Huawei S Series Quick Configuration
  1. Manuals
  2. Brands
  3. Huawei Manuals
  4. Switch
  5. S Series
  6. Quick configuration

Huawei S Series Quick Configuration

Campus switches
Hide thumbs Also See for S Series:
Table of Contents

Advertisement

Quick Links

Quick Configuration
HUAWEI S Series Campus Switches
Issue: 06 (2018-08-10)

Advertisement

Table of Contents
loading

Related Manuals for Huawei S Series

Summary of Contents for Huawei S Series

  • Page 1 Quick Configuration HUAWEI S Series Campus Switches Issue: 06 (2018-08-10)
  • Page 2 Notice The purchased products, services and features are stipulated by the contract made between Huawei and the customer. All or part of the products, services, and features described in this document may not be within the purchase scope or the usage scope. Unless otherwise specified in the contract, all statements, information, and recommendations in this document are provided "AS IS"...

  • Page 3: Table Of Contents

    Contents 1 Before You Start 2 Small-Sized Campus Networks 2.1 Data Plan 2.2 Quickly Configuring Small-Sized Campus Networks 3 Small- and Mid-Sized Campus Networks 3.1 Data Plan 3.2 Quickly Configuring Small- and Mid-Sized Campus Networks 4 Mid-sized Campus WLANs 4.1 Data Plan 4.2 Configuration Roadmap 4.3 Quickly Configuring Mid-sized Campus WLANs 5 FAQs...

  • Page 4: Before You Start

    Before You Start This document will help you log in to and quickly configure Huawei S series switches. For more service configurations, see the Switch Configuration Guide. This document is for switches running V200R003C00 and later. You can run the display version command in the user view to check the version of the device.

  • Page 5: Small-Sized Campus Networks

    Small-Sized Campus Networks This section uses the S2750 as an access switch (ACC1), S5700 as a core switch (CORE), and an AR series router as an egress router (Router) as examples to demonstrate the configuration procedure for small-sized campus networks. ...

  • Page 6: Data Plan

    Data Plan Before configuring the switches and router, prepare the following data for use in the next section. Action Data Description Component The management IP address is used to log in to Management IP 10.10.1.1/24 the switch. address Configure the management A modular switch‘s management interface is Ethernet0/0/0.
  • Page 7 Action Component Data Description Public interface GE0/0/1: GE0/0/1 is the public interface that connects IP address 1.1.1.2/30 the egress router to the Internet. Configure the egress The public gateway address is the IP router address of the carrier device that connects Public gateway 1.1.1.1/30 to the egress router.

