] } Configure the attributes of lan-access users attribute { ip ip-address | mac mac-address | idl
Operation Manual - Security Quidway S3000-EI Series Ethernet Switches z Chapter 2 AAA and RADIUS Protocol Configuration String ID: The switch compares the string ID delivered from the server with the VLAN names existing on the switch. If a matching entry is found, the switch adds the port into the corresponding VLAN. Otherwise, the delivery fails and the user cannot pass the authentication. Note: z For the string delivery mode, the VLAN to be delivered must be an existing one on the switch.
Operation Manual - Security Quidway S3000-EI Series Ethernet Switches Chapter 2 AAA and RADIUS Protocol Configuration 2.3 Configuring RADIUS Protocol For the Quidway Series Switches, the RADIUS protocol is configured on the per RADIUS scheme basis. In real networking environment, a RADIUS scheme can be an independent RADIUS server or a set of primary/second RADIUS servers with the same configuration but two different IP addresses.
Operation Manual - Security Quidway S3000-EI Series Ethernet Switches Chapter 2 AAA and RADIUS Protocol Configuration Table 2-11 Creating/Deleting a RADIUS scheme Operation Command Create a RADIUS scheme and enter its view radius scheme radius-scheme-name Delete a RADIUS scheme undo radius scheme radius-scheme-name Several ISP domains can use a RADIUS scheme at the same time. You can configure up to 16 RADIUS schemes, including the default scheme named as system.
Operation Manual - Security Quidway S3000-EI Series Ethernet Switches Chapter 2 AAA and RADIUS Protocol Configuration Operation Command Set IP address and port number of second RADIUS accounting server. accounting secondary ip-address [ port-number ] Restore IP address and port number of second RADIUS accounting server or server to the default values. undo secondary accounting In real networking environments, the above parameters shall be set according to the specific requirements.
Operation Manual - Security Quidway S3000-EI Series Ethernet Switches Chapter 2 AAA and RADIUS Protocol Configuration Table 2-13 Setting RADIUS packet encryption key Operation Command Set RADIUS authentication/authorization packet encryption key key authentication string Restore the default RADIUS authentication/authorization packet encryption key.
Operation Manual - Security Quidway S3000-EI Series Ethernet Switches Chapter 2 AAA and RADIUS Protocol Configuration Table 2-15 Setting retransmission times of RADIUS request packet Operation Command Set retransmission times of RADIUS request packet retry retry-times Restore the default value of retransmission times undo retry By default, RADIUS request packet will be retransmitted up to three times. 2.3.
Operation Manual - Security Quidway S3000-EI Series Ethernet Switches Chapter 2 AAA and RADIUS Protocol Configuration The parameter minutes specifies the real-time accounting interval in minutes. The value shall be a multiple of 3. The value of minutes is related to the performance of NAS and RADIUS server. The smaller the value is, the higher the performances of NAS and RADIUS are required. When there are a large amount of users (more than 1000, inclusive), we suggest a larger value.
Operation Manual - Security Quidway S3000-EI Series Ethernet Switches Chapter 2 AAA and RADIUS Protocol Configuration How to calculate the value of retry-times? Suppose that RADIUS server connection will timeout in T and the real-time accounting interval of NAS is t, then the integer part of the result from dividing T by t is the value of count. Therefore, when applied, T is suggested the numbers which can be divided exactly by t.
Operation Manual - Security Quidway S3000-EI Series Ethernet Switches Chapter 2 AAA and RADIUS Protocol Configuration Table 2-21 Setting the maximum retransmitting times of stopping accounting request Operation Command Set the maximum retransmitting times of stopping accounting request retry retry-times Restore the maximum retransmitting times of stopping accounting request to the default value undo retry stop-accounting stop-accounting By default, the stopping accounting request can be retransmitt
Operation Manual - Security Quidway S3000-EI Series Ethernet Switches Chapter 2 AAA and RADIUS Protocol Configuration Perform the following configurations in RADIUS scheme view.
Operation Manual - Security Quidway S3000-EI Series Ethernet Switches Chapter 2 AAA and RADIUS Protocol Configuration 2.3.14 Setting the Unit of Data Flow that Transmitted to RADIUS Server The following command defines the unit of the data flow sent to RADIUS server. Perform the following configurations in RADIUS scheme view.
Operation Manual - Security Quidway S3000-EI Series Ethernet Switches Chapter 2 AAA and RADIUS Protocol Configuration 2.4 Displaying and Debugging AAA and RADIUS Protocol After the above configuration, execute display command in any view to display the running of the AAA and RADIUS configuration, and to verify the effect of the configuration. Execute reset command in user view to reset AAA and RADIUS statistics, etc. Execute debugging command in user view to debug AAA and RADIUS.
Operation Manual - Security Quidway S3000-EI Series Ethernet Switches Chapter 2 AAA and RADIUS Protocol Configuration Operation Command Disable debugging of local RADIUS authentication server undo debugging local-server { all | error | event packet } 2.5 AAA and RADIUS Protocol Configuration Examples For the hybrid configuration example of AAA/RADIUS protocol and 802.1x protocol, refer to Configuration Example in 802.1x Configuration. It will not be detailed here. 2.5.
Operation Manual - Security Quidway S3000-EI Series Ethernet Switches Chapter 2 AAA and RADIUS Protocol Configuration II. Networking Topology Authentication Servers ( IP address:10.110.91.164 ) Switch Internet Internet telnet user Figure 2-2 Configuring remote RADIUS authentication for Telnet users III. Configurtion Schedule # Add a Telnet user. Omitted Note: For details about configuring FTP and Telnet users, refer to User Interface Configuration in Getting Started.
Operation Manual - Security Quidway S3000-EI Series Ethernet Switches Chapter 2 AAA and RADIUS Protocol Configuration 2.5.2 Configuring FTP/Telnet User Authentication at Local RADIUS Server Local RADIUS authentication of Telnet/FTP users is similar to remote RADIUS authentication. But you should modify the server IP address to 127.0.0.1, authentication password to Huawei, the UDP port number of the authentication server to 1645.
Operation Manual - Security Quidway S3000-EI Series Ethernet Switches Chapter 2 AAA and RADIUS Protocol Configuration # Configure name of the delivered VLAN. [Quidway-vlan100] name test 5) Configure on the Windows IAS server the VLAN delivery mode to string and the name of the delivered VLAN to “test”. 2.6 AAA and RADIUS Protocol Fault Diagnosis and Troubleshooting RADIUS protocol of TCP/IP protocol suite is located on the application layer.
Operation Manual - Security Quidway S3000-EI Series Ethernet Switches 2) Chapter 2 AAA and RADIUS Protocol Configuration The accounting service and authentication/authorization service are provided on different servers, but NAS requires the services to be provided on one server (by specifying the same IP address). So please make sure the settings of servers are consistent with the actual conditions.
Operation Manual - Security Quidway S3000-EI Series Ethernet Switches Chapter 3 HABP Configuration Chapter 3 HABP Configuration 3.1 HABP Overview If 802.1x attribute is configured at a switch, on a switch, 802.1x will run authentication at those ports where 802.1x is enabled. Only those which pass the authentication are able to forward packets. For those ports where 802.1x authentication is skipped, packets will be filtered by 802.1x attribute, so the management over them is also impossible.
