Huawei Quidway S3900 Series Operation Manual
  1. Manuals
  2. Brands
  3. Huawei Manuals
  4. Switch
  5. Quidway S3900 Series
  6. Operation manual

Huawei Quidway S3900 Series Operation Manual

Hide thumbs Also See for Quidway S3900 Series:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
Table of Contents

Advertisement

Quick Links

See also: Command Manual , Installation Manual
HUAWEI
Quidway S3900 Series Ethernet Switches
Operation Manual
Release 1510
Huawei Technologies Proprietary

Advertisement

Table of Contents
loading

Related Manuals for Huawei Quidway S3900 Series

Summary of Contents for Huawei Quidway S3900 Series

  • Page 1 HUAWEI Quidway S3900 Series Ethernet Switches Operation Manual Release 1510 Huawei Technologies Proprietary...
  • Page 2 3116A04W Huawei Technologies Co., Ltd. provides customers with comprehensive technical support and service. If you purchase the products from the sales agent of Huawei Technologies Co., Ltd., please contact our sales agent. If you purchase the products from Huawei Technologies Co., Ltd. directly, Please feel free to contact our local office, customer care center or company headquarters.
  • Page 3 Copyright © 2006 Huawei Technologies Co., Ltd. All Rights Reserved No part of this manual may be reproduced or transmitted in any form or by any means without prior written consent of Huawei Technologies Co., Ltd. Trademarks , HUAWEI, C&C08, EAST8000, HONET,...

  • Page 4: About This Manual

    It is used for assisting the users in using various Switches Command Manual commands. Organization Quidway S3900 Series Ethernet Switches Operation Manual consists of the following parts: 0 Product Overview Introduces the characteristics and implementations of the Ethernet switch. 1 CLI Introduces the command hierarchy, command view and CLI features of the Ethernet switch.
  • Page 5 18 Multicast Introduces the configuration of GMRP, IGMP Snooping, IGMP, PIM-DM, PIM-SM, and MSDP. 19 802.1x Introduces 802.1x and the related configuration. 20 AAA&RADIUS&HWTACACS&EAD Introduces AAA, RADIUS, HWTACACS, EAD, and the related configurations. 21 VRRP Huawei Technologies Proprietary...
  • Page 6 Introduces the configuration to manage network devices through SNMP and RMON. 34 NTP Introduces NTP and the related configuration. 35 SSH Terminal Service Introduces SSH2.0 and the related configuration. 36 File System Management Introduces basic configuration for file system management. 37 FTP and TFTP Huawei Technologies Proprietary...
  • Page 7 Customers who are familiar with network fundamentals Conventions The manual uses the following conventions: I. General conventions Convention Description Arial Normal paragraphs are in Arial. Boldface Headings are in Boldface. Courier New Terminal Display is in Courier New. Huawei Technologies Proprietary...
  • Page 8 <Enter>, <Tab>, <Backspace>, or <A>. Press the keys concurrently. For example, <Ctrl+Alt+A> <Key1+Key2> means the three keys should be pressed concurrently. Press the keys in turn. For example, <Alt, A> means the <Key1, Key2> two keys should be pressed in turn. Huawei Technologies Proprietary...
  • Page 9 Eye-catching symbols are also used in the manual to highlight the points worthy of special attention during the operation. They are defined as follows: Caution, Warning, Danger: Means reader be extremely careful during the operation. Note, Comment, Tip, Knowhow, Thought: Means a complementary description. Huawei Technologies Proprietary...

  • Page 10: Table Of Contents

    Operation Manual – Overview Quidway S3900 Series Ethernet Switches-Release 1510 Table of Contents Table of Contents Chapter 1 Obtaining the Documentation ..................1-1 1.1 CD-ROM ..........................1-1 1.2 Huawei-3Com Website ...................... 1-1 1.3 Software Release Notes ....................1-2 Chapter 2 Documentation and Software Version............... 2-1 2.1 Software Version for the Manual ..................

  • Page 11: Chapter 1 Obtaining The Documentation

    Huawei-3Com website Software release notes 1.1 CD-ROM Huawei-3Com delivers a CD-ROM together with each device. The CD-ROM contains a complete product document set, including the operation manual, command manual, installation manual, and compatibility manual. After installing the reader program provided by the CD-ROM, you can search for the desired contents in a convenient way through the reader interface.

  • Page 12: Software Release Notes

    Operation Manual – Overview Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 Obtaining the Documentation 1.3 Software Release Notes With software upgrade, new software features may be added. You can acquire the information about the newly added software features through software release notes.

  • Page 13: Chapter 2 Documentation And Software Version

    Operation Manual – Overview Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 2 Documentation and Software Version Chapter 2 Documentation and Software Version 2.1 Software Version for the Manual Quidway S3900 Series Ethernet Switches Operation Manual Release1510 and Quidway S3900 Series Ethernet Switches...

  • Page 14: Document List

    Operation Manual – Overview Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 2 Documentation and Software Version New features unique to Release1510 Related part BPDU Tunnel 40-VLAN VPN Opening/closing Telnet TCP port 02 Login Operation 23 and SSH TCP port 22...

  • Page 15: Switch Models

    Chapter 3 Product Overview 3.1 Preface Quidway S3900 Series Ethernet switches are Ethernet equipment capable of multilayer switching. They come in two series: S3900-SI and S3900-EI. In addition to the basic service features, S3900 Series Ethernet switches support abundant Layer 3 features and enhanced extended functions.

  • Page 16: Software Features

    Operation Manual – Overview Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 3 Product Overview Number Number of Number of Power supply Consol Model 100 Mbps 1,000 Mbps unit (PSU) service e port ports uplink ports ports Quidway 10/100 Gigabit S3928P-E...
  • Page 17 Operation Manual – Overview Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 3 Product Overview Part Features IEEE 802.1Q-compliant VLAN 4 VLAN Port-based VLAN Protocol-based VLAN 5 IP Address and Configuring an IP address for a switch Performance