  • Page 8: Quickly Configuring Small-Sized Campus Networks

    Quickly Configuring Small-Sized Campus Networks Follow the procedure shown below to configure the switches and router. Once configurations are complete, user devices within the campus can communicate with each other, and intranet users can access the Internet. Step 1 – Log in to Step 9 –...
  • Page 9 Logging In to the Switch Connect your PC to the switch through the console cable provided with the switch. If your PC does not have a serial port, use a USB to serial cable. If the switch has a Mini USB port, you can connect your PC to the switch using a Mini USB cable.
  • Page 10 V200R010C00, the system asks you to set a login password. In V200R010C00 and later versions, the default user name for first login is admin and default password is admin@huawei.com. You must change the password after login. You can now run commands to configure the switch. Enter a question mark (?) after a command whenever you need help.
  • Page 11 [HUAWEI-aaa] local-user admin password irreversible-cipher Helloworld@6789 //Configure the user name and password for Telnet login. The user name is case-insensitive, whereas the password is case-sensitive. [HUAWEI-aaa] local-user admin privilege level 15 //Set the administrator account level to 15 (highest). [HUAWEI-aaa] local-user admin service-type telnet Use of STelnet V2 to log in to the switch is recommended because the Telnet protocol has security risks.
  • Page 12 Configuring Interfaces and VLANs a. Configure the access switch. Starting with access switch ACC1 as an example, create service VLAN 10 on ACC1. <HUAWEI> system-view [HUAWEI] sysname ACC1 //Set the switch name to ACC1. [ACC1] vlan batch 10 //Create VLANs in a batch.
  • Page 13 Configure the interfaces on ACC1 that connect user devices so that user devices can be added to the VLAN. Configure the interfaces as edge ports. [ACC1] interface Ethernet 0/0/2 //Configure the interface connecting to PC1. [ACC1-Ethernet0/0/2] port link-type access [ACC1-Ethernet0/0/2] port default vlan 10 [ACC1-Ethernet0/0/2] stp edged-port enable [ACC1-Ethernet0/0/2] quit [ACC1] interface...
  • Page 14 Configure the core switch (CORE). Create the VLANs for CORE to communicate with ACC1, ACC2, and the egress router. <HUAWEI> system-view [HUAWEI] sysname CORE //Set the switch name to CORE. [CORE] vlan batch 10 20 100 //Create VLANs in a batch.
  • Page 15 After configuring the interfaces and VLANs, run the following commands to view the configuration results. For details about the command output, see the corresponding Command Reference based on the version of the device. Run the display eth-trunk command to view the configurations of Eth-Trunk on ACC1.
  • Page 16 Run the display eth-trunk command to view Eth-Trunk configurations on CORE. [CORE] display eth-trunk 1 Eth-Trunk1's state information is: Local: LAG ID: 1 WorkingMode: LACP Preempt Delay: Disabled Hash arithmetic: According to SA-XOR-DA System Priority: 32768 System ID: 0200-0000-6703 Least Active-linknumber: 1 Max Active-linknumber: 8 Operate status: up Number Of Up Port In Trunk: 1...
  • Page 17 Configuring DHCP Configure the DHCP server on CORE to allocate IP addresses to user devices in department A (VLAN 10) and department B (VLAN 20). Department A is used in the example below. In this section, a global address pool is configured. You can also configure an interface-based address pool.
  • Page 18 Run the display ip pool command to view configuration and usage information. The example below shows the configuration of global address pool 10. [CORE] display ip pool name 10 View address Pool-name : 10 pool Pool-No configuration. Lease : 1 Days 0 Hours 0 Minutes Domain-name DNS-server0 NBNS-server0...
  • Page 19 After completing the DHCP server configuration, configure network adapters on terminal PCs to automatically obtain IP addresses. The terminal PCs then can obtain IP addresses from the DHCP server and access the Internet. After dynamic IP address allocation is configured, it takes a PC a long time to obtain an IP address after it starts.
  • Page 20 Configuring Routing Configure a default static route to the campus egress gateway on CORE so that CORE forwards intranet traffic to the egress router. [CORE] ip route-static 0.0.0.0 0 10.10.100.2 Run the display ip routing-table command on CORE to view the IP routing table. [CORE] display ip routing-table A default static route whose Route Flags: R - relay, D - download to fib...
  • Page 21 Configuring the Egress Router Before configuring the egress router, prepare the following data:  Public IP address: 1.1.1.2/30 Public gateway address: 1.1.1.1  DNS server address: 8.8.8.8  The carrier provides these IP addresses after approving bandwidth service applications. When configuring a network, use the actual IP addresses provided by the carrier. Configure IP addresses for egress router interfaces connecting to the intranet and Internet.
  • Page 22 Configuring DHCP Snooping and IPSG User devices can automatically obtain IP addresses after DHCP is configured. If a user connects a small router to the intranet and enable the DHCP server on the router, authorized intranet users may obtain IP addresses allocated by the small router and cannot access the Internet.
  • Page 23 To prevent users from changing IP addresses and attacking the intranet, enable IPSG after enabling DHCP snooping on the access switch. ACC1 is used in the example below. On ACC1, enable IPSG in VLAN 10. [ACC1] vlan 10 [ACC1-vlan10] ip source check user-bind enable //Enable IPSG.
  • Page 24 Verifying Services Select two PCs within a department to perform ping tests and verify whether Layer 2 interworking within the department is normal. The following example uses two PCs (PC1 and PC2) in department A. The two PCs communicate at Layer 2 through ACC1. If they can ping each other successfully, Layer 2 interworking is normal.
  • Page 25 Saving the Configuration You must save your data to the configuration file before restarting the switch. Unsaved data configured via command lines will be lost after the switch restarts. Save the data to the configuration file. The example below shows the procedure of saving CORE's configuration file.

