Page 1 2. Port 3. VLAN 4. Network Protocol 5. Routing Protocol 6. Multicast 7. QoS/ACL 8. Integrated Management 9. STP 10. Security 11. Reliability 12. System Management 13. Auto Detecting 14. Appendix Quidway S3500 Series Ethernet Switches Operation Manual Huawei Technologies Proprietary...
Page 2 31160966 Huawei Technologies Co., Ltd. provides customers with comprehensive technical support and service. If you purchase the products from the sales agent of Huawei Technologies Co., Ltd., please contact our sales agent. If you purchase the products from Huawei Technologies Co., Ltd. directly, Please feel free to contact our local office, customer care center or company headquarters.
Page 3 Copyright © 2005 Huawei Technologies Co., Ltd. All Rights Reserved No part of this manual may be reproduced or transmitted in any form or by any means without prior written consent of Huawei Technologies Co., Ltd. Trademarks , HUAWEI, C&C08, EAST8000, HONET,...
Page 4: About This Manual
Switch Installation Manual Quidway S3526C/S3526E FM/S3526E FS Ethernet It provides information for the system installation. Switches Installation Manual Quidway S3500 Series Ethernet It is used for assisting the users in using various Switches Command Manual commands. Organization There are 14 modules in the manual.
Page 5 Auto Detecting This module introduces the principle and configuration of auto-detecting. Appendix Intended Audience The manual is intended for the following readers: Network engineers Network administrators Customers who are familiar with network fundamentals Huawei Technologies Proprietary...
Page 6 Convention Description Button names are inside angle brackets. For example, click < > the <OK> button. Window names, menu items, data table and field names are inside square brackets. For example, pop up the [New User] window. Huawei Technologies Proprietary...
Page 7 Eye-catching symbols are also used in the manual to highlight the points worthy of special attention during the operation. They are defined as follows: Caution, Warning: Means reader be extremely careful during the operation. Note: Means a complementary description. Huawei Technologies Proprietary...
Page 8: Getting Started
HUAWEI Quidway S3500 Series Ethernet Switches Operation Manual Getting Started Huawei Technologies Proprietary...
Page 9: Table Of Contents
Operation Manual - Getting Started Quidway S3500 Series Ethernet Switches Table of Contents Table of Contents Chapter 1 Product Overview ......................1-1 1.1 Product Overview....................... 1-1 1.2 Function Features ......................1-2 Chapter 2 Logging in Switch......................2-1 2.1 Setting up Configuration Environment via the Console Port ..........2-1 2.2 Setting up Configuration Environment through Telnet............
Page 10: Chapter 1 Product Overview
1.1 Product Overview Quidway S3500 Series Ethernet Switches, the L2/L3 Ethernet switches are independently developed by Huawei to provide the wire speed L2/L3 switching and IP routing functions. The series include the following main types of switches: S3526 Ethernet switch...
Page 11: Function Features
Chapter 1 Product Overview Enterprise and campus networking Providing multicast service and multicast routing and supporting multicast audio and video services. Hereinafter Quidway S3500 Series Ethernet switches are referred to as S3500 series Ethernet switches. 1.2 Function Features Table 1-1 Function features...
Page 12 Operation Manual - Getting Started Quidway S3500 Series Ethernet Switches Chapter 1 Product Overview Features Description Supports GARP Multicast Registration Protocol (GMRP) Supports Internet Group Management Protocol (IGMP) Snooping (Only applies to S3552G, S3552P, S3528G, S3528P and S3552F, in S3500 series switches.)
Page 13 Management and Maintenance Supports system log Supports level alarms Supports Huawei Group Management Protocol (HGMP) V2 Supports output of the debugging information Supports PING and Tracert Supports the remote maintenance via Telnet, Modem and SSH Supports to load and upgrade software via XModem protocol...
Page 14: Chapter 2 Logging In Switch
Operation Manual - Getting Started Quidway S3500 Series Ethernet Switches Chapter 2 Logging in Switch Chapter 2 Logging in Switch 2.1 Setting up Configuration Environment via the Console Port Step 1: As shown in the figure below, to set up the local configuration environment, connect the serial port of a PC (or a terminal) to the Console port of the switch with the Console cable.
Page 15 Operation Manual - Getting Started Quidway S3500 Series Ethernet Switches Chapter 2 Logging in Switch Figure 2-3 Configuring the port for connection Figure 2-4 Setting communication parameters Step 3: The switch is powered on. Display self-test information of the switch and prompt you to press Enter to show the command line prompt such as <Quidway>.
Page 16: Setting Up Configuration Environment Through Telnet
Operation Manual - Getting Started Quidway S3500 Series Ethernet Switches Chapter 2 Logging in Switch 2.2 Setting up Configuration Environment through Telnet 2.2.1 Connecting a PC to the Switch through Telnet After you have correctly configured IP address of a VLAN interface for a switch via...
Page 17: Telneting A Switch Through Another Switch
Operation Manual - Getting Started Quidway S3500 Series Ethernet Switches Chapter 2 Logging in Switch Figure 2-6 Running Telnet Step 4: The terminal displays “Login authentication” and prompts the user to input the logon password. After you input the correct password, it displays the command line prompt (such as <Quidway>).
Page 18: Setting Up Configuration Environment Through A Dial-Up The Modem
Operation Manual - Getting Started Quidway S3500 Series Ethernet Switches Chapter 2 Logging in Switch Step 1: Authenticate the Telnet user via the Console port on the Telnet Server (switch) before login. Note: By default, the password is required for authenticating the Telnet user to log in the switch.
Page 19 Operation Manual - Getting Started Quidway S3500 Series Ethernet Switches Chapter 2 Logging in Switch [Quidway] user-interface aux 0 [Quidway-ui-aux0] set authentication password simple xxxx (xxxx is the preset login password of the Modem user.) Step 2: Perform the following configurations on the Modem that is directly connected to the switch.
Page 20 Operation Manual - Getting Started Quidway S3500 Series Ethernet Switches Chapter 2 Logging in Switch Step 4: Dial for connection to the switch, using the terminal emulator and Modem on the remote end. The number dialed shall be the telephone number of the Modem connected to the switch.
Page 21: Chapter 3 Command Line Interface
Operation Manual - Getting Started Quidway S3500 Series Ethernet Switches Chapter 3 Command Line Interface Chapter 3 Command Line Interface 3.1 Command Line Interface Quidway series switches provide a series of configuration commands and command line interfaces for configuring and managing the switch. The command line interface has the following characteristics: Local configuration via the Console port.
Page 22 Operation Manual - Getting Started Quidway S3500 Series Ethernet Switches Chapter 3 Command Line Interface System level: Service configuration commands, including routing command and commands on each network layer, are used to provide direct network service to the user. Management level: They are commands that influence basis operation of the system and system support module, which plays a support role on service.
Page 23 Operation Manual - Getting Started Quidway S3500 Series Ethernet Switches Chapter 3 Command Line Interface Cluster view MST region view RSA public key view RSA key code view DHCP address pool view PIM view RIP view OSPF view OSPF area view...
Page 24 Operation Manual - Getting Started Quidway S3500 Series Ethernet Switches Chapter 3 Command Line Interface Comman Command to Command to Function Prompt d view enter exit 100M Ethernet port view [Quidway-Ether Key in interface net0/1] ethernet 0/1 in quit returns to...
Page 25 Operation Manual - Getting Started Quidway S3500 Series Ethernet Switches Chapter 3 Command Line Interface Comman Command to Command to Function Prompt d view enter exit public-key-cod Edit RSA key [Quidway-rsa-k e end returns to public-key-code public key of code view...
Page 26: Features And Functions Of Command Line
Operation Manual - Getting Started Quidway S3500 Series Ethernet Switches Chapter 3 Command Line Interface Comman Command to Command to Function Prompt d view enter exit quit returns to Define system view Layer-2 [Quidway-acl-li rule number 4000 in ACL view...
Page 27 Operation Manual - Getting Started Quidway S3500 Series Ethernet Switches Chapter 3 Command Line Interface Input “?” in any view to get all the commands in it and corresponding descriptions. <Quidway> ? User view commands: boot Set boot option Change current directory...
Page 28: Displaying Characteristics Of Command Line
Operation Manual - Getting Started Quidway S3500 Series Ethernet Switches Chapter 3 Command Line Interface 3.3.2 Displaying Characteristics of Command Line Command line interface provides the following display characteristics: For users’ convenience, the instruction and help information can be displayed in both English and Chinese.
Page 29: Common Command Line Error Messages
Operation Manual - Getting Started Quidway S3500 Series Ethernet Switches Chapter 3 Command Line Interface 3.3.4 Common Command Line Error Messages All the input commands by users can be correctly executed, if they have passed the grammar check. Otherwise, error messages will be reported to users. The common error messages are listed in the following table.
Page 30 Operation Manual - Getting Started Quidway S3500 Series Ethernet Switches Chapter 3 Command Line Interface Function Press <Tab> after typing the incomplete key word and the system will execute the partial help: If the key word matching the typed one is unique, the system will replace the typed one with the complete key word and <Tab>...
Page 31: Chapter 4 User Interface Configuration
Operation Manual - Getting Started Quidway S3500 Series Ethernet Switches Chapter 4 User Interface Configuration Chapter 4 User Interface Configuration 4.1 User Interface Overview User interface configuration is another way provided by the switch to configure and manage the port data.
Page 32: User Interface Configuration
Operation Manual - Getting Started Quidway S3500 Series Ethernet Switches Chapter 4 User Interface Configuration 4.2 User Interface Configuration User interface configuration includes: Entering user interface view Configuring the user interface-supported protocol Configuring the attributes of AUX (Console) port Configuring the terminal attributes...
Page 33: Configuring The Attributes Of Aux (Console) Port
Operation Manual - Getting Started Quidway S3500 Series Ethernet Switches Chapter 4 User Interface Configuration Caution: If Telnet protocol is specified, to ensure a successful login via the Telnet, you must configure the password by default. If SSH protocol is specified, to ensure a successful login, you must configure the local or remote authentication of username and password using the command.
Page 34: Configuring The Terminal Attributes
Operation Manual - Getting Started Quidway S3500 Series Ethernet Switches Chapter 4 User Interface Configuration III. Configuring parity on the AUX (Console) port Table 4-5 Configuring parity on the AUX (Console) port Operation Command Configure parity mode on the AUX...
Page 35 Operation Manual - Getting Started Quidway S3500 Series Ethernet Switches Chapter 4 User Interface Configuration out, he cannot log in again. In this case, a user can log in to the switch through the user interface only when the terminal service is enabled again.
Page 36: Managing Users
Operation Manual - Getting Started Quidway S3500 Series Ethernet Switches Chapter 4 User Interface Configuration IV. Setting the screen length If a command displays more than one screen of information, you can use the following command to set how many lines to be displayed in a screen, so that the information can be separated in different screens and you can view it more conveniently.
Page 37 In the following example, local username and password authentication are configured. # Perform username and password authentication when a user logs in through VTY 0 user interface and set the username and password to zbr and huawei respectively. [Quidway-ui-vty0] authentication-mode scheme...
Page 38 Operation Manual - Getting Started Quidway S3500 Series Ethernet Switches Chapter 4 User Interface Configuration Note: By default, the password is required for authenticating the Modem and Telnet users when they log in. If the password has not been set, when a user logs in, he will see the prompt “Login password has not been set !”.
Page 39 Operation Manual - Getting Started Quidway S3500 Series Ethernet Switches Chapter 4 User Interface Configuration Table 4-16 Setting the command level used after a user logging in from a user interface Operation Command Set command level used after a user logging...
Page 40: Configuring Redirection
Operation Manual - Getting Started Quidway S3500 Series Ethernet Switches Chapter 4 User Interface Configuration Note: Please do not change the command level at will for it may cause inconvenience of maintenance and operation. 4.2.6 Configuring Redirection I. send command The following command can be used for sending messages between user interfaces.
Page 41: Displaying And Debugging User Interface
Operation Manual - Getting Started Quidway S3500 Series Ethernet Switches Chapter 4 User Interface Configuration [Quidway-ui-vty0] auto-execute command telnet 10.110.100.1 When a user logs on via VTY 0, the system will run telnet 10.110.100.1 automatically. 4.3 Displaying and Debugging User Interface After the above configuration, execute display command in any view to display the running of the user interface configuration, and to verify the effect of the configuration.
Page 42 HUAWEI Quidway S3500 Series Ethernet Switches Operation Manual Port Huawei Technologies Proprietary...
Page 43 Operation Manual - Port Quidway S3500 Series Ethernet Switches Table of Contents Table of Contents Chapter 1 Ethernet Port Configuration ..................1-1 1.1 Ethernet Port Overview...................... 1-1 1.2 Ethernet Port Configuration ....................1-2 1.2.1 Enter Ethernet port view..................1-2 1.2.2 Enable/Disable Ethernet Port.................. 1-3 1.2.3 Set Description Character String for Ethernet Port ..........
Page 44: Ethernet Port Overview
Operation Manual - Port Quidway S3500 Series Ethernet Switches Chapter 1 Ethernet Port Configuration Chapter 1 Ethernet Port Configuration 1.1 Ethernet Port Overview S3526 Ethernet Switch provides 24 fixed 10/100Base-T Ethernet ports and two extended module slots and supports 1000Base-SX module, 1000Base-LX module, 1000Base-T module, 1000Base-ZX module, 1000Base-LX GL module and stack module.
Page 45: Ethernet Port Configuration
Operation Manual - Port Quidway S3500 Series Ethernet Switches Chapter 1 Ethernet Port Configuration (auto-negotiation).They can auto-negotiate and auto-select the optimal operating mode and speed with the peers, thereby streamlining the system configuration and management. 100Base-FX single-mode/multi-mode Ethernet port operates in 100M full duplex mode.
Page 46: Set Description Character String For Ethernet Port
Operation Manual - Port Quidway S3500 Series Ethernet Switches Chapter 1 Ethernet Port Configuration Table 1-1 Enter Ethernet port view Operation Command interface interface_type interface_num Enter Ethernet port view interface_name } 1.2.2 Enable/Disable Ethernet Port The following command can be used for disabling or enabling the port. After configuring the related parameters and protocol of the port, you can use the following command to enable the port.
Page 47: Set Speed On The Ethernet Port
Operation Manual - Port Quidway S3500 Series Ethernet Switches Chapter 1 Ethernet Port Configuration Perform the following configuration in Ethernet port view. Table 1-4 Set duplex attribute for Ethernet port Operation Command Set duplex attribute for Ethernet port. duplex { auto | full | half } Restore the default duplex attribute of Ethernet port.
Page 48: Set Cable Type For The Ethernet Port
Operation Manual - Port Quidway S3500 Series Ethernet Switches Chapter 1 Ethernet Port Configuration ports of S3526E/S3526C Ethernet switches support 10Mbps, 100Mbps, and 1000Mbps, which can be selected per your requirements. However, if the duplex mode has been set to half-duplex, the speed cannot be set to 1000Mbps.
Page 49: Set Ethernet Port Broadcast Suppression Ratio
Operation Manual - Port Quidway S3500 Series Ethernet Switches Chapter 1 Ethernet Port Configuration 1.2.8 Set Ethernet Port Broadcast Suppression Ratio You can use the following commands to restrict the broadcast traffic. Once the broadcast traffic exceeds the value set by the user, the system will maintain an appropriate broadcast packet ratio by discarding the overflow traffic, so as to suppress broadcast storm, avoid suggestion and ensure the normal service.
Page 50: Add The Ethernet Port To Specified Vlans
Operation Manual - Port Quidway S3500 Series Ethernet Switches Chapter 1 Ethernet Port Configuration You can configure three types of ports concurrently on the same switch, but you cannot switch between trunk port and hybrid port. You must turn it first into access port and then set it as other type.
Page 51: Set The Vlan Vpn Feature
Operation Manual - Port Quidway S3500 Series Ethernet Switches Chapter 1 Ethernet Port Configuration been configured, the packets without VLAN Tag will be forwarded to the port that belongs to the default VLAN. When sending the packets with VLAN Tag, if the VLAN ID of the packet is identical to the default VLAN ID of the port, the system will remove VLAN Tag before sending this packet.
Page 52: Set Loopback Detection For The Ethernet Port
Operation Manual - Port Quidway S3500 Series Ethernet Switches Chapter 1 Ethernet Port Configuration Therefore, the packets that have had a VLAN Tag get two Tags, and the packets that have not had a VLAN Tag get one. Perform the following configuration in Ethernet port view.
Page 53: Set The Time Interval Of Calculating Port Statistics Information
Operation Manual - Port Quidway S3500 Series Ethernet Switches Chapter 1 Ethernet Port Configuration Operation Command Configure that the system performs loopback detection to all VLANs on loopback-detection per-vlan enable Trunk and Hybrid ports (Ethernet port view) Configure that the system only performs...
Page 54 Operation Manual - Port Quidway S3500 Series Ethernet Switches Chapter 1 Ethernet Port Configuration I. Port Traffic Threshold Configuration Task Table 1-15 Port traffic threshold configuration task Item Command Remarks Enter system view <Quidway> system-view Enter Ethernet port [Quidway] interface { interface_type...
Page 55: Display And Debug Ethernet Port
Operation Manual - Port Quidway S3500 Series Ethernet Switches Chapter 1 Ethernet Port Configuration 1.3 Display and Debug Ethernet Port After the above configuration, execute display command in any view to display the running of the Ethernet port configuration, and to verify the effect of the configuration.
Page 56: Ethernet Port Configuration Example
Operation Manual - Port Quidway S3500 Series Ethernet Switches Chapter 1 Ethernet Port Configuration 1.4 Ethernet Port Configuration Example I. Networking requirements Ethernet Switch (Switch A) is connected to the peer (Switch B) via the trunk port Ethernet0/18. The following example configures the default VLAN ID for the trunk port and verifies the port trunk pvid vlan command.
Page 57: Chapter 2 Link Aggregation Configuration
Operation Manual - Port Quidway S3500 Series Ethernet Switches Chapter 2 Link Aggregation Configuration Chapter 2 Link Aggregation Configuration 2.1 Link Aggregation Overview Link aggregation means aggregating several ports together to implement the outgoing/incoming payload balance among the member ports and enhance the connection reliability.
Page 58: Link Aggregation Configuration Example
Operation Manual - Port Quidway S3500 Series Ethernet Switches Chapter 2 Link Aggregation Configuration Perform the following configuration in system view. Table 2-1 Aggregating Ethernet ports Operation Command link-aggregation port_num1 to port_num2 { both Aggregate Ethernet ports | ingress }...
Page 59: Ethernet Link Aggregation Troubleshooting
Operation Manual - Port Quidway S3500 Series Ethernet Switches Chapter 2 Link Aggregation Configuration II. Networking diagram Switch B Link aggregation Switch A Switch C Figure 2-1 Configure link aggregation III. Configuration procedure The following configurations are used for Switch A, please configure Switch B in the similar way to activate aggregation.
Page 60 Operation Manual - Port Quidway S3500 Series Ethernet Switches Chapter 2 Link Aggregation Configuration If correct, configure the link aggregation again. II. For S3526E/S3526C/S3552G/S3552P/S3528G/S3528P/S3552F Ethernet Switches, take the following steps Check the input parameter and see whether the starting number of Ethernet port is smaller than the end number.
Page 61: Port Isolation Configuration
Operation Manual - Port Quidway S3500 Series Ethernet Switches Chapter 3 Port Isolation Configuration Chapter 3 Port Isolation Configuration Note: Quidway S3552F/S3552G/S3552P/3528G/3528P/S3526E/S3526E FM/S3526E FS/S3526C Ethernet switches support the port isolation configuration. 3.1 Port Isolation Overview With port isolation feature, different users can be assigned into the same VLAN, but they are isolated from each other.
Page 62: Port Isolation Configuration Example
Operation Manual - Port Quidway S3500 Series Ethernet Switches Chapter 3 Port Isolation Configuration Perform the following configuration in Ethernet port view. Table 3-2 Configuring uplink port Operation Command Configure a uplink port port-isolate uplink-port vlan vlan-id Remove uplink port configuration undo port-isolate uplink-port vlan vlan-id By default, no uplink port is configured.
Page 63 Operation Manual - Port Quidway S3500 Series Ethernet Switches Chapter 3 Port Isolation Configuration [Quidway-Ethernet0/1] port-isolate uplink-port vlan 1 Huawei Technologies Proprietary...
Page 64 HUAWEI Quidway S3500 Series Ethernet Switches Operation Manual VLAN Huawei Technologies Proprietary...
Page 65 Operation Manual - VLAN Quidway S3500 Series Ethernet Switches Table of Contents Table of Contents Chapter 1 VLAN Configuration ....................1-1 1.1 VLAN Overview........................1-1 1.2 VLAN Common Configuration ................... 1-1 1.2.1 Enable/Disable VLAN Feature ................1-1 1.2.2 Create/Delete a VLAN..................... 1-2 1.2.3 Add Ethernet Ports to a VLAN ................
Page 66 Operation Manual - VLAN Quidway S3500 Series Ethernet Switches Table of Contents Chapter 4 Super VLAN ........................4-1 4.1 Overview of Super VLAN....................4-1 4.2 Super VLAN Configuration ....................4-1 4.2.1 Configuring a Super VLAN..................4-1 4.2.2 Configuring a Sub VLAN ..................4-2 4.2.3 Configuring the Mapping between Super a VLAN and a Sub VLAN ......
Page 67: Chapter 1 Vlan Configuration
Operation Manual - VLAN Quidway S3500 Series Ethernet Switches Chapter 1 VLAN Configuration Chapter 1 VLAN Configuration 1.1 VLAN Overview Virtual Local Area Network (VLAN) groups the devices of a LAN logically but not physically into segments to implement the virtual workgroups. IEEE issued the IEEE 802.1Q in 1999, which was intended to standardize VLAN implementation solutions.
Page 68: Add Ethernet Ports To A Vlan
Operation Manual - VLAN Quidway S3500 Series Ethernet Switches Chapter 1 VLAN Configuration Table 1-1 Enable/Disable VLAN feature Operation Command Enable/Disable VLAN feature vlan { enable | disable } By default, VLAN feature is enabled on the switch. Note that you will see error prompt when creating VLAN after VLAN feature is disabled.
Page 69: Name The Current Vlan
Operation Manual - VLAN Quidway S3500 Series Ethernet Switches Chapter 1 VLAN Configuration Note that you can add/delete trunk port and hybrid port to/from VLAN by port and undo port commands in Ethernet port view, but not in VLAN view.
Page 70 Operation Manual - VLAN Quidway S3500 Series Ethernet Switches Chapter 1 VLAN Configuration Perform the following configurations in system view. Table 1-6 Specify/Remove VLAN interface Operation Command Create a new VLAN interface and enter interface vlan-interface vlan_id VLAN interface view...
Page 71 Operation Manual - VLAN Quidway S3500 Series Ethernet Switches Chapter 1 VLAN Configuration Table 1-8 Shut down/Enable VLAN interface Operation Command Shut down the VLAN interface shutdown Enabling the VLAN interface undo shutdown The operation of shutting down or enabling the VLAN interface has no effect on the UP/DOWN status of the Ethernet ports on the local VLAN.
Page 72: Display And Debug Vlan
Operation Manual - VLAN Quidway S3500 Series Ethernet Switches Chapter 1 VLAN Configuration 1.3.2 Create/Delete the Association Between an Port and a Protocol-Based VLAN Perform the following configuration in Ethernet port view. Table 1-10 Create/delete the association between an port and a protocol-based VLAN...
Page 73: Vlan Configuration Example
Operation Manual - VLAN Quidway S3500 Series Ethernet Switches Chapter 1 VLAN Configuration 1.5 VLAN Configuration Example I. Networking requirements Create VLAN2 and VLAN3. Add Ethernet port 0/1 and Ethernet port 0/2 to VLAN2 and add Ethernet 0/3 and Ethernet 0/4 to VLAN3.
Page 74 Chapter 2 Isolate-User-Vlan Configuration 2.1 Isolate-user-vlan Overview Isolate-user-vlan is a new feature of the Ethernet Switches launched by Huawei Technologies Co., Ltd., through which can save the VLAN source. isolate-user-vlan adopts the Layer-2 VLAN architecture. (On an Ethernet Switch configure the isolate-user-vlan and Secondary VLAN.) An isolate-user-vlan corresponds to several...
Page 75: Configure Secondary Vlan
Operation Manual - VLAN Quidway S3500 Series Ethernet Switches Chapter 2 Isolate-User-Vlan Configuration Table 2-1 Configure isolate-user-vlan Operation Command Create a VLAN vlan vlan-id Configure the VLAN as isolate-user-vlan isolate-user-vlan enable Cancel the configuration of VLAN as undo isolate-user-vlan enable...
Page 76 Operation Manual - VLAN Quidway S3500 Series Ethernet Switches Chapter 2 Isolate-User-Vlan Configuration Table 2-3 Configure to map isolate-user-vlan to secondary VLAN Operation Command Configure isolate-user-vlan isolate-user-vlan_num isolate-user-vlan to secondary secondary secondary_vlan_numlist VLAN secondary_vlan_numlist ] undo isolate-user-vlan isolate-user-vlan_num Cancel to map isolate-user-vlan...
Page 77 Operation Manual - VLAN Quidway S3500 Series Ethernet Switches Chapter 2 Isolate-User-Vlan Configuration Secondary VLANs, VLAN2 and VLAN3. VLAN3 includes Ethernet0/1 and VLAN2 includes Ethernet0/2. The VLAN6 carried by Switch C is the isolate-user-vlan including the Uplink Ethernet1/1 and two Secondary VLAN, VLAN3 and VLAN4. VLAN3 includes Ethernet0/3 and VLAN4 includes Ethernet0/4.
Page 78 Operation Manual - VLAN Quidway S3500 Series Ethernet Switches Chapter 2 Isolate-User-Vlan Configuration [Quidway] isolate-user-vlan 5 secondary 2 to 3 Configure Switch C: # Configure isolate-user-vlan [Quidway] vlan 6 [Quidway-vlan6] isolate-user-vlan enable [Quidway-vlan6] port ethernet1/1 # Configure Secondary VLAN [Quidway-vlan6] vlan 3...
Page 79: Configure Garp
Operation Manual - VLAN Quidway S3500 Series Ethernet Switches Chapter 3 GARP/GVRP Configuration Chapter 3 GARP/GVRP Configuration 3.1 Configure GARP 3.1.1 GARP Overview Generic Attribute Registration Protocol (GARP) offers a mechanism that is used by the members in the same switching network to distribute, propagate and register such information as VLAN and multicast addresses.
Page 80: Set Garp Timer
Operation Manual - VLAN Quidway S3500 Series Ethernet Switches Chapter 3 GARP/GVRP Configuration Main GARP configuration includes: Set GARP timer Note: The value of GARP timer will be used in all the GARP applications, including GVRP and GMRP, running in one switching network.
Page 81: Configure Gvrp
Operation Manual - VLAN Quidway S3500 Series Ethernet Switches Chapter 3 GARP/GVRP Configuration Operation Command Restore the default GARP Hold timer, undo garp timer { hold | join | leave } Join timer and Leave timer settings Restore the default GARP LeaveAll undo garp timer leaveall timer settings.
Page 82 Operation Manual - VLAN Quidway S3500 Series Ethernet Switches Chapter 3 GARP/GVRP Configuration switches and dynamically update the local VLAN registration information including the active members and through which port those members can be reached. All the GVRP-supporting switches can propagate their local VLAN registration information to other switches so that the VLAN information can be consistent on all GVRP-supporting devices in one switching network.
Page 83: Set Gvrp Registration Type
Operation Manual - VLAN Quidway S3500 Series Ethernet Switches Chapter 3 GARP/GVRP Configuration Table 3-4 Enable/Disable port GVRP Operation Command Enable port GVRP gvrp Disable port GVRP undo gvrp GVRP should be enabled globally before it is enabled on the port. The GVRP can only be enabled/disabled on Trunk port.
Page 84: Gvrp Configuration Example
Operation Manual - VLAN Quidway S3500 Series Ethernet Switches Chapter 3 GARP/GVRP Configuration Table 3-6 Display and debug GVRP Operation Command display gvrp statistics [ interface Display GVRP statistics information interface-list ] Display GVRP global status information display gvrp status...
Page 85 Operation Manual - VLAN Quidway S3500 Series Ethernet Switches Chapter 3 GARP/GVRP Configuration # Enable GVRP globally. [Quidway] gvrp # Set Ethernet0/11 as a Trunk port and allows all the VLANs to pass through. [Quidway] interface ethernet0/11 [Quidway-Ethernet0/11] port link-type trunk [Quidway-Ethernet0/11] port trunk permit vlan all # Enable GVRP on the Trunk port.
Page 86: Super Vlan Configuration
Operation Manual - VLAN Quidway S3500 Series Ethernet Switches Chapter 4 Super VLAN Chapter 4 Super VLAN Note: Quidway S3552F/S3552G/S3552P/3528G/3528P/S3526E/S3526E FM/S3526E FS/S3526C Ethernet switches support the super VLAN feature. 4.1 Overview of Super VLAN To save IP address resources, the super VLAN concept (also known as VLAN aggregation) was developed.