Operation Manual - Security Quidway S3000-EI Series Ethernet Switches Chapter 3 HABP Configuration Table 3-1 Configuring HABP server Operation Command Enable HABP attribute habp enable Restore HABP attribute to the default value undo habp enable Configure the switch as HABP Server habp server vlan vlan-id Delete HABP Server configuration undo habp server Set time interval for HABP request transmission habp timer interval Restore the time interval to the default value undo habp timer By defau
Operation Manual - Security Quidway S3000-EI Series Ethernet Switches Chapter 3 HABP Configuration Operation Command Enable HABP debugging debugging habp Disable HABP debugging undo debugging habp Huawei Technologies Proprietary 3-3
Operation Manual - Network Protocol Quidway S3000-EI Series Ethernet Switches Table of Contents Table of Contents Chapter 1 ARP Configuration....................................................................................................... 1-1 1.1 Introduction to ARP............................................................................................................ 1-1 1.2 Configure ARP ...........................................................................................................
Operation Manual - Network Protocol Quidway S3000-EI Series Ethernet Switches Table of Contents Chapter 6 IP Performance Configuration.................................................................................... 6-1 6.1 IP Performance Configuration ........................................................................................... 6-1 6.1.1 Configure TCP Attributes ........................................................................................ 6-1 6.
Operation Manual - Network Protocol Quidway S3000-EI Series Ethernet Switches Chapter 1 ARP Configuration Chapter 1 ARP Configuration 1.1 Introduction to ARP I. Necessity of ARP An IP address cannot be directly used for communication between network devices because network devices can only identify MAC addresses. An IP address is only an address of a host in the network layer. To send the data packets transmitted through the network layer to the destination host, physical address of the host is required.
Operation Manual - Network Protocol Quidway S3000-EI Series Ethernet Switches Chapter 1 ARP Configuration Normally, dynamic ARP executes and automatically searches for the resolution from the IP address to the Ethernet MAC address without the administrator. 1.2 Configure ARP The ARP mapping table can be maintained dynamically or manually. Usually, the manually configured mapping from the IP addresses to the MAC addresses is known as static ARP.
Operation Manual - Network Protocol Quidway S3000-EI Series Ethernet Switches Chapter 1 ARP Configuration Table 1-2 Configure the dynamic ARP aging timer Operation Command Configure the dynamic ARP aging timer arp timer aging aging-time restore the default dynamic ARP aging time undo arp timer aging By default, the aging time of dynamic ARP aging timer is 20 minutes. 1.2.
Operation Manual - Network Protocol Quidway S3000-EI Series Ethernet Switches Chapter 1 ARP Configuration network, so all hosts on the network must do this every time the ARP request is sent. Characteristics of gratuitous ARP packets: The source and destination IP addresses are all native addresses, and the source z MAC address of the packet is native MAC address.
Operation Manual - Network Protocol Quidway S3000-EI Series Ethernet Switches Chapter 1 ARP Configuration Table 1-5 Display and debug ARP Operation Command Display ARP mapping table display arp [ static | dynamic | ip-address ] Display the current setting of the dynamic ARP map aging timer display arp timer aging Reset ARP mapping table reset arp [ dynamic | static | interface { interface-type interface-number | interface-name } ] Enable ARP debugging information debugging arp packet Disable AR
Operation Manual - Network Protocol Quidway S3000-EI Series Ethernet Switches Chapter 2 DHCP-Snooping Configuration Chapter 2 DHCP-Snooping Configuration 2.1 DHCP-Snooping Overview For security, the IP addresses used by online users may be recorded to confirm the association between the users’ IP addresses and their MAC addresses.
Operation Manual - Network Protocol Quidway S3000-EI Series Ethernet Switches Chapter 2 DHCP-Snooping Configuration Table 2-1 Enable/Disable the DHCP-Snooping function of the switch Operation Command Enable the DHCP-Snooping function of the switch dhcp-snooping Disable the DHCP-Snooping function of the switch undo dhcp-snooping By default, the switch does not enable DHCP-Snooping function. 2.2.2 Setting the Port as Trusted Port Perform the following configuration in Ethernet port view.
Operation Manual - Network Protocol Quidway S3000-EI Series Ethernet Switches Chapter 3 DHCP Client Configuration Chapter 3 DHCP Client Configuration 3.1 Overview of DHCP Client With expansion of network size and complication of network structure, network configuration becomes more and more complex. It is often the case that computers change physical positions frequently (portable computers and wireless networks for example) and that computers exceed the IP addresses available.
Operation Manual - Network Protocol Quidway S3000-EI Series Ethernet Switches z Chapter 3 DHCP Client Configuration Select stage, the stage when the client selects the IP address. If several DHCP servers send DHCP_Offer messages to the client, the client only accepts the first received one and then broadcasts DHCP_Request messages respectively to those DHCP servers. The message contains the information of IP address request from the selected DHCP server.
Operation Manual - Network Protocol Quidway S3000-EI Series Ethernet Switches Chapter 3 DHCP Client Configuration 3.2.1 Configuring a VLAN Interface to Obtain IP Address Using DHCP Perform the following configuration in VLAN interface view.
Operation Manual - Network Protocol Quidway S3000-EI Series Ethernet Switches Chapter 4 BOOTP Client Configuration Chapter 4 BOOTP Client Configuration 4.1 Overview of BOOTP Client BOOTP client can request the server to allocate an IP address to it using BOOTP (bootstrap protocol).
Operation Manual - Network Protocol Quidway S3000-EI Series Ethernet Switches Chapter 4 BOOTP Client Configuration 4.3 Displaying and Debugging BOOTP Client After the above configuration, execute display command in any view to display the running of the BOOTP client configuration, and to verify the effect of the configuration. Execute debugging command in user view to debug BOOTP client.
Operation Manual - Network Protocol Quidway S3000-EI Series Ethernet Switches Chapter 5 Access Management Configuration Chapter 5 Access Management Configuration 5.1 Access Management Overview One of the typical Ethernet access networking scenario is that the users access external network through the Ethernet switches. In this case, the external network is connected to the Ethernet switch. The Ethernet switch connects to the Hubs, each of which centralizes several PCs.
Operation Manual - Network Protocol Quidway S3000-EI Series Ethernet Switches Chapter 5 Access Management Configuration z Enable access management function z Configure Layer 2 isolation between ports z Configure port, IP address and MAC address binding 5.2.1 Enable Access Management Function You can use the following command to enable access management function.
Operation Manual - Network Protocol Quidway S3000-EI Series Ethernet Switches Chapter 5 Access Management Configuration meanwhile the packet with specified IP address can only pass through the specified port. z Port+MAC binding: binding the packet’s receiving port and its source MAC address. The specified port will only allow the packet with specified MAC address to pass; meanwhile the packet with specified MAC address can only pass through the specified port.
Operation Manual - Network Protocol Quidway S3000-EI Series Ethernet Switches Chapter 5 Access Management Configuration 5.3 Display and debug Access Management After the above configuration, execute display command in any view to display the current configurations of access management on the ports, and to verify the effect of the configuration.
Operation Manual - Network Protocol Quidway S3000-EI Series Ethernet Switches Chapter 6 IP Performance Configuration Chapter 6 IP Performance Configuration 6.1 IP Performance Configuration IP performance configuration includes: Configure TCP attributes 6.1.1 Configure TCP Attributes TCP attributes that can be configured include: z synwait timer: When sending the syn packets, TCP starts the synwait timer. If response packets are not received before synwait timeout, the TCP connection will be terminated.