  • Page 26: Small- And Mid-Sized Campus Networks

    Small- and Mid-Sized Campus Networks This section uses the S2750 as an access switch (ACC1), S5700 as a core switch (CORE), and an AR series router as an egress router (Router) as examples to demonstrate the configuration procedure for small- and mid-sized campus networks. ...

  • Page 27: Data Plan

    Data Plan Before configuring the switches and router, prepare the following data for use in the next section. Action Component Data Description Management The management IP address is used to log in interface IP 10.10.1.1/24 to the switch. address Configure the management A modular switch‘s management interface is Ethernet0/0/0.
  • Page 28 Action Component Data Description Public interface GE0/0/0: GE0/0/0 is the public interface that connects IP address 1.1.1.2/30 the egress router to the Internet. Configure the egress The public gateway address is the IP router address of the carrier device that connects Public gateway 1.1.1.1/30 to the egress router.

  • Page 29: Quickly Configuring Small- And Mid-Sized Campus Networks

    Quickly Configuring Small- and Mid-Sized Campus Networks Follow the procedure shown below to configure the switches and router. Once configurations are complete, user devices within the campus can communicate with each other, and intranet users can access the Internet. Step 10 – Verify Step 1 –...
  • Page 30 Logging In to the Switch Connect your PC to the switch through the console cable provided with the switch. If your PC does not have a serial port, use a USB to serial cable. If the switch has a Mini USB port, you can connect your PC to the switch using a Mini USB cable.
  • Page 31 V200R010C00, the system asks you to set a login password. In V200R010C00 and later versions, the default user name for first login is admin and default password is admin@huawei.com. You must change the password after login. You can now run commands to configure the switch. Enter a question mark (?) after a command whenever you need help.
  • Page 32 [HUAWEI-aaa] local-user admin password irreversible-cipher Helloworld@6789 //Configure the user name and password for Telnet login. The user name is case-insensitive, whereas the password is case-sensitive. [HUAWEI-aaa] local-user admin privilege level 15 //Set the administrator account level to 15 (highest). [HUAWEI-aaa] local-user admin service-type telnet...
  • Page 33 Configure the access switch. Starting with access switch ACC1 as an example, create service VLANs 10 and 20 on ACC1. <HUAWEI> system-view [HUAWEI] sysname ACC1 //Set the switch name to ACC1. [ACC1] vlan batch 10 20 //Create VLANs in a batch.
  • Page 34 Create the VLANs for CORE1 to communicate with the access switches, CORE2, and egress router. <HUAWEI> system-view [HUAWEI] sysname CORE1 //Set the switch name to CORE1. [CORE1] vlan batch 10 20 30 40 50 100 300 //Create VLANs in a batch.
  • Page 35 c. View the configuration results. After configuring the interfaces and VLANs, run the following commands to view the configuration results. For details about the command output, see the corresponding Command Reference based on the version of the device. Run the display vlan command to view VLAN configurations on ACC1.
  • Page 36 Configure IP addresses for egress router interfaces. Configure an IP address for the interface connecting to the intranet. <HUAWEI> system-view [HUAWEI] sysname Router [Router] interface GigabitEthernet 0/0/1 [Router-GigabitEthernet0/0/1] ip address 172.16.1.2 24 //Configure an IP address for the interface connecting to CORE1.
  • Page 37 f. Configure VRRP to implement virtual gateway redundancy. After VRRP is configured on CORE1 and CORE2, the access switches forward traffic to CORE1. If CORE1 fails, a VRRP switchover occurs and CORE2 becomes the master. The access switches then forward traffic to CORE2. Create VRRP groups 1 and 2 on CORE1 and CORE2.