Page 87: Configuring A Sub Vlan
Operation Manual - VLAN Quidway S3500 Series Ethernet Switches Chapter 4 Super VLAN Table 4-1 Configure a super VLAN Operation Command Configure a super VLAN supervlan Remove super VLAN configuration undo supervlan Note that: You cannot configure Ethernet ports for the super VLAN.
Page 88: Displaying Super Vlan
Operation Manual - VLAN Quidway S3500 Series Ethernet Switches Chapter 4 Super VLAN Table 4-3 Configure the mapping between a super VLAN and a sub VLAN Operation Command Configure the mapping between a super subvlan sub-vlan-list VLAN and a sub VLAN...
Page 89 Operation Manual - VLAN Quidway S3500 Series Ethernet Switches Chapter 4 Super VLAN III. Configuration procedure [Quidway] vlan 10 [Quidway-vlan10] supervlan [Quidway-vlan10] vlan 2 [Quidway-vlan2] port ethernet0/1 ethernet0/2 [Quidway-vlan2] vlan 3 [Quidway-vlan3] port ethernet0/3 ethernet0/4 [Quidway-vlan3] vlan 5 [Quidway-vlan5] port ethernet0/5 ethernet0/6...
Page 90: Network Protocol
HUAWEI Quidway S3500 Series Ethernet Switches Operation Manual Network Protocol Huawei Technologies Proprietary...
Page 91 Operation Manual - Network Protocol Quidway S3500 Series Ethernet Switches Table of Contents Table of Contents Chapter 1 IP Address Configuration ................... 1-1 1.1 IP Address Overview ......................1-1 1.1.1 IP Address Classification and Indications ............... 1-1 1.1.2 Subnet and Mask ....................1-3 1.2 Configure IP Address......................
Page 92 Operation Manual - Network Protocol Quidway S3500 Series Ethernet Switches Table of Contents 4.2.1 Configure IP Address of a DHCP Server ..............4-2 4.2.2 Configure Corresponding DHCP Server Group of the VLAN Interface ....4-3 4.2.3 Configure the Address Table Entry ................. 4-3 4.2.4 Enable/Disable DHCP security features ..............
Page 93 Operation Manual - Network Protocol Quidway S3500 Series Ethernet Switches Table of Contents Chapter 6 DHCP Snooping Configuration .................. 6-1 6.1 DHCP Snooping Overview ....................6-1 6.2 Configuring DHCP Snooping ..................... 6-2 6.2.1 DHCP Snooping Configuration Task............... 6-2 6.2.2 DHCP Snooping Configuration Example ..............6-2 Chapter 7 BOOTP Client Configuration ..................
Page 94: Chapter 1 Ip Address Configuration
Operation Manual - Network Protocol Quidway S3500 Series Ethernet Switches Chapter 1 IP Address Configuration Chapter 1 IP Address Configuration 1.1 IP Address Overview 1.1.1 IP Address Classification and Indications IP address is a 32-bit address allocated to the devices which access into the Internet. It consists of two fields: net-id field and host-id field.
Page 95 Operation Manual - Network Protocol Quidway S3500 Series Ethernet Switches Chapter 1 IP Address Configuration Table 1-1 IP address classes and ranges Network Address IP network Note class range range Host ID with all the digits being 0 indicates that the IP address is the network address, and is used for network routing.
Page 96: Subnet And Mask
Operation Manual - Network Protocol Quidway S3500 Series Ethernet Switches Chapter 1 IP Address Configuration 1.1.2 Subnet and Mask Nowadays, with rapid development of the Internet, IP addresses are depleting very fast. The traditional IP address allocation method wastes IP addresses greatly. In order to make full use of the available IP addresses, the concept of mask and subnet is proposed.
Page 97: Configure Hostname And Host Ip Address
Operation Manual - Network Protocol Quidway S3500 Series Ethernet Switches Chapter 1 IP Address Configuration Using the IP address configuration command Allocated by BOOTP server (S3526, S3526 FM and S3526 FS switches not support this configuration in S3500 series switches.) Allocated by DHCP server (S3526, S3526 FM and S3526 FS switches not support this configuration in S3500 series switches.)
Page 98: Ip Address Configuration Example
Operation Manual - Network Protocol Quidway S3500 Series Ethernet Switches Chapter 1 IP Address Configuration Table 1-3 Configure IP address for a VLAN interface Operation Command ip address ip-address net-mask Configure IP address for a VLAN interface [ sub ]...
Page 99: Troubleshoot Ip Address Configuration
Operation Manual - Network Protocol Quidway S3500 Series Ethernet Switches Chapter 1 IP Address Configuration # Configure the IP address for VLAN interface 1. [Quidway-vlan-interface1] ip address 129.2.2.1 255.255.255.0 1.5 Troubleshoot IP Address Configuration Fault 1: The Ethernet Switch cannot ping through a certain host in the LAN.
Page 100: Chapter 2 Arp Configuration
Operation Manual - Network Protocol Quidway S3500 Series Ethernet Switches Chapter 2 ARP Configuration Chapter 2 ARP Configuration 2.1 Introduction to ARP I. Necessity of ARP An IP address cannot be directly used for communication between network devices because network devices can only identify MAC addresses. An IP address is only an address of a host in the network layer.
Page 101: Configure Arp
Operation Manual - Network Protocol Quidway S3500 Series Ethernet Switches Chapter 2 ARP Configuration Normally, dynamic ARP executes and automatically searches for the resolution from the IP address to the Ethernet MAC address without the administrator. 2.2 Configure ARP The ARP mapping table can be maintained dynamically or manually. Usually, the manually configured mapping from the IP addresses to the MAC addresses is known as static ARP.
Page 102: Configure The Dynamic Arp Aging Timer
Operation Manual - Network Protocol Quidway S3500 Series Ethernet Switches Chapter 2 ARP Configuration Perform the following configuration in VLAN interface view. Table 2-2 Configure ARP timed probing function Operation Command Configure IP addresses requiring ARP arp probe ip ip-address...
Page 103 Operation Manual - Network Protocol Quidway S3500 Series Ethernet Switches Chapter 2 ARP Configuration Table 2-4 Configure ARP Source Address Suppression Operation Command Enable source address arp source-suppression enable suppression Disable source address undo arp source-suppression enable suppression Configure the number of source IP...
Page 104: Gratuitous Arp Configuration
Operation Manual - Network Protocol Quidway S3500 Series Ethernet Switches Chapter 2 ARP Configuration 2.3 Gratuitous ARP Configuration Note: This chapter only applies to S3552G, S3552P, S3528G, S3528P, S3552F, S3526E, S3526E FM, S3526E FS and S3526C in S3500 series switches.
Page 105: Configuration Tasks
Operation Manual - Network Protocol Quidway S3500 Series Ethernet Switches Chapter 2 ARP Configuration 2.3.2 Configuration Tasks The following table describes the gratuitous ARP configuration tasks: Table 2-6 Configure gratuitous ARP Configuration item Command Description Enter system view system-view —...
Page 106 Operation Manual - Network Protocol Quidway S3500 Series Ethernet Switches Chapter 2 ARP Configuration Operation Command Display ARP source suppression display arp source-suppression information reset arp [ dynamic | static | interface Reset ARP mapping table interface-type interface-number interface-name } ]...
Page 107: Dhcp Client Configuration
Operation Manual - Network Protocol Quidway S3500 Series Ethernet Switches Chapter 3 Proxy ARP Chapter 3 Proxy ARP 3.1 Introduction to ARP Proxy You have to enable the ARP proxy function, if you want to realize layer 3 internetworking between ports after the layer 2 isolation is realized between ports within the same VLAN, or the Super VLAN is enabled, or the isolate-user-vlan function is enabled.
Page 108: Overview Of Dhcp Client
Operation Manual - Network Protocol Quidway S3500 Series Ethernet Switches Chapter 3 Proxy ARP Note: This chapter only applies to S3552G, S3552P, S3528G, S3528P, S3552F, S3526E, S3526E FM, S3526E FS and S3526C in S3500 series switches. 3.5 Overview of DHCP Client 3.5.1 Brief Introduction...
Page 109 Operation Manual - Network Protocol Quidway S3500 Series Ethernet Switches Chapter 3 Proxy ARP Offer stage, the stage when the DHCP server allocates the IP address. After receiving the DHCP_Discover message from the client, the DHCP server chooses an IP address still available in IP address pool for the client, and sends to the client the DHCP_Offer message containing the leased IP address and other settings.
Page 110: Displaying And Debugging Dhcp Client Configuration
Operation Manual - Network Protocol Quidway S3500 Series Ethernet Switches Chapter 3 Proxy ARP 3.6 DHCP Client Configuration DHCP client configuration include: Configuring a VLAN interface to obtain IP address using DHCP 3.6.1 Configuring a VLAN Interface to Obtain IP Address Using DHCP Perform the following configuration in VLAN interface view.
Page 111: Chapter 4 Dhcp Relay Configuration
Operation Manual - Network Protocol Quidway S3500 Series Ethernet Switches Chapter 4 DHCP Relay Configuration Chapter 4 DHCP Relay Configuration Note: This chapter only applies to S3526/S3526 FM/S3526 FS in S3500 series switches. 4.1 Brief Introduction to DHCP Relay With the extension of network and improving of network complexity, network configuration is becoming more and more complex.
Page 112: Configure Dhcp Relay
Operation Manual - Network Protocol Quidway S3500 Series Ethernet Switches Chapter 4 DHCP Relay Configuration DHCP Relay work on this principle: In the startup and DHCP initialization, DHCP Client advertises configuration request messages to the local network. If there is a DHCP Server in the local network, you can initiate DHCP configuration directly, with DHCP Relay unnecessary.
Page 113: Configure Corresponding Dhcp Server Group Of The Vlan Interface
Operation Manual - Network Protocol Quidway S3500 Series Ethernet Switches Chapter 4 DHCP Relay Configuration 4.2.2 Configure Corresponding DHCP Server Group of the VLAN Interface Perform the following configuration in VLAN interface view. Table 4-2 Configure/Delete the corresponding DHCP Server group of VLAN interface...
Page 114: Display And Debug Dhcp Relay
Operation Manual - Network Protocol Quidway S3500 Series Ethernet Switches Chapter 4 DHCP Relay Configuration Table 4-4 Enable/Disable DHCP security features on VLAN interface Operation Command Enable DHCP security features address-check enable Disable DHCP security features on address-check disable VLAN interface By default, the switch disables DHCP security features function.
Page 115: Dhcp Relay Configuration Example
Operation Manual - Network Protocol Quidway S3500 Series Ethernet Switches Chapter 4 DHCP Relay Configuration Operation Command Enable the DHCP relay debugging debugging dhcp-relay Disable the DHCP relay debugging undo debugging dhcp-relay Display the address information of all the display dhcp-security [ ip_address ] legal clients of the DHCP Server group.
Page 116: Troubleshoot Dhcp Relay Configuration
Operation Manual - Network Protocol Quidway S3500 Series Ethernet Switches Chapter 4 DHCP Relay Configuration 4.5 Troubleshoot DHCP Relay Configuration Fault 1: The user cannot apply for IP address dynamically. Troubleshoot: Perform the following procedures: Firstly, use the display dhcp-server groupNo command to check if the IP address of the corresponding DHCP Server has been configured.
Page 117: Dhcp Overview
Operation Manual - Network Protocol Quidway S3500 Series Ethernet Switches Chapter 5 DHCP Configuration Chapter 5 DHCP Configuration Note: This chapter only applies to S3552G, S3552P, S3528G, S3528P, S3552F, S3526E, S3526E FM, S3526E FS and S3526C in S3500 series switches.
Page 118 Operation Manual - Network Protocol Quidway S3500 Series Ethernet Switches Chapter 5 DHCP Configuration use some dynamic IP addresses for a long period too, but some individuals may only need temporarily assigned IP addresses for a short period of time.
Page 119: Dhcp Relay
Operation Manual - Network Protocol Quidway S3500 Series Ethernet Switches Chapter 5 DHCP Configuration Offer stage where DHCP servers offer IP addresses. Upon the receipt of the DHCP_Discover message from the client, each DHCP server sends a DHCP_Offer message carrying an unassigned IP address selected from its IP address pool and other settings to the client.
Page 120: Dhcp Public Configuration
Operation Manual - Network Protocol Quidway S3500 Series Ethernet Switches Chapter 5 DHCP Configuration segments. If the early DHCP is used to dynamically configure the host, each subnet should be equipped with a DHCP Server, which is obviously uneconomical. The introduction of DHCP relay solves this difficulty.
Page 121: Define Dhcp Message Handling Method
Operation Manual - Network Protocol Quidway S3500 Series Ethernet Switches Chapter 5 DHCP Configuration 5.2.1 Enable/Disable the DHCP Service Before you can configure a DHCP server or DHCP relay, you must enable the DHCP service. Only after the service is enabled can other DHCP configurations take effect.
Page 122: Dhcp Server Configuration
Operation Manual - Network Protocol Quidway S3500 Series Ethernet Switches Chapter 5 DHCP Configuration Operation Command Send DHCP messages to the local DHCP dhcp select interface { interface server where addresses are to be allocated vlan-interface vlan_id from appropriate VLAN...
Page 123: Create Global Dhcp Address Pool
Operation Manual - Network Protocol Quidway S3500 Series Ethernet Switches Chapter 5 DHCP Configuration Specify NetBIOS server addresses for DHCP clients Configure NetBIOS node type of DHCP clients Configure a DHCP option Configure IP addresses of egress gateways for DHCP clients...
Page 124: Configure Address Allocation Method For A Dhcp Address Pool
Operation Manual - Network Protocol Quidway S3500 Series Ethernet Switches Chapter 5 DHCP Configuration Table 5-5 Create global DHCP address pool Operation Command Create a DHCP address pool and/or dhcp server ip-pool pool-name access the DHCP address pool view Delete a DHCP address pool undo dhcp server ip-pool pool-name By default, no DHCP global address pool is created.
Page 125 Operation Manual - Network Protocol Quidway S3500 Series Ethernet Switches Chapter 5 DHCP Configuration Operation Command Delete the client MAC address in the undo static-bind mac-address static binding By default, no static address binding is configured for any global DHCP address pool.
Page 126: Configure Ip Addresses Forbidden In Automatic Allocation
Operation Manual - Network Protocol Quidway S3500 Series Ethernet Switches Chapter 5 DHCP Configuration By default, no IP address range is configured for dynamic allocation. Each DHCP address pool can have only one network segment. If an address pool has already had a segment, the new one configured using the network command replaces the old one.
Page 127: Configure Dhcp Client Domain Name
Operation Manual - Network Protocol Quidway S3500 Series Ethernet Switches Chapter 5 DHCP Configuration Table 5-10 Configure IP address lease duration for the global DHCP address pool Operation Command Configure IP address lease duration for the expired { day day [ hour hour...
Page 128 Operation Manual - Network Protocol Quidway S3500 Series Ethernet Switches Chapter 5 DHCP Configuration I. Configure client domain name in a global DHCP address pool Perform the following configuration in DHCP address pool view. Table 5-13 Configure client domain name in the global DHCP address pool...
Page 129: Configure Dns Server Addresses For Dhcp Clients
Operation Manual - Network Protocol Quidway S3500 Series Ethernet Switches Chapter 5 DHCP Configuration By default, no DHCP client domain name is configured in any global or VLAN interface address pool. If you configure domain name for multiple times, the latest domain name replaces the previous one.
Page 130: Configure Netbios Server Addresses For Dhcp Clients
Operation Manual - Network Protocol Quidway S3500 Series Ethernet Switches Chapter 5 DHCP Configuration Table 5-18 Configure DNS server addresses in DHCP address pools on multiple VLAN interfaces Operation Command dhcp server dns-list ip-address Assign DNS server addresses to DHCP...
Page 131: Define Netbios Node Type Of Dhcp Clients
Operation Manual - Network Protocol Quidway S3500 Series Ethernet Switches Chapter 5 DHCP Configuration Table 5-20 Configure NetBIOS server addresses in the DHCP address pool on the current VLAN interface Operation Command Configure NetBIOS server addresses in the dhcp server nbns-list ip-address...
Page 132 Operation Manual - Network Protocol Quidway S3500 Series Ethernet Switches Chapter 5 DHCP Configuration h-nodes, where “h” stands for hybrid. Such nodes are b-nodes with the peer-to-peer communication mechanism. I. Configure NetBIOS node type of clients in a global DHCP address pool Perform the following configuration in DHCP address pool view.
Page 133: Configure A Dhcp Option
Operation Manual - Network Protocol Quidway S3500 Series Ethernet Switches Chapter 5 DHCP Configuration For both global and VLAN interface address pools, NetBIOS node type of clients defaults to h-node. 5.3.9 Configure a DHCP Option New configurable DHCP options may emerge as the result of DHCP development. You can support these options by manually adding them into the attribute list maintained by the DHCP server.
Page 134: Configure Ip Addresses Of Egress Gateways For Dhcp Clients
Operation Manual - Network Protocol Quidway S3500 Series Ethernet Switches Chapter 5 DHCP Configuration Table 5-27 Configure a DHCP option for DHCP address pools on multiple VLAN interfaces Operation Command dhcp server option code { ascii ascii-string | Configure a DHCP option for...
Page 135: Dhcp Relay Configuration
Operation Manual - Network Protocol Quidway S3500 Series Ethernet Switches Chapter 5 DHCP Configuration Table 5-29 Configure the ping mechanism on DHCP server Operation Command Configure the maximum number of ping dhcp server ping packets number packets that the DHCP server can send...
Page 136: Distribute Load Among Dhcp Servers
Operation Manual - Network Protocol Quidway S3500 Series Ethernet Switches Chapter 5 DHCP Configuration Table 5-30 Configure DHCP server address to which the current VLAN interface relays packets Operation Command Configure DHCP server address to which ip relay address ip-address...
Page 137: Release Client Ip Address Through Dhcp Relay
Operation Manual - Network Protocol Quidway S3500 Series Ethernet Switches Chapter 5 DHCP Configuration 5.4.3 Release Client IP Address through DHCP Relay Sometimes you may need to manually release the IP address allocated to a client through the DHCP Relay.
Page 138 Operation Manual - Network Protocol Quidway S3500 Series Ethernet Switches Chapter 5 DHCP Configuration Table 5-34 Configure Address Map Entry for Security Check Operation Command Add an address map entry for security dhcp relay security ip_address check mac_address static Delete an address map entry for security...
Page 139: Display And Debug Dhcp
Operation Manual - Network Protocol Quidway S3500 Series Ethernet Switches Chapter 5 DHCP Configuration This configuration takes effect only when the DHCP security feature is enabled on the VLAN interface. 5.4.7 Allow/Inhibit the Passing of Unknown Machines through DHCP Security Check The so called unknown machine is a device which IP and MAC addresses are not contained in any DHCP security table entry.
Page 140: Dhcp Configuration Example
Operation Manual - Network Protocol Quidway S3500 Series Ethernet Switches Chapter 5 DHCP Configuration Operation Command display dhcp server ip-in-use { ip ip-address | View address bindings in pool [ pool-name ] | interface [ vlan-interface DHCP address pools vlan_id ] | all }...
Page 141 Operation Manual - Network Protocol Quidway S3500 Series Ethernet Switches Chapter 5 DHCP Configuration In the segment 10.1.1.0/25, addresses can be leased for up to 10 days and 12 hours, domain name is domain.com, DNS address is 10.1.1.2, no NetBIOS is configured, and the egress gateway address is 10.1.1.126.
Page 142 Operation Manual - Network Protocol Quidway S3500 Series Ethernet Switches Chapter 5 DHCP Configuration [Quidway-dhcp-2] network 10.1.1.128 mask 255.255.255.128 [Quidway-dhcp-2] expired day 5 [Quidway-dhcp-2] nbns-list 10.1.1.4 [Quidway-dhcp-2] gateway-list 10.1.1.254 [Quidway-dhcp-0] domain-name domain.com [Quidway-dhcp-0] dns-list 10.1.1.2 5.6.2 DHCP Relay Configuration Example I.
Page 143: Dhcp Troubleshooting
Operation Manual - Network Protocol Quidway S3500 Series Ethernet Switches Chapter 5 DHCP Configuration # Assign to VLAN interface 2 an IP address in the same network segment where the DHCP clients reside. [Quidway-Vlan-interface2] ip address 10.110.1.1 255.255.0.0 # Configure on VLAN interface 2 the DHCP server address to which DHCP messages are to be relayed.
Page 144: Dhcp Snooping Overview
Operation Manual - Network Protocol Quidway S3500 Series Ethernet Switches Chapter 6 DHCP Snooping Configuration Chapter 6 DHCP Snooping Configuration Note: This chapter only applies to S3552G, S3552P, S3528G, S3528P, S3552F, S3526E, S3526E FM, S3526E FS and S3526C in S3500 series switches.
Page 145: Configuring Dhcp Snooping
Operation Manual - Network Protocol Quidway S3500 Series Ethernet Switches Chapter 6 DHCP Snooping Configuration 6.2 Configuring DHCP Snooping 6.2.1 DHCP Snooping Configuration Task The following table describes DHCP snooping configuration tasks: Table 6-1 DHCP snooping configuration task Configuration Command...
Page 146 Operation Manual - Network Protocol Quidway S3500 Series Ethernet Switches Chapter 6 DHCP Snooping Configuration II. Network diagram DHCP Client DHCP Client DHCP Client DHCP Client DHCP Client DHCP Client DHCP Client DHCP Client DHCP Client DHCP Client DHCP Client...
Page 147: Overview Of Bootp Client
Operation Manual - Network Protocol Quidway S3500 Series Ethernet Switches Chapter 7 BOOTP Client Configuration Chapter 7 BOOTP Client Configuration Note: This chapter only applies to S3552G, S3552P, S3528G, S3528P, S3552F, S3526E, S3526E FM, S3526E FS and S3526C in S3500 series switches.
Page 148: Displaying And Debugging Bootp Client
Operation Manual - Network Protocol Quidway S3500 Series Ethernet Switches Chapter 7 BOOTP Client Configuration Table 7-1 Configuring a VLAN interface to obtain the IP address using BOOTP Operation Command Configure VLAN interface to obtain IP ip address bootp-alloc address using BOOTP...
Page 149: Access Management Overview
Operation Manual - Network Protocol Quidway S3500 Series Ethernet Switches Chapter 8 Access Management Configuration Chapter 8 Access Management Configuration 8.1 Access Management Overview One of the typical Ethernet access networking scenario is that the users access external network through the Ethernet switches. In this case, the external network is connected to the Ethernet switch.
Page 150: Enable Access Management Function
Operation Manual - Network Protocol Quidway S3500 Series Ethernet Switches Chapter 8 Access Management Configuration Isolation measure is required, because otherwise the PCs in two organizations may interwork with each other. The L2 isolation function at the switch port can ensure two ports do not receive the packets from the other port, so that only those PCs in the same organization can communicate with each other.
Page 151: Configure Layer 2 Isolation Between Ports
Operation Manual - Network Protocol Quidway S3500 Series Ethernet Switches Chapter 8 Access Management Configuration Table 8-2 Configure the access IP address pool based on the physical port Operation Command Configure the access management IP am ip-pool address-list address pool based on the physical port...
Page 152 Operation Manual - Network Protocol Quidway S3500 Series Ethernet Switches Chapter 8 Access Management Configuration Table 8-4 Configuring layer 2 port isolation Operation Command Enable the layer 2 port isolation in a VLAN port-isolate enable Cancel the layer 2 port isolation in VLAN undo port-isolate enable By default, the ports in VLAN are not isolated for layer 2 forwarding.
Page 153 Operation Manual - Network Protocol Quidway S3500 Series Ethernet Switches Chapter 8 Access Management Configuration Port+IP binding: binding the packet’s receiving port and its source IP address. The specified port will only allow the packet with specified IP address to pass. However, packets with this IP address can pass other ports, which refer to those ports where ACLs to restrict the passing of this IP address are not set.
Page 154: Display And Debug Access Management
Operation Manual - Network Protocol Quidway S3500 Series Ethernet Switches Chapter 8 Access Management Configuration S3526E/S3526E FS/S3526E FM/S3526C switches support this configuration in S3500 series switches. 8.2.6 Enable/Disable Access Management Trap You can use the following command to enable/disable access management trap.
Page 155 Operation Manual - Network Protocol Quidway S3500 Series Ethernet Switches Chapter 8 Access Management Configuration II. Networking diagram See Figure 8-1. III. Configuration procedure # Enable access management globally. [Quidway] am enable # Configures the IP address pool for access management on port 1.
Page 156: Ip Performance Configuration
Operation Manual - Network Protocol Quidway S3500 Series Ethernet Switches Chapter 9 IP Performance Configuration Chapter 9 IP Performance Configuration 9.1 IP Performance Configuration IP performance configuration includes: Configure TCP attributes 9.1.1 Configure TCP Attributes TCP attributes that can be configured include: synwait timer: When sending the syn packets, TCP starts the synwait timer.
Page 157: Troubleshoot Ip Performance
Operation Manual - Network Protocol Quidway S3500 Series Ethernet Switches Chapter 9 IP Performance Configuration 9.2 debug IP Performance After the above configuration, execute display command in any view to display the running of the IP Performance configuration, and to verify the effect of the configuration.
Page 158 Operation Manual - Network Protocol Quidway S3500 Series Ethernet Switches Chapter 9 IP Performance Configuration <Quidway> debugging tcp packet Then the TCP packets received or sent can be checked in real time. Specific packet formats include: TCP output packet: Source IP address:202.38.160.1 Source port:1024 Destination IP Address 202.38.160.1...
Page 159: Routing Protocol
HUAWEI Quidway S3500 Series Ethernet Switches Operation Manual Routing Protocol Huawei Technologies Proprietary...
Page 160 Operation Manual - Routing Protocol Quidway S3500 Series Ethernet Switches Table of Contents Table of Contents Chapter 1 IP Routing Protocol Overview ..................1-1 1.1 Introduction to IP Route and Routing Table ..............1-1 1.1.1 IP Route and Route Segment ................. 1-1 1.1.2 Route Selection through the Routing Table ............
Page 161 Operation Manual - Routing Protocol Quidway S3500 Series Ethernet Switches Table of Contents 3.3 Displaying and Debugging RIP..................3-11 3.4 Typical RIP Configuration Example ................. 3-11 3.4.1 Networking requirements ..................3-11 3.4.2 Networking diagram ....................3-12 3.4.3 Configuration procedure..................3-12 3.5 RIP Fault Diagnosis and Troubleshooting ...............
Page 162 Operation Manual - Routing Protocol Quidway S3500 Series Ethernet Switches Table of Contents 4.3 Displaying and Debugging OSPF ..................4-24 4.4 Typical OSPF Configuration Example ................4-25 4.4.1 Configuring DR Election Based on OSPF Priority ..........4-25 4.4.2 Configuring OSPF Virtual Link ................4-27 4.5 OSPF Fault Diagnosis and Troubleshooting ..............
Page 163 Operation Manual - Routing Protocol Quidway S3500 Series Ethernet Switches Table of Contents 6.2.3 Defining apply clauses for a Route-policy............... 6-5 6.2.4 Importing Routing Information Discovered by Other Routing Protocols ....6-6 6.2.5 Defining ip-Prefix ..................... 6-7 6.2.6 Configuring Route Filtering ..................6-7 6.3 Displaying and Debugging the Routing Policy..............
Page 164: Chapter 1 Ip Routing Protocol Overview
Operation Manual - Routing Protocol Quidway S3500 Series Ethernet Switches Chapter 1 IP Routing Protocol Overview Chapter 1 IP Routing Protocol Overview Note: When an Ethernet switch runs a routing protocol, it can perform the router functions. Router that is referred to in the following and its icon represent a generalized router or an Ethernet switch running routing protocols.
Page 165: Route Selection Through The Routing Table
Operation Manual - Routing Protocol Quidway S3500 Series Ethernet Switches Chapter 1 IP Routing Protocol Overview Route Route segment segment Figure 1-1 About hops As the networks may have different sizes, the segment lengths connected between two different pairs of routers are also different. The number of route segments multiplies a weighted coefficient can serve as a weighted measurement for the actual length of the signal transmission path.
Page 166 Operation Manual - Routing Protocol Quidway S3500 Series Ethernet Switches Chapter 1 IP Routing Protocol Overview 129.102.8.10, the address of the network where the host or the router with the mask 255.255.0.0 is located will be 129.102.0.0. Output interface: It indicates an interface through which an IP packet should be forwarded.
Page 167: Routing Management Policy
Figure 1-2 The routing table 1.2 Routing Management Policy The Quidway S3500 Series Ethernet Switches support the configuration of a series of dynamic routing protocols such as RIP, OSPF and BGP, as well as the static routes. The static routes configured by the user are managed together with the dynamic routes as detected by the routing protocol.
Page 168: Supporting Load Sharing And Route Backup
Operation Manual - Routing Protocol Quidway S3500 Series Ethernet Switches Chapter 1 IP Routing Protocol Overview The preference of the corresponding Routing protocol or route type route STATIC OSPF ASE OSPF NSSA IBGP EBGP UNKNOWN In the table, 0 indicates a direct route. 255 indicates any route from unreliable source.
Page 169: Routes Shared Between Routing Protocols
The Quidway S3500 series switches can import the information of another routing protocol. Each protocol has its own route redistribution mechanism. For details, please refer to the description about "Importing an External Route"...
Page 170: Chapter 2 Static Route Configuration