Operation Manual - Network Protocol Quidway S3000-EI Series Ethernet Switches Chapter 6 IP Performance Configuration By default, the TCP finwait timer is 675 seconds, the synwait timer is 75 seconds, and the receiving/sending buffer size of connection-oriented Socket is 8K bytes. 6.2 Display and debug IP Performance After the above configuration, execute display command in any view to display the running of the IP Performance configuration, and to verify the effect of the configuration.
Operation Manual - Network Protocol Quidway S3000-EI Series Ethernet Switches z Chapter 6 IP Performance Configuration Use the debugging tcp packet command to enable the TCP debugging to trace the TCP packets. Operations include: [Quidway] terminal debugging debugging tcp packet Then the TCP packets received or sent can be checked in real time. Specific packet formats include: TCP output packet: Source IP address:202.38.160.1 Source port:1024 Destination IP Address 202.38.160.
Operation Manual - System Management Quidway S3000-EI Series Ethernet Switches Table of Contents Table of Contents Chapter 1 File System Management............................................................................................ 1-1 1.1 File System ........................................................................................................................ 1-1 1.1.1 File System Overview .............................................................................................
Operation Manual - System Management Quidway S3000-EI Series Ethernet Switches Table of Contents 3.2 Device Management Configuration ................................................................................... 3-1 3.2.1 Reboot Ethernet Switch .......................................................................................... 3-1 3.2.2 Designate the APP Adopted When Booting the Ethernet Switch Next Time.......... 3-1 3.2.3 Upgrade BootROM.......................................................
Operation Manual - System Management Quidway S3000-EI Series Ethernet Switches Table of Contents 5.3.9 Set/Delete an SNMP Group .................................................................................... 5-6 5.3.10 Set the Source Address of Trap............................................................................ 5-6 5.3.11 Add/Delete a User to/from an SNMP Group ......................................................... 5-7 5.3.12 Create/Update View Information or Deleting a View..........
Operation Manual - System Management Quidway S3000-EI Series Ethernet Switches Chapter 1 File System Management Chapter 1 File System Management 1.1 File System 1.1.1 File System Overview The Ethernet switch provides a file system module for user’s efficient management over the storage devices such as flash memory. The file system offers file access and directory management, mainly including creating the file system, creating, deleting, modifying and renaming a file or a directory and opening a file.
Operation Manual - System Management Quidway S3000-EI Series Ethernet Switches Chapter 1 File System Management 1.1.3 File Operation The file system can be used to delete or undelete a file and permanently delete a file. Also, it can be used to display file contents, rename, copy and move a file and display the information about a specified file. You can use the following commands to perform file operations. Perform the following configuration in user view.
Operation Manual - System Management Quidway S3000-EI Series Ethernet Switches Chapter 1 File System Management Table 1-4 File system operation Operation Command Set the file system prompt mode. file prompt { alert | quiet } 1.2 Configure File Management 1.2.1 Configure File Management Overview The management module of configuration file provides a user-friendly operation interface.
Operation Manual - System Management Quidway S3000-EI Series Ethernet Switches Chapter 1 File System Management Table 1-5 Display the configurations of the Ethernet switch Operation Command Display the saved-configuration information of the Ethernet switch display saved-configuration Display the current-configuration information of the Ethernet switch display current-configuration [ controller | interface interface-type [ interface-number ] | configuration [ post-system | system | user-interface ] ]
Operation Manual - System Management Quidway S3000-EI Series Ethernet Switches Chapter 1 File System Management The configuration files in flash are damaged. (A common case is that a wrong z configuration file has been downloaded.) 1.3 FTP 1.3.1 FTP Overview FTP is a common way to transmit files on the Internet and IP network. Before the World Wide Web (WWW), files were transmitted in the command line mode and FTP was the most popular application.
Operation Manual - System Management Quidway S3000-EI Series Ethernet Switches Chapter 1 File System Management Table 1-9 Configuration of the switch as FTP server Device Switch Configuration Default Description Start FTP server. FTP server is disabled. You can view the configuration information of FTP server with the ftp-server command. Configure authentication and authorization for FTP server. -- Configure username, password and authorized directory for FTP users. Configure parameters server.
Operation Manual - System Management Quidway S3000-EI Series Ethernet Switches Chapter 1 File System Management Table 1-11 Configure the FTP Server Authentication and Authorization Operation Command Create new local user and enter local user view(system view) local-user username Delete local user(system view) undo local-user [ username | all [ service-type ftp ] ] Configure password for local user(local user view) password [ cipher | simple ] password Configure service type user(local user view)
Operation Manual - System Management Quidway S3000-EI Series Ethernet Switches Chapter 1 File System Management Table 1-13 Display and debug FTP Server Operation Command Display FTP server display ftp-server Display the connected FTP users. display ftp-user The display ftp-server command can be used for displaying the configuration information about the current FTP server, including the maximum amount of users supported by FTP server and the FTP connection timeout.
Operation Manual - System Management Quidway S3000-EI Series Ethernet Switches Chapter 1 File System Management III. Configuration procedure 1) Configure FTP server parameters on the PC: a user named as switch, password hello, read & write authority over the Switch directory on the PC. 2) Configure the switch # Log into the switch (locally through the Console port or remotely using Telnet).
Operation Manual - System Management Quidway S3000-EI Series Ethernet Switches Chapter 1 File System Management reboot 1.3.8 FTP server configuration example I. Networking requirement Switch serves as FTP server and the remote PC as FTP client. The configuration on FTP server: Configure a FTP user named as switch, with password hello and with read & write authority over the flash root directory on the PC. The IP address of a VLAN interface on the switch is 1.1.1.1, and that of the PC is 2.2.2.
Operation Manual - System Management Quidway S3000-EI Series Ethernet Switches Chapter 1 File System Management Caution: If the flash memory of the switch is not enough, you need to first delete the existing programs in the flash memory and then upload the new ones. 3) When the uploading is completed, initiate file upgrade on the switch. # Use the boot boot-loader command to specify the downloaded program as the application at the next login and reboot the switch.
Operation Manual - System Management Quidway S3000-EI Series Ethernet Switches Chapter 1 File System Management Table 1-14 Configuration of the switch as TFTP client Device Configuration Default Switch PC Description Configure IP address for the VLAN interface of the switch, in the same network segment as that of TFTP server. -- TFTP is right for the case where no complicated interactions are required between the client and server.
Operation Manual - System Management Quidway S3000-EI Series Ethernet Switches Chapter 1 File System Management 1.4.4 Upload Files by means of TFTP To upload a file, the client sends a request to the TFTP server and then transmits data to it and receives the acknowledgement from it. You can use the following commands to upload files. Perform the following configuration in system view. Table 1-17 Upload files by means of TFTP Operation Command Upload files by means of TFTP tftp put mmm.nnn //A.A.A.
Operation Manual - System Management Quidway S3000-EI Series Ethernet Switches Chapter 1 File System Management Caution: If the flash memory of the switch is not enough, you need to first delete the existing programs in the flash memory and then upload the new ones. # Enter system view and download the switch.app from the TFTP server to the flash memory of the switch. system-view [Quidway] # Configure IP address 1.1.1.