  • Page 38 g. Configure the egress router to allow intranet users to access the Internet. Configure an ACL to allow users to access the Internet. The example below allows users in VLANs 10 and 20 to access the Internet. [Router] acl 2000 [Router-acl-basic-2000] rule permit source 192.168.10.0 0.0.0.255 //Allow users in VLAN 10 to access the Internet.
  • Page 39 Configuring DHCP a. Configure the DHCP server. The administrator configures fixed IP addresses for user devices so that users can access the Internet. As the network expands, it is difficult for the administrator to manually configure a large number of IP addresses and manage them. In addition, if a user changes the configured IP address, an IP address conflict occurs and the related users cannot access the Internet.
  • Page 40 Configure CORE2 as the standby DHCP server to allocate the second half of all IP addresses in the address pool. <CORE2> system-view [CORE2] dhcp enable [CORE2] ip pool 10 [CORE2-ip-pool-10] gateway-list 192.168.10.3 [CORE2-ip-pool-10] network 192.168.10.0 mask 24 [CORE2-ip-pool-10] excluded-ip-address 192.168.10.1 192.168.10.2 [CORE2-ip-pool-10] excluded-ip-address 192.168.10.4 192.168.10.127 [CORE2-ip-pool-10] lease day 0 hour 20 minute 0 [CORE2-ip-pool-10] dns-list 8.8.8.8...
  • Page 41 After completing the DHCP server configuration, configure network adapters on terminal PCs to automatically obtain IP addresses. The terminal PCs then can obtain IP addresses from the DHCP server and access the Internet. After dynamic IP address allocation is configured, it takes a PC a long time to obtain an IP address after it starts.
  • Page 42 b. Configure DHCP snooping and IPSG. User devices can automatically obtain IP addresses after DHCP is configured. If a user connects a small router to the intranet and enable the DHCP server on the router, authorized intranet users may obtain IP addresses allocated by the small router and cannot access the Internet.
  • Page 43 To prevent users from changing IP addresses and attacking the intranet, enable IPSG after enabling DHCP snooping on the access switch. ACC1 is used in the example below. On ACC1, enable IPSG in VLAN 10. [ACC1] vlan 10 [ACC1-vlan10] ip source check user-bind enable //Enable IPSG.
  • Page 44 Configuring OSPF Devices on the intranet use static routes. If a link fails, the administrator needs to manually configure a new static route, interrupting network services for a long time. Configuring a dynamic routing protocol prevents this problem. If a link fails, the dynamic routing protocol switches traffic forwarded through the faulty link to a normal link based on an algorithm.
  • Page 45 Configure OSPF on the egress router. To connect the intranet to the Internet, configure a default static route to the Internet. Advertise the default route in the OSPF area, and configure a default static route to the carrier device. [Router] ospf 10 router-id 1.1.1.1 [Router-ospf-10] default-route-advertise always [Router-ospf-10] area 0 [Router-ospf-10-area-0.0.0.0] network 172.16.1.0 0.0.0.255...
  • Page 46 Configuring Reliability and Load Balancing a. Configure association between VRRP and the interface status to monitor links. If the link from CORE1 to the egress router fails, traffic is forwarded over the interconnection link between CORE1 and CORE2 to CORE2, increasing traffic load and imposing high stability and bandwidth requirements on the link.
  • Page 47 b. Configure load balancing. As service traffic increases, the link between CORE1 and the egress router has high bandwidth utilization, whereas the link between CORE2 and the egress router is idle, wasting resources and lowering reliability. To effectively use the two links, you can configure load balancing on CORE1 and CORE2 so that CORE1 function as the master in some VLANs while CORE2 function as the master in the other VLANs.