Operation Manual - Routing Protocol Quidway S3500 Series Ethernet Switches Chapter 2 Static Route Configuration Chapter 2 Static Route Configuration 2.1 Introduction to Static Route 2.1.1 Attributes and Functions of Static Route A static route is a special route. You can set up an interconnecting network with the static route configuration.
Page 171: Static Route Configuration
Operation Manual - Routing Protocol Quidway S3500 Series Ethernet Switches Chapter 2 Static Route Configuration Default route is very useful in the networks. Suppose that there is a typical network, which consists of hundreds of routers. In that network, far from less bandwidth would be consumed if you put all kinds of dynamic routing protocols into use without configuring a default route.
Page 172: Configuring A Default Route
Operation Manual - Routing Protocol Quidway S3500 Series Ethernet Switches Chapter 2 Static Route Configuration The packets sent to NULL interface, a kind of virtual interface, will be discarded at once. This can decrease the system load. Preference For different configurations of preference-value, you can flexibly apply the routing management policy.
Page 173: Displaying And Debugging Static Route
Operation Manual - Routing Protocol Quidway S3500 Series Ethernet Switches Chapter 2 Static Route Configuration 2.3 Displaying and Debugging Static Route After the above configuration, execute display command in any view to display the running of the Static Route configuration, and to verify the effect of the configuration.
Page 174 Operation Manual - Routing Protocol Quidway S3500 Series Ethernet Switches Chapter 2 Static Route Configuration II. Networking diagram Host 1.1.5.1 1.1.5.2/24 1.1.2.2/24 1.1.3.1/24 Switch C 1.1.2.1/24 1.1.3.2/24 1.1.1.2/24 1.1.4.1/24 Switch A Switch B Host 1.1.4.2 Host 1.1.1.1 Figure 2-1 Networking diagram of the static route configuration example III.
Page 175 Operation Manual - Routing Protocol Quidway S3500 Series Ethernet Switches Chapter 2 Static Route Configuration Troubleshooting: Use the display ip routing-table protocol static command to view whether the corresponding static route is correctly configured. Use the display ip routing-table command to view whether the corresponding route is valid.
Page 176: Chapter 3 Rip Configuration
Operation Manual - Routing Protocol Quidway S3500 Series Ethernet Switches Chapter 3 RIP Configuration Chapter 3 RIP Configuration 3.1 Brief Introduction to RIP Routing Information Protocol (RIP) is a relatively simple dynamic routing protocol, but it has a wide application. RIP is a kind of Distance-Vector (D-V) algorithm-based protocol and exchanges routing information via UDP packets.
Page 177: Rip Configuration
Operation Manual - Routing Protocol Quidway S3500 Series Ethernet Switches Chapter 3 RIP Configuration After receiving the response packets, the router, which has sent the request, will modify its own routing table. At the same time, RIP broadcasts its routing table to the adjacent routers every 30 seconds.
Page 178: Enabling Rip On Specified Network
Operation Manual - Routing Protocol Quidway S3500 Series Ethernet Switches Chapter 3 RIP Configuration Table 3-1 Enabling RIP and Entering RIP View Operation Command Enable RIP and enter the RIP view Disable RIP undo rip By default, RIP is not enabled.
Page 179: Specifying Rip Version Of The Interface
Operation Manual - Routing Protocol Quidway S3500 Series Ethernet Switches Chapter 3 RIP Configuration Table 3-3 Configuring unicast of the message Operation Command Configure unicast of the message peer ip-address Cancel unicast of the message undo peer ip-address By default, RIP does not send any message to any unicast address.
Page 180: Specifying The Operating State Of The Interface
Operation Manual - Routing Protocol Quidway S3500 Series Ethernet Switches Chapter 3 RIP Configuration processing will be refused. As there is no zero fields in the RIP-2 packet, this configuration is invalid for RIP-2. Perform the following configurations in RIP view.
Page 181: Disabling Host Route
Operation Manual - Routing Protocol Quidway S3500 Series Ethernet Switches Chapter 3 RIP Configuration 3.2.7 Disabling host route In some special cases, the router can receive a lot of host routes from the same segment, and these routes are of little help in route addressing but consume a lot of network resources.
Page 182: Configuring Split Horizon
Operation Manual - Routing Protocol Quidway S3500 Series Ethernet Switches Chapter 3 RIP Configuration The simple authentication does not ensure security. The authentication key not encrypted is sent together with the packet, so the simple authentication cannot be applied to the case with high security requirements.
Page 183: Configuring Default Cost For The Imported Route
Operation Manual - Routing Protocol Quidway S3500 Series Ethernet Switches Chapter 3 RIP Configuration Table 3-11 Configuring RIP to import Routes of Other Protocols Operation Command Configure RIP to import routes of other import-route protocol [ cost value ] protocols...
Page 184: Configuring Route Filtering
Operation Manual - Routing Protocol Quidway S3500 Series Ethernet Switches Chapter 3 RIP Configuration 3.2.14 Setting Additional Routing Metric Additional routing metric is the input or output routing metric added to an RIP route. It does not change the metric value of the route in the routing table, but adds a specified metric value when the interface receives or sends a route.
Page 185 Operation Manual - Routing Protocol Quidway S3500 Series Ethernet Switches Chapter 3 RIP Configuration Table 3-15 Configuring RIP to filter the received routes Operation Command Configure filtering the received routing information distributed by filter-policy gateway ip-prefix-name import the specified address...
Page 186: Displaying And Debugging Rip
Operation Manual - Routing Protocol Quidway S3500 Series Ethernet Switches Chapter 3 RIP Configuration 3.3 Displaying and Debugging RIP After the above configuration, execute display command in any view to display the running of the RIP configuration, and to verify the effect of the configuration. Execute debugging command in user view to debug the RIP module.
Page 187: Configuration Procedure
Operation Manual - Routing Protocol Quidway S3500 Series Ethernet Switches Chapter 3 RIP Configuration 3.4.2 Networking diagram Network address: 155.10.1.0/24 Interface address: 155.10.1.1/24 SwitchA Interface address: Ethernet 110.11.2.1/24 Network address: 110.11.2.2/24 SwitchC SwitchB Interface address: Interface address: 117.102.0.1/16 Network address: 196.38.165.1/24...
Page 188: Rip Fault Diagnosis And Troubleshooting
Operation Manual - Routing Protocol Quidway S3500 Series Ethernet Switches Chapter 3 RIP Configuration [Switch C] rip [Switch C-rip] network 117.102.0.0 [Switch C-rip] network 110.11.2.0 3.5 RIP Fault Diagnosis and Troubleshooting Fault: The S3500 Series Ethernet Switches cannot receive the update packets when the physical connection to the peer routing device is normal.
Page 189: Chapter 4 Ospf Configuration
Operation Manual - Routing Protocol Quidway S3500 Series Ethernet Switches Chapter 4 OSPF Configuration Chapter 4 OSPF Configuration 4.1 OSPF Overview 4.1.1 Introduction to OSPF Open Shortest Path First (OSPF) is an Interior Gateway Protocol based on the link state developed by IETF. At present, OSPF version 2 (RFC2328) is used, which is...
Page 190: Ospf Packets
Operation Manual - Routing Protocol Quidway S3500 Series Ethernet Switches Chapter 4 OSPF Configuration A router uses the SPF algorithm to calculate the shortest path tree with itself as the root, which shows the routes to the nodes in the autonomous system. The external routing information is leave node.
Page 191: Basic Concepts Related To Ospf
Operation Manual - Routing Protocol Quidway S3500 Series Ethernet Switches Chapter 4 OSPF Configuration 4.1.4 Basic Concepts Related to OSPF I. Router ID To run OSPF, a router must have a router ID. If no ID is configured, the system will automatically select an IP address from the IP addresses of the current interface as the Router ID.
Page 192: Ospf Configuration
Operation Manual - Routing Protocol Quidway S3500 Series Ethernet Switches Chapter 4 OSPF Configuration area is called Area Border Router (ABR). An ABR can connect to the backbone area physically or logically. IV. Backbone area and virtual link Backbone Area After the area division of OSPF, not all the areas are equal.
Page 193: Enabling Ospf And Enter Ospf View
Operation Manual - Routing Protocol Quidway S3500 Series Ethernet Switches Chapter 4 OSPF Configuration Configuring NSSA of OSPF Configuring the Route Summarization of OSPF Area Configuring OSPF Area Route Summary Configuring OSPF Virtual Link Configuring Summarization of Imported Routes by OSPF...
Page 194: Specifying Interface
Operation Manual - Routing Protocol Quidway S3500 Series Ethernet Switches Chapter 4 OSPF Configuration 4.2.3 Specifying interface OSPF further divides the AS into different areas. An area logically groups the routers. Some routers belong to different areas (such routers are called ABRs), but one segment can only belong to an area.
Page 195: Configuring The Network Type On The Ospf Interface
Operation Manual - Routing Protocol Quidway S3500 Series Ethernet Switches Chapter 4 OSPF Configuration 4.2.5 Configuring the Network Type on the OSPF Interface The route calculation of OSPF is based upon the topology of the adjacent network of the local router. Each router describes the topology of its adjacent network and transmits it to all the other routers.
Page 196: Configuring The Cost For Sending Packets On An Interface
Operation Manual - Routing Protocol Quidway S3500 Series Ethernet Switches Chapter 4 OSPF Configuration Table 4-5 Configuring a Network Type on the Interface That Starts OSPF Protocol Operation Command ospf network-type { broadcast | nbma Configure network type on the interface...
Page 197: Setting The Peer
Operation Manual - Routing Protocol Quidway S3500 Series Ethernet Switches Chapter 4 OSPF Configuration the concept of BDR. In fact, BDR is a backup for DR. DR and BDR are elected in the meantime. The adjacencies are also established between the BDR and all the routers on the segment, and routing information is also exchanged between them.
Page 198: Setting The Interval Of Hello Packet Transmission
Operation Manual - Routing Protocol Quidway S3500 Series Ethernet Switches Chapter 4 OSPF Configuration Table 4-8 Configuring the peer Operation Command Configure peer NBMA peer ip-address dr-priority interface. dr-priority-number ] Remove the configured peer for the undo peer ip-address NBMA interface By default, the preference for the neighbor of NBMA interface is 1.
Page 199: Configuring An Interval Required For Sending Lsu Packets
Operation Manual - Routing Protocol Quidway S3500 Series Ethernet Switches Chapter 4 OSPF Configuration Table 4-10 Setting a dead timer for the neighboring routers Operation Command Configure dead timer ospf timer dead seconds neighboring routers Restore the default dead interval of the...
Page 200: Configuring Stub Area Of Ospf
Operation Manual - Routing Protocol Quidway S3500 Series Ethernet Switches Chapter 4 OSPF Configuration Table 4-12 Setting an Interval for LSA Retransmission between Neighboring Routers Operation Command Configure the interval of LSA retransmission for the ospf timer retransmit neighboring routers...
Page 201: Configuring Nssa Of Ospf
Operation Manual - Routing Protocol Quidway S3500 Series Ethernet Switches Chapter 4 OSPF Configuration Please pay attention to the following items when configuring a STUB area: The backbone area cannot be configured to be the STUB area and the virtual link cannot pass through the STUB area.
Page 202 Operation Manual - Routing Protocol Quidway S3500 Series Ethernet Switches Chapter 4 OSPF Configuration type-5 LSAs that will be propagated in the OSPF AS. However, the type-5 LSAs will not reach Area 1 because Area 1 is an NSSA. NSSAs and STUB areas have the same approach in this aspect.
Page 203: Configuring The Route Summarization Of Ospf Area
Area By default, the inter-area routes will not be summarized. 4.2.17 Configuring Summarization of Imported Routes by OSPF OSPF of Quidway S3500 Series Ethernet Switches support route summarization of imported routes. Perform the following configurations in OSPF view. Table 4-17 Configuring summarization of imported routes by OSPF...
Page 204: Configuring Ospf Virtual Link
Operation Manual - Routing Protocol Quidway S3500 Series Ethernet Switches Chapter 4 OSPF Configuration By default, summarization of imported routes is disabled. After the summarization of imported routes is configured, if the local router is an autonomous system border router (ASBR), this command summarizes the imported Type-5 LSAs in the summary address range.
Page 205: Configuring The Ospf Area To Support Packet Authentication
Operation Manual - Routing Protocol Quidway S3500 Series Ethernet Switches Chapter 4 OSPF Configuration Table 4-18 Configuring OSPF Virtual Link Operation Command vlink-peer router-id [ hello seconds | retransmit Create and configure a virtual seconds | trans-delay seconds | dead seconds |...
Page 206: Configure Ospf To Import Routes Of Other Protocols
Operation Manual - Routing Protocol Quidway S3500 Series Ethernet Switches Chapter 4 OSPF Configuration Operation Command Specify the key-id and key for OSPF MD5 ospf authentication-mode md5 authentication key_id key Disable interface undo ospf authentication-mode authentication By default, the interface is not configured with either simple authentication or MD5 authentication.
Page 207: Configuring Parameters For Ospf To Import External Routes
Operation Manual - Routing Protocol Quidway S3500 Series Ethernet Switches Chapter 4 OSPF Configuration Table 4-21 Configuring OSPF to Import Routes of Other Protocols Operation Command import-route protocol [ cost value | type Configure OSPF to import routes value value...
Page 208: Configuring Ospf To Import The Default Route
Operation Manual - Routing Protocol Quidway S3500 Series Ethernet Switches Chapter 4 OSPF Configuration Operation Command Restore the default cost for the OSPF to import external undo default cost routes Configure the default tag for the OSPF to import external...
Page 209: Configuring Ospf Route Filtering
Operation Manual - Routing Protocol Quidway S3500 Series Ethernet Switches Chapter 4 OSPF Configuration Table 4-24 Setting OSPF Route Preference Operation Command Configure a priority for OSPF for comparing with the preference other routing protocols preference Restore the default protocol priority...
Page 210: Configuring To Fill The Mtu Field When An Interface Transmits Dd Packets
Operation Manual - Routing Protocol Quidway S3500 Series Ethernet Switches Chapter 4 OSPF Configuration Note: The filter-policy import command only filters the OSPF routes of this process received from the neighbors, and routes that cannot pass the filter won’t be added to the routing table.
Page 211 Operation Manual - Routing Protocol Quidway S3500 Series Ethernet Switches Chapter 4 OSPF Configuration Table 4-28 Disabling the interface to send OSPF packets Operation Command Disable the interface to send silent-interface silent-interface-type OSPF packets silent-interface-number Enable the interface to send...
Page 212: Resetting The Ospf Process
Operation Manual - Routing Protocol Quidway S3500 Series Ethernet Switches Chapter 4 OSPF Configuration 4.2.29 Resetting the OSPF Process If the undo ospf command is executed on a router and then the ospf command is used to restart the OSPF process, the previous OSPF configuration will lose. With the reset ospf command, you can restart the OSPF process without losing the previous OSPF configuration.
Page 213: Typical Ospf Configuration Example
Operation Manual - Routing Protocol Quidway S3500 Series Ethernet Switches Chapter 4 OSPF Configuration Operation Command Display the summary information display ospf asbr-summary [ ip-address of OSPF imported route mask ] Display OSPF interface display ospf interface information Display OSPF errors display ospf error 4.4 Typical OSPF Configuration Example...
Page 214 Operation Manual - Routing Protocol Quidway S3500 Series Ethernet Switches Chapter 4 OSPF Configuration [Switch A] ospf [Switch A-ospf] area 0 [Switch A-ospf-area-0.0.0.0] network 196.1.1.0 0.0.0.255 # Configure Switch B: [Switch B] interface Vlan-interface 1 [Switch B-Vlan-interface1] ip address 196.1.1.2 255.255.255.0 [Switch B-Vlan-interface1] ospf dr-priority 0 [Switch B] router id 2.2.2.2...
Page 215 Operation Manual - Routing Protocol Quidway S3500 Series Ethernet Switches Chapter 4 OSPF Configuration In Switch A, execute display ospf peer to show its OSPF neighbors. Please note the priority of Switch B has been modified to 200, but it is still not the DR.
Page 216 Operation Manual - Routing Protocol Quidway S3500 Series Ethernet Switches Chapter 4 OSPF Configuration [Switch A-ospf-area-0.0.0.0] network 196.1.1.0 0.0.0.255 # Configure Switch B: [Switch B] interface vlan-interface 7 [Switch B-Vlan-interface7] ip address 196.1.1.2 255.255.255.0 [Switch B] interface vlan-interface 8 [Switch B-Vlan-interface8] ip address 197.1.1.2 255.255.255.0 [Switch B] router id 2.2.2.2...
Page 217 Operation Manual - Routing Protocol Quidway S3500 Series Ethernet Switches Chapter 4 OSPF Configuration interfaces for two routers are in DROther state, the peer state machine for the two routers are in 2-way state, instead of FULL state. The peer state machine between DR/BDR and all the other routers is in FULL state.
Page 218 Operation Manual - Routing Protocol Quidway S3500 Series Ethernet Switches Chapter 4 OSPF Configuration area0 area0 area1 area1 area2 area2 Figure 4-4 OSPF areas The backbone area (area 0) cannot be configured as the STUB area and the virtual link cannot pass through the STUB area. That is, if a virtual link has been set up between RTB and RTC, neither area1 nor area0 can be configured as a stub area.
Page 219: Chapter 5 Bgp Configuration
Operation Manual - Routing Protocol Quidway S3500 Series Ethernet Switches Chapter 5 BGP Configuration Chapter 5 BGP Configuration 5.1 Brief Introduction to BGP 5.1.1 BGP Overview Border gateway protocol (BGP) is an inter-autonomous system (inter-AS) dynamic route discovery protocol. Three early versions of BGP are BGP-1 (RFC1105), BGP-2 (RFC1163) and BGP-3 (RFC1267).
Page 220: Bgp Messages
I. Route advertisement policy In the implementation of Quidway S3500 Series Ethernet Switches, these policies are used by BGP when advertising routes: If there are multiple routes available, a BGP speaker only selects the optimum one.
Page 221: Bgp Configuration
Once the connection is set up, a BGP speaker will advertise all its BGP routes to its peers. II. Router selection policy In the implementation of Quidway S3500 Series Ethernet Switches, these policies are adopted when BGP selects routes: First discard the routes unreachable to the next hop.
Page 222: Enabling Bgp
Operation Manual - Routing Protocol Quidway S3500 Series Ethernet Switches Chapter 5 BGP Configuration Configuring BGP-advertised network routes Configuring interaction between BGP and IGP Configuring BGP route aggregation Configuring BGP route filtering Configuring BGP route dampening BGP protocol configuration Configuring BGP preference...
Page 223 Operation Manual - Routing Protocol Quidway S3500 Series Ethernet Switches Chapter 5 BGP Configuration certain member by designating its IP address so that the member is not affected by the group’s configuration in terms of these attributes. Perform the following configurations in BGP view.
Page 224 Operation Manual - Routing Protocol Quidway S3500 Series Ethernet Switches Chapter 5 BGP Configuration Operation Command undo peer peer-address group Delete a peer from the peer group group-name Reset connections of all members in reset bgp group group-name the peer group (in user view) III.
Page 225 Operation Manual - Routing Protocol Quidway S3500 Series Ethernet Switches Chapter 5 BGP Configuration Table 5-6 Configuring timer of peer (group) Operation Command Configure keep-alive message peer { group-name | peer-address } timer interval and hold timer of peer keep-alive...
Page 226 Operation Manual - Routing Protocol Quidway S3500 Series Ethernet Switches Chapter 5 BGP Configuration Operation Command Configure to permit connections undo peer { peer-address | group-name } with EBGP peers (groups) on ebgp-max-hop [ ttl ] directly connected network only.
Page 227 Operation Manual - Routing Protocol Quidway S3500 Series Ethernet Switches Chapter 5 BGP Configuration Table 5-11 Configuring itself as the next hop in advertising route Operation Command Configure itself as the next hop in advertising peer { peer-address | group-name }...
Page 228 Operation Manual - Routing Protocol Quidway S3500 Series Ethernet Switches Chapter 5 BGP Configuration Table 5-14 Configuring the repeating time of as-path Operation Command Configure the repeating time of peer group-name peer-address local AS allow-as-loop [ number ] Remove the repeating time of...
Page 229 Chapter 5 BGP Configuration 5.2.4 Configuring route filtering of peer (group) Quidway S3500 series switches support filtering imported and advertised routes for peers (groups) through Route-policy, AS path list , ACL and ip prefix list. The route filtering policy of advertised routes configured for each member of a peer group must be same with that of the peer group but their route filtering policies of ingress routes may be different.
Page 230: Configuring Networks For Bgp Distribution
Operation Manual - Routing Protocol Quidway S3500 Series Ethernet Switches Chapter 5 BGP Configuration By default, route filtering based on AS path list for a peer (group) is disabled. IV. Configuring route filtering policy based on address prefix list for a peer...
Page 231: Configuring Bgp Route Summarization
Command cancel the synchronization of BGP and IGP undo synchronization By default, BGP doesn’t synchronize with IGP. Quidway S3500 series ethernet switches don’t support synchronization of BGP and IGP. 5.2.7 Configuring BGP Route Summarization The CIDR supports route summarization. There are two modes of BGP route summarization: summary: The summary of the BGP subnet routes.
Page 232: Configuring Bgp Route Filtering
Operation Manual - Routing Protocol Quidway S3500 Series Ethernet Switches Chapter 5 BGP Configuration Table 5-24 Configuring BGP route summarization Operation Command Configure summary automatic function of the summary automatic subnet routes Cancel summary automatic function of the undo summary automatic...
Page 233: Configuring Bgp Route Dampening
Operation Manual - Routing Protocol Quidway S3500 Series Ethernet Switches Chapter 5 BGP Configuration Table 5-26 Configuring to filter the routes distributed by the BGP Operation Command Configure to filter the routes filter-policy acl-number ip-prefix distributed by the BGP ip-prefix-name } export [ routing-process ]...
Page 234: Configuring Bgp Timer
Operation Manual - Routing Protocol Quidway S3500 Series Ethernet Switches Chapter 5 BGP Configuration Table 5-27 Configuring BGP route dampening Operation Command dampening half-life-reachable Configure BGP route dampening half-life-unreachable reuse suppress ceiling ] [ route-policy route-policy-name ] Clear route attenuation...
Page 235: Configuring Med For As
Operation Manual - Routing Protocol Quidway S3500 Series Ethernet Switches Chapter 5 BGP Configuration Table 5-29 Configuring the local preference Operation Command Configure the local preference default local-preference value Restore the default local preference undo default local-preference The local preference is transmitted only when the IBGP peers exchange the update packets and it will not be transmitted beyond the local AS.
Page 236: Configuring Bgp Community
Operation Manual - Routing Protocol Quidway S3500 Series Ethernet Switches Chapter 5 BGP Configuration Table 5-31 Comparing the MED Routing Metrics from the Peers in Different ASs Operation Command Comparing the MED Routing Metrics from the compare-different-as-med Peers in Different ASs...
Page 237: Configuring Bgp Route Reflector
Operation Manual - Routing Protocol Quidway S3500 Series Ethernet Switches Chapter 5 BGP Configuration 5.2.15 Configuring BGP Route Reflector To ensure the interconnection between IBGP peers, it is necessary to establish fully connected network. In some networks, there are large numbers of IBGP peers, and the internal BGP network becomes very large, consequently the costs to establish fully meshed network are very large.
Page 238 Operation Manual - Routing Protocol Quidway S3500 Series Ethernet Switches Chapter 5 BGP Configuration on route reflector, and all client peers and non-client peers are routine BGP peers. The client peers are client peers just because the route reflector lists them as client peers.
Page 239 Operation Manual - Routing Protocol Quidway S3500 Series Ethernet Switches Chapter 5 BGP Configuration 5.2.16 Configuring BGP AS Confederation Attribute Confederation provides the method to handle the booming IBGP network connections inside AS. It divides the AS into multiple sub-AS, in each of which all IBGP peers are fully connected, and are connected with other sub-AS of the confederation.
Page 240: Defining Acl/As Path List/Route-Policy
Operation Manual - Routing Protocol Quidway S3500 Series Ethernet Switches Chapter 5 BGP Configuration III. Configuring the autonomous system confederation nonstandard If it is necessary to perform the interconnection with the devices whose implementation mechanism is different from that of RFC1965, you must configure all the routers in the confederation.
Page 241: Clearing Bgp Connection
Operation Manual - Routing Protocol Quidway S3500 Series Ethernet Switches Chapter 5 BGP Configuration of this group of lists, it means that the routing information has been filtered by this group of as-path lists identified with this list number. III. Defining route-policy Refer to the “Define a route-policy”...
Page 242: Displaying And Debugging Bgp
Operation Manual - Routing Protocol Quidway S3500 Series Ethernet Switches Chapter 5 BGP Configuration 5.3 Displaying and Debugging BGP After the above configuration, execute display command in any view to display the running of the BGP configuration, and to verify the effect of the configuration. Execute reset command in user view to clear the statistics of the configuration.
Page 243: Typical Bgp Configuration Example
Operation Manual - Routing Protocol Quidway S3500 Series Ethernet Switches Chapter 5 BGP Configuration Operation Command Display the information on BGP routes display routing-table which is mapped to a certain regular regular-expression expression as-regular-expression Display configured route-policy display route-policy [ policy-name ]...
Page 244 Operation Manual - Routing Protocol Quidway S3500 Series Ethernet Switches Chapter 5 BGP Configuration II. Networking diagram AS100 Switch B AS1001 Switch A AS1002 172.68.10.1 172.68.10.2 Ethernet 172.68.10.3 172.68.1.1 172.68.1.2 156.10.1.1 Switch C Switch D AS1003 156.10.1.2 Switch E AS200 Figure 5-2 Networking diagram of configuring AS confederation III.
Page 245 Operation Manual - Routing Protocol Quidway S3500 Series Ethernet Switches Chapter 5 BGP Configuration [Switch C-bgp] peer 172.68.10.2 as-number 1002 [Switch C-bgp] peer 156.10.1.2 as-number 200 [Switch C-bgp] peer 172.68.1.2 as-number 1003 5.4.2 Configuring BGP Route Reflector I. Networking requirements Switch B receives an update packet passing EBGP and transmits it to Switch C.
Page 246 Operation Manual - Routing Protocol Quidway S3500 Series Ethernet Switches Chapter 5 BGP Configuration [Switch B-Vlan-interface2] ip address 192.1.1.2 255.255.255.0 # Configure VLAN 3: [Switch B] interface Vlan-interface 3 [Switch B-Vlan-interface3] ip address 193.1.1.2 255.255.255.0 # Configure peers. [Switch B] bgp 200 [Switch B-bgp] peer 192.1.1.1 as-number 100...
Page 247: Configuring Bgp Routing
Operation Manual - Routing Protocol Quidway S3500 Series Ethernet Switches Chapter 5 BGP Configuration 5.4.3 Configuring BGP Routing I. Networking requirements This example illustrates how the administrators manage the routing via BGP attributes. All Ethernet switches are configured with BGP, and IGP in AS 200 utilizes OSPF.
Page 248 Operation Manual - Routing Protocol Quidway S3500 Series Ethernet Switches Chapter 5 BGP Configuration [Switch A] acl number 2000 [Switch A-acl-basic-2000] rule permit source 1.0.0.0 0.255.255.255 [Switch A-acl-basic-2000] rule deny source any Define two route policies, one is called apply_med_50 and the other is called apply_med_100.
Page 249 Operation Manual - Routing Protocol Quidway S3500 Series Ethernet Switches Chapter 5 BGP Configuration [Switch C] interface vlan-interface 5 [Switch C-Vlan-interface5] ip address 195.1.1.2 255.255.255.0 [Switch C] ospf [Switch C-ospf] area 0 [Switch C-ospf-area-0.0.0.0] network 193.1.1.0 0.0.0.255 [Switch C-ospf-area-0.0.0.0] network 195.1.1.0 0.0.0.255...
Page 250: Fault Diagnosis And Bgp Troubleshooting
Operation Manual - Routing Protocol Quidway S3500 Series Ethernet Switches Chapter 5 BGP Configuration [Switch C-acl-basic-2000] rule deny source any Define the route policy with the name of localpref, of those, the local preference matching ACL 2000 is set as 200, and that of not matching is set as 100.
Page 251 Operation Manual - Routing Protocol Quidway S3500 Series Ethernet Switches Chapter 5 BGP Configuration Fault 2: BGP route cannot be advertised correctly after importing route of IGP with the command network. Troubleshooting: Route imported by command network should be same as a route in current routing table, which should include destination segment and mask.
Page 252: Chapter 6 Ip Routing Policy Configuration
The matching rules can be set in advance and then used in the routing policy to advertise, receive and import the route information. In Quidway S3500 Series Ethernet Switches, five kinds of filters, Route-policy, acl, as-path, community-list, and ip-prefix, are provided to be called by the routing protocols.
Page 253 Operation Manual - Routing Protocol Quidway S3500 Series Ethernet Switches Chapter 6 IP Routing Policy Configuration For routing information filtering, the basic ACL is generally used. When the user defines the ACL, he will define the range of an IP address or subnet to the destination network segment address or the next-hop address of the routing information.