Operation Manual - System Management Quidway S3000-EI Series Ethernet Switches Chapter 2 MAC Address Table Management Chapter 2 MAC Address Table Management 2.1 MAC Address Table Management Overview An Ethernet Switch maintains a MAC address table for fast forwarding packets. A table entry includes the MAC address of a device and the port ID of the Ethernet switch connected to it. The dynamic entries (not configured manually) are learned by the Ethernet switch.
Operation Manual - System Management Quidway S3000-EI Series Ethernet Switches Chapter 2 MAC Address Table Management The Ethernet switch also provides the function of MAC address aging. If the switch receives no packet for a period of time, it will delete the related entry from the MAC address table. However, this function takes no effect on the static MAC addresses. You can configure (add or modify) the MAC address entries manually according to the actual networking environment.
Operation Manual - System Management Quidway S3000-EI Series Ethernet Switches Chapter 2 MAC Address Table Management If aging time is set too long, the Ethernet switch will store a great number of out-of-date MAC address tables. This will consume MAC address table resources and the switch will not be able to update MAC address table according to the network change. If aging time is set too short, the Ethernet switch may delete valid MAC address table.
Operation Manual - System Management Quidway S3000-EI Series Ethernet Switches Chapter 2 MAC Address Table Management Restore the default Max Count of MAC Address Learned by a Port undo mac-address max-mac-count By default, there is no limit to the MAC addresses learned via the Ethernet port. 2.
Operation Manual - System Management Quidway S3000-EI Series Ethernet Switches Chapter 2 MAC Address Table Management II. Networking diagram Internet Network Port Console Port Switch Figure 2-2 Typical configuration of address table management III. Configuration procedure # Enter the system view of the switch. system-view # Add a MAC address (specify the native VLAN, port and state).
Operation Manual - System Management Quidway S3000-EI Series Ethernet Switches Chapter 3 Device management Chapter 3 Device management 3.1 Device Management Overview With the device management function, the Ethernet Switch can display the current running state and event debugging information about the slots, thereby implementing the maintenance and management of the state and communication of the physical devices.
Operation Manual - System Management Quidway S3000-EI Series Ethernet Switches Chapter 3 Device management Table 3-2 Designate the APP adopted when booting the Ethernet switch next time Operation Command Designate the APP adopted when booting the Ethernet switch next time boot boot-loader file-url 3.2.3 Upgrade BootROM You can use this command to upgrade the BootROM with the BootROM program in the Flash Memory. This configuration task facilitates the remote upgrade.
Operation Manual - System Management Quidway S3000-EI Series Ethernet Switches Chapter 4 System Maintenance and Debugging Chapter 4 System Maintenance and Debugging 4.1 Basic System Configuration 4.1.1 Set Name for Switch Perform the operation of sysname command in the system view. Table 4-1 set name for Switch Operation Command Set the switch name sysname sysname Restore switch name to default value undo sysname 4.1.
Operation Manual - System Management Quidway S3000-EI Series Ethernet Switches Chapter 4 System Maintenance and Debugging 4.1.4 Set the Summer Time You can set the name, starting and ending time of the summer time. Perform the following operations in the user view.
Operation Manual - System Management Quidway S3000-EI Series Ethernet Switches Chapter 4 System Maintenance and Debugging 4.3 System Debugging 4.3.1 Enable/Disable the Terminal Debugging The Ethernet switch provides various ways for debugging most of the supported protocols and functions, which can help you diagnose and address the errors. The following switches can control the outputs of the debugging information: z Protocol debugging switch controls the debugging output of a protocol.
Operation Manual - System Management Quidway S3000-EI Series Ethernet Switches Chapter 4 System Maintenance and Debugging For more about the usage and format of the debugging commands, refer to the relevant chapters. Note: Since the debugging output will affect the system operating efficiency, do not enable the debugging without necessity, especially use the debugging all command with caution. When the debugging is over, disable all the debugging. 4.3.
Operation Manual - System Management Quidway S3000-EI Series Ethernet Switches Chapter 4 System Maintenance and Debugging packet sequence number, TTL, and the round-trip time of the response packet will be displayed. The final statistics, including the number of the packets the switch sent out and z received, the packet loss ratio, the round-trip time in its minimum value, mean value and maximum value. II.
Operation Manual - System Management Quidway S3000-EI Series Ethernet Switches Chapter 4 System Maintenance and Debugging When the log information is output to info-center, the first part will be “”. For example: <187>Jun 7 05:22:03 2003 Quidway IFNET/6/UPDOWN:Line protocol on interface Ethernet0/2, changed state to UP The description of the components of log information is as follows: 1) Priority The priority is computed according to following formula: facility*8+severity-1.
Operation Manual - System Management Quidway S3000-EI Series Ethernet Switches Chapter 4 System Maintenance and Debugging Notice: There is a blank between sysname and module name.
Operation Manual - System Management Quidway S3000-EI Series Ethernet Switches Chapter 4 System Maintenance and Debugging Severity Description debugging Debugging information Notice: There is a slash between severity and digest. 6) Digest The digest is abbreviation, it represent the abstract of contents. Notice: There is a colon between digest and content. 7) Content It is the contents of logging information. 4.5.2 Info-center Configuration Switch supports 6 output directions of information.
Operation Manual - System Management Quidway S3000-EI Series Ethernet Switches 1) Chapter 4 System Maintenance and Debugging Sending the configuration information to loghost. Table 4-13 Sending the configuration information to loghost Device Configuration Default value Configuration description By default, info-center is enabled. Other configurations are valid only if the info-center is enabled.
Operation Manual - System Management Quidway S3000-EI Series Ethernet Switches 3) Chapter 4 System Maintenance and Debugging Sending the configuration information to monitor terminal Table 4-15 Sending the configuration information to monitor terminal Device Switch Configuration Default value Configuration description Enable info-center By default, info-center is enabled. Other configurations are valid only if the info-center is enabled.
Operation Manual - System Management Quidway S3000-EI Series Ethernet Switches Chapter 4 System Maintenance and Debugging Table 4-17 Sending the configuration information to trap buffer Device Configuration Default value Configuration description Enable info-center By default, info-center is enabled. Other configurations are valid only if the info-center is enabled. Set the information output direction to trapbuffer - You can configure the size of the trap buffer at the same time.
Operation Manual - System Management Quidway S3000-EI Series Ethernet Switches Chapter 4 System Maintenance and Debugging Table 4-19 Turn on/off the information synchronization switch in Fabric Device Switch Configuration Default value Configuration description Enable info-center By default, info-center is enabled. Other configurations are valid only if the info-center is enabled.
Operation Manual - System Management Quidway S3000-EI Series Ethernet Switches Chapter 4 System Maintenance and Debugging Operation Command Cancel the configuration of outputting information to loghost undo info-center loghost host-ip-addr Note: Ensure to enter the correct IP address using the info-center loghost command to configure loghost IP address. If you enter a loopback address, the system prompts of invalid address appears.
Operation Manual - System Management Quidway S3000-EI Series Ethernet Switches Chapter 4 System Maintenance and Debugging Note: If you want to view the debugging information of some modules on the switch, you must select debugging as the information type when configuring information source, meantime using the debugging command to turn on the debugging switch of those modules.