  • Page 48 Configuring Link Aggregation If the uplink of CORE1 or CORE2 fails, traffic passes through the link between CORE1 and CORE2. However, the bandwidth of the link may be insufficient, causing packet loss. You can bind multiple physical links into a logical link to increase the bandwidth and improve the link reliability.
  • Page 49 Configure link aggregation. Method 1: Configure link aggregation in load balancing mode. [CORE1] interface Eth-Trunk 1 [CORE1-Eth-Trunk1] trunkport GigabitEthernet 0/0/5 to 0/0/6 [CORE1-Eth-Trunk1] port link-type access [CORE1-Eth-Trunk1] port default vlan 300 [CORE1-Eth-Trunk1] quit Method 2: Configure link aggregation in LACP mode. [CORE1] interface Eth-Trunk 1 [CORE1-Eth-Trunk1] mode lacp [CORE1-Eth-Trunk1] trunkport GigabitEthernet 0/0/5 to 0/0/6...
  • Page 50 Configuring Rate Limiting a. Configure rate limiting based on the IP address. Configuring IP address-based rate limiting on the switch is complicated and consumes a lot of hardware ACL resources. Therefore, You can configure IP address- based rate limiting on the egress router's physical interfaces connecting to the core switches.
  • Page 51 b. Configure rate limiting based on all traffic on a network segment. To reserve sufficient bandwidth resources for department A as services grow, configure rate limiting for department B. The Internet access rate in department B cannot exceed 2 Mbit/s and the download rate cannot exceed 4 Mbit/s. Configure an ACL on the egress router to allow packets from department B to pass through.
  • Page 52 Configuring NAT Server and Multiple Egress Interfaces a. Configure NAT Server. As services grow, the web server and FTP server on the intranet need to provide services to both internal and external users who access the servers using public IP addresses.
  • Page 53 The configuration procedure on GE0/0/2 is similar to that on GE0/0/1. For details on NAT configuration and commands for AR routers, see "NAT Configuration" and configuration examples in the corresponding Configuration Guide - Service, as well as "NAT" in Typical Configuration Examples based on the version of the device.
  • Page 54 Configure a dialer interface. [Router] interface Dialer 0 [Router-Dialer0] ip address ppp-negotiate [Router-Dialer0] ppp chap user Router [Router-Dialer0] ppp chap password cipher Router@123 [Router-Dialer0] dialer user user [Router-Dialer0] dialer bundle 1 [Router-Dialer0] dialer-group 1 [Router-Dialer0] ppp ipcp dns request [Router-Dialer0] ppp ipcp dns admit-any [Router-Dialer0] quit Configure NAT.
  • Page 55 Configure traffic classifiers c0, c1, and c2, and configure matching rules based on ACL 3000, ACL 3001, and ACL 3002 in the traffic classifiers, respectively. [Router] traffic classifier c0 [Router-classifier-c0] if-match acl 3000 [Router-classifier-c0] quit [Router] traffic classifier c1 [Router-classifier-c1] if-match acl 3001 [Router-classifier-c1] quit [Router] traffic classifier c2 [Router-classifier-c2] if-match acl 3002...
  • Page 56 Verifying Services and Saving the Configuration a. Verify services. Select two PCs from two departments to perform ping tests and verify whether the two departments can communicate at Layer 3 through VLANIF interfaces. The following example uses two PCs (PC1 and PC2) in departments A and B. The two PCs communicate at Layer 3 through CORE1 (or CORE2).
  • Page 57 b. Save the configuration. You must save your data to the configuration file before restarting the switch. Unsaved data configured via command lines will be lost after the switch restarts. The example below shows the procedure of saving CORE1's configuration file. <CORE1>...