Page 254: Ip Routing Policy Configuration
Operation Manual - Routing Protocol Quidway S3500 Series Ethernet Switches Chapter 6 IP Routing Policy Configuration 6.2 IP Routing Policy Configuration The routing policy configuration includes: Defining a route-policy Defining if-match clauses for a Route-policy Defining apply clauses for a Route-policy...
Page 255 Operation Manual - Routing Protocol Quidway S3500 Series Ethernet Switches Chapter 6 IP Routing Policy Configuration route-policy. If all the nodes in the route-policy are in deny mode, all routing information will be denied by the route-policy. 6.2.2 Defining If-match clauses for a Route-policy The if-match clauses define the matching rules.
Page 256 Operation Manual - Routing Protocol Quidway S3500 Series Ethernet Switches Chapter 6 IP Routing Policy Configuration Operation Command Cancel the tag domain of the matched undo if-match tag OSPF routing information By default, no matching will be performed. But please note: The if-match clauses for a node in the route-policy have the relationship of “AND”...
Page 257: Importing Routing Information Discovered By Other Routing Protocols
Operation Manual - Routing Protocol Quidway S3500 Series Ethernet Switches Chapter 6 IP Routing Policy Configuration Operation Command Cancel the routing cost of the routing undo apply cost information set the cost type of the routing information apply cost-type [ internal | external ]...
Page 258 Operation Manual - Routing Protocol Quidway S3500 Series Ethernet Switches Chapter 6 IP Routing Policy Configuration By default, the routes discovered by other protocols will not be distributed. Note: In different routing protocol views, the parameter options are different. For details, respectively refer to the import-route command in different protocols.
Page 259 Operation Manual - Routing Protocol Quidway S3500 Series Ethernet Switches Chapter 6 IP Routing Policy Configuration Table 6-6 Configuring to filter the received route Operation Command Configure to filter the received routing filter-policy gateway ip-prefix-name information distributed by the specified...
Page 260: Displaying And Debugging The Routing Policy
Operation Manual - Routing Protocol Quidway S3500 Series Ethernet Switches Chapter 6 IP Routing Policy Configuration By default, the filtering of the received and distributed routes will not be performed. 6.3 Displaying and Debugging the Routing Policy After the above configuration, execute display command in any view to display the running of the routing policy configuration, and to verify the effect of the configuration.
Page 261: Routing Policy Fault Diagnosis And Troubleshooting
Operation Manual - Routing Protocol Quidway S3500 Series Ethernet Switches Chapter 6 IP Routing Policy Configuration [Switch A] interface vlan-interface 200 [Switch A-Vlan-interface200] ip address 12.0.0.1 255.0.0.0 # Configure three static routes. [Switch A] ip route-static 20.0.0.1 255.0.0.0 12.0.0.2 [Switch A] ip route-static 30.0.0.1 255.0.0.0 12.0.0.2 [Switch A] ip route-static 40.0.0.1 255.0.0.0 12.0.0.2...
Page 262 Operation Manual - Routing Protocol Quidway S3500 Series Ethernet Switches Chapter 6 IP Routing Policy Configuration The if-match mode of at least one node of the Route-policy should be the permit mode. When a Route-policy is used for the routing information filtering, if a piece of routing information does not pass the filtering of any node, then it means that the route information does not pass the filtering of the Route-policy.
Page 263: Route Capacity Configuration Overview
Ethernet switch will not change (unless the hardware is upgraded but upgrading cannot be guaranteed to solve all problems). In order to solve such problem, Quidway S3500 Series Ethernet Switches provide a mechanism to control the size of the routing table: Monitor the free memory in the system to determine whether to add new routes to the routing table and whether to keep connection with a routing protocol.
Page 264: Setting The Lower Limit And The Safety Value Of The Ethernet Switch Memory
Operation Manual - Routing Protocol Quidway S3500 Series Ethernet Switches Chapter 7 Route Capacity Configuration Setting the lower limit and the safety value of the Ethernet switch memory Enabling/Disabling the Ethernet switch to recover the disconnected routing protocol automatically 7.2.1 Setting the lower limit and the safety value of the Ethernet switch...
Page 265: Displaying And Debugging Route Capacity
Operation Manual - Routing Protocol Quidway S3500 Series Ethernet Switches Chapter 7 Route Capacity Configuration 7.3 Displaying and Debugging Route Capacity After the above configuration, execute display command in any view to display the running of the Route capacity configuration.
Page 266 HUAWEI Quidway S3500 Series Ethernet Switches Operation Manual Multicast Huawei Technologies Proprietary...
Page 267 Operation Manual - Multicast Quidway S3500 Series Ethernet Switches Table of Contents Table of Contents Chapter 1 IP Multicast Overview....................1-1 1.1 IP Multicast Overview ......................1-1 1.2 Multicast Addresses......................1-2 1.2.1 IP Multicast Addresses.................... 1-2 1.2.2 Ethernet Multicast MAC Addresses ................ 1-4 1.3 IP Multicast Protocols ......................
Page 268 Operation Manual - Multicast Quidway S3500 Series Ethernet Switches Table of Contents 4.3 Display and Debug Common Multicast Configuration ............4-1 Chapter 5 IGMP Configuration ..................... 5-1 5.1 IGMP Overview........................5-1 5.2 IGMP Configuration ......................5-2 5.2.1 Enable Multicast ...................... 5-2 5.2.2 Configure the IGMP Version ...................
Page 269 Operation Manual - Multicast Quidway S3500 Series Ethernet Switches Table of Contents 8.2 Adding Multicast MAC Address Entries................8-1 8.3 Multicast MAC Address Configuration Example..............8-2 Chapter 9 Multicast VLAN ......................9-1 9.1 Introduction to Multicast VLAN ..................9-1 9.2 Multicast VLAN Configuration.................... 9-1 9.2.1 Configuration Tasks ....................
Page 270: Ip Multicast Overview
Operation Manual - Multicast Quidway S3500 Series Ethernet Switches Chapter 1 IP Multicast Overview Chapter 1 IP Multicast Overview Note: When an Ethernet switch runs a multicast protocol, it can perform the router functions. Router that is referred to in the following represents a generalized router or an Ethernet switch running multicast protocols.
Page 271: Multicast Addresses
Operation Manual - Multicast Quidway S3500 Series Ethernet Switches Chapter 1 IP Multicast Overview Unicast Receiver Receiver Server Receiver Receiver Receiver Server Multicast Receiver Figure 1-1 Comparison between the unicast and multicast transmission It should be noted that a multicast source does not necessarily belong to a multicast group.
Page 272 Operation Manual - Multicast Quidway S3500 Series Ethernet Switches Chapter 1 IP Multicast Overview All members in the group can receive the packets. Membership of a multicast group is dynamic, that is, hosts can join and leave groups at any time.
Page 273: Ethernet Multicast Mac Addresses
Operation Manual - Multicast Quidway S3500 Series Ethernet Switches Chapter 1 IP Multicast Overview Class D address Meaning 224.0.0.12 DHCP server/Relay agent 224.0.0.13 All PIM routers 224.0.0.14 RSVP encapsulation 224.0.0.15 All CBT routers 224.0.0.16 Designated SBM 224.0.0.17 All SBMS 224.0.0.18 VRRP ……...
Page 274: Internet Group Management Protocol
Operation Manual - Multicast Quidway S3500 Series Ethernet Switches Chapter 1 IP Multicast Overview PIM-SM, PIM-DM and MSDP. While the unicast routing protocol BGP can also be expanded to support transmitting multicast routing protocol information between domains. 1.3.1 Internet Group Management Protocol Internet Group Management Protocol is the only protocol that hosts can use.
Page 275: Ip Multicast Packet Forwarding
Operation Manual - Multicast Quidway S3500 Series Ethernet Switches Chapter 1 IP Multicast Overview forwarding path in dense mode is a “source tree” rooted at the source with multicast members as the branches. Since the source tree uses the shortest path from the multicast source and the receiver, it is also called the shortest path tree (SPT).
Page 276: Application Of Multicast
Operation Manual - Multicast Quidway S3500 Series Ethernet Switches Chapter 1 IP Multicast Overview of the shared tree. When a multicast packet arrives at the router, if RPF check succeeds, the packet will be forwarded according to the multicast forwarding entry.
Page 277: Chapter 2 Gmrp Configuration
Operation Manual - Multicast Quidway S3500 Series Ethernet Switches Chapter 2 GMRP Configuration Chapter 2 GMRP Configuration 2.1 GMRP Overview GMRP (GARP Multicast Registration Protocol), based on GARP, is used for maintaining dynamic multicast registration information of the switch. All the switches supporting GMRP can receive multicast registration information from other switches and dynamically update local multicast registration information.
Page 278: Display And Debug Gmrp
Operation Manual - Multicast Quidway S3500 Series Ethernet Switches Chapter 2 GMRP Configuration 2.2.2 Enable/Disable GMRP on the Port Perform the following configuration in Ethernet port view. Table 2-2 Enable/Disable GMRP on the port Operation Command Enable GMRP on the port...
Page 279 Operation Manual - Multicast Quidway S3500 Series Ethernet Switches Chapter 2 GMRP Configuration III. Configuration procedure Configure LS_A: # Enable GMRP globally. [Quidway] gmrp # Enable GMRP on the port. [Quidway] interface Ethernet 0/1 [Quidway-Ethernet0/1] gmrp Configure LS_B: # Enable GMRP globally.
Page 280: Chapter 3 Igmp Snooping Configuration
Operation Manual - Multicast Quidway S3500 Series Ethernet Switches Chapter 3 IGMP Snooping Configuration Chapter 3 IGMP Snooping Configuration Note: Among S3500 Series Ethernet Switches, S3552G/S3552P/S3552F/S3528G/S3528P support IGMP Snooping. 3.1 IGMP Snooping Overview 3.1.1 IGMP Snooping Principle IGMP Snooping (Internet Group Management Protocol Snooping) is a multicast control mechanism running on the Layer 2 Ethernet switch and it is used for multicast group management and control.
Page 281: Implement Igmp Snooping
Operation Manual - Multicast Quidway S3500 Series Ethernet Switches Chapter 3 IGMP Snooping Configuration Video stream Internet / Intranet Multicast router Video stream VOD Server Layer 2 Ethernet Switch Video stream Video stream Video stream Multicast group member Non-multicast Non-multicast...
Page 282 Operation Manual - Multicast Quidway S3500 Series Ethernet Switches Chapter 3 IGMP Snooping Configuration Multicast member port: The port connected to the multicast member. The multicast member refers to a host joined a multicast group. MAC multicast group: The multicast group is identified with MAC multicast address and maintained by the Ethernet switch.
Page 283: Configure Igmp Snooping
Operation Manual - Multicast Quidway S3500 Series Ethernet Switches Chapter 3 IGMP Snooping Configuration general query message arrives at a router port, the Ethernet switch will reset the aging timer of the port. When a port other than a router port receives the IGMP general query message, the Ethernet switch will notify the multicast router that a port is ready to join a multicast group and starts the aging timer for the port.
Page 284: Configure Router Port Aging Time
Operation Manual - Multicast Quidway S3500 Series Ethernet Switches Chapter 3 IGMP Snooping Configuration Enabling/Disabling the function of fast removing a port from a multicast group Setting the maximum number of multicast groups permited on a port Configuring IGMP Snooping Filter Among the above configuration tasks, enabling IGMP Snooping is required, while others are optional for your requirements.
Page 285: Configure Maximum Response Time
Operation Manual - Multicast Quidway S3500 Series Ethernet Switches Chapter 3 IGMP Snooping Configuration 3.2.3 Configure Maximum Response Time This task is to manually configure the maximum response time. If the Ethernet switch receives no report message from a port in the maximum response time, it will remove the port from the multicast group.
Page 286: Setting The Maximum Number Of Multicast Groups Permited On A Port
Operation Manual - Multicast Quidway S3500 Series Ethernet Switches Chapter 3 IGMP Snooping Configuration Perform the following configuration in Ethernet port view. Table 3-5 Enabling/Disabling the function of fast removing a port from a multicast group Operation Command Enable the function of fast removing...
Page 287: Display And Debug Igmp Snooping
Operation Manual - Multicast Quidway S3500 Series Ethernet Switches Chapter 3 IGMP Snooping Configuration forward port list of the multicast group; otherwise, it drops the IGMP report packet and no data flow then will be sent to this port. Thus the switch can control users’ multicast program ordering.
Page 288: Igmp Snooping Configuration Example
Operation Manual - Multicast Quidway S3500 Series Ethernet Switches Chapter 3 IGMP Snooping Configuration 3.4 IGMP Snooping Configuration Example 3.4.1 Enable IGMP Snooping I. Networking requirements To implement IGMP Snooping on the switch, first enable it. The switch is connected with the router via the router port, and with user PC through the non-router ports.
Page 289 Operation Manual - Multicast Quidway S3500 Series Ethernet Switches Chapter 3 IGMP Snooping Configuration Multicast forwarding table set up by IGMP Snooping is wrong. Input the display igmp-snooping group command to display if the multicast group is the expected one.
Page 290: Display And Debug Common Multicast Configuration
Operation Manual - Multicast Quidway S3500 Series Ethernet Switches Chapter 4 Common Multicast Configuration Chapter 4 Common Multicast Configuration 4.1 Introduction to Common Multicast Configuration The multicast common configuration is for both the multicast group management protocol and the multicast routing protocol. The configuration include enabling multicast and displaying multicast routing table and multicast forwarding table, etc.
Page 291 Operation Manual - Multicast Quidway S3500 Series Ethernet Switches Chapter 4 Common Multicast Configuration Table 4-2 Display and Debug Common Multicast Configuration Operation Command display multicast routing-table group-address mask mask mask-length } ] | source-address [ mask Display the multicast routing table...
Page 292: Chapter 5 Igmp Configuration
Operation Manual - Multicast Quidway S3500 Series Ethernet Switches Chapter 5 IGMP Configuration Chapter 5 IGMP Configuration 5.1 IGMP Overview IGMP (Internet Group Management Protocol) is a protocol in the TCP/IP suite responsible for management of IP multicast members. It is used to establish and maintain multicast membership among IP hosts and their directly connected neighboring routers.
Page 293: Igmp Configuration
Operation Manual - Multicast Quidway S3500 Series Ethernet Switches Chapter 5 IGMP Configuration II. Leaving group mechanism In IGMP Version 1, hosts leave the multicast group quietly without informing the multicast router. In this case, the multicast router can only depend on the timeout of the response time of the multicast group to confirm that hosts leave the group.
Page 294: Configure A Router To Join Specified Multicast Group
Operation Manual - Multicast Quidway S3500 Series Ethernet Switches Chapter 5 IGMP Configuration Table 5-1 Select the IGMP version Operation Command Select the IGMP version that the router uses igmp version { 1 | 2 } Restore the default setting undo igmp version By default, IGMP Version 2 is used.
Page 295: Limit Multicast Groups An Interface Can Access
Operation Manual - Multicast Quidway S3500 Series Ethernet Switches Chapter 5 IGMP Configuration By default, a router joins no multicast group. 5.2.4 Limit Multicast Groups An Interface Can Access A multicast router learns whether there are members of a multicast group on the network via the received IGMP membership message.
Page 296: Configure The Present Time Of Igmp Querier
Operation Manual - Multicast Quidway S3500 Series Ethernet Switches Chapter 5 IGMP Configuration By default, the interval is 60 seconds. 5.2.6 Configure the Present Time of IGMP Querier The IGMP querier present timer defines the period of time before the router takes over as the querier sending query messages, after the previous querier has stopped doing Perform the following configuration in interface view.
Page 297: Display And Debug Igmp
Operation Manual - Multicast Quidway S3500 Series Ethernet Switches Chapter 5 IGMP Configuration 5.3 Display and Debug IGMP After the above configuration, execute display command in any view to display the running of IGMP configuration, and to verify the effect of the configuration.
Page 298: Chapter 6 Pim-Dm Configuration
Operation Manual - Multicast Quidway S3500 Series Ethernet Switches Chapter 6 PIM-DM Configuration Chapter 6 PIM-DM Configuration PIM-DM (Protocol Independent Multicast-Dense Mode) belongs to dense mode multicast routing protocols. PIM-DM is suitable for small networks. Members of multicast groups are relatively dense in such network environments.
Page 299: Pim-Dm Configuration
Operation Manual - Multicast Quidway S3500 Series Ethernet Switches Chapter 6 PIM-DM Configuration specified unicast routing protocol such as the routing information learned by RIP and OSPF III. Assert mechanism As shown in the following figure, both routers A and B on the LAN have their own receiving paths to multicast source S.
Page 300: Enable Multicast
Operation Manual - Multicast Quidway S3500 Series Ethernet Switches Chapter 6 PIM-DM Configuration 6.1.1 Enable Multicast Refer to “Common Multicast Configuration” of Chapter 2. 6.1.2 Enable PIM-DM PIM-DM needs to be enabled in configuration of all interfaces. After PIM-DM is enabled on an interface, it will send PIM Hello messages periodically and process protocol packets sent by PIM neighbors.
Page 301: Entering Pim View
Operation Manual - Multicast Quidway S3500 Series Ethernet Switches Chapter 6 PIM-DM Configuration 6.1.4 Entering PIM View To configure PIM-related global parameters, you need to enter PIM view. Please perform the following configurations in system view. Table 6-3 Entering PIM view...
Page 302: Pim-Dm Configuration Example
Operation Manual - Multicast Quidway S3500 Series Ethernet Switches Chapter 6 PIM-DM Configuration 6.3 PIM-DM Configuration Example I. Networking requirements Lanswitch1 has a port carrying Vlan 10 to connect Multicast Source, a port carrying Vlan11 to connect Lanswitch2 and a port carrying Vlan12 to connect Lanswitch3.
Page 303 Operation Manual - Multicast Quidway S3500 Series Ethernet Switches Chapter 6 PIM-DM Configuration [Quidway-vlan-interface10] igmp enable [Quidway-vlan-interface10] pim dm [Quidway-vlan-interface10] quit [Quidway] interface vlan-interface 11 [Quidway-vlan-interface11] ip address 2.2.2.2 255.255.0.0 [Quidway-vlan-interface11] igmp enable [Quidway-vlan-interface11] pim dm [Quidway-vlan-interface11] quit [Quidway] interface vlan-interface 12 [Quidway-vlan-interface12] ip address 3.3.3.3 255.255.0.0...
Page 304: Chapter 7 Pim-Sm Configuration
Operation Manual - Multicast Quidway S3500 Series Ethernet Switches Chapter 7 PIM-SM Configuration Chapter 7 PIM-SM Configuration 7.1 PIM-SM Overview 7.1.1 Introduction to PIM-SM PIM-SM (Protocol Independent Multicast-Sparse Mode) belongs to sparse mode multicast routing protocols. PIM-SM is mainly applicable to large-scale networks with broad scope in which group members are relatively sparse.
Page 305: Preparations Before Configuring Pim-Sm
Operation Manual - Multicast Quidway S3500 Series Ethernet Switches Chapter 7 PIM-SM Configuration receives the packets sent to multicast group G, the packets will be sent to leaf routers along the path built and then reach the hosts. In this way, an RP-rooted tree (RPT) is built as shown in the following figure.
Page 306: Pim-Sm Configuration
Operation Manual - Multicast Quidway S3500 Series Ethernet Switches Chapter 7 PIM-SM Configuration II. Configure BSRs The BSR is the management core in a PIM-SM network. Candidate-RPs send announcement to the BSR, which is responsible for collecting and advertising the information about all candidate-RPs.
Page 307: Configure The Interface Hello Message Interval
Operation Manual - Multicast Quidway S3500 Series Ethernet Switches Chapter 7 PIM-SM Configuration Table 7-1 Enable PIM-SM Operation Command Enable PIM-SM on an interface pim sm Disable PIM-SM on an interface undo pim sm Repeat this configuration to enable PIM-SM on other interfaces. Only one multicast routing protocol can be enabled on an interface at a time.
Page 308: Enter Pim View
Operation Manual - Multicast Quidway S3500 Series Ethernet Switches Chapter 7 PIM-SM Configuration By default, no domain border is set. After this configuration is performed, a bootstrap message cannot cross the border but other PIM packets can. This configuration can effectively divide a network into domains using different BSRs.
Page 309: Configure Candidate-Rps
Operation Manual - Multicast Quidway S3500 Series Ethernet Switches Chapter 7 PIM-SM Configuration Table 7-5 Configure candidate-BSRs Operation Command c-bsr interface interface-type interface-number Configure a candidate-BSR hash-mask-len [ priority ] Remove the candidate-BSR undo c-bsr configured Candidate-BSRs should be configured on the routers in the network backbone. By default, no BSR is set.
Page 310: Configure Rp To Filter The Register Messages Sent By Dr
Operation Manual - Multicast Quidway S3500 Series Ethernet Switches Chapter 7 PIM-SM Configuration Table 7-7 Configure static RP Operation Command Configure static RP static-rp rp-address [ acl-number ] Remove the static RP configured undo static-rp Basic ACL can be used to control the range of multicast group served by a static RP.
Page 311: Set The Threshold Of Switchover From The Rpt To The Spt
Operation Manual - Multicast Quidway S3500 Series Ethernet Switches Chapter 7 PIM-SM Configuration 7.2.10 Set the Threshold of Switchover from the RPT to the SPT The PIM-SM router uses the shared tree to forward multicast data packets initially. If the rate of the multicast data exceeds the threshold, the last hop router the packet passes will initiate a switch from the shared tree to the shortest path tree.
Page 312 Operation Manual - Multicast Quidway S3500 Series Ethernet Switches Chapter 7 PIM-SM Configuration LSWA connects to LSWB through the interface vlan-interface20, connects the HostA through vlan-interface11, and connects to LSWC through vlan-interface12. LSWB connects to LSWA through the interface vlan-interface20, connects the HostC through vlan-interface30, and connects to LSWD through vlan-interface40.
Page 313 Operation Manual - Multicast Quidway S3500 Series Ethernet Switches Chapter 7 PIM-SM Configuration [Quidway] vlan 12 [Quidway-vlan12] port ethernet 0/3 [Quidway-vlan12] quit [Quidway] interface vlan-interface 12 [Quidway-vlan-interface12] ip address 3.3.3.3 255.255.0.0 [Quidway-vlan-interface12] pim sm [Quidway-vlan-interface12] quit [Quidway] vlan 20 [Quidway-vlan20] port ethernet 0/4...
Page 314 Operation Manual - Multicast Quidway S3500 Series Ethernet Switches Chapter 7 PIM-SM Configuration [Quidway] interface vlan-interface 40 [Quidway-vlan-interface40] ip address 6.6.6.6 255.255.0.0 [Quidway-vlan-interface40] pim sm [Quidway-vlan-interface40] quit # Configure the C-BSR. [Quidway] pim [Quidway-pim] c-bsr vlan-interface 20 30 2 # Configure the C-RP.
Page 315: Pim Troubleshooting
Operation Manual - Multicast Quidway S3500 Series Ethernet Switches Chapter 7 PIM-SM Configuration [Quidway-vlan-interface12] ip address 3.3.3.4 255.255.0.0 [Quidway-vlan-interface12] pim sm [Quidway-vlan-interface12] quit [Quidway] vlan 30 [Quidway-vlan30] port ethernet 0/4 [Quidway-vlan30] quit [Quidway] interface vlan-interface 30 [Quidway-vlan-interface30] ip address 5.5.5.6 255.255.0.0...
Page 316: Chapter 8 Multicast Mac Address Configuration
Operation Manual - Multicast Quidway S3500 Series Ethernet Switches Chapter 8 Multicast MAC Address Configuration Chapter 8 Multicast MAC Address Configuration Note: Among S3500 Series Ethernet Switches, S3552G/S3552P/S3552F/S3528G/S3528P support IGMP Snooping. 8.1 Introduction In Layer 2 multicast, you can not only dynamically create multicast forwarding entries using the Layer 2 multicast protocol, but also set manually the multicast MAC address and bind multicast entries to ports.
Page 317: Multicast Mac Address Configuration Example
Operation Manual - Multicast Quidway S3500 Series Ethernet Switches Chapter 8 Multicast MAC Address Configuration After you manually add a multicast MAC address, the switch cannot learn it using IGMP snooping. The command can only remove the multicast MAC address entries manually added, but not those learned by the switch.
Page 318: Chapter 9 Multicast Vlan
Operation Manual - Multicast Quidway S3500 Series Ethernet Switches Chapter 9 Multicast VLAN Chapter 9 Multicast VLAN Note: Among S3500 Series Ethernet Switches, S3552G/S3552P/S3552F/S3528G/S3528P support IGMP Snooping. 9.1 Introduction to Multicast VLAN Generally, when users in different virtual LANs (VLANs) order a multicast stream, each of these VLANs copies the same multicast stream to itself.
Page 319 Operation Manual - Multicast Quidway S3500 Series Ethernet Switches Chapter 9 Multicast VLAN Item Command Description Quitting the VLAN quit view Entering interface_type: port type Ethernet port view interface interface_type connected with the interface_num interface_num: port number layer 2 switch...
Page 320: Multicast Vlan Configuration Example
Operation Manual - Multicast Quidway S3500 Series Ethernet Switches Chapter 9 Multicast VLAN Item Command Description Defining the type of the port link-type hybrid Required port to hybrid Specifying VLANs for port hybrid vlan vlan_id_list Required the port { tagged | untagged } To cancel the configurations, use the corresponding undo commands.
Page 321 Operation Manual - Multicast Quidway S3500 Series Ethernet Switches Chapter 9 Multicast VLAN II. Network diagram Switch A Switch A Workstation Workstation Workstation Switch B Switch B PC 1 PC 1 PC 1 PC 1 PC 1 PC 1 PC 1...
Page 322 Operation Manual - Multicast Quidway S3500 Series Ethernet Switches Chapter 9 Multicast VLAN [Switch A-Ethernet 1/0/10] port hybrid vlan 2 3 10 tagged [Switch A-Ethernet 1/0/10] quit # Enable the PIM DM protocol and the IGMP function on the VLAN 10 interface.
Page 323 HUAWEI Quidway S3500 Series Ethernet Switches Operation Manual QoS/ACL Huawei Technologies Proprietary...
Page 324 Operation Manual - QoS/ACL Quidway S3500 Series Ethernet Switches Table of Contents Table of Contents Chapter 1 ACL Configuration....................... 1-1 1.1 Brief Introduction to ACL....................1-1 1.1.1 ACL Overview ......................1-1 1.1.2 ACL Supported by the Ethernet Switch ..............1-3 1.2 Configuring ACL of S3526 ....................
Page 325 Operation Manual - QoS/ACL Quidway S3500 Series Ethernet Switches Table of Contents 2.1.5 Port Traffic Limit ...................... 2-2 2.1.6 Redirection ......................2-2 2.1.7 Traffic Priority ......................2-2 2.1.8 Queue Scheduling....................2-2 2.1.9 Traffic Mirroring ....................... 2-4 2.1.10 Traffic Counting ..................... 2-4 2.2 Configuring QoS of S3526....................
Page 326 Operation Manual - QoS/ACL Quidway S3500 Series Ethernet Switches Table of Contents Chapter 3 Logon User ACL Control Configuration..............3-1 3.1 Overview ..........................3-1 3.2 Configuring ACL Control over the TELNET Users ............3-1 3.2.1 Defining ACL ......................3-1 3.2.2 Calling ACL to Control TELNET Users ..............3-2 3.2.3 Configuration Example....................
Page 327: Chapter 1 Acl Configuration
Operation Manual - QoS/ACL Quidway S3500 Series Ethernet Switches Chapter 1 ACL Configuration Chapter 1 ACL Configuration 1.1 Brief Introduction to ACL 1.1.1 ACL Overview A series of matching rules are required for the network devices to identify the packets to be filtered.
Page 328 Operation Manual - QoS/ACL Quidway S3500 Series Ethernet Switches Chapter 1 ACL Configuration Note: For S3526 switch, packet-filter function only supports rules which action is deny, and other QoS functions such as configure priority marking, configure traffic mirroring and configure traffic statistics supports rules which action is permit. But in some case the permit ACL and deny ACL can be matched for the same time.
Page 329: Acl Supported By The Ethernet Switch
Operation Manual - QoS/ACL Quidway S3500 Series Ethernet Switches Chapter 1 ACL Configuration Note: The depth-first principle is to put the statement specifying the smallest range of packets on the top of the list. This can be implemented through comparing the wildcards of the addresses.
Page 330: Configuring Acl Of S3526
Operation Manual - QoS/ACL Quidway S3500 Series Ethernet Switches Chapter 1 ACL Configuration Item Value range Named advanced ACL. Named Layer-2 ACL. Named user-defined ACL. The sub items of an ACL 0 to 127 Note: S3526 Series and S3552 Series Ethernet Switches don’t support user-defined ACL.
Page 331: Configuring The Time-Range
The end time shall be later than the start time. 1.2.2 Defining ACL Huawei Switches support several kinds of ACLs. Here we will introduce how to define these ACLs. Defining ACL by following the steps below:...
Page 332 Operation Manual - QoS/ACL Quidway S3500 Series Ethernet Switches Chapter 1 ACL Configuration Note: If a specific time rang is not defined, the ACL will always function after activated. During the process of defining the ACL, you can use the rule command for several times to define multiple rules for an ACL.
Page 333 Operation Manual - QoS/ACL Quidway S3500 Series Ethernet Switches Chapter 1 ACL Configuration Note: For S3526 series and S3026 F switches, there are some limits: protocol type (the parameter protocol in rule command) can’t be configured if the user configures the IP-any, any-IP, NET-any, any-NET rules( source IP address is...
Page 334: Activating Acl