Operation Manual - System Management Quidway S3000-EI Series Ethernet Switches 2) Chapter 4 System Maintenance and Debugging Configuring to output information to console terminal Perform the following operation in system view.
Operation Manual - System Management Quidway S3000-EI Series Ethernet Switches Chapter 4 System Maintenance and Debugging Note: If you want to view the debugging information of some modules on the switch, you must select debugging as the information type when configuring information source, meantime using the debugging command to turn on the debugging switch of those modules.
Operation Manual - System Management Quidway S3000-EI Series Ethernet Switches Chapter 4 System Maintenance and Debugging 4.5.5 Sending the Configuration Information to Telnet Terminal or Dumb Terminal To send configuration information to Telnet terminal or dumb terminal, follow the steps below: 1) Enabling info-center Perform the following operation in system view.
Operation Manual - System Management Quidway S3000-EI Series Ethernet Switches Chapter 4 System Maintenance and Debugging Table 4-31 Defining information source Operation Command Define information source info-center source { modu-name | default } channel { channel-number | channel-name } [ { log | trap | debug }* { level severity | state state }* ] Cancel the configuration of information source undo info-center source { modu-name | default } channel { channel-number | channel-name } modu-name speci
Operation Manual - System Management Quidway S3000-EI Series Ethernet Switches Chapter 4 System Maintenance and Debugging Table 4-32 Configuring the output format of time-stamp Operation Command Configure the output format of the time-stamp info-center timestamp { log | debugging } { boot | date | none } Output time-stamp is disabled undo info-center timestamp { log | trap | debugging } 4) trap | Enabling terminal display function To view the output information at the Telnet terminal or dumb ter
Operation Manual - System Management Quidway S3000-EI Series Ethernet Switches Chapter 4 System Maintenance and Debugging Table 4-34 Enabling/disabling info-center Operation Command Enable info-center info-center enable Disable info-center undo info-center enable Note: Info-center is enabled by default. After info-center is enabled, system performances are affected when the system processes much information because of information classification and outputting.
Operation Manual - System Management Quidway S3000-EI Series Ethernet Switches Chapter 4 System Maintenance and Debugging information with the level below it will not be output. channel-number specifies the channel number and channel-name specifies the channel name. When defining the information sent to log buffer, channel-number or channel-name must be set to the channel that corresponds to Console direction.
Operation Manual - System Management Quidway S3000-EI Series Ethernet Switches Chapter 4 System Maintenance and Debugging Note: Info-center is enabled by default. After info-center is enabled, system performances are affected when the system processes much information because of information classification and outputting. 2) Configuring to output information to trap buffer Perform the following operation in system view.
Operation Manual - System Management Quidway S3000-EI Series Ethernet Switches Chapter 4 System Maintenance and Debugging may have different default settings of log, trap and debugging. When there is no specific configuration record for a module in the channel, use the default one.
Operation Manual - System Management Quidway S3000-EI Series Ethernet Switches 2) Chapter 4 System Maintenance and Debugging Configuring to output information to SNMP NM Perform the following operation in system view.
Operation Manual - System Management Quidway S3000-EI Series Ethernet Switches Chapter 4 System Maintenance and Debugging Note: If you want to view the debugging information of some modules on the switch, you must select debugging as the information type when configuring information source, meantime using the debugging command to turn on the debugging switch of those modules.
Operation Manual - System Management Quidway S3000-EI Series Ethernet Switches Chapter 4 System Maintenance and Debugging Table 4-46 Enable/disable info-center Operation Command Enable info-center info-center enable Disable info-center undo info-center enable 2) Turn on the information synchronization switch Perform the following operation in system view.
Operation Manual - System Management Quidway S3000-EI Series Ethernet Switches Chapter 4 System Maintenance and Debugging 4.5.11 Configuration examples of sending log to Unix loghost I. Networking Requirement The networking requirement are as follows: z Sending the log information of the switch to Unix loghost z The IP address of the loghost is 202.38.1.
Operation Manual - System Management Quidway S3000-EI Series Ethernet Switches Chapter 4 System Maintenance and Debugging Step 2: Edit file /etc/syslog.conf as the super user (root), add the following selector/actor pairs. # Quidway configuration messages local4.info /var/log/Quidway/information Note: Note the following points when editing /etc/syslog.conf: z The note must occupy a line and start with the character #. z There must be a tab other than a space as the separator in selector/actor pairs.
Operation Manual - System Management Quidway S3000-EI Series Ethernet Switches z Chapter 4 System Maintenance and Debugging All modules are allowed to output information II. Networking diagram Network Switch PC Figure 4-3 Schematic diagram of configuration III. Configuration steps 1) Configuration steps # Enabling info-center [Quidway] info-center enable # Set the host with the IP address of 202.38.1.
Operation Manual - System Management Quidway S3000-EI Series Ethernet Switches Chapter 4 System Maintenance and Debugging Note: Note the following points when editing /etc/syslog.conf: z The note must occupy a line and start with the character #. z There must be a tab other than a space as the separator in selector/actor pairs. z No redundant space after file name. z The device name and the acceptant log information level specified in /etc/syslog.
Operation Manual - System Management Quidway S3000-EI Series Ethernet Switches z Chapter 4 System Maintenance and Debugging The information with the severity level above informational will be sent to the console terminal z The output language is English The modules that allowed to output information are ARP and IP II. Networking diagram console Switch PC Figure 4-4 Schematic diagram of configuration III.
Operation Manual - System Management Quidway S3000-EI Series Ethernet Switches Chapter 5 SNMP Configuration Chapter 5 SNMP Configuration 5.1 SNMP Overview By far, the Simple Network Management Protocol (SNMP) has gained the most extensive application in the computer networks. SNMP has been put into use and widely accepted as an industry standard in practice. It is used for ensuring the transmission of the management information between any two nodes.
Operation Manual - System Management Quidway S3000-EI Series Ethernet Switches Chapter 5 SNMP Configuration 1 2 1 1 1 2 2 B 6 5 A Figure 5-1 Architecture of the MIB tree The MIB (Management Information Base) is used to describe the hierarchical architecture of the tree and it is the set defined by the standard variables of the monitored network device. In the above figure, the managed object B can be uniquely specified by a string of numbers {1.2.1.1}.
Operation Manual - System Management Quidway S3000-EI Series Ethernet Switches Chapter 5 SNMP Configuration 5.
Operation Manual - System Management Quidway S3000-EI Series Ethernet Switches Chapter 5 SNMP Configuration Perform the following configuration in system view. Table 5-3 Set the method of identifying and contacting the administrator Operation Command Set the method of identifying and contacting the administrator snmp-agent sys-info contact sysContact Restore the default method of identifying and contacting the administrator undo snmp-agent sys-info contact 5.3.
Operation Manual - System Management Quidway S3000-EI Series Ethernet Switches Chapter 5 SNMP Configuration 5.3.5 Set Lifetime of Trap Message You can use the following command to set lifetime of Trap message. Trap message that exists longer than the set lifetime will be dropped. Perform the following configuration in system view.
Operation Manual - System Management Quidway S3000-EI Series Ethernet Switches Chapter 5 SNMP Configuration 5.3.8 Set the Engine ID of a Local or Remote Device You can use the following commands to set the engine ID of a local or remote device. Perform the following configuration in system view. Table 5-9 Set the engine ID of a local or remote device Operation Command Set the engine ID of the device snmp-agent local-engineid engineid Restore the default engine ID of the device.