  • Page 58: Mid-Sized Campus Wlans

    Mid-sized Campus WLANs This section uses an S series switch running V200R012 and an AR series router running V200R010 as examples to demonstrate how to configure a medium-sized campus WLAN.  A WLAN with SSID wlan-net is required so that users can access the Internet from anywhere at any time.

  • Page 59: Data Plan

    Data Plan Before configuring the switches and router, prepare the following data for use in the next section. Configuration Item Data  The AC functions as a DHCP server to assign IP addresses to APs. DHCP server  Router functions as a DHCP server to assign IP addresses to APs. IP address pool for APs 10.23.100.2 to 10.23.100.254/24 ...

  • Page 60: Configuration Roadmap

    Configuration Roadmap Various profiles are designed based on different functions and features of WLANs to help users configure and maintain functions of WLANs. These profiles are called WLAN profiles. The following figure shows the referencing relationships between WLAN profiles. By getting to know the referencing relationships, you can easily grasp the configuration roadmap of WLAN profiles and complete configurations.

  • Page 61: Quickly Configuring Mid-Sized Campus Wlans

    Quickly Configuring Mid-sized Campus WLANs Follow the procedure shown below to configure network devices to build a wireless network for the campus and enable users to access the Internet from anywhere at any time. Step 1 – Set the NAC mode Step 10 –...
  • Page 62 Based on the preceding advantages, you are advised to set the NAC mode to unified. Check the NAC mode before and after the AC restarts. <HUAWEI> display authentication mode Current authentication mode is common-mode Next authentication mode is unified-mode The NAC mode is as follows before and after the AC restarts.
  • Page 63 Configuring the AC So That the AC and APs Can Transmit CAPWAP Packets Add GE0/0/1, GE0/0/2, and GE0/0/3 on Switch_A to VLAN 100 (management VLAN). <HUAWEI> system-view [HUAWEI] sysname Switch_A [Switch_A] vlan batch 100 [Switch_A] interface gigabitethernet 0/0/1 [Switch_A-GigabitEthernet0/0/1] port link-type trunk...
  • Page 64 Configuring the AC to Communicate with the Upstream Network Device Configure VLAN 101 (service VLAN), VLAN 102 (service VLAN), and VLANIF 200. Configure uplink interfaces of the AC to transparently transmit packets of service VLANs as required and communicate with the upstream network device.
  • Page 65 [AC-Vlanif102] dhcp select relay [AC-Vlanif102] dhcp relay server-ip 10.23.200.1 [AC-Vlanif102] quit Configure Router as a DHCP server to assign IP addresses to STAs. <Huawei> system-view [Huawei] sysname Router [Router] dhcp enable [Router] ip pool sta-ip-pool1 [Router-ip-pool-sta-ip-pool1] gateway-list 10.23.101.1 [Router-ip-pool-sta-ip-pool1] network 10.23.101.0 mask 24...
  • Page 66 Configure an IP address for the DNS server as needed using either of the following methods:  In the interface address pool scenario, run the dhcp server dns-list ip-address &<1-8> command in the VLANIF interface view.  In the global address pool scenario, run the dns-list ip-address &<1- 8>...
  • Page 67 Configuring APs to Go Online Create an AP group to which the APs with the same configuration can be added. [AC] wlan [AC-wlan-view] ap-group name ap-group1 [AC-wlan-ap-group-ap-group1] quit Create a regulatory domain profile, configure the AC's country code in the profile, and apply the profile to the AP group.
  • Page 68 [AC] wlan [AC-wlan-view] ap auth-mode mac-auth [AC-wlan-view] ap-id 0 ap-mac 60de-4476-e360 [AC-wlan-ap-0] ap-name area_1 Warning: This operation may cause AP reset. Continue? [Y/N]:y [AC-wlan-ap-0] ap-group ap-group1 Warning: This operation may cause AP reset. If the country code changes, it will clear channel, power and antenna gain configuration s of the radio, Whether to continue? [Y/N]:y [AC-wlan-ap-0] quit [AC-wlan-view] ap-id 1 ap-mac 60de-4474-9640...
  • Page 69 Configuring WLAN Service Parameters Create security profile wlan-security and set a security policy in the profile. In this example, the security policy is set to WPA2+PSK+AES and password to a1234567. In practice, configure a security policy based on service requirements. [AC-wlan-view] security-profile name wlan-security [AC-wlan-sec-prof-wlan-security] security wpa2 psk pass-phrase a1234567 aes [AC-wlan-sec-prof-wlan-security] quit...
  • Page 70 Configuring Channels and Power for AP Radios The automatic channel and power calibration functions are enabled by default. The manual channel and power configurations take effect only when these functions are disabled. The channel and power configuration for the AP's radio 0 in this example is for reference only. In actual scenarios, configure channels and power for AP radios based on country codes of the APs and network planning results.
  • Page 71 Verifying the Configuration After the configuration is complete, run the display vap ssid wlan-net command. If the value of the Status field in the command output is displayed as ON, the VAPs have been successfully created on the AP radios. [AC-wlan-view] display vap ssid wlan-net WID : WLAN ID ---------------------------------------------------------------------------...

  • Page 72: Faqs

    Back up the configuration file before restoring factory settings; otherwise, all configuration data will be deleted. Restore the factory settings of a switch. <HUAWEI> reset saved-configuration Warning: The action will delete the saved configuration in the device. The configuration will be erased to reconfigure. Continue? [Y/N]:y Warning: Now clearing the configuration in the device.
  • Page 73 <HUAWEI> system-view [HUAWEI] user-interface console 0 [HUAWEI-ui-console0] authentication-mode password [HUAWEI-ui-console0] set authentication password cipher huawei@123 [HUAWEI-ui-console0] return 4. How Can I Reset the Telnet Password? Log in to the switch through the console port to change the Telnet password. (AAA authentication is used in the example below.)
  • Page 74 6. How Can I Configure the Lease? By default, a lease expires after one day. In situations where a user is working away from their home or office, such as a café or airport, a short-term lease is recommended. In situations where users are primarily working from one location, long-term leases are recommended.

This manual is also suitable for:

S2750S5700

Table of Contents