Operation Manual - QoS/ACL Quidway S3500 Series Ethernet Switches Chapter 1 ACL Configuration III. Defining the Layer-2 ACL The rules of Layer-2 ACL are defined on the basis of the Layer-2 information such as source MAC address, source VLAN ID, Layer-2 protocol type, Layer-2 ports receiving and forwarding the packet and destination MAC address to process the data packets.
Page 335 MAC-any stands for lay-2 ACL rule from source MAC address to any destination MAC address, such as “rule 0 permit ingress 00e0-fc01-0101 1 egress any time-range huawei”, and so do any-MAC, IP-any, any-IP, NET-any and any-NET rules. Huawei Technologies Proprietary...
Page 336: Displaying And Debugging Acl
Operation Manual - QoS/ACL Quidway S3500 Series Ethernet Switches Chapter 1 ACL Configuration For the MAC-MAC rule, the source and destination MAC addresses must be configured in the same VLAN. That is, configure the same VLAN ID for the source and destination MAC addresses in defining ACL.
Page 337: Configuring Acl Of S3526E And S3526C
When end-time end-date is not configured, it will be all the time from now to the date which can be displayed by the system. The end time shall be later than the start time. 1.3.2 Defining ACL Huawei Switches support several kinds of ACLs. Here we will introduce how to define these ACLs. Huawei Technologies Proprietary...
Page 338 Operation Manual - QoS/ACL Quidway S3500 Series Ethernet Switches Chapter 1 ACL Configuration Defining ACL by following the steps below: enter the corresponding ACL view add a rule to the ACL You can add multiple rules to one ACL. Note: If a specific time rang is not defined, the ACL will always function after activated.
Page 339 Operation Manual - QoS/ACL Quidway S3500 Series Ethernet Switches Chapter 1 ACL Configuration II. Defining the advanced ACL The rules of the classification for advanced ACL are defined on the basis of the attributes such as source and destination IP address, the TCP or UDP port number in use and packet priority to process the data packets.
Page 340 Operation Manual - QoS/ACL Quidway S3500 Series Ethernet Switches Chapter 1 ACL Configuration Table 1-14 Defining the Layer-2 ACL Operation Command acl { number acl-number | name Enter Layer-2 ACL view(from system acl-name link } [ match-order { config view)
Page 341 Operation Manual - QoS/ACL Quidway S3500 Series Ethernet Switches Chapter 1 ACL Configuration Table 1-15 Letters and their meanings Letter Meaning Offset Letter Meaning Offset Destination TTL field address Protocol number (6 Source is TCP and 17 is address UDP).
Page 342: Activating Acl
Operation Manual - QoS/ACL Quidway S3500 Series Ethernet Switches Chapter 1 ACL Configuration Note: When user defines user-defined ACL, please calculate and set the correct offsets according to the data frames of SNAP+tag format with the 802.3 standard described above.
Page 343: Displaying And Debugging Acl
Operation Manual - QoS/ACL Quidway S3500 Series Ethernet Switches Chapter 1 ACL Configuration Note: This command supports the process to activate the Layer-2 and IP ACLs at the same time(IP ACLs include basic and advanced ACLs), however the actions of the combination items should be consistent.
Page 344: Configuring The Time-Range
Operation Manual - QoS/ACL Quidway S3500 Series Ethernet Switches Chapter 1 ACL Configuration 1.4.1 Configuring the Time-Range The process of configuring a time-range includes the steps of configuring the hour-minute range, date ranges and period range. The hour-minute range is expressed in the units of minute, hour.
Page 345 Operation Manual - QoS/ACL Quidway S3500 Series Ethernet Switches Chapter 1 ACL Configuration Table 1-21 Length of template elements Length in Name Description template 802.1p priority in the Ethernet packet header 1 byte Destination IP field in IP packet header...
Page 346: Defining Acl
2 automatic flow template will be applied on the port automatically. So does layer 3 ACL rules. 1.4.3 Defining ACL Huawei Switches support several kinds of ACLs. Here we will introduce how to define these ACLs. Defining ACL by following the steps below:...
Page 347 Operation Manual - QoS/ACL Quidway S3500 Series Ethernet Switches Chapter 1 ACL Configuration You can add multiple rules to one ACL. Note: If a specific time rang is not defined, the ACL will always function after activated. During the process of defining the ACL, you can use the rule command for several times to define multiple rules for an ACL.
Page 348 Operation Manual - QoS/ACL Quidway S3500 Series Ethernet Switches Chapter 1 ACL Configuration analyses of three kinds of packet priorities, ToS (Type of Service), IP and DSCP priorities. You can use the following command to define advanced ACL. Perform the following configuration in corresponding view.
Page 349: Activating Acl
Operation Manual - QoS/ACL Quidway S3500 Series Ethernet Switches Chapter 1 ACL Configuration Table 1-25 Defining the Layer-2 ACL Operation Command Enter Layer-2 ACL view(from acl { number acl-number | name acl-name system view) link } [ match-order { config | auto } ]...
Page 350: Displaying And Debugging Acl
Operation Manual - QoS/ACL Quidway S3500 Series Ethernet Switches Chapter 1 ACL Configuration Table 1-27 Activating ACL Operation Command Activate an ACL packet-filter inbound acl-rule Deactivate an ACL undo packet-filter inbound acl-rule Only the rules including these elements defined in template can be sent to target hardware and referenced for such QoS functions as packet filtering, traffic policing, priority re-labeling.
Page 351: Acl Configuration Example Of S3526
Operation Manual - QoS/ACL Quidway S3500 Series Ethernet Switches Chapter 1 ACL Configuration Operation Command Display the configuration of flow display flow-template [ default | interface template interface-type interface-num | user-defined ] Clear ACL counters reset acl counter { all | acl-number | acl-name } The matched information of display acl config command specifies the rules treated by the switch’s CPU.
Page 352: Basic Acl Configuration Example
Define the work time range # Define time range from 8:00 to 18:00. [Quidway] time-range huawei 8:00 to 18:00 working-day Define the ACL to access the payment server. # Enter the named advanced ACL, named as traffic-of-payserver. [Quidway] acl name traffic-of-payserver advanced match-order config # Define the rules for other department to access the payment server.
Page 353: Link Acl Configuration Example
# Enter the named basic ACL, named as traffic-of-host. [Quidway] acl name traffic-of-host basic # Define the rules for packet which source IP is 10.1.1.1. [Quidway-acl-basic-traffic-of-host] rule 1 deny source 10.1.1.1 0 time-range huawei Activate ACL. # Activate the ACL traffic-of-host .
Page 354: Acl Configuration Example Of S3526E
Operation Manual - QoS/ACL Quidway S3500 Series Ethernet Switches Chapter 1 ACL Configuration Define the ACL for packet which source MAC address is 00e0-fc01-0101 and destination MAC address is 00e0-fc01-0303. # Enter the named link ACL, named as traffic-of-link. [Quidway] acl name traffic-of-link link # Define the rules for packet which source MAC address is 00e0-fc01-0101 and destination MAC address is 00e0-fc01-0303.
Page 355: Basic Acl Configuration Example
Define the work time range # Define time range from 8:00 to 18:00. [Quidway] time-range huawei 8:00 to 18:00 working-day Define the ACL to access the payment server. # Enter the named advanced ACL, named as traffic-of-payserver. [Quidway] acl name traffic-of-payserver advanced match-order config # Define the rules for other department to access the payment server.
Page 356: Link Acl Configuration Example
# Enter the named basic ACL, named as traffic-of-host. [Quidway] acl name traffic-of-host basic # Define the rules for packet which source IP is 10.1.1.1. [Quidway-acl-basic-traffic-of-host] rule 1 deny source 10.1.1.1 0 time-range huawei Activate ACL. # Activate the ACL traffic-of-host .
Page 357: User-Defined Acl Configuration Example
Chapter 1 ACL Configuration Define the time range # Define time range from 8:00 to 18:00. [Quidway] time-range huawei 8:00 to 18:00 daily Define the ACL for packet which source MAC address is 00e0-fc01-0101 and destination MAC address is 00e0-fc01-0303.
Page 358: Acl Example Of S3552 Series Switches
# Enter the named user-defined ACL, named as traffic-of-tcp. [Quidway] acl name traffic-of-tcp user # Define the rules for TCP packet. [Quidway-acl-user-traffic-of-tcp] rule 1 deny 06 ff 35 time-range huawei Activate ACL. # Activate the ACL traffic-of-tcp . [Quidway] packet-filter user-group traffic-of-tcp 1.7 ACL Example of S3552 Series Switches...
Page 359 Operation Manual - QoS/ACL Quidway S3500 Series Ethernet Switches Chapter 1 ACL Configuration Display the ACL information [Quidway-Ethernet0/1] display current-configuration interface ethernet0/1 interface Ethernet0/1 flow-template user-defined packet-filter inbound ip-group 2000 rule 0 packet-filter inbound link-group 4000 rule 0 return Huawei Technologies Proprietary...
Page 360: Chapter 2 Qos Configuration
Operation Manual - QoS/ACL Quidway S3500 Series Ethernet Switches Chapter 2 QoS Configuration Chapter 2 QoS Configuration 2.1 QoS Overview In the traditional IP network, all the packets are treated equally without priority difference. Every switch/router handles the packets following the First In First Out (FIFO) policy.
Page 361: Packet Filter
Operation Manual - QoS/ACL Quidway S3500 Series Ethernet Switches Chapter 2 QoS Configuration 2.1.3 Packet Filter Packet filter is to filter traffic. For example, the operation “deny” discards the traffic that is matched with a traffic classification rule, while allowing other traffic to pass through.
Page 362 Operation Manual - QoS/ACL Quidway S3500 Series Ethernet Switches Chapter 2 QoS Configuration high queue Packets sent via this Packets sent interface middle queue normal queue Classify Sending queue Dequeue bottom queue Figure 2-1 SP The SP is specially designed for the key service application. A significant feature of the key service is requiring for priority to enjoy the service to reduce the responding delay when congestion occurs.
Page 363: Traffic Mirroring
Operation Manual - QoS/ACL Quidway S3500 Series Ethernet Switches Chapter 2 QoS Configuration Delay bounded WRR Comparing to the common WRR, the Delay bounded WRR also guarantee the packets in the highest-priority queue to leave the queue before the configured delay.
Page 364 Operation Manual - QoS/ACL Quidway S3500 Series Ethernet Switches Chapter 2 QoS Configuration QoS function Implementation Restrictions on ACL configuration Traffic mirroring only supports using mirrored-to { ip-group the ACL of permit operation. acl-number acl-name } [ rule rule ] |...
Page 365 MAC-any stands for lay-2 ACL rule from source MAC address to any destination MAC address, such as “rule 0 permit ingress 00e0-fc01-0101 1 egress any time-range huawei”, and so do any-MAC, IP-any, any-IP, NET-any and any-NET rules. For the MAC-MAC rule, the source and destination MAC addresses must be configured in the same VLAN.
Page 366: Setting Port Priority
Operation Manual - QoS/ACL Quidway S3500 Series Ethernet Switches Chapter 2 QoS Configuration 2.2.1 Setting Port Priority You can use the following command to set the port priority. The switch will replace the 802.1p priority carried by a packet with the port priority by default.
Page 367: Configuring Queue Scheduling
Operation Manual - QoS/ACL Quidway S3500 Series Ethernet Switches Chapter 2 QoS Configuration You can use the following command to configure the priority marking. Perform the following configuration in system view. Table 2-4 Tagging packet priority Operation Command traffic-priority { ip-group { acl-number | acl-name } [ rule...
Page 368 Operation Manual - QoS/ACL Quidway S3500 Series Ethernet Switches Chapter 2 QoS Configuration Table 2-7 Relationship between Local-precedence and output queue Local-precedence Queue ID I. Configuring the mapping relationship between COS and local precedence By default, the system provides the default “COS ->Local-precedence” mapping relationship.
Page 369: Configuring Traffic Mirroring
Operation Manual - QoS/ACL Quidway S3500 Series Ethernet Switches Chapter 2 QoS Configuration II. Configuring the queue scheduler You can use the following command to configure the queue scheduler. Perform the following configuration in Ethernet port view. Table 2-10 Configuring the queue scheduling algorithm...
Page 370: Displaying And Debugging Qos
Operation Manual - QoS/ACL Quidway S3500 Series Ethernet Switches Chapter 2 QoS Configuration Perform the following configuration in system view. Table 2-12 Configuring traffic statistics Operation Command Configure traffic traffic-statistic { ip-group { acl-number | acl-name } [ rule statistics...
Page 371: Configuring Qos Of S3526E And S3526C
Operation Manual - QoS/ACL Quidway S3500 Series Ethernet Switches Chapter 2 QoS Configuration 2.3 Configuring QoS of S3526E and S3526C QoS configuration includes: Setting port priority Configuring trust packet priority Packet filter Traffic policing Redirection configuration Priority tag Queue scheduling...
Page 372: Traffic Policing
Operation Manual - QoS/ACL Quidway S3500 Series Ethernet Switches Chapter 2 QoS Configuration Perform the following configuration in Ethernet port view. Table 2-15 Configuring port priority replacement Operation Command Configure trust packet 802.1p priority priority trust Configure not trust packet 802.1p priority undo priority 2.3.3 Traffic Policing...
Page 373: Configuring Packet Redirection
Operation Manual - QoS/ACL Quidway S3500 Series Ethernet Switches Chapter 2 QoS Configuration Table 2-17 Configuring port traffic limit Operation Command Configure the port traffic limit line-rate target-rate Cancel the configuration port traffic limit undo line-rate Ethernet Switch supports the function of configuring configure a traffic limit for a single port.
Page 374: Configuring Queue Scheduling
Operation Manual - QoS/ACL Quidway S3500 Series Ethernet Switches Chapter 2 QoS Configuration Perform the following configuration in system view. Table 2-19 Tagging packet priority Operation Command traffic-priority { user-group { acl-number | acl-name } [ rule rule ] | { ip-group { acl-number | acl-name } [ rule rule ] |...
Page 375 Operation Manual - QoS/ACL Quidway S3500 Series Ethernet Switches Chapter 2 QoS Configuration CoS Value Local Precedence Table 2-21 Relationship between 802.1p priority and output queue 802.1p priority Queue ID Table 2-22 Relationship between Local-precedence and output queue Local-precedence Queue ID I.
Page 376: Configuring Traffic Mirroring
Operation Manual - QoS/ACL Quidway S3500 Series Ethernet Switches Chapter 2 QoS Configuration Perform the following configuration in system view. Table 2-24 Map configuration Operation Command cos-local-precedence-map cos0-map-local-prec Configure “COS cos1-map-local-prec cos2-map-local-prec cos3-map-local-prec ->Local-preced cos4-map-local-prec cos5-map-local-prec cos6-map-local-prec ence” map cos7-map-local-prec...
Page 377: Configuring Traffic Statistics
Operation Manual - QoS/ACL Quidway S3500 Series Ethernet Switches Chapter 2 QoS Configuration Table 2-26 Configuring traffic mirroring Operation Command mirrored-to { user-group acl-number | acl-name [ rule rule ] | Configure traffic { ip-group { acl-number | acl-name } [ rule rule ] | link-group...
Page 378: Configuring Qos Of S3552 Series Switches
Operation Manual - QoS/ACL Quidway S3500 Series Ethernet Switches Chapter 2 QoS Configuration Table 2-28 Displaying and debugging QoS Operation Command Display the parameter settings of all the display qos-global all QoS actions Display the mapping relationship between display cos and local precedence...
Page 379: Configuring Service Group Allocation Rules
Operation Manual - QoS/ACL Quidway S3500 Series Ethernet Switches Chapter 2 QoS Configuration Configuring queue scheduling Configuring traffic mirror Configuring port mirror Configuring traffic statistics Before you perform the QoS configuration tasks listed above, you should define ACLs. You can use packet filter simply by activating the ACL for it, which is beyond the scope of this chapter.
Page 380: Configuring Traffic Policing
Operation Manual - QoS/ACL Quidway S3500 Series Ethernet Switches Chapter 2 QoS Configuration I. Configuring maps You may configure maps by using the commands listed in the following table. Perform the following configuration in system view. Table 2-30 Configuring maps...
Page 381 Operation Manual - QoS/ACL Quidway S3500 Series Ethernet Switches Chapter 2 QoS Configuration Traffic policing actions include re-assigning service group based on DSCP + conform-level to service map, re-assigning traffic’s 802.1p precedence based on TC + conform-level to CoS map, etc. You may configure the mentioned two maps as needed.
Page 382: Configuring Traffic Shaping
Operation Manual - QoS/ACL Quidway S3500 Series Ethernet Switches Chapter 2 QoS Configuration This configuration task is intended for policing the traffic filtered in by the adopted ACL, i.e., taking actions appropriate to the traffic within and beyond the specified limitation, dropping packets for example.
Page 383: Configuring Priority Remark
Operation Manual - QoS/ACL Quidway S3500 Series Ethernet Switches Chapter 2 QoS Configuration 2.4.4 Configuring Priority Remark Priority remark is configured on a switch for the purpose of assigning a set of new service parameters for the packets filtered in by the adopted ACL. You may set a...
Page 384: Configuring Queue Scheduling
Operation Manual - QoS/ACL Quidway S3500 Series Ethernet Switches Chapter 2 QoS Configuration You should note that the packets redirected to CPU cannot be forwarded any longer. Note: The redirection configuration is valid only when the action taken by ACLs is permit.
Page 385: Configuring Congestion Avoidance
Operation Manual - QoS/ACL Quidway S3500 Series Ethernet Switches Chapter 2 QoS Configuration You may configure queue scheduling using the queue-scheduler command and its negative form described in the following table. Perform the following configuration in Ethernet interface view. Table 2-37 Configuring the queue scheduling algorithm...
Page 386 Operation Manual - QoS/ACL Quidway S3500 Series Ethernet Switches Chapter 2 QoS Configuration Before configuring drop algorithm, you need configure the WRED parameters of the output queues. I. Configuring WRED The system provides four default sets of WRED parameters identified by the index number 0, 1, 2, and 3.
Page 387: Configuring Traffic Mirroring
Operation Manual - QoS/ACL Quidway S3500 Series Ethernet Switches Chapter 2 QoS Configuration Table 2-39 Configuring the drop algorithm Operation Command drop-mode tail-drop wred Set drop algorithm. [ wred-index ] Restore the default drop algorithm. undo drop-mode By default, tail-drop is adopted.
Page 388 Operation Manual - QoS/ACL Quidway S3500 Series Ethernet Switches Chapter 2 QoS Configuration You may specify a mirroring port to accept the monitoring of: Inbound packets Outbound packets Both inbound and outbound packets You may also specify a monitor port to monitor:...
Page 389: Configuring Traffic Statistics
Operation Manual - QoS/ACL Quidway S3500 Series Ethernet Switches Chapter 2 QoS Configuration Note: When disabling the configuration of a mirroring port, you are allowed to disable the monitoring on inbound packets, outbound packets, or both. When disabling the configuration of a monitor port observing both inbound and outbound packets, you are also allowed to disable the monitoring on only inbound or outbound packets.
Page 390 Operation Manual - QoS/ACL Quidway S3500 Series Ethernet Switches Chapter 2 QoS Configuration Table 2-43 Displaying and debugging QoS Operation Command Display information of all QoS display qos-global all actions. Display traffic mirroring display qos-interface [ interface-name | information. interface-type interface-num ] mirrored-to...
Page 391: Qos Configuration Example Of S3526
Define a time range. # Set time range to the range 8:00 to 18:00. [Quidway] time-range huawei 8:00 to 18:00 daily Define a rule to be applied on the traffic between two PCs. # Access the view of the number-based advanced ACL 3000.
Page 392: Qos Configuration Example Of S3526E And S3526C
Operation Manual - QoS/ACL Quidway S3500 Series Ethernet Switches Chapter 2 QoS Configuration 2.6 QoS Configuration Example of S3526E and S3526C 2.6.1 Traffic Policing and Interface Rate Restraint Configuration Example I. Networking requirements On a company’s intranet illustrated in the following figure, the departments are connected to each other via 100 megabit ports provided by an Ethernet switch.
Page 393: Traffic Mirroring Configuration Example
Define a time range. # Set time range to the range 8:00 to 18:00. [Quidway] time-range huawei 8:00 to 18:00 daily Define a rule to be applied on the traffic between two PCs. # Access the view of the number-based advanced ACL 3000.
Page 394 Operation Manual - QoS/ACL Quidway S3500 Series Ethernet Switches Chapter 2 QoS Configuration # Define a rule to filter in the traffic from PC2 to PC1. [Quidway-acl-adv-3000] rule 0 permit ip source 2.2.2.2 0.0.0.0 destination 1.1.1.1 0 time-range huawei Monitor the communication traffic between PCs, using Ethernet0/8 as the monitor port.
Page 395: Chapter 3 Logon User Acl Control Configuration
Chapter 3 Logon User ACL Control Configuration 3.1 Overview As the Ethernet switches launched by Huawei Technologies are used more and more widely over the networks, the security issue becomes even more important. The switches provide several logon and device accessing measures, mainly including TELNET access, SNMP access, and HTTP access.
Page 396: Calling Acl To Control Telnet Users
Operation Manual - QoS/ACL Quidway S3500 Series Ethernet Switches Chapter 3 Logon User ACL Control Configuration Table 3-1 Defining the basic ACL Operation Command acl { number acl-number | name Enter basic ACL view(from system acl-name basic } [ match-order...
Page 397: Configuring Acl Control Over The Snmp Users
[Quidway-user-interface-vty0-4] acl 2020 inbound 3.3 Configuring ACL Control over the SNMP Users Huawei Quidway Ethernet switch series support the remote management with the network management software. The network management users can access the switch with SNMP. Controlling such users with ACL can help filter the illegal NM users and prevent them from accessing the local switch.
Page 398: Calling Acl To Control Snmp Users
Operation Manual - QoS/ACL Quidway S3500 Series Ethernet Switches Chapter 3 Logon User ACL Control Configuration 3.3.2 Calling ACL to Control SNMP Users To control the NM users with ACL, call the defined ACL when configuring SNMP community name, username, and group name.
Page 399: Configuration Example
[Quidway-acl-basic-2020] rule 2 permit source 10.110.100.46 0 [Quidway-acl-basic-2020] quit # Call the basic ACLs. [Quidway] snmp-agent community read huawei acl 2020 [Quidway] snmp-agent group v2c huaweigroup acl 2020 [Quidway] snmp-agent usm-user v2c huaweiuser huaweigroup acl 2020 3.4 Configuring ACL Control over the HTTP Users Quidway Ethernet switch series support the remote management through WEB.
Page 400: Defining Acl
Operation Manual - QoS/ACL Quidway S3500 Series Ethernet Switches Chapter 3 Logon User ACL Control Configuration Defining ACL Calling ACL to control HTTP users The follow section introduces the configuration procedures. 3.4.1 Defining ACL So far, you can only call the numbered basic ACL, ranging from 2000 to 2999, to implement ACL control function.
Page 401 Operation Manual - QoS/ACL Quidway S3500 Series Ethernet Switches Chapter 3 Logon User ACL Control Configuration II. Networking diagram Internet Switch Figure 3-3 Controlling WEB NM users with ACL III. Configuration procedure # Define the basic ACL. [Quidway] acl number 2030 match-order config [Quidway-acl-basic-2030] rule 1 permit source 10.110.100.46 0...
Page 402 HUAWEI Quidway S3500 Series Ethernet Switches Operation Manual Integrated Management Huawei Technologies Proprietary...
Page 403 Operation Manual - Integrated Management Quidway S3500 Series Ethernet Switches Table of Contents Table of Contents Chapter 1 Stack Function Configuration ..................1-1 1.1 Stack Function Overview ....................1-1 1.2 Configure Stack Function ....................1-1 1.2.1 Configure IP Address Pool for the Stack ..............1-1 1.2.2 Enable/Disable a Stack ...................
Page 404 Operation Manual - Integrated Management Quidway S3500 Series Ethernet Switches Table of Contents 2.4.7 Set up a Cluster Automatically................2-14 2.4.8 Set Cluster Holdtime ..................... 2-15 2.4.9 Set Cluster Timer to Specify the Handshaking Message Interval......2-15 2.4.10 Configure Remote Control over the Member device........... 2-16 2.4.11 Configure the Cluster Server and Network Management and Log Hosts...
Page 405: Chapter 1 Stack Function Configuration
Operation Manual - Integrated Management Quidway S3500 Series Ethernet Switches Chapter 1 Stack Function Configuration Chapter 1 Stack Function Configuration 1.1 Stack Function Overview A stack is a management domain including several Ethernet switches (one main switch and some slave switches) connected through stack ports. These Ethernet switches stacked together can act as one set of equipment and the user can manage them through the main switch.
Page 406: Enable/Disable A Stack
Operation Manual - Integrated Management Quidway S3500 Series Ethernet Switches Chapter 1 Stack Function Configuration Table 1-1 Configure IP address pool for the stack Operation Command Configure IP address range stacking ip-pool from-ip-address for a stack ip-address-number [ ip-mask ]...
Page 407: Display And Debug Stack Function
Operation Manual - Integrated Management Quidway S3500 Series Ethernet Switches Chapter 1 Stack Function Configuration Please note that the above command can only be used for switching from the main switch view to a slave switch view and the user level remains the same after switching.
Page 408 Operation Manual - Integrated Management Quidway S3500 Series Ethernet Switches Chapter 1 Stack Function Configuration II. Networking diagram Internet Internet Switch A Switch A Switch C Switch C Switch B Switch B Figure 1-1 Stack configuration example III. Configuration procedure # Configure IP address pool for the stack on Switch A.
Page 409 Operation Manual - Integrated Management Quidway S3500 Series Ethernet Switches Chapter 1 Stack Function Configuration Member status:Up # Switch to the slave switch, Switch B, to perform the configuration. <stack_0.Quidway> stacking 1 <stack_1.Quidway> # Display stack information on the slave switch, Switch B.
Page 410: Chapter 2 Hgmp V2 Configuration
Operation Manual - Integrated Management Quidway S3500 Series Ethernet Switches Chapter 2 HGMP V2 Configuration Chapter 2 HGMP V2 Configuration 2.1 HGMP V2 Overview 2.1.1 Overview By HGMP V2 function, the network administrator can manage multiple switches at a managing switch with a public IP address. The managing switch is called administrator device and the managed switches are called member devices.
Page 411 Operation Manual - Integrated Management Quidway S3500 Series Ethernet Switches Chapter 2 HGMP V2 Configuration device receives and processes the management commands from the network. If the command is destined to a member device, the administrator device will forward it to the member device. The administrator device has the functions such...
Page 412: Functions
Operation Manual - Integrated Management Quidway S3500 Series Ethernet Switches Chapter 2 HGMP V2 Configuration Note: To configure the cluster function, perform the following operations on the administrator device: Enable system NDP and port NDP Configure NDP parameter Enable system NTDP and port NTDP...
Page 413: Configure Ndp
Operation Manual - Integrated Management Quidway S3500 Series Ethernet Switches Chapter 2 HGMP V2 Configuration Network topology collection is implemented by NTDP. It is used for collecting the information concerning device connection and the Candidate device. It can also be used for setting hops for topology discovery.
Page 414: Enable/Disable System Ndp
Operation Manual - Integrated Management Quidway S3500 Series Ethernet Switches Chapter 2 HGMP V2 Configuration Note: On an administrator device, you need to enable system NDP and port NDP, meanwhile configure the NDP parameters as well. However, you only have to enable NDP on a device and the corresponding ports on member device.
Page 415: Set Ndp Holdtime
Operation Manual - Integrated Management Quidway S3500 Series Ethernet Switches Chapter 2 HGMP V2 Configuration 2.2.4 Set NDP Holdtime The NDP holdtime specifies how long the adjacent node can keep the local node information. The adjacent device knows the holdtime from the received NDP packet and will discard the packet when it expires.
Page 416: Configure Ntdp
Operation Manual - Integrated Management Quidway S3500 Series Ethernet Switches Chapter 2 HGMP V2 Configuration Table 2-5 Display and Debug NDP Operation Command Display global configuration information (including NDP timer and display ndp holdtime). Display the information about the port...
Page 417: Enable/Disable System Ntdp
Operation Manual - Integrated Management Quidway S3500 Series Ethernet Switches Chapter 2 HGMP V2 Configuration Note: On an administrator device, you need to enable system NTDP and port NTDP, meanwhile configure the NTDP parameters as well. However, you only have to enable system NTDP and the corresponding port NTDP on member device.
Page 418: Set Hop Number For Topology Collection
Operation Manual - Integrated Management Quidway S3500 Series Ethernet Switches Chapter 2 HGMP V2 Configuration By default, port NTDP is enabled on the ports supporting NDP. If you enable NTDP on a port not supporting NDP, NTDP cannot be run.
Page 419: Set Topology Collection Interval
Operation Manual - Integrated Management Quidway S3500 Series Ethernet Switches Chapter 2 HGMP V2 Configuration Table 2-9 Set delay for collected device to forward topology collection request. Operation Command Set delay for collected device to forward ntdp timer hop-delay time topology collection request.
Page 420: Display And Debug Ntdp
Operation Manual - Integrated Management Quidway S3500 Series Ethernet Switches Chapter 2 HGMP V2 Configuration Table 2-11 Start topology information collection Operation Command Start topology information collection ntdp explore 2.3.8 Display and Debug NTDP After the above configuration, execute display command in any view to display the running of the NTDP configuration, and to verify the effect of the configuration.