Operation Manual - System Management Quidway S3000-EI Series Ethernet Switches Chapter 5 SNMP Configuration Remove the source address of trap undo snmp-agent trap source 5.3.11 Add/Delete a User to/from an SNMP Group You can use the following commands to add or delete a user to/from an SNMP group. Perform the following configuration in system view. Table 5-12 Add/Delete a user to/from an SNMP group Operation Add a user to an SNMP group. Delete a user from an SNMP group.
Operation Manual - System Management Quidway S3000-EI Series Ethernet Switches Chapter 5 SNMP Configuration Table 5-14 Set the size of SNMP packet sent/received by an agent Operation Command Set the size of SNMP packet sent/received by an agent snmp-agent packet max-size byte-count Restore the default size of SNMP packet sent/received by an agent undo snmp-agent packet max-size The agent can receive/send the SNMP packets of the sizes ranging from 484 to 17940, measured in bytes.
Operation Manual - System Management Quidway S3000-EI Series Ethernet Switches Chapter 5 SNMP Configuration Display the current MIB view display snmp-agent mib-view [ exclude | include | { viewname mib-view } ] Display the contact character string of the system display snmp-agent sys-info contact Display the location character string of the system display snmp-agent sys-info location Display the version character string of the system display snmp-agent sys-info version 5.
Operation Manual - System Management Quidway S3000-EI Series Ethernet Switches Chapter 5 SNMP Configuration [Quidway-vlan2] port ethernet 0/3 [Quidway-vlan2] interface vlan 2 [Quidway-Vlan-interface2] ip address 129.102.0.1 255.255.255.0 # Set the administrator ID, contact and the physical location of the Ethernet switch. [Quidway] snmp-agent sys-info contact Mr.
Operation Manual - System Management Quidway S3000-EI Series Ethernet Switches Chapter 6 RMON Configuration Chapter 6 RMON Configuration 6.1 RMON Overview Remote Network Monitoring (RMON) is a type of IETF-defined MIB. It is the most important enhancement to the MIB II standard. It mainly used for monitoring the data traffic on a segment and even on a whole network. It is one of the widely used Network Management standards by far.
Operation Manual - System Management Quidway S3000-EI Series Ethernet Switches Chapter 6 RMON Configuration 6.2 Configure RMON RMON configuration includes: z Add/Delete an Entry to/from the Alarm Table z Add/Delete an Entry to/from the Event Table z Add/Delete an Entry to/from the History Control Table z Add/Delete an Entry to/from the extended RMON alarm table z Add/Delete an Entry to/from the Statistics Table 6.2.
Operation Manual - System Management Quidway S3000-EI Series Ethernet Switches Chapter 6 RMON Configuration Table 6-2 Add/Delete an entry to/from the event table Operation Command Add an entry to the event table. rmon event event-entry [ description string ] { log | trap trap-community | log-trap log-trapcommunity | none } [ owner rmon-station ] Delete an entry from the event table. undo rmon event event-entry 6.2.
Operation Manual - System Management Quidway S3000-EI Series Ethernet Switches Chapter 6 RMON Configuration 6.2.5 Add/Delete an Entry to/from the Statistics Table The RMON statistics management concerns the port usage monitoring and error statistics when using the ports. The statistics include collision, CRC and queuing, undersize packets or oversize packets, timeout transmission, fragments, broadcast, multicast and unicast messages and the usage ratio of bandwidth.
Operation Manual - System Management Quidway S3000-EI Series Ethernet Switches Chapter 6 RMON Configuration II. Networking diagram Internet Network Port Console Port Switch Figure 6-1 RMON configuration networking III. Configuration procedure # Configure RMON. [Quidway-Ethernet2/1] rmon statistics 1 owner huawei-rmon # View the configurations in user view. display rmon statistics Ethernet 2/1 Statistics entry 1 owned by huawei-rmon is VALID. Gathers statistics of interface Ethernet2/1.
Operation Manual - System Management Quidway S3000-EI Series Ethernet Switches Chapter 7 NTP Configuration Chapter 7 NTP Configuration 7.1 Brief Introduction to NTP 7.1.1 NTP Functions As the network topology gets more and more complex, it becomes important to synchronize the clocks of the equipment on the whole network. NTP (Network Time Protocol) is an application layer protocol of TCP/IP and used for advertising the accurate time throughout the network.
Operation Manual - System Management Quidway S3000-EI Series Ethernet Switches NTP Packet Chapter 7 NTP Configuration 10:00:00 am 10:00:00am Network 1. LS_A LS_B NTP Packet 10:00:00am 10:00:00 am 11:00:01am 11:00:01 am Network 2. LS_B LS_A NTP Packet 10:00:00am 10:00:00 am 11:00:01am 11:00:01 am 11:00:02am 11:00:02 am Network 3. LS_A LS_B NTP Packet received at 10:00:03 am Network 4.
Operation Manual - System Management Quidway S3000-EI Series Ethernet Switches z Chapter 7 NTP Configuration The delay for a round trip of an NTP packet traveling between the Switch A and B: Delay= (T4-T1) - (T3-T2). z Offset of Ethernet Switch A clock relative to Ethernet Switch B clock: offset= ( (T2-T1) + (T4-T3) ) /2. In this way, Ethernet Switch A uses the above information to set the local clock and synchronize it with the clock on Ethernet Switch B.
Operation Manual - System Management Quidway S3000-EI Series Ethernet Switches Chapter 7 NTP Configuration z Configure NTP multicast server mode z Configure NTP multicast client mode I. Configure NTP Server Mode Set a remote server whose ip address is ip-address as the local time server. ip-address specifies a host address other than a broadcast, multicast or reference clock IP address. In this case, the local Ethernet Switch operates in client mode.
Operation Manual - System Management Quidway S3000-EI Series Ethernet Switches Chapter 7 NTP Configuration NTP version number number ranges from 1 to 3 and defaults to 3; the authentication key ID keyid ranges from 0 to 4294967295; interface-name or interface-type interface-number specifies the IP address of an interface, from which the source IP address of the NTP packets sent from the local Ethernet Switch to the peer will be taken; priority indicates the peer will be the first choice for time server.
Operation Manual - System Management Quidway S3000-EI Series Ethernet Switches Chapter 7 NTP Configuration V. Configure NTP Multicast Server Mode Designate an interface on the local Ethernet Switch to transmit NTP multicast packets. In this case, the local equipment operates in multicast mode and serves as a multicast server to multicast messages to its clients regularly. Perform the following configurations in VLAN interface view.
Operation Manual - System Management Quidway S3000-EI Series Ethernet Switches Chapter 7 NTP Configuration 7.2.2 Configure NTP ID Authentication Enable NTP authentication, set MD5 authentication key, and specify the reliable key. A client will synchronize itself by a server only if the serve can provide a reliable key. Perform the following configurations in system view.
Operation Manual - System Management Quidway S3000-EI Series Ethernet Switches Chapter 7 NTP Configuration 7.2.5 Designate an Interface to Transmit NTP Message If the local equipment is configured to transmit all the NTP messages, these packets will have the same source IP address, which is taken from the IP address of the designated interface. Perform the following configurations in system view.