Page 421: Enable/Disable Cluster Function
Operation Manual - Integrated Management Quidway S3500 Series Ethernet Switches Chapter 2 HGMP V2 Configuration Enable/Disable cluster function Enter cluster view Configure cluster IP address pool Name the administrator device and cluster. Add/delete a cluster member device Setup a cluster automatically.
Page 422: Configure Cluster Ip Address Pool
Operation Manual - Integrated Management Quidway S3500 Series Ethernet Switches Chapter 2 HGMP V2 Configuration Table 2-14 enter cluster view Operation Command enter cluster view. cluster 2.4.4 Configure Cluster IP Address Pool Before setting up a cluster, you are supposed to configure a private IP address pool.
Page 423: Add/Delete A Cluster Member Device
Operation Manual - Integrated Management Quidway S3500 Series Ethernet Switches Chapter 2 HGMP V2 Configuration By default, the switch is not an administrator device and no cluster name has been specified. 2.4.6 Add/Delete a Cluster Member device You can use the following command to add a member device or delete a member device.
Page 424: Set Cluster Holdtime
Operation Manual - Integrated Management Quidway S3500 Series Ethernet Switches Chapter 2 HGMP V2 Configuration 2.4.8 Set Cluster Holdtime After a cluster is set up, some communication fault maybe occurs due to network problem or switch reset. If the fault has not been addressed before the hold time configured on switch expires, the member state goes down.
Page 425: Configure Remote Control Over The Member Device
Operation Manual - Integrated Management Quidway S3500 Series Ethernet Switches Chapter 2 HGMP V2 Configuration Note that the above command can only be executed on the administrator device, which will advertise the cluster timer value to the member devices. By default, handshaking message is transmitted every 10 seconds.
Page 426: Member Accessing
Operation Manual - Integrated Management Quidway S3500 Series Ethernet Switches Chapter 2 HGMP V2 Configuration A member device accesses the configured server through the administrator device. The cluster members output all log information to the configured log host in the end. A member outputs and sends the log information to the administrator device directly.
Page 427: Display And Debug Cluster
Operation Manual - Integrated Management Quidway S3500 Series Ethernet Switches Chapter 2 HGMP V2 Configuration Perform the following configuration in user view. Table 2-23 Member accessing Operation Command cluster switch-to { member-num | mac-address Member accessing H-H-H | administrator } Note that, when executed on the administrator device, if the parameter member-num specifying member number is omitted, error message prompts.
Page 428 Operation Manual - Integrated Management Quidway S3500 Series Ethernet Switches Chapter 2 HGMP V2 Configuration II. Networking diagram SNMP host/ logging host 69.172.55.4 FTP server/TFTP Network server 63.172.55.1 VLAN interface 2 E1/1 IP address 163.172.55.1 Administrator device E0/1 E0/2 E1/1...
Page 429 Operation Manual - Integrated Management Quidway S3500 Series Ethernet Switches Chapter 2 HGMP V2 Configuration # Configure that the collected device delays for 150 milliseconds before forwarding a topology collection request. [Quidway] ntdp timer hop-delay 150 # Configure that the port on the collected device delays for 15 milliseconds before forwarding a topology collection request.
Page 430 Operation Manual - Integrated Management Quidway S3500 Series Ethernet Switches Chapter 2 HGMP V2 Configuration [Quidway] ntdp enable [Quidway] interface ethernet 1/1 [Quidway-Ethernet1/1] ntdp enable # Run the cluster function. [Quidway] cluster enable Note: Upon the completion of the above configurations, you can use the cluster switch-to...
Page 431 HUAWEI Quidway S3500 Series Ethernet Switches Operation Manual Huawei Technologies Proprietary...
Page 432 Operation Manual - STP Quidway S3500 Series Ethernet Switches Table of Contents Table of Contents Chapter 1 MSTP Region-configuration ..................1-1 1.1 MSTP Overview ......................... 1-1 1.1.1 MSTP Concepts ...................... 1-1 1.1.2 MSTP Principles...................... 1-4 1.2 Configure MSTP ........................ 1-9 1.2.1 Configure the MST Region for a Switch..............
Page 433: Chapter 1 Mstp Region-Configuration
Operation Manual - STP Quidway S3500 Series Ethernet Switches Chapter 1 MSTP Region-configuration Chapter 1 MSTP Region-configuration 1.1 MSTP Overview MSTP stands for Multiple Spanning Tree Protocol, which is compatible with STP and RSTP. STP cannot transit fast. Even on the point-to-point link or the edge port, it has to take an interval as long as twice forward delay before the network converges.
Page 434 Operation Manual - STP Quidway S3500 Series Ethernet Switches Chapter 1 MSTP Region-configuration I. MST region Multiple Spanning Tree Regions: A multiple spanning tree region contains several physically and directly connected MSTP switches sharing the same region name, VLAN-spanning tree mapping configuration, and MSTP revision level configuration, and the network segments between them.
Page 435 Operation Manual - STP Quidway S3500 Series Ethernet Switches Chapter 1 MSTP Region-configuration VIII. Common Root Bridge The Common Root Bridge refers to the root bridge of CIST. There is only one common root bridge in the specified network. IX. Edge port The edge port refers to the port located at the MST region edge, connecting different MST regions, MST region and STP region, or MST region and RSTP region.
Page 436: Mstp Principles
Operation Manual - STP Quidway S3500 Series Ethernet Switches Chapter 1 MSTP Region-configuration 1.1.2 MSTP Principles MSTP divides the entire Layer 2 network into several MST regions and calculates and generates CST for them. Multiple spanning trees are generated in a region and each of them is called an MSTI.
Page 437 Operation Manual - STP Quidway S3500 Series Ethernet Switches Chapter 1 MSTP Region-configuration Switch A Switch C Switch B Figure 1-3 Designated switch and designated port For a switch, the designated switch is a switch in charge of forwarding packets to the local switch via a port called the designated port accordingly.
Page 438 Operation Manual - STP Quidway S3500 Series Ethernet Switches Chapter 1 MSTP Region-configuration To facilitate the descriptions, only the first four parts of the configuration BPDU are described in the example. They are root ID (expressed as Ethernet switch priority), path cost to the root, designated switch ID (expressed as Ethernet switch priority) and the designated port ID (expressed as the port number).
Page 439 Operation Manual - STP Quidway S3500 Series Ethernet Switches Chapter 1 MSTP Region-configuration The port receiving the optimum configuration BPDU is designated to be the root port, whose configuration BPDU remains the same. Any other port, whose configuration BPDU has been updated in the step Select the optimum configuration BPDU, will be blocked and will not forward any data, in addition, it will only receive but not transmit BPDU and its BPDU remains the same.
Page 440 Operation Manual - STP Quidway S3500 Series Ethernet Switches Chapter 1 MSTP Region-configuration CP1 receives the configuration BPDU {0, 0, 0, AP2} from Switch A and Switch C launches the updating. The configuration BPDU is updated as {0, 0, 0, AP2}.
Page 441: Configure Mstp
Operation Manual - STP Quidway S3500 Series Ethernet Switches Chapter 1 MSTP Region-configuration Upon the initiation of the network, all the switches regard themselves as the roots. The designated ports send the configuration BPDUs of local ports at a regular interval of HelloTime.
Page 442: Configure The Mst Region For A Switch
Operation Manual - STP Quidway S3500 Series Ethernet Switches Chapter 1 MSTP Region-configuration Enable MSTP on the device Enable MSTP on a port Only after MSTP is enabled on the device will other configurations take effect. Before enabling MSTP, you can configure the related parameters of the device and Ethernet ports, which will take effect upon enabling MSTP and stay effective even after resetting MSTP.
Page 443 Operation Manual - STP Quidway S3500 Series Ethernet Switches Chapter 1 MSTP Region-configuration II. Configure the MST Region Perform the following configuration in MST region view. Table 1-2 Configure the MST region for a switch Operation Command Configure MST region name...
Page 444: Specify The Switch As Primary Or Secondary Root Switch
Operation Manual - STP Quidway S3500 Series Ethernet Switches Chapter 1 MSTP Region-configuration Operation Command Manually activate the MST region configuration active region-configuration (from MST region view) Exit MST region view (from MST region view) quit 1.2.2 Specify the Switch as Primary or Secondary Root Switch MSTP can determine the spanning tree root through calculation.
Page 445: Configure The Mstp Running Mode
Operation Manual - STP Quidway S3500 Series Ethernet Switches Chapter 1 MSTP Region-configuration information, refer to the configuration tasks “Configure switching network diameter” and “Configure the Hello Time of the switch”. Note: You can configure the current switch as the root of several STIs, however, it is not necessary to specify two or more roots for an STI.
Page 446: Configure The Bridge Priority For A Switch
Operation Manual - STP Quidway S3500 Series Ethernet Switches Chapter 1 MSTP Region-configuration Generally, if there is STP switch on the switching network, the port connected to it will automatically transit from MSTP mode to STP-compatible mode. But the port cannot automatically transit back to MSTP mode after the STP switch is removed.
Page 447: Configure The Switching Network Diameter
Operation Manual - STP Quidway S3500 Series Ethernet Switches Chapter 1 MSTP Region-configuration You can use the following command to configure the max hops in an MST region. Perform the following configuration in system view. Table 1-7 Configure the max hops in an MST region...
Page 448 Operation Manual - STP Quidway S3500 Series Ethernet Switches Chapter 1 MSTP Region-configuration Forward Delay is the switch state transition mechanism. The spanning tree will be recalculated upon link faults and its structure will change accordingly. However, the configuration BPDU recalculated cannot be immediately propagated throughout the network.
Page 449: Configure The Max Transmission Speed On A Port
Operation Manual - STP Quidway S3500 Series Ethernet Switches Chapter 1 MSTP Region-configuration Caution: The Forward Delay configured on a switch depends on the switching network diameter. Generally, the Forward Delay is supposed to be longer when the network diameter is longer. Note that too short a Forward Delay may redistribute some redundant routes temporarily, while too long a Forward Delay may prolong the network connection resuming.
Page 450: Configure A Port As An Edge Port
Operation Manual - STP Quidway S3500 Series Ethernet Switches Chapter 1 MSTP Region-configuration Table 1-10 Configure the max transmission speed on a port Operation Command Configure the max transmission speed stp interface interface-list transit-limit on a port. packetnum Restore the max transmission speed on...
Page 451 Operation Manual - STP Quidway S3500 Series Ethernet Switches Chapter 1 MSTP Region-configuration Operation Command Restore the default setting, non-edge undo interface interface-list port, of the port. edged-port II. Configure in Ethernet port view Perform the following configuration in Ethernet port view.
Page 452: Configure The Path Cost Of A Port
Operation Manual - STP Quidway S3500 Series Ethernet Switches Chapter 1 MSTP Region-configuration 1.2.10 Configure the Path Cost of a Port Path Cost is related to the speed of the link connected to the port. On the MSTP switch, a port can be configured with different path costs for different STIs. Thus the traffic from different VLANs can run over different physical links, thereby implementing the VLAN-based load-balancing.
Page 453: Configure The Port (Not) To Connect With The Point-To-Point Link
Operation Manual - STP Quidway S3500 Series Ethernet Switches Chapter 1 MSTP Region-configuration You can configure the port priority in the following ways. I. Configure in system view Perform the following configuration in system view. Table 1-16 Configure the port priority...
Page 454 Operation Manual - STP Quidway S3500 Series Ethernet Switches Chapter 1 MSTP Region-configuration Table 1-18 Configure the port (not) to connect with the point-to-point link Operation Command Configure port connect with interface interface-list point-to-point link. point-to-point force-true Configure the port not to connect with the...
Page 455: Configure The Mcheck Variable Of A Port
Operation Manual - STP Quidway S3500 Series Ethernet Switches Chapter 1 MSTP Region-configuration Note: For a link aggregation, only the master port can be configured to connect with the point-to-point link. If a port in auto-negotiation mode operates in full-duplex mode upon negotiation, it can be configured to connect with the point-to-point link.
Page 456: Configure The Switch Security Function
Operation Manual - STP Quidway S3500 Series Ethernet Switches Chapter 1 MSTP Region-configuration Note that the command can be used only if the switch runs MSTP. The command does not make any sense when the switch runs in STP-compatible mode.
Page 457 Operation Manual - STP Quidway S3500 Series Ethernet Switches Chapter 1 MSTP Region-configuration When the protection from TC-BPDU packet attack is enabled, the switch just perform one delete operation in a specified period after receiving TC-BPDU packets, as well as monitoring whether it receives TC-BPDU packets during this period.
Page 458: Enable Mstp On The Device
Operation Manual - STP Quidway S3500 Series Ethernet Switches Chapter 1 MSTP Region-configuration When configure a port, only one configuration can be effective among loop protection, Root protection and Edge port configuration at same moment. By default, the switch does not enable BPDU protection or Root protection.
Page 459: Display And Debug Mstp
Operation Manual - STP Quidway S3500 Series Ethernet Switches Chapter 1 MSTP Region-configuration II. Configure in Ethernet port view Perform the following configuration in Ethernet port view. Table 1-25 Enable/Disable MSTP on a port Operation Command Enable MSTP on a port.
Page 460: Chapter 2 Bpdu Tunnel Configuration
Operation Manual - STP Quidway S3500 Series Ethernet Switches Chapter 2 BPDU Tunnel Configuration Chapter 2 BPDU Tunnel Configuration 2.1 BPDU Tunnel Overview Bridge protocol data unit (BPDU) Tunnel enables geographically distributed user network to transmit BPDU packets transparently over the specified VLAN VPN on the operator’s network.
Page 461: Enabling Bpdu Tunnel Of The System
Operation Manual - STP Quidway S3500 Series Ethernet Switches Chapter 2 BPDU Tunnel Configuration 2.2.1 Enabling BPDU Tunnel of the System Perform the following configuration in system view. Table 2-2 Enable/disable BPDU Tunnel in system view Operation Command Enable BPDU Tunnel.
Page 462 Operation Manual - STP Quidway S3500 Series Ethernet Switches Chapter 2 BPDU Tunnel Configuration II. Networking diagram E 0/2 E 0/2 E 0/1 E 0/1 Switch C Switch C Switch C Switch C E 0/1 E 0/1 Switch D Switch D...
Page 463 Operation Manual - STP Quidway S3500 Series Ethernet Switches Chapter 2 BPDU Tunnel Configuration [Quidway] interface Ethernet 0/1 [Quidway-Ethernet0/1] stp disable [Quidway-Ethernet0/1] vlan-vpn enable # Set the link type of the Erhernet 0/2 port to trunk. [Quidway-Ethernet0/2] port link-type trunk # Add the trunk port into all VLANs.
Page 464: Chapter 3 Digest Snooping
Operation Manual - STP Quidway S3500 Series Ethernet Switches Chapter 3 Digest Snooping Chapter 3 Digest Snooping 3.1 Introduction According to IEEE 802.1s, two connected switches can communicate through MSTIs (multiple spanning tree instances) in a MSTP (multiple spanning tree protocol) domain only when they are configured with the same domain settings.
Page 465 Operation Manual - STP Quidway S3500 Series Ethernet Switches Chapter 3 Digest Snooping Operation Command Remark Enable digest Required. Digest snooping is snooping on the config-digest-snooping disabled by default interface Quit Ethernet — quit interface view Enable digest Required. Digest snooping is...
Page 466 HUAWEI Quidway S3500 Series Ethernet Switches Operation Manual Security Huawei Technologies Proprietary...
Page 467 Operation Manual - Security Quidway S3500 Series Ethernet Switches Table of Contents Table of Contents Chapter 1 802.1x Configuration ....................1-1 1.1 802.1x Overview ........................ 1-1 1.1.1 802.1x Standard Overview..................1-1 1.1.2 802.1x System Architecture ..................1-1 1.1.3 802.1x Authentication Process................1-2 1.1.4 Implementing 802.1x on the Ethernet Switch ............
Page 468 Operation Manual - Security Quidway S3500 Series Ethernet Switches Table of Contents 2.2.5 Layer 3 Portal Authentication Configuration Example .......... 2-10 2.3 Portal Authentication-Free User and Free IP address Configurations ......2-11 2.3.1 Portal Authentication-Free User and Free IP Address Configuration Tasks ..2-11 2.3.2 Portal Authentication-Free User and Free IP Configuration Example ....
Page 469 Operation Manual - Security Quidway S3500 Series Ethernet Switches Table of Contents 3.5 AAA and RADIUS Protocol Configuration Examples ............3-22 3.5.1 Configuring FTP/Telnet User Authentication at Remote RADIUS Server .... 3-22 3.5.2 Configuring FTP/Telnet User Authentication at Local RADIUS Server ....3-23 3.5.3 Configuring Dynamic VLAN with RADIUS Server..........
Page 470: Chapter 1 802.1X Configuration
The LAN access control device needs to provide the Authenticator System of 802.1x. The devices at the user side such as the computers need to be installed with the 802.1x client Supplicant software, for example, the 802.1x client provided by Huawei Technologies Co., Ltd. (or by Microsoft Windows XP). The 802.1x Authentication Server system normally stays in the carrier’s AAA center.
Page 471: Authentication Process
Operation Manual - Security Quidway S3500 Series Ethernet Switches Chapter 1 802.1x Configuration LANs) frame defined by IEEE 802.1x. Authentication data are encapsulated in the EAP frame, which is to be encapsulated in the packets of other AAA upper layer protocols (e.g.
Page 472: Implementing 802.1X On The Ethernet Switch
Operation Manual - Security Quidway S3500 Series Ethernet Switches Chapter 1 802.1x Configuration 802.1x provides an implementation solution of user ID authentication. However, 802.1x itself is not enough to implement the scheme. The administrator of the access device should configure the AAA scheme by selecting RADIUS or local authentication so as to assist 802.1x to implement the user ID authentication.
Page 473: Enabling/Disabling 802.1X
Operation Manual - Security Quidway S3500 Series Ethernet Switches Chapter 1 802.1x Configuration Among the above tasks, the first one is compulsory, otherwise 802.1x will not take any effect. The other tasks are optional. You can perform the configurations at requirements.
Page 474: Setting The Port Access Control Method
Operation Manual - Security Quidway S3500 Series Ethernet Switches Chapter 1 802.1x Configuration does not permit the user to access the network resources. If the authentication flow is passed, the port will be switched to the authorized state and permit the user to access the network resources.
Page 475: Setting The Supplicant Number On A Port
Operation Manual - Security Quidway S3500 Series Ethernet Switches Chapter 1 802.1x Configuration 1.2.5 Setting the Supplicant Number on a Port The following commands are used for setting number of users allowed by 802.1x on specified port. When no port is specified, all the ports accept the same number of supplicants.
Page 476: Enabling/Disabling Guest Vlan
Operation Manual - Security Quidway S3500 Series Ethernet Switches Chapter 1 802.1x Configuration information to RADIUS server in the form of EAP packets directly and RADIUS server must support EAP authentication). For EAP authentication, PEAP, EAP-TLS and EAP-MD5 methods are available on the...
Page 477: Setting 802.1X Re-Authentication
Operation Manual - Security Quidway S3500 Series Ethernet Switches Chapter 1 802.1x Configuration ports into Guest VLAN. After that, no 802.1x authentication is performed when the user of the Guest VLAN visits the resources within this Guest VLAN. However, if the user visits the outer resources, authentication is still needed.
Page 478 Operation Manual - Security Quidway S3500 Series Ethernet Switches Chapter 1 802.1x Configuration I. Enabling 802.1x re-authentication Before enabling the 802.1x re-authentication, you must enable the 802.1x feature both on the port and globally. Perform the following in system view or Ethernet port view.
Page 479: Setting 802.1X Client Version Authentication
Operation Manual - Security Quidway S3500 Series Ethernet Switches Chapter 1 802.1x Configuration 1.2.10 Setting 802.1x Client Version Authentication Note: Among S3500 series ethernet switches, S3552G, S3552P, S3528G, S3528P, S3526E, S3526E FM, S3526E FS and S3526C support this function, and S3526, S3526 FM and S3526 FS don’t.
Page 480: Setting The Maximum Times Of Authentication Request Message Retransmission
Operation Manual - Security Quidway S3500 Series Ethernet Switches Chapter 1 802.1x Configuration Table 1-12 Configuring the maximum retry times for the switch to send version request frame to the client Operation Command Configure the maximum retry times for the...
Page 481: Configuring Timers
Operation Manual - Security Quidway S3500 Series Ethernet Switches Chapter 1 802.1x Configuration 1.2.12 Configuring Timers The following commands are used for configuring the 802.1x timers. Perform the following configurations in system view. Table 1-15 Configuring timers Operation Command dot1x timer { handshake-period handshake-period-value |...
Page 482: Enabling/Disabling A Quiet-Period Timer
Operation Manual - Security Quidway S3500 Series Ethernet Switches Chapter 1 802.1x Configuration supp-timeout-value: Specify how long the duration of an authentication timeout timer of a Supplicant is. The value ranges from 10 to 120 in units of second and defaults to 30.
Page 483: Configuration Example
Operation Manual - Security Quidway S3500 Series Ethernet Switches Chapter 1 802.1x Configuration reset command in user view to reset 802.1x statistics. Execute debugging command in user view to debug 802.1x. Table 1-17 Displaying and debugging 802.1x Operation Command Display the configuration, running...
Page 484 Operation Manual - Security Quidway S3500 Series Ethernet Switches Chapter 1 802.1x Configuration The user name of the local 802.1x access user is localuser and the password is localpass (input in plain text). The idle cut function is enabled. II. Networking diagram...
Page 485 Operation Manual - Security Quidway S3500 Series Ethernet Switches Chapter 1 802.1x Configuration [Quidway-radius-radius1] quit # Set the encryption key when the system exchanges packets with the authentication RADIUS server. [Quidway] local-server nas-ip 127.0.0.1 key name [Quidway] radius scheme radius1...
Page 486: Chapter 2 Portal Configuration
Quidway S3500 Series Ethernet Switches Chapter 2 Portal Configuration Chapter 2 Portal Configuration Note: Among Quidway S3500 series Ethernet switches, S3552G, S3552P, S3528G and S3528P support Portal. 2.1 Portal Overview 2.1.1 Introduction to Portal Portal is also called Portal website. Portal authentication is also called web authentication.
Page 487: Procedures For Portal Authentication
Operation Manual - Security Quidway S3500 Series Ethernet Switches Chapter 2 Portal Configuration Authentication client: A web-based browser using HTTP/HTTPS (hypertext transfer protocol/secure HTTP). Before users pass the authentication, all HTTP requests are sent to the Portal server. Access device: Sends by force the HTTP request from the authentication client to the Portal server unconditionally before users pass the authentication.
Page 488: Portal Operating Modes
Operation Manual - Security Quidway S3500 Series Ethernet Switches Chapter 2 Portal Configuration Caution: Portal authentication and 802.1x protocol cannot be enabled simultaneously on the same switch. 2.1.4 Portal Operating Modes On the Quidway series switches, Portal implementations operate in three methods (also called operating modes): direct authentication, re-DHCP authentication and Layer 3 Portal authentication.
Page 489: Arp Packet Handshaking Between Switch And User's Pc
Operation Manual - Security Quidway S3500 Series Ethernet Switches Chapter 2 Portal Configuration Authentication-free user information contains the IP address, MAC address, connected switch port and VLAN. Only the user whose information fully matches the authentication-free user information can be allowed to access the Internet without authentication.
Page 490: Portal Configuration Tasks
The Portal servers are installed and configured. For the installation and configuration, refer to Comprehensive Access Management Server Portal User Manual. Note: For DHCP configurations, refer to Quidway S3500 Series Ethernet Switches Operation Manual. For the AAA and RADIUS configurations, refer to the following chapter.
Page 491: Portal Direct Authentication Configuration Example
Operation Manual - Security Quidway S3500 Series Ethernet Switches Chapter 2 Portal Configuration Steps Command Description Enable Portal authentication on VLAN Required portal server-name interface display portal [ acm statistics auth-network [ auth-vlan-id ] | server Display Portal server-name configuration information —...
Page 492 Operation Manual - Security Quidway S3500 Series Ethernet Switches Chapter 2 Portal Configuration After passing the Portal authentication, the user PC can access the Internet. II. Network diagram Internet Internet v lan-interf ace 2 v lan-interf ace 2 192.168.1.160/16 192.168.1.160/16...
Page 493: Re-Dhcp Authentication Configuration Example
Configure Portal authentication # Configure the Portal server: The name is newp, the IP address is 192.168.1.200, the key is huawei, the port is 50100, and the uniform resource locator (URL) is http://192.168.1.200/port. [Quidway] portal server newp ip 192.168.1.200 key huawei port 50100 url http://192.168.1.200/port...
Page 494 Operation Manual - Security Quidway S3500 Series Ethernet Switches Chapter 2 Portal Configuration Before passing the Portal authentication, the user PC is allocated a private address. After passing the Portal authentication, the user PC need to apply for a public address before accessing the Internet.
Page 495: Layer 3 Portal Authentication Configuration Example
Operation Manual - Security Quidway S3500 Series Ethernet Switches Chapter 2 Portal Configuration # Configure DHCP Relay. [Quidway-Vlan-interface3] dhcp select relay [Quidway-Vlan-interface3] ip relay address 192.168.1.100 # Enable Portal authentication on VLAN interface 3. The Portal server name is newp, and you can refer to section 2.2.3 “Portal Direct Authentication Configuration Example”...
Page 496: Portal Authentication-Free User And Free Ip Address Configurations
Operation Manual - Security Quidway S3500 Series Ethernet Switches Chapter 2 Portal Configuration # Configure authentication network segments. [Quidway] portal auth-network 162.31.0.0 255.255.0.0 vlan 100 # Configure Portal operating mode as Layer 3 Portal authentication. [Quidway] portal method layer3 # Configure VLAN 100.
Page 497: Portal Authentication-Free User And Free Ip Configuration Example
Operation Manual - Security Quidway S3500 Series Ethernet Switches Chapter 2 Portal Configuration Steps Command Description portal free-user mac-address ip ip-address Configure You can configure up to vlan vlan_id interface authentication-free authentication-free interface_type users users. interface_num interface_name } Display the information...
Page 498 Operation Manual - Security Quidway S3500 Series Ethernet Switches Chapter 2 Portal Configuration II. Network diagram Vlan -interface 2 Vlan -interface 2 Vlan -interface 2 Vlan -interface 2 Vlan -interface 2 Portal server Portal server Portal server Portal server Portal server...
Page 499: Portal Rate Limitation Configurations
Operation Manual - Security Quidway S3500 Series Ethernet Switches Chapter 2 Portal Configuration [Quidway-vlan2] port ethernet 0/5 [Quidway-vlan2] quit # Configure Server1 as free IP. [Quidway] portal free-ip 192.168.1.300 2.4 Portal Rate limitation Configurations 2.4.1 Portal Rate limitation Configuration Tasks The following table describes the Portal rate limitation configuration tasks.
Page 500: Portal User Deletion Configuration Example
Operation Manual - Security Quidway S3500 Series Ethernet Switches Chapter 2 Portal Configuration Table 2-4 Delete Portal users Steps Command Description Enter the system view <Quidway> system-view — Delete the Portal user with [Quidway] portal delete-user — the specified IP address ip-address 2.5.2 Portal User Deletion Configuration Example...
Page 501: Chapter 3 Aaa And Radius Protocol Configuration
Operation Manual - Security Quidway S3500 Series Ethernet Switches Chapter 3 AAA and RADIUS Protocol Configuration Chapter 3 AAA and RADIUS Protocol Configuration 3.1 AAA and RADIUS Protocol Overview 3.1.1 AAA Overview Authentication, Authorization and Accounting (AAA) provide a uniform framework used for configuring these three security functions to implement the network security management.
Page 502: Implementing Aaa/Radius On Ethernet Switch
Operation Manual - Security Quidway S3500 Series Ethernet Switches Chapter 3 AAA and RADIUS Protocol Configuration in PSTN environment or Ethernet switch with access function in Ethernet environment), NAS, namely RADIUS client end, will transmit user AAA request to the RADIUS server.
Page 503: Aaa Configuration
Operation Manual - Security Quidway S3500 Series Ethernet Switches Chapter 3 AAA and RADIUS Protocol Configuration Authentication Authentication PC user1 PC user1 Serv er Serv er PC user2 PC user2 Accounting Accounting Serv er1 Serv er1 S3500 seri e s...
Page 504: Configuring Relevant Attributes Of Isp Domain