Operation Manual - System Management Quidway S3000-EI Series Ethernet Switches Chapter 7 NTP Configuration Perform the following configurations in VLAN interface view. Table 7-12 Enable/Disable an interface to receive NTP message Operation Command Disable an interface to receive NTP message ntp-service in-interface disable Enable an interface to receive NTP message undo ntp-service in-interface disable This configuration task must be performed on the interface to be disabled to receive NTP message.
Operation Manual - System Management Quidway S3000-EI Series Ethernet Switches Chapter 7 NTP Configuration Table 7-14 Set the maximum local sessions Operation Command Set the maximum local sessions ntp-service number max-dynamic-sessions Resume the maximum number of local sessions undo max-dynamic-sessions ntp-service number specifies the maximum number of local sessions, ranges from 0 to 100, and defaults to 100. 7.
Operation Manual - System Management Quidway S3000-EI Series Ethernet Switches Chapter 7 NTP Configuration V la n - in te r fa c e 2 : 3 .0 .1 .3 1 V la n - in te r fa c e 2 : 1 .0 .1 .1 1 Q u id w a y 1 1 .0 .1 .2 3 .0 .1 . 2 Q u id w a y 3 V la n - in te r fa c e 2 : 3 .0 .1 .3 2 Q u id w a y 0 Q u id w a y 4 V la n - in te r fa c e 2 : 1 .0 . 1 .1 2 V la n - in te r fa c e 2 : 3 .0 .1 .3 3 Q u id w a y 2 Q u id w a y 5 . .... .
Operation Manual - System Management Quidway S3000-EI Series Ethernet Switches Chapter 7 NTP Configuration Clock stratum: 3 Reference clock ID: 1.0.1.11 Nominal frequency: 60.0002 Hz Actual frequency: 60.0002 Hz Clock precision: 2^17 Clock offset: -9.8258 ms Root delay: 27.10 ms Root dispersion: 49.29 ms Peer dispersion: 10.94 ms Reference time: 19:21:32.287 UTC Oct 24 2004(C5267F3C.49A61E0C) By this time, Quidway2 has been synchronized by Quidway1 and is at stratum 3, higher than Quidway1 by 1.
Operation Manual - System Management Quidway S3000-EI Series Ethernet Switches Chapter 7 NTP Configuration Configure Ethernet Switch Quidway5: (Quidway4 has been synchronized by Quidway3) # Enter system view. system-view # Set the local clock as the NTP master clock at stratum 1. [Quidway5] ntp-service refclock-master 1 # After performing local synchronization, set Quidway4 as a peer. [Quidway5] ntp-service unicast-peer 3.0.1.
Operation Manual - System Management Quidway S3000-EI Series Ethernet Switches Chapter 7 NTP Configuration On Quidway3, set local clock as the NTP master clock at stratum 2 and configure to broadcast packets from Vlan-interface2. Configure Quidway4 and Quidway1 to listen to the broadcast from their Vlan-interface2 respectively. 2) Networking diagram See Figure 7-2. 3) Configuration procedure Configure Ethernet Switch Quidway3: # Enter system view.
Operation Manual - System Management Quidway S3000-EI Series Ethernet Switches Chapter 7 NTP Configuration reference clock ID: LOCAL(0) nominal frequency: 100.0000 Hz actual frequency: 100.0000 Hz clock precision: 2^17 clock offset: 0.0000 ms root delay: 0.00 ms root dispersion: 10.94 ms peer dispersion: 10.00 ms reference time: 20:54:25.156 UTC Mar 7 2002(C0325201.2811A112) By this time, Quidway4 has been synchronized by Quidway3 and it is at stratum 3, higher than Quidway3 by 1.
Operation Manual - System Management Quidway S3000-EI Series Ethernet Switches Chapter 7 NTP Configuration # Enter system view. system-view # Enter Vlan-interface2 view. [Quidway4] interface vlan-interface 2 # Enable multicast client mode. [Quidway4-Vlan-Interface2] ntp-service multicast-client Configure Ethernet Switch Quidway1: # Enter system view. system-view # Enter Vlan-interface2 view. [Quidway1] interface vlan-interface 2 # Enable multicast client mode.
Operation Manual - System Management Quidway S3000-EI Series Ethernet Switches Chapter 7 NTP Configuration [Quidway2] ntp-service unicast-server 1.0.1.11 # Enable authentication. [Quidway2] ntp-service authentication enable # Set the key. [Quidway2] ntp-service authentication-keyid 42 authentication-mode md5 aNiceKey # Set the key as reliable. [Quidway2] ntp-service reliable authentication-keyid 42 [Qudiway2] ntp-service unicast-server 1.0.1.
Operation Manual - System Management Quidway S3000-EI Series Ethernet Switches Chapter 8 SSH Terminal Services Chapter 8 SSH Terminal Services 8.1 SSH Terminal Services 8.1.1 SSH Overview Secure Shell (SSH) can provide information security and powerful authentication to prevent such assaults as IP address spoofing, plain-text password interception when users log on to the switch remotely from an insecure network environment. A switch can connect to multiple SSH clients.
Operation Manual - System Management Quidway S3000-EI Series Ethernet Switches Chapter 8 SSH Terminal Services version. If they can work together in harmony, they enter key algorithm negotiation stage. Otherwise the server clears the TCP connection. z Key negotiation stage: Both ends negotiate key algorithm and compute session key. The server randomly generates its RSA key and sends the public key to the client.
Operation Manual - System Management Quidway S3000-EI Series Ethernet Switches Chapter 8 SSH Terminal Services 8.1.2 Configuring SSH Server Basic configuration tasks refer to those required for successful connection from SSH client to SSH server, which advanced configuration tasks are those modifying SSH parameters.
Operation Manual - System Management Quidway S3000-EI Series Ethernet Switches Chapter 8 SSH Terminal Services Please perform the following configurations in system view. Table 8-2 Configuring and canceling local RSA key pair Operation Command Configure local RSA key pair rsa local-key-pair create Cancel local RSA key pair rsa local-key-pair destroy Caution: For a successful SSH login, you must configure and generate the local RSA key pairs.
Operation Manual - System Management Quidway S3000-EI Series Ethernet Switches Chapter 8 SSH Terminal Services Restore the default update interval undo ssh server rekey-interval By default, the system does not update server key. V. Defining SSH authentication timeout value Please perform the following configurations in system view.
Operation Manual - System Management Quidway S3000-EI Series Ethernet Switches Chapter 8 SSH Terminal Services Table 8-7 Configuring public key Operation Command Enter public key view rsa peer-public-key key-name Delete a designated public key undo rsa peer-public-key key-name When entering the public key edit view with the rsa peer-public-key command, you can begin editing the public key with the public-key-code begin command.
Operation Manual - System Management Quidway S3000-EI Series Ethernet Switches z Chapter 8 SSH Terminal Services Choosing SSH version. The switch currently supports SSH Server 1.5, so you have to choose 1.5 or earlier version. z Specifying RSA private key file. If you specify RSA authentication for the SSH user, you must specify RSA private key file. The RSA key, which includes the public key and private key, are generated by the client software.
Operation Manual - System Management Quidway S3000-EI Series Ethernet Switches Chapter 8 SSH Terminal Services Figure 8-3 SSH client configuration interface (2) You can select 1, as shown in the figure. IV. Specifying RSA private key file If you want to enable RSA authentication, you must specify RSA private key file, which is not required for password authentication.