Operation Manual - Security Quidway S3500 Series Ethernet Switches Chapter 3 AAA and RADIUS Protocol Configuration Quidway Series Switches ISP domain view, you can configure a complete set of exclusive ISP domain attributes on a per-ISP domain basis, which includes AAA policy ( RADIUS scheme applied etc.)
Page 505: Creating A Local User
Operation Manual - Security Quidway S3500 Series Ethernet Switches Chapter 3 AAA and RADIUS Protocol Configuration Table 3-2 Configuring relevant attributes of ISP domain Operation Command Specify the adopted RADIUS scheme radius-scheme radius-scheme-name Restore the adopted RADIUS scheme to undo radius-scheme...
Page 506 Operation Manual - Security Quidway S3500 Series Ethernet Switches Chapter 3 AAA and RADIUS Protocol Configuration I. Setting the password display mode Perform the following configurations in system view. Table 3-4 Setting the method that a local user uses to display password...
Page 507: Disconnecting A User By Force
Operation Manual - Security Quidway S3500 Series Ethernet Switches Chapter 3 AAA and RADIUS Protocol Configuration Operation Command Cancel the service type of specified user (For undo service-type { ftp [ ftp-directory ] | S3526, S3526 lan-access | telnet [ level level ] }...
Page 508: Configuring Radius Protocol
Operation Manual - Security Quidway S3500 Series Ethernet Switches Chapter 3 AAA and RADIUS Protocol Configuration VLAN. When the port is in MAC address-based mode, each port can only connect a single user. Currently the ethernet switches support RADIUS server delivers the integer type and string type VLAN ID.
Page 509: Creating/Deleting A Radius Scheme
Operation Manual - Security Quidway S3500 Series Ethernet Switches Chapter 3 AAA and RADIUS Protocol Configuration configuration but two different IP addresses. Accordingly, attributes of every RADIUS scheme include IP addresses of primary and second servers, shared key and RADIUS server type etc.
Page 510: Setting Ip Address And Port Number Of Radius Server
Operation Manual - Security Quidway S3500 Series Ethernet Switches Chapter 3 AAA and RADIUS Protocol Configuration Table 3-9 Creating/Deleting a RADIUS scheme Operation Command Create a RADIUS scheme and enter its radius scheme radius-scheme-name view undo radius scheme Delete a RADIUS scheme radius-scheme-name Several ISP domains can use a RADIUS scheme at the same time.
Page 511: Setting Radius Packet Encryption Key
Operation Manual - Security Quidway S3500 Series Ethernet Switches Chapter 3 AAA and RADIUS Protocol Configuration Operation Command Set IP address and port number of second secondary accounting RADIUS accounting server. ip-address [ port-number ] Restore IP address and port number of...
Page 512: Setting Response Timeout Timer Of Radius Server
Operation Manual - Security Quidway S3500 Series Ethernet Switches Chapter 3 AAA and RADIUS Protocol Configuration Table 3-11 Setting RADIUS packet encryption key Operation Command Set RADIUS authentication/authorization packet key authentication string encryption key Restore default RADIUS undo key authentication authentication/authorization packet encryption key.
Page 513: Enabling The Selection Of Radius Accounting Option
Operation Manual - Security Quidway S3500 Series Ethernet Switches Chapter 3 AAA and RADIUS Protocol Configuration Table 3-13 Setting retransmission times of RADIUS request packet Operation Command Set retransmission times of RADIUS request packet retry retry-times Restore the default value of retransmission times undo retry By default, RADIUS request packet will be retransmitted up to three times.
Page 514: Setting Maximum Times Of Real-Time Accounting Request Failing To Be Responded
Operation Manual - Security Quidway S3500 Series Ethernet Switches Chapter 3 AAA and RADIUS Protocol Configuration The parameter minutes specifies the real-time accounting interval in minutes. The value shall be a multiple of 3. The value of minutes is related to the performance of NAS and RADIUS server. The smaller the value is, the higher the performances of NAS and RADIUS are required.
Page 515: Enabling/Disabling Stopping Accounting Request Buffer
Operation Manual - Security Quidway S3500 Series Ethernet Switches Chapter 3 AAA and RADIUS Protocol Configuration How to calculate the value of retry-times? Suppose that RADIUS server connection will timeout in T and the real-time accounting interval of NAS is t, then the integer part of the result from dividing T by t is the value of count.
Page 516: Configuring The User Re-Authentication At Reboot
Operation Manual - Security Quidway S3500 Series Ethernet Switches Chapter 3 AAA and RADIUS Protocol Configuration Table 3-19 Setting the maximum retransmitting times of stopping accounting request Operation Command Set the maximum retransmitting times of stopping retry stop-accounting accounting request...
Page 517: Setting The Supported Type Of Radius Server
Table 3-21 Setting the supported type of RADIUS server Operation Command Setting Supported Type server-type { huawei | iphotel | portal | RADIUS Server standard } Restore the Supported Type of undo server-type RADIUS Server to the default setting Huawei Technologies Proprietary...
Page 518: Setting Radius Server State
Operation Manual - Security Quidway S3500 Series Ethernet Switches Chapter 3 AAA and RADIUS Protocol Configuration By default, the newly created RADIUS scheme supports the server of standard type, while the "system" RADIUS scheme created by the system supports the server of huawei type.
Page 519: Setting Username Format Transmitted To Radius Server
Operation Manual - Security Quidway S3500 Series Ethernet Switches Chapter 3 AAA and RADIUS Protocol Configuration If the switch affirms that the primary server does not respond, it then sends RADIUS packets to the secondary RADIUS server. After each quiet time interval, the switch sets the status of the primary RADIUS server to active, and sends RADIUS packets to it next time.
Page 520: Setting The Unit Of Data Flow That Transmitted To Radius Server
Operation Manual - Security Quidway S3500 Series Ethernet Switches Chapter 3 AAA and RADIUS Protocol Configuration 3.3.16 Setting the Unit of Data Flow that Transmitted to RADIUS Server The following command defines the unit of the data flow sent to RADIUS server.
Page 521: Displaying And Debugging Aaa And Radius Protocol
Operation Manual - Security Quidway S3500 Series Ethernet Switches Chapter 3 AAA and RADIUS Protocol Configuration 3.4 Displaying and Debugging AAA and RADIUS Protocol After the above configuration, execute display command in any view to display the running of the AAA and RADIUS configuration, and to verify the effect of the configuration.
Page 522: Aaa And Radius Protocol Configuration Examples
Operation Manual - Security Quidway S3500 Series Ethernet Switches Chapter 3 AAA and RADIUS Protocol Configuration Operation Command Disable debugging of local undo debugging local-server { all | error | RADIUS authentication server event packet } 3.5 AAA and RADIUS Protocol Configuration Examples For the hybrid configuration example of AAA/RADIUS protocol and 802.1x protocol,...
Page 523: Configuring Ftp/Telnet User Authentication At Local Radius Server
3.5.2 Configuring FTP/Telnet User Authentication at Local RADIUS Server Local RADIUS authentication of Telnet/FTP users is similar to remote RADIUS authentication. But you should modify the server IP address to 127.0.0.1, authentication password to Huawei, the UDP port number of the authentication server to 1645. Note: For details about local RADIUS authentication of Telnet/FTP users, refer to “3.3.17...
Page 524: Configuring Dynamic Vlan With Radius Server
Operation Manual - Security Quidway S3500 Series Ethernet Switches Chapter 3 AAA and RADIUS Protocol Configuration 3.5.3 Configuring Dynamic VLAN with RADIUS Server I. Networking Requirements The RADIUS server (taking Windows IAS as example) delivers sting VLAN ID “test”, which corresponds to the name of VLAN 100 on the switch. The switch can add the port to VLAN 100 when the server delivers "test".
Page 525: Aaa And Radius Protocol Fault Diagnosis And Troubleshooting
Operation Manual - Security Quidway S3500 Series Ethernet Switches Chapter 3 AAA and RADIUS Protocol Configuration 3.6 AAA and RADIUS Protocol Fault Diagnosis and Troubleshooting RADIUS protocol of TCP/IP protocol suite is located on the application layer. It mainly specifies how to exchange user information between NAS and RADIUS server of ISP.
Page 526: Chapter 4 Ead Configuration
Operation Manual - Security Quidway S3500 Series Ethernet Switches Chapter 4 EAD Configuration Chapter 4 EAD Configuration Note: For the S3500 series, EAD feature is supported on the S3552G, S3552P, S3528G and S3528P. 4.1 EAD Overview Endpoint admission defense (EAD) solution monitors data accessed at endpoints, to enhance active defense capacity of user clients and control spread of viruses and worms inside the network.
Page 527: Ead Configuration Tasks
Operation Manual - Security Quidway S3500 Series Ethernet Switches Chapter 4 EAD Configuration Authentication server Virus patch server Security policy server Client Figure 4-1 EAD network application After a user client passes the authentication, the security client (software installed on the client PC) checks the security condition of the user client and interacts with the security policy server.
Page 528: Ead Configuration Example
Operation Manual - Security Quidway S3500 Series Ethernet Switches Chapter 4 EAD Configuration 4.4 EAD Configuration Example Note: For Telnet and FTP users, their remote server authentication can be configured in similar ways. The following description uses the authentication configuration for Telnet uses as example.
Page 529 Operation Manual - Security Quidway S3500 Series Ethernet Switches Chapter 4 EAD Configuration III. Configuration procedure # Add a Telnet user. Omitted. Note: For the configuration of FTP and Telnet users, refer to the “Getting Started” part of this manual.
Page 530: Chapter 5 Habp Configuration
For those ports where 802.1x authentication is skipped, packets will be filtered by 802.1x attribute, so the management over them is also impossible. HABP(Huawei Authentication Bypass Protocol) attribute can be used to solve this problem. HABP packets contain the MAC address and other information of the member switches.
Page 531: Configuring Habp Client
Operation Manual - Security Quidway S3500 Series Ethernet Switches Chapter 5 HABP Configuration Table 5-1 Configuring HABP server Operation Command Enable HABP attribute habp enable Restore HABP attribute to the default value undo habp enable Configure the switch as HABP Server...
Page 532 Operation Manual - Security Quidway S3500 Series Ethernet Switches Chapter 5 HABP Configuration Operation Command Enable HABP debugging debugging habp Disable HABP debugging undo debugging habp Huawei Technologies Proprietary...
Page 533: Chapter 6 System-Guard Configuration
Operation Manual - Security Quidway S3500 Series Ethernet Switches Chapter 6 System-guard Configuration Chapter 6 System-guard Configuration Note: Among S3500 series ethernet switches, S3526, S3526 FM, S3526 FS, S3526E, S3526E FM, S3526E FS and S3526C support system-guard function. 6.1 System-guard Overview...
Page 534: Setting The Max Detection Count Of The Affected Hosts
Operation Manual - Security Quidway S3500 Series Ethernet Switches Chapter 6 System-guard Configuration Table 6-1 Enabling system-guard function Operation Command Enable system-guard function system-guard enable Disable system-guard function undo system-guard enable By default, system-guard function is disabled. Caution: For S3526E, S3526E FM S3526E FS and S3526C: Before enabling system-guard function, be sure the port priority is default value 0 and the Ethernet switch doesn’t...
Page 535: Enabling The Switch Not To Learn The Destination Ip Address
Operation Manual - Security Quidway S3500 Series Ethernet Switches Chapter 6 System-guard Configuration ( record-times-threshold) and isolate time ( isolate-time ) of system-guard function. For example, set the IP-record-threshold, record-times-threshold, isolate-time of system-guard function to 50, 3, 5. In this case, the system will consider to be attacked...
Page 536: Displaying And Debugging System-Guard
Operation Manual - Security Quidway S3500 Series Ethernet Switches Chapter 6 System-guard Configuration Table 6-4 Enabling the switch not to learn the destination address Operation Command Enable the switch not to learn the system-guard no-learn-dip enable destination address in the packets...
Page 537 HUAWEI Quidway S3500 Series Ethernet Switches Operation Manual Reliability Huawei Technologies Proprietary...
Page 538 Operation Manual - Reliability Quidway S3500 Series Ethernet Switches Table of Contents Table of Contents Chapter 1 VRRP Configuration ....................1-1 1.1 VRRP Overview ......................... 1-1 1.2 Configure VRRP ........................ 1-2 1.2.1 Enable/disable the Function to Ping the Virtual IP Address ........1-2 1.2.2 Set Correspondence between Virtual IP Address and MAC Address ....
Page 539: Chapter 1 Vrrp Configuration
Operation Manual - Reliability Quidway S3500 Series Ethernet Switches Chapter 1 VRRP Configuration Chapter 1 VRRP Configuration 1.1 VRRP Overview Virtual Router Redundancy Protocol (VRRP) is a fault-tolerant protocol. In general, a default route (for example, 10.100.10.1 as shown in the following internetworking...
Page 540: Configure Vrrp
Operation Manual - Reliability Quidway S3500 Series Ethernet Switches Chapter 1 VRRP Configuration Network Actual IP address10.100.10.2 Actual IP address10.100.10.3 Master Backup Virtual IP address10.100.10.1 Virtual IP address10.100.10.1 Ethernet 10.100.10.7 10.100.10.8 10.100.10.9 Host 1 Host 2 Host 3 Figure 1-2 Virtual router This virtual router has its own IP address: 10.100.10.1 (which can be the interface...
Page 541: Set Correspondence Between Virtual Ip Address And Mac Address
Due to the chips installed, some switches support matching one IP address to multiple MAC addresses. Huawei switches not only guarantee correct data forwarding in the sub-net, also support such function: the user can choose to match the virtual IP address with the real MAC address or virtual MAC address of the routing interface.
Page 542: Add/Delete A Virtual Ip Address
Operation Manual - Reliability Quidway S3500 Series Ethernet Switches Chapter 1 VRRP Configuration You should set correspondence between the virtual IP address of the backup group and the MAC address before configuring the backup group. Otherwise, you cannot configure the correspondence.
Page 543: Configure Preemption And Delay For A Switch Within A Virtual Router
Operation Manual - Reliability Quidway S3500 Series Ethernet Switches Chapter 1 VRRP Configuration Table 1-4 Configure the priority of switches in the virtual router. Operation Command Configure the priority of switches in the vrrp vrid virtual-router-ID priority virtual router. priority...
Page 544: Configure Authentication Type And Authentication Key
Operation Manual - Reliability Quidway S3500 Series Ethernet Switches Chapter 1 VRRP Configuration Note: If preemption mode is cancelled, the delay time will automatically become 0 second. 1.2.6 Configure Authentication Type and Authentication Key VRRP provides following authentication types: simple: Simple character authentication...
Page 545: Configure Vrrp Timer
Operation Manual - Reliability Quidway S3500 Series Ethernet Switches Chapter 1 VRRP Configuration 1.2.7 Configure VRRP Timer The Master switch advertises its normal operation state to the switches within the VRRP virtual router by sending them VRRP packets regularly (at adver-interval). If the Backup has not received any VRRP packet from the Master after a period of time (specified by master-down-interval), it will consider the Master as down.
Page 546: Display And Debug Vrrp
Operation Manual - Reliability Quidway S3500 Series Ethernet Switches Chapter 1 VRRP Configuration By default, value-reduced is taken 10. Note: When the switch is an IP address owner, its interfaces cannot be tracked. 1.3 Display and Debug VRRP After the above configuration, execute display command in any view to display the running of the VRRP configuration, and to verify the effect of the configuration.
Page 547: Vrrp Tracking Interface Example
Operation Manual - Reliability Quidway S3500 Series Ethernet Switches Chapter 1 VRRP Configuration II. Networking diagram 10.2.3.1 Host B Internet VLAN-interface3: 10.100.10.2 Switch_A Switch_B VLAN-interface2: 202.38.160.1 VLAN-interface2: 202.38.160.2 Virtual IP address: 202.38.160.111 202.36.160.3 Host A Figure 1-3 VRRP configuration networking III.
Page 548: Multiple Virtual Routers Example
Operation Manual - Reliability Quidway S3500 Series Ethernet Switches Chapter 1 VRRP Configuration In simple language, the virtual router ID is set as 1 with additional configurations of authorization key and timer II. Networking diagram See Figure 1-3. III. Configuration Procedure Configure switch A # Create a virtual router.
Page 549: Troubleshoot Vrrp
Operation Manual - Reliability Quidway S3500 Series Ethernet Switches Chapter 1 VRRP Configuration virtual router 2 and vice versa for switch B. Some hosts employ virtual router 1 as the gateway, while others employ virtual router 2 as the gateway. In this way, both load balancing and mutual backup are implemented.
Page 550 Operation Manual - Reliability Quidway S3500 Series Ethernet Switches Chapter 1 VRRP Configuration coexistence of many Master switches, which may be because several Masters cannot receive VRRP packets from each other, or receive some illegal packets. To solve such problems, an attempt should be made to ping among the many Master switches and if such an attempt fails, it indicates that there are other problems in existence.
Page 551: System Management
HUAWEI Quidway S3500 Series Ethernet Switches Operation Manual System Management Huawei Technologies Proprietary...
Page 552 Operation Manual - System Management Quidway S3500 Series Ethernet Switches Table of Contents Table of Contents Chapter 1 File System Management.................... 1-1 1.1 File System ........................1-1 1.1.1 File System Overview ..................... 1-1 1.1.2 Directory Operation ....................1-1 1.1.3 File Operation......................1-1 1.1.4 Storage Device Operation..................
Page 553 Operation Manual - System Management Quidway S3500 Series Ethernet Switches Table of Contents 3.2 Device Management Configuration ................... 3-1 3.2.1 Reboot Ethernet Switch ..................3-1 3.2.2 Designate the APP Adopted When Booting the Ethernet Switch Next Time..3-1 3.2.3 Upgrade BootROM....................3-2 3.2.4 Set Temperature Limit.....................
Page 554 Operation Manual - System Management Quidway S3500 Series Ethernet Switches Table of Contents 5.3.8 Set the Engine ID of a Local or Remote Device ............. 5-6 5.3.9 Set/Delete an SNMP Group ..................5-6 5.3.10 Set the Source Address of Trap................5-6 5.3.11 Add/Delete a User to/from an SNMP Group ............
Page 555 Operation Manual - System Management Quidway S3500 Series Ethernet Switches Table of Contents 8.1.5 SSH Configuration Example ................. 8-11 Huawei Technologies Proprietary...
Page 556: Chapter 1 File System Management
Operation Manual - System Management Quidway S3500 Series Ethernet Switches Chapter 1 File System Management Chapter 1 File System Management 1.1 File System 1.1.1 File System Overview The Ethernet switch provides a file system module for user’s efficient management over the storage devices such as flash memory. The file system offers file access and directory management, mainly including creating the file system, creating, deleting, modifying and renaming a file or a directory and opening a file.
Page 557: Storage Device Operation
Operation Manual - System Management Quidway S3500 Series Ethernet Switches Chapter 1 File System Management the information about a specified file. You can use the following commands to perform file operations. Perform the following configuration in user view. Table 1-2 File operation...
Page 558: Configure File Management
Operation Manual - System Management Quidway S3500 Series Ethernet Switches Chapter 1 File System Management 1.2 Configure File Management 1.2.1 Configure File Management Overview The management module of configuration file provides a user-friendly operation interface. It saves the configuration of the Ethernet switch in the text format of command line to record the whole configuration process.
Page 559: Save The Current-Configuration
Operation Manual - System Management Quidway S3500 Series Ethernet Switches Chapter 1 File System Management Table 1-5 Display the configurations of the Ethernet switch Operation Command Display the saved-configuration display saved-configuration information of the Ethernet switch display current-configuration [ controller |...
Page 560: Ftp
Operation Manual - System Management Quidway S3500 Series Ethernet Switches Chapter 1 File System Management The configuration files in flash are damaged. (A common case is that a wrong configuration file has been downloaded.) 1.3 FTP 1.3.1 FTP Overview FTP is a common way to transmit files on the Internet and IP network. Before the World Wide Web (WWW), files were transmitted in the command line mode and FTP was the most popular application.
Page 561: Enable/Disable Ftp Server
Operation Manual - System Management Quidway S3500 Series Ethernet Switches Chapter 1 File System Management Table 1-9 Configuration of the switch as FTP server Device Configuration Default Description You can view the configuration FTP server is Start FTP server. information of FTP server with disabled.
Page 562: Configure The Running Parameters Of Ftp Server
Operation Manual - System Management Quidway S3500 Series Ethernet Switches Chapter 1 File System Management Perform the following configuration in corresponding view. Table 1-11 Configure the FTP Server Authentication and Authorization Operation Command Create new local user and enter local...
Page 563: Introduction To Ftp Client
Operation Manual - System Management Quidway S3500 Series Ethernet Switches Chapter 1 File System Management Table 1-13 Display and debug FTP Server Operation Command Display FTP server display ftp-server Display the connected FTP users. display ftp-user The display ftp-server command can be used for displaying the configuration information about the current FTP server, including the maximum amount of users supported by FTP server and the FTP connection timeout.
Page 564 Operation Manual - System Management Quidway S3500 Series Ethernet Switches Chapter 1 File System Management III. Configuration procedure Configure FTP server parameters on the PC: a user named as switch, password hello, read & write authority over the Switch directory on the PC.
Page 565: Ftp Server Configuration Example
Operation Manual - System Management Quidway S3500 Series Ethernet Switches Chapter 1 File System Management <Quidway> boot boot-loader switch.app <Quidway> reboot 1.3.8 FTP server configuration example I. Networking requirement Switch serves as FTP server and the remote PC as FTP client. The configuration on FTP server: Configure a FTP user named as switch, with password hello and with read &...
Page 566: Tftp
Operation Manual - System Management Quidway S3500 Series Ethernet Switches Chapter 1 File System Management Caution: If the flash memory of the switch is not enough, you need to first delete the existing programs in the flash memory and then upload the new ones.
Page 567: Configure The File Transmission Mode
Operation Manual - System Management Quidway S3500 Series Ethernet Switches Chapter 1 File System Management Table 1-14 Configuration of the switch as TFTP client Device Configuration Default Description TFTP is right for the case where no complicated interactions Configure IP address for...
Page 568: Upload Files By Means Of Tftp
Operation Manual - System Management Quidway S3500 Series Ethernet Switches Chapter 1 File System Management 1.4.4 Upload Files by means of TFTP To upload a file, the client sends a request to the TFTP server and then transmits data to it and receives the acknowledgement from it. You can use the following commands to upload files.
Page 569 Operation Manual - System Management Quidway S3500 Series Ethernet Switches Chapter 1 File System Management Caution: If the flash memory of the switch is not enough, you need to first delete the existing programs in the flash memory and then upload the new ones.
Page 570: Chapter 2 Mac Address Table Management
Operation Manual - System Management Quidway S3500 Series Ethernet Switches Chapter 2 MAC Address Table Management Chapter 2 MAC Address Table Management 2.1 MAC Address Table Management Overview An Ethernet Switch maintains a MAC address table for fast forwarding packets. A table entry includes the MAC address of a device and the port ID of the Ethernet switch connected to it.
Page 571: Mac Address Table Configuration
Operation Manual - System Management Quidway S3500 Series Ethernet Switches Chapter 2 MAC Address Table Management You can configure (add or modify) the MAC address entries manually according to the actual networking environment. The entries can be static ones or dynamic ones.
Page 572: Setting The Max Count Of Mac Address Learned By A Port
Operation Manual - System Management Quidway S3500 Series Ethernet Switches Chapter 2 MAC Address Table Management Perform the following configuration in system view. Table 2-2 Setting MAC address aging time for the system Operation Command mac-address timer { aging age |...
Page 573: Displaying And Debugging The Mac Address Table
Operation Manual - System Management Quidway S3500 Series Ethernet Switches Chapter 2 MAC Address Table Management 2.3 Displaying and Debugging the MAC Address Table After the above configuration, execute display command in any view to display the running of the MAC address table configuration, and to verify the effect of the configuration.
Page 574 Operation Manual - System Management Quidway S3500 Series Ethernet Switches Chapter 2 MAC Address Table Management II. Networking diagram Internet Network Port Console Port Switch Figure 2-2 Typical configuration of address table management III. Configuration procedure # Enter the system view of the switch.
Page 575 Operation Manual - System Management Quidway S3500 Series Ethernet Switches Chapter 2 MAC Address Table Management 00-e0-fc-17-a7-d6 Learned Ethernet0/2 AGING 00-e0-fc-5e-b1-fb Learned Ethernet0/2 AGING 00-e0-fc-55-f1-16 Learned Ethernet0/2 AGING 4 mac address(es) found on port Ethernet0/2 --- Huawei Technologies Proprietary...
Page 576: Chapter 3 Device Management
Operation Manual - System Management Quidway S3500 Series Ethernet Switches Chapter 3 Device management Chapter 3 Device management 3.1 Device Management Overview With the device management function, the Ethernet Switch can display the current running state and event debugging information about the slots, thereby implementing the maintenance and management of the state and communication of the physical devices.
Page 577: Upgrade Bootrom
Operation Manual - System Management Quidway S3500 Series Ethernet Switches Chapter 3 Device management 3.2.3 Upgrade BootROM You can use this command to upgrade the BootROM with the BootROM program in the Flash Memory. This configuration task facilitates the remote upgrade. You can upload the BootROM program file from a remote end to the switch via FTP and then use this command to upgrade the BootROM.
Page 578: Chapter 4 System Maintenance And Debugging
Operation Manual - System Management Quidway S3500 Series Ethernet Switches Chapter 4 System Maintenance and Debugging Chapter 4 System Maintenance and Debugging 4.1 Basic System Configuration 4.1.1 Set Name for Switch Perform the operation of sysname command in the system view.
Page 579: Set The Summer Time
Operation Manual - System Management Quidway S3500 Series Ethernet Switches Chapter 4 System Maintenance and Debugging 4.1.4 Set the Summer Time You can set the name, starting and ending time of the summer time. Perform the following operations in the user view.
Page 580: System Debugging
Operation Manual - System Management Quidway S3500 Series Ethernet Switches Chapter 4 System Maintenance and Debugging 4.3 System Debugging 4.3.1 Enable/Disable the Terminal Debugging The Ethernet switch provides various ways for debugging most of the supported protocols and functions, which can help you diagnose and address the errors.
Page 581: Display Diagnostic Information
Operation Manual - System Management Quidway S3500 Series Ethernet Switches Chapter 4 System Maintenance and Debugging For more about the usage and format of the debugging commands, refer to the relevant chapters. Note: Since the debugging output will affect the system operating efficiency, do not enable the debugging without necessity, especially use the debugging all command with caution.
Page 582: Logging Function
Operation Manual - System Management Quidway S3500 Series Ethernet Switches Chapter 4 System Maintenance and Debugging The response to each ping message. If no response packet is received when time is out, ”Request time out” information appears. Otherwise, the data bytes, the packet sequence number, TTL, and the round-trip time of the response packet will be displayed.
Page 583 Operation Manual - System Management Quidway S3500 Series Ethernet Switches Chapter 4 System Maintenance and Debugging %Jun 7 05:22:03 2003 Quidway IFNET/6/UPDOWN:Line protocol on interface Ethernet0/2, changed state to UP When the log information is output to info-center, the first part will be “<Priority>”.
Page 584 Operation Manual - System Management Quidway S3500 Series Ethernet Switches Chapter 4 System Maintenance and Debugging The sysname is the host name, the default value is "Quidway". User can change the host name through sysname command. Notice: There is a blank between sysname and module name.
Page 585: Info-Center Configuration
Operation Manual - System Management Quidway S3500 Series Ethernet Switches Chapter 4 System Maintenance and Debugging Severity Description notifications The information should be concerned. informational Common prompting information debugging Debugging information Notice: There is a slash between severity and digest.