Operation Manual - System Management Quidway S3000-EI Series Ethernet Switches Chapter 8 SSH Terminal Services Figure 8-4 SSH client configuration interface (3) Click the button to enter the File Select interface. Choose a desired file and click . V. Opening SSH connection Click the button to enter SSH client interface. If it runs normally, you are promoted to enter username and password. See the following figure.
Operation Manual - System Management Quidway S3000-EI Series Ethernet Switches Chapter 8 SSH Terminal Services Figure 8-5 SSH client interface 1) Key in correct username and password and log into SSH connection. 2) Log out of SSH connection with the logout command. 8.1.4 Displaying and Debugging SSH Run the display command in any view to view the running of SSH and further to check configuration result. Run the debugging command to debug the SSH.
Operation Manual - System Management Quidway S3000-EI Series Ethernet Switches Chapter 8 SSH Terminal Services 8.1.5 SSH Configuration Example I. Networking requirements As shown in Figure 8-6, configure local connection from SSH Client to the switch. The client uses SSH protocol to access the switch. II. Networking diagram SSH Client Switch Figure 8-6 Networking for SSH local configuration III.
Operation Manual - System Management Quidway S3000-EI Series Ethernet Switches Chapter 8 SSH Terminal Services [Quidway-ui-vty0-4] authentication-mode scheme # Select SSH protocol on the switch. [Quidway-ui-vty0-4] protocol inbound ssh # Specify RSA authentication on the switch. [Quidway] ssh user client002 authentication-type RSA # Configure RSA key pair on the switch.
Operation Manual - Remote Power-feeding Quidway S3000-EI Series Ethernet Switches Table of Contents Table of Contents Chapter 1 Remote Power-Feeding Configuration ...................................................................... 1-1 1.1 Overview ............................................................................................................................ 1-1 1.2 Configuring Remote Power-Feeding ................................................................................. 1-1 1.2.
Operation Manual - Remote Power-feeding Quidway S3000-EI Series Ethernet Switches Chapter 1 Remote Power-Feeding Configuration Chapter 1 Remote Power-Feeding Configuration 1.1 Overview S3026C-PWR Ethernet Switch provides Power over Ethernet (PoE) function, which performs remote power-feeding to connected powered devices (PD) such as IP phones, WLAN APs and Network cameras, by providing -48V DC power to the attached remote PDs through twisted-pairs.
Operation Manual - Remote Power-feeding Quidway S3000-EI Series Ethernet Switches Chapter 1 Remote Power-Feeding Configuration Network S3026C -PWR E0/24 E0/24 E0/1 E0/2 E0/2 S2016C AP AP Figure 1-1 Remote power-feeding You can input command lines to enable/disable remote power-feeding on a port, adjust its power-feeding mode and PD detection mode, and set its power-feeding priority and compatibility testing functionality.
Operation Manual - Remote Power-feeding Quidway S3000-EI Series Ethernet Switches Device PD Chapter 1 Remote Power-Feeding Configuration Configuration Default Correctly connect the PD with the electrical ports of S3026C-PWR Description - - 1.2.1 Enabling/Disabling Remote Power-Feeding on a Port You can enable or disable remote power-feeding on a port according to actual network requirements. Perform the following configurations in Ethernet port view.
Operation Manual - Remote Power-feeding Quidway S3000-EI Series Ethernet Switches Chapter 1 Remote Power-Feeding Configuration Perform the following configurations in Ethernet port view. Table 1-3 Selecting the power-feeding mode on a port Operation Command Feed power through signal lines poe mode signal Feed power through spare lines poe mode spare Restore the default power-feeding mode undo poe mode By default, a port feeds power through signal lines. 1.2.
Operation Manual - Remote Power-feeding Quidway S3000-EI Series Ethernet Switches Chapter 1 Remote Power-Feeding Configuration manual: when power supply reaches full load, the switch only gives prompt and doesn’t supply power to the new one if a new PD is connected to the switch .
Operation Manual - Remote Power-feeding Quidway S3000-EI Series Ethernet Switches Chapter 1 Remote Power-Feeding Configuration Table 1-7 Enabling/disabling the compatibility detection of PDs Operation Command Enable the compatibility detection of PDs undo poe legacy disable Disable the compatibility detection of PDs poe legacy disable By default, the compatibility detection of PDs is enabled. 1.2.
Operation Manual - Remote Power-feeding Quidway S3000-EI Series Ethernet Switches Chapter 1 Remote Power-Feeding Configuration 1.3 Displaying Remote Power-Feeding After the above configuration, execute the display commands in any view to display the running of the remote power-feeding configuration, and to verify the effect of the configuration.
Operation Manual - Remote Power-feeding Quidway S3000-EI Series Ethernet Switches Chapter 1 Remote Power-Feeding Configuration II. Networking diagram Network S3026C -PWR E0/24 E0/24 E0/1 E0/2 E0/2 S2016C AP AP Figure 1-2 An example for remote power-feeding III. Configuration procedure # Enable remote power-feeding on Ethernet0/1, Ethernet0/2 and Ethernet0/24 (this is the default configuration and can be therefore omitted.
Operation Manual - Remote Power-feeding Quidway S3000-EI Series Ethernet Switches Chapter 1 Remote Power-Feeding Configuration VLAN interface on the switch is 1.1.1.1, and that of the PC is 2.2.2.2. The switch and PC are reachable. The PoE daughter-card application file new.bin is stored on the PC. Using FTP, the switch can download the new.bin from the remote FTP server and then upgrade the PoE daughter-card . II. Networking diagram Network Switch PC Figure 1-3 Networking for FTP configuration III.
Operation Manual - Remote Power-feeding Quidway S3000-EI Series Ethernet Switches Chapter 1 Remote Power-Feeding Configuration Password:***** 230 Logged in successfully [ftp] # Type in the authorized directory of the FTP server. [ftp] cd switch # Use the get command to download the new.bin from the FTP server to the flash directory on the FTP server. [ftp] get new.bin # Use the quit command to release FTP connection and return to user view. [ftp] quit # Enter system view.
Operation Manual - Appendix Quidway S3000-EI Series Ethernet Switches Table of Contents Table of Contents Appendix A Acronyms ..................................................................................................................
Operation Manual - Appendix Quidway S3000-EI Series Ethernet Switches Appendix A Acronyms Appendix A Acronyms A AAA Authentication, Authorization and Accounting ACL Access Control List ARP Address Resolution Protocol C CLI Command Line Interface F FTP File Transfer Protocol G GARP Generic Attribute Registration Protocol GE Gigabit Ethernet GVRP GARP VLAN Registration Protocol GMRP GARP Multicast Registration Protocol H HGMP Huawei Group Management Protocol I ICMP Internet Control Mess
Operation Manual - Appendix Quidway S3000-EI Series Ethernet Switches Appendix A Acronyms S SNMP Simple Network Management Protocol STP Spanning Tree Protocol T TCP/IP Transmission Control Protocol/ Internet Protocol TFTP Trivial File Transfer Protocol TTL Time To Live U UDP User Datagram Protocol V VLAN Virtual LAN VOD Video On Demand VT Virtual Terminal VTY Virtual Type Terminal Huawei Technologies Proprietary A-2