Page 586 Operation Manual - System Management Quidway S3500 Series Ethernet Switches Chapter 4 System Maintenance and Debugging The information can be classified in terms of the source modules and the information can be filtered in accordance with the modules. The output language can be selected between Chinese and English.
Page 587 Operation Manual - System Management Quidway S3500 Series Ethernet Switches Chapter 4 System Maintenance and Debugging Table 4-14 Sending the configuration information to the console terminal. Device Configuration Default value Configuration description default, Other configurations Enable info-center info-center is valid only if the info-center is enabled.
Page 588 Operation Manual - System Management Quidway S3500 Series Ethernet Switches Chapter 4 System Maintenance and Debugging 4) Sending the configuration information to log buffer. Table 4-16 Sending the configuration information to log buffer Device Configuration Default value Configuration description default,...
Page 589: Sending The Configuration Information To Loghost
Operation Manual - System Management Quidway S3500 Series Ethernet Switches Chapter 4 System Maintenance and Debugging Table 4-18 Sending the configuration information to SNMP Device Configuration Default value Configuration description default, Other configurations Enable info-center info-center is valid only if the info-center is enabled.
Page 590 Operation Manual - System Management Quidway S3500 Series Ethernet Switches Chapter 4 System Maintenance and Debugging Enabling info-center Perform the following operation in system view. Table 4-20 Enable/disable info-center Operation Command Enable info-center info-center enable Disable info-center undo info-center enable Note: Info-center is enabled by default.
Page 591 Operation Manual - System Management Quidway S3500 Series Ethernet Switches Chapter 4 System Maintenance and Debugging Table 4-22 Defining information source Operation Command info-center source { modu-name | default } Define information source channel { channel-number | channel-name } [ { log...
Page 592: Sending The Configuration Information To Console Terminal
Operation Manual - System Management Quidway S3500 Series Ethernet Switches Chapter 4 System Maintenance and Debugging The configuration on the loghost must be the same with that on the switch. For related configuration, see the configuration examples in the later part.
Page 593 Operation Manual - System Management Quidway S3500 Series Ethernet Switches Chapter 4 System Maintenance and Debugging Table 4-26 Defining information source Operation Command info-center source { modu-name | default } channel Define information { channel-number | channel-name } [ { log | trap | debug }*...
Page 594: Sending The Configuration Information To Telnet Terminal Or Dumb Terminal
Operation Manual - System Management Quidway S3500 Series Ethernet Switches Chapter 4 System Maintenance and Debugging To view the output information at the console terminal, you must first enable the corresponding log, debugging and trap information functions at the switch.
Page 595 Operation Manual - System Management Quidway S3500 Series Ethernet Switches Chapter 4 System Maintenance and Debugging Configuring to output information to Telnet terminal or dumb terminal Perform the following operation in system view. Table 4-30 Configuring to output information to Telnet terminal or dumb terminal...
Page 596 Operation Manual - System Management Quidway S3500 Series Ethernet Switches Chapter 4 System Maintenance and Debugging Note: When there are more than one Telnet users or monitor users at the same time, some configuration parameters should be shared among the users, such as module-based filtering settings and severity threshold.
Page 597: Sending The Configuration Information To Log Buffer
Operation Manual - System Management Quidway S3500 Series Ethernet Switches Chapter 4 System Maintenance and Debugging Table 4-33 Enabling terminal display function Operation Command Enable terminal display function of log, debugging and terminal monitor trap information undo terminal Disable terminal display function of the above information...
Page 598 Operation Manual - System Management Quidway S3500 Series Ethernet Switches Chapter 4 System Maintenance and Debugging Table 4-35 Configuring to output information to log buffer Operation Command Output information to log info-center logbuffer [ channel { channel-number | buffer channel-name } ] [ size buffersize ]...
Page 599: Sending The Configuration Information To Trap Buffer
Operation Manual - System Management Quidway S3500 Series Ethernet Switches Chapter 4 System Maintenance and Debugging You can use the following commands to configure log information, debugging information and the time-stamp output format of trap information. Perform the following operation in system view:...
Page 600 Operation Manual - System Management Quidway S3500 Series Ethernet Switches Chapter 4 System Maintenance and Debugging Configuring information source on the switch By this configuration, you can define the information that sent to trap buffer is generated by which modules, information type, information level, and so on.
Page 601: Sending The Configuration Information To Snmp Network Management
Operation Manual - System Management Quidway S3500 Series Ethernet Switches Chapter 4 System Maintenance and Debugging Table 4-41 Configuring the output format of time-stamp Operation Command Configure the output format of info-center timestamp { trap the time-stamp debugging } { boot | date | none }...
Page 602 Operation Manual - System Management Quidway S3500 Series Ethernet Switches Chapter 4 System Maintenance and Debugging Perform the following operation in system view: Table 4-44 Defining information source Operation Command info-center source { modu-name | default } Define information source...
Page 603: Turn On/Off The Information Synchronization Switch In Fabric
Operation Manual - System Management Quidway S3500 Series Ethernet Switches Chapter 4 System Maintenance and Debugging 4) Configuring of SNMP and network management workstation on the switch You have to configure SNMP on the switch and the remote workstation to ensure that the information is correctly sent to SNMP NM.
Page 604: Displaying And Debugging Info-Center
Operation Manual - System Management Quidway S3500 Series Ethernet Switches Chapter 4 System Maintenance and Debugging By default, the log, debugging and trap information synchronization switch of master in Fabric are all turned on. The log, debugging and trap information synchronization switch of other switches are turned on.
Page 605 Operation Manual - System Management Quidway S3500 Series Ethernet Switches Chapter 4 System Maintenance and Debugging II. Networking diagram Network Network Switch Switch Switch Figure 4-2 Schematic diagram of configuration III. Configuration steps Configuration on the switch Enabling info-center [Quidway] info-center enable # Set the host with the IP address of 202.38.1.10 as the loghost;...
Page 606: Configuration Examples Of Sending Log To Linux Loghost
Operation Manual - System Management Quidway S3500 Series Ethernet Switches Chapter 4 System Maintenance and Debugging Note: Note the following points when editing /etc/syslog.conf: The note must occupy a line and start with the character #. There must be a tab other than a space as the separator in selector/actor pairs.
Page 607 Operation Manual - System Management Quidway S3500 Series Ethernet Switches Chapter 4 System Maintenance and Debugging II. Networking diagram Network Network Switch Switch Switch Figure 4-3 Schematic diagram of configuration III. Configuration steps Configuration steps # Enabling info-center [Quidway] info-center enable # Set the host with the IP address of 202.38.1.10 as the loghost;...
Page 608: Configuration Examples Of Sending Log To Console Terminal
Operation Manual - System Management Quidway S3500 Series Ethernet Switches Chapter 4 System Maintenance and Debugging Note: Note the following points when editing /etc/syslog.conf: The note must occupy a line and start with the character #. There must be a tab other than a space as the separator in selector/actor pairs.
Page 609 Operation Manual - System Management Quidway S3500 Series Ethernet Switches Chapter 4 System Maintenance and Debugging The information with the severity level above informational will be sent to the console terminal The output language is English The modules that allowed to output information are ARP and IP.
Page 610: Chapter 5 Snmp Configuration
Operation Manual - System Management Quidway S3500 Series Ethernet Switches Chapter 5 SNMP Configuration Chapter 5 SNMP Configuration 5.1 SNMP Overview By far, the Simple Network Management Protocol (SNMP) has gained the most extensive application in the computer networks. SNMP has been put into use and widely accepted as an industry standard in practice.
Page 611 Operation Manual - System Management Quidway S3500 Series Ethernet Switches Chapter 5 SNMP Configuration Figure 5-1 Architecture of the MIB tree The MIB (Management Information Base) is used to describe the hierarchical architecture of the tree and it is the set defined by the standard variables of the monitored network device.
Page 612: Configure Snmp
Operation Manual - System Management Quidway S3500 Series Ethernet Switches Chapter 5 SNMP Configuration 5.3 Configure SNMP The main configuration of SNMP includes: Set community name Set the Method of Identifying and Contacting the Administrator Enable/Disable snmp Agent to Send Trap...
Page 613: Enable/Disable Snmp Agent To Send Trap
Operation Manual - System Management Quidway S3500 Series Ethernet Switches Chapter 5 SNMP Configuration Table 5-3 Set the method of identifying and contacting the administrator Operation Command Set the method of identifying and contacting snmp-agent sys-info contact the administrator sysContact...
Page 614: Set Lifetime Of Trap Message
Operation Manual - System Management Quidway S3500 Series Ethernet Switches Chapter 5 SNMP Configuration 5.3.5 Set Lifetime of Trap Message You can use the following command to set lifetime of Trap message. Trap message that exists longer than the set lifetime will be dropped.
Page 615: Set The Engine Id Of A Local Or Remote Device
Operation Manual - System Management Quidway S3500 Series Ethernet Switches Chapter 5 SNMP Configuration 5.3.8 Set the Engine ID of a Local or Remote Device You can use the following commands to set the engine ID of a local or remote device.
Page 616: Add/Delete A User To/From An Snmp Group
Operation Manual - System Management Quidway S3500 Series Ethernet Switches Chapter 5 SNMP Configuration 5.3.11 Add/Delete a User to/from an SNMP Group You can use the following commands to add or delete a user to/from an SNMP group. Perform the following configuration in system view.
Page 617: Disable Snmp Agent
Operation Manual - System Management Quidway S3500 Series Ethernet Switches Chapter 5 SNMP Configuration The agent can receive/send the SNMP packets of the sizes ranging from 484 to 17940, measured in bytes. By default, the size of SNMP packet is 1500 bytes.
Page 618: Snmp Configuration Example
Operation Manual - System Management Quidway S3500 Series Ethernet Switches Chapter 5 SNMP Configuration Operation Command Display the version character string of the display snmp-agent sys-info system version 5.5 SNMP Configuration Example I. Networking requirements Network Management Station and the Ethernet switch are connected via the Ethernet.
Page 619 5000 params securityname public IV. Configure Network Management System The Ethernet Switch supports Huawei’s iManager Quidview NMS. Users can query and configure the Ethernet switch through the network management system. For more about it, refer to the manuals of Huawei’s NM products.
Page 620: Chapter 6 Rmon Configuration
Operation Manual - System Management Quidway S3500 Series Ethernet Switches Chapter 6 RMON Configuration Chapter 6 RMON Configuration 6.1 RMON Overview Remote Network Monitoring (RMON) is a type of IETF-defined MIB. It is the most important enhancement to the MIB II standard. It mainly used for monitoring the data traffic on a segment and even on a whole network.
Page 621: Configure Rmon
Operation Manual - System Management Quidway S3500 Series Ethernet Switches Chapter 6 RMON Configuration 6.2 Configure RMON RMON configuration includes: Add/Delete an Entry to/from the Alarm Table Add/Delete an Entry to/from the Event Table Add/Delete an Entry to/from the History Control Table...
Page 622: Add/Delete An Entry To/From The History Control Table
Operation Manual - System Management Quidway S3500 Series Ethernet Switches Chapter 6 RMON Configuration Operation Command Delete an entry from undo rmon event event-entry the event table. 6.2.3 Add/Delete an Entry to/from the History Control Table The history data management helps you set the history data collection, periodical data collection and storage of the specified ports.
Page 623: Add/Delete An Entry To/From The Statistics Table
Operation Manual - System Management Quidway S3500 Series Ethernet Switches Chapter 6 RMON Configuration 6.2.5 Add/Delete an Entry to/from the Statistics Table The RMON statistics management concerns the port usage monitoring and error statistics when using the ports. The statistics include collision, CRC and queuing, undersize packets or oversize packets, timeout transmission, fragments, broadcast, multicast and unicast messages and the usage ratio of bandwidth.
Page 624 # Configure RMON. [Quidway-Ethernet2/1] rmon statistics 1 owner huawei-rmon # View the configurations in user view. <Quidway> display rmon statistics Ethernet 2/1 Statistics entry 1 owned by huawei-rmon is VALID. Gathers statistics of interface Ethernet2/1. Received: octets : 270149, packets...
Page 625: Chapter 7 Ntp Configuration
Operation Manual - System Management Quidway S3500 Series Ethernet Switches Chapter 7 NTP Configuration Chapter 7 NTP Configuration 7.1 Brief Introduction to NTP 7.1.1 NTP Functions As the network topology gets more and more complex, it becomes important to synchronize the clocks of the equipment on the whole network. Network Time Protocol (NTP) is the TCP/IP that advertises the accurate time throughout the network.
Page 626 Operation Manual - System Management Quidway S3500 Series Ethernet Switches Chapter 7 NTP Configuration NTP Packet NTP Packet NTP Packet NTP Packet 10:00:00 am 10:00:00 am 10:00:00am 10:00:00am Network Network Network Network LS_A LS_A LS_A LS_A LS_B LS_B LS_B LS_B...
Page 627: Ntp Configuration
Operation Manual - System Management Quidway S3500 Series Ethernet Switches Chapter 7 NTP Configuration The delay for a round trip of an NTP packet traveling between the Switch A and B: Delay= (T ) - (T Offset of Ethernet Switch A clock relative to Ethernet Switch B clock: offset=...
Page 628 Operation Manual - System Management Quidway S3500 Series Ethernet Switches Chapter 7 NTP Configuration Configure NTP multicast client mode I. Configure NTP Server Mode Set a remote server whose ip address is ip-address as the local time server. ip-address specifies a host address other than a broadcast, multicast or reference clock IP address.
Page 629 Operation Manual - System Management Quidway S3500 Series Ethernet Switches Chapter 7 NTP Configuration NTP version number number ranges from 1 to 3 and defaults to 3; the authentication key ID keyid ranges from 0 to 4294967295; interface-name or interface-type interface-number specifies the IP address of an interface, from which the source IP address of the NTP packets sent from the local Ethernet Switch to the peer will be taken;...
Page 630 Operation Manual - System Management Quidway S3500 Series Ethernet Switches Chapter 7 NTP Configuration V. Configure NTP Multicast Server Mode Designate an interface on the local Ethernet Switch to transmit NTP multicast packets. In this case, the local equipment operates in multicast mode and serves as a multicast server to multicast messages to its clients regularly.
Page 631: Configure Ntp Id Authentication
Operation Manual - System Management Quidway S3500 Series Ethernet Switches Chapter 7 NTP Configuration 7.2.2 Configure NTP ID Authentication Enable NTP authentication, set MD5 authentication key, and specify the reliable key. A client will synchronize itself by a server only if the serve can provide a reliable key.
Page 632: Designate An Interface To Transmit Ntp Message
Operation Manual - System Management Quidway S3500 Series Ethernet Switches Chapter 7 NTP Configuration 7.2.5 Designate an Interface to Transmit NTP Message If the local equipment is configured to transmit all the NTP messages, these packets will have the same source IP address, which is taken from the IP address of the designated interface.
Page 633: Set Authority To Access A Local Ethernet Switch
Operation Manual - System Management Quidway S3500 Series Ethernet Switches Chapter 7 NTP Configuration Table 7-12 Enable/Disable an interface to receive NTP message Operation Command Disable an interface to receive NTP message ntp-service in-interface disable undo ntp-service in-interface Enable an interface to receive NTP message...
Page 634: Ntp Display And Debugging
Operation Manual - System Management Quidway S3500 Series Ethernet Switches Chapter 7 NTP Configuration Table 7-14 Set the maximum local dynamic sessions Operation Command Set the maximum local dynamic ntp-service max-dynamic-sessions sessions number Restore the default value of the maximum number of local dynamic...
Page 635 Operation Manual - System Management Quidway S3500 Series Ethernet Switches Chapter 7 NTP Configuration Vlan-interface2: 3.0.1.31 Vlan-interface2: Quidway3 1.0.1.11 Quidway1 1.0.1.2 3.0.1.2 Vlan-interface2: 3.0.1.32 Quidway0 Quidway4 Vlan-interface2: 1.0.1.12 Vlan-interface2: Quidway2 3.0.1.33 Quidway5 ..Figure 7-2 Typical NTP configuration networking diagram...
Page 636 Operation Manual - System Management Quidway S3500 Series Ethernet Switches Chapter 7 NTP Configuration Clock status: synchronized Clock stratum: 3 Reference clock ID: 1.0.1.11 Nominal frequency: 60.0002 Hz Actual frequency: 60.0002 Hz Clock precision: 2^17 Clock offset: -9.8258 ms Root delay: 27.10 ms Root dispersion: 49.29 ms...
Page 637 Operation Manual - System Management Quidway S3500 Series Ethernet Switches Chapter 7 NTP Configuration [Quidway4] ntp-service unicast-server 3.0.1.31 Configure Ethernet Switch Quidway5: (Quidway4 has been synchronized by Quidway3) # Enter system view. <Quidway5> system-view # Set the local clock as the NTP master clock at stratum 1.
Page 638 Operation Manual - System Management Quidway S3500 Series Ethernet Switches Chapter 7 NTP Configuration On Quidway3, set local clock as the NTP master clock at stratum 2 and configure to broadcast packets from Vlan-interface2. Configure Quidway4 and Quidway1 to listen to the broadcast from their Vlan-interface2 respectively.
Page 639 Operation Manual - System Management Quidway S3500 Series Ethernet Switches Chapter 7 NTP Configuration clock stratum: 3 reference clock ID: LOCAL(0) nominal frequency: 100.0000 Hz actual frequency: 100.0000 Hz clock precision: 2^17 clock offset: 0.0000 ms root delay: 0.00 ms root dispersion: 10.94 ms...
Page 640 Operation Manual - System Management Quidway S3500 Series Ethernet Switches Chapter 7 NTP Configuration Configure Ethernet Switch Quidway4: # Enter system view. <Quidway4> system-view # Enter Vlan-interface2 view. [Quidway4] interface vlan-interface 2 # Enable multicast client mode. [Quidway4-Vlan-Interface2] ntp-service multicast-client Configure Ethernet Switch Quidway1: # Enter system view.
Page 641 Operation Manual - System Management Quidway S3500 Series Ethernet Switches Chapter 7 NTP Configuration # Set Quidway1 as time server. [Quidway2[ ntp-service unicast-server 1.0.1.11 # Enable authentication. [Quidway2] ntp-service authentication enable # Set the key. [Quidway2] ntp-service authentication-keyid 42 authentication-mode md5 aNiceKey # Set the key as reliable.
Page 642: Chapter 8 Ssh Terminal Services
Operation Manual - System Management Quidway S3500 Series Ethernet Switches Chapter 8 SSH Terminal Services Chapter 8 SSH Terminal Services Note: Quidway S3552F/S3552G/S3552P/3528G/3528P/S3526E/S3526E FM/S3526E FS/S3526C support SSH. 8.1 SSH Terminal Services 8.1.1 SSH Overview Secure Shell (SSH) can provide information security and powerful authentication to prevent such assaults as IP address spoofing, plain-text password interception when users log on to the switch remotely from an insecure network environment.
Page 643 Operation Manual - System Management Quidway S3500 Series Ethernet Switches Chapter 8 SSH Terminal Services The communication process between the server and client include these five stages: version negotiation stage, key negotiation stage, authentication stage, session request stage, interactive session stage.
Page 644: Configuring Ssh Server
Operation Manual - System Management Quidway S3500 Series Ethernet Switches Chapter 8 SSH Terminal Services 8.1.2 Configuring SSH Server Basic configuration tasks refer to those required for successful connection from SSH client to SSH server, which advanced configuration tasks are those modifying SSH parameters.
Page 645 Operation Manual - System Management Quidway S3500 Series Ethernet Switches Chapter 8 SSH Terminal Services The server key pair is created dynamically by SSH server. The maximum bit range of both key pairs is 2048 bits and the minimum is 512.
Page 646 Operation Manual - System Management Quidway S3500 Series Ethernet Switches Chapter 8 SSH Terminal Services Table 8-4 Defining update interval of server key Operation Command Define update interval of server key ssh server rekey-interval hours Restore the default update interval undo ssh server rekey-interval By default, the system does not update server key.
Page 647 Operation Manual - System Management Quidway S3500 Series Ethernet Switches Chapter 8 SSH Terminal Services Note: This operation is only available for the SSH users using RSA authentication. At the switch, you configure the RSA public key of the client, while at the client, you specify the RSA private key which corresponds to the RSA public key.
Page 648: Configuring Ssh Client
Operation Manual - System Management Quidway S3500 Series Ethernet Switches Chapter 8 SSH Terminal Services 8.1.3 Configuring SSH Client There are several types of SSH client software, such as PuTTY and FreeBSD. You should first configure the client’s connection with the server. The basic configuration tasks on client include: Specifying server IP address.
Page 649 Operation Manual - System Management Quidway S3500 Series Ethernet Switches Chapter 8 SSH Terminal Services II. Selecting SSH protocol Select SSH for the Protocol item. III. Choosing SSH version Click the left menu [Category/Connection/SSH] to enter the interface shown in...
Page 650 Operation Manual - System Management Quidway S3500 Series Ethernet Switches Chapter 8 SSH Terminal Services Figure 8-4 SSH client configuration interface (3) Click the <Browse> button to enter the File Select interface. Choose a desired file and click <OK>. V. Opening SSH connection Click the <Open >...
Page 651: Displaying And Debugging Ssh
Operation Manual - System Management Quidway S3500 Series Ethernet Switches Chapter 8 SSH Terminal Services Figure 8-5 SSH client interface Key in correct username and password and log into SSH connection. Log out of SSH connection with the logout command.
Page 652: Ssh Configuration Example
Select the default values for SSH authentication timeout value, retry value and update interval of server key. Then run SSH1.5 client program on the PC which is connected to the switch and access the switch using username “client001” and password “huawei”. For RSA authentication mode...
Page 653 Operation Manual - System Management Quidway S3500 Series Ethernet Switches Chapter 8 SSH Terminal Services [Quidway-ui-vty0-4] authentication-mode scheme # Select SSH protocol on the switch. [Quidway-ui-vty0-4] protocol inbound ssh # Specify RSA authentication on the switch. [Quidway] ssh user client002 authentication-type RSA # Configure RSA key pair on the switch.
Page 654 HUAWEI Quidway S3500 Series Ethernet Switches Operation Manual Auto Detecting Huawei Technologies Proprietary...
Page 655 Operation Manual - Auto Detecting Quidway S3500 Series Ethernet Switches Table of Contents Table of Contents Chapter 1 Configuring Auto Detecting..................1-1 1.1 Introduction to Auto Detecting ................... 1-1 1.1.1 Configuring Auto Detect ..................1-1 1.1.2 Auto Detect Configuration Example ................ 1-2 Chapter 2 Implementations of Auto Detect ................
Page 656: Chapter 1 Configuring Auto Detecting
Operation Manual - Auto Detecting Quidway S3500 Series Ethernet Switches Chapter 1 Configuring Auto Detecting Chapter 1 Configuring Auto Detecting Note: Quidway S3552F /S3552G /S3552P /3528G /3528P /S3526E /S3526E FM /S3526E FS /S3526C Ethernet Switches support the Auto Detecting feature.
Page 657: Auto Detect Configuration Example
Operation Manual - Auto Detecting Quidway S3500 Series Ethernet Switches Chapter 1 Configuring Auto Detecting Operation Command Remarks Optional. Specify detecting [Quidway-detect-group-X] timer wait Defaults to 2 timeout time. seconds seconds. Optional. This Display configurations <Quidway> display detect-group command can...
Page 658 Operation Manual - Auto Detecting Quidway S3500 Series Ethernet Switches Chapter 1 Configuring Auto Detecting III. Configuration procedure # Enter system view. <Quidway> system-view # Create a detecting group numbered 10 and enter its view. [Quidway] detect-group 10 # Specify to detect the interface with an IP address of 10.1.1.4 and take the interface with an IP address of 192.168.1.2 as the next hop, and set the number of this operation...
Page 659: Chapter 2 Implementations Of Auto Detect
Operation Manual - Auto Detecting Quidway S3500 Series Ethernet Switches Chapter 2 Implementations of Auto Detect Chapter 2 Implementations of Auto Detect 2.1 Introduction The results of auto detect (reachable or unreachable) can be the criterion to determine whether to enable some functions. Auto detect can be utilized in:...
Page 660: Implementation Example
Operation Manual - Auto Detecting Quidway S3500 Series Ethernet Switches Chapter 2 Implementations of Auto Detect Table 2-1 Configure auto detect for a static route Operation Command Remarks Enter system view <Quidway> system-view [Quidway] ip route-static ip-address { mask | mask-length } { interface-type...
Page 661: Implementations In Vrrp
Operation Manual - Auto Detecting Quidway S3500 Series Ethernet Switches Chapter 2 Implementations of Auto Detect # Specify to detect the reachability to the interface with IP address of 10.1.1.4 with 192.168.1.2 as the next hop, and set the operation number to 1.
Page 662: Implementation Example
Operation Manual - Auto Detecting Quidway S3500 Series Ethernet Switches Chapter 2 Implementations of Auto Detect Note: The prompts of interface views vary with the actual configurations. Refer to corresponding command manual for information about parameters listed in the above table and the related undo commands.
Page 663: Implementations In Vlan Interface Backup
Operation Manual - Auto Detecting Quidway S3500 Series Ethernet Switches Chapter 2 Implementations of Auto Detect # Configure an IP address for VLAN interface 1. [Quidway B] vlan 1 [Quidway B-vlan1] port ethernet1/0/1 [Quidway B-vlan1] quit [Quidway B] interface vlan-interface 1 [Quidway B-vlan-interface1] ip address 192.168.1.2 24...
Page 664: Configuring Auto Detect For Vlan Interface Backup
Operation Manual - Auto Detecting Quidway S3500 Series Ethernet Switches Chapter 2 Implementations of Auto Detect When the link between the primary VLAN interface and the destination comes back up, that is, the result of the detecting group becomes reachable again, the system enables the primary VLAN interface and shuts down the secondary.
Page 665 Operation Manual - Auto Detecting Quidway S3500 Series Ethernet Switches Chapter 2 Implementations of Auto Detect II. Network diagram 192.168.1.2 192.168.1.2/24 192.168.1.2 192.168.1.2/24 10.1.1.3 10.1.1.3/24 10.1.1.3 10.1.1.3/24 VLAN 1 VLAN 1 Ethernet 1/0/1 Ethernet 1/0/1 Ethernet 1/0/1 Ethernet 1/0/1 Switch B...
Page 666 Operation Manual - Auto Detecting Quidway S3500 Series Ethernet Switches Chapter 2 Implementations of Auto Detect # Configure an IP address for VLAN interface 2. [Quidway A] interface vlan-interface 2 [Quidway A-vlan-interface2] ip address 192.168.2.1 24 # Create a detecting group numbered 10.
Page 667 HUAWEI Quidway S3500 Series Ethernet Switches Operation Manual Appendix Huawei Technologies Proprietary...
Page 668 Operation Manual - Appendix Quidway S3500 Series Ethernet Switches Table of Contents Table of Contents Appendix A Acronyms ........................A-1 Huawei Technologies Proprietary...
Page 669 Operation Manual - Appendix Quidway S3500 Series Ethernet Switches Appendix A Acronyms Appendix A Acronyms Authentication, Authorization and Accounting Area Border Router Access Control List Address Resolution Protocol Autonomous System ASBR Autonomous System Border Router Backup Designated Router Committed Access Rate...
Page 670 Operation Manual - Appendix Quidway S3500 Series Ethernet Switches Appendix A Acronyms ICMP Internet Control Message Protocol IGMP Internet Group Management Protocol Interior Gateway Protocol Internet Protocol Link State Advertisement LSDB Link State DataBase Medium Access Control Management Information Base...
Page 671 Operation Manual - Appendix Quidway S3500 Series Ethernet Switches Appendix A Acronyms TFTP Trivial File Transfer Protocol Type of Service Time To Live User Datagram Protocol VLAN Virtual LAN Video On Demand VRRP Virtual Router Redundancy Protocol Weighted Round Robin...

Huawei Quidway S3500 Series Operation Manual

Section 1

Chapter 1 Product Overview

Chapter 2 Logging in Switch

Chapter 3 Command Line Interface

Chapter 4 User Interface Configuration

Section 2

Section 3

Section 4

Chapter 6 Dhcp Snooping Configuration

Chapter 8 Access Management Configuration

Section 5

Chapter 5 Bgp Configuration

Section 6

Chapter 7 PIM-SM Configuration

Chapter 9 Multicast VLAN

Quick Links

Chapters

Troubleshooting

Related Manuals for Huawei Quidway S3500 Series

Summary of Contents for Huawei Quidway S3500 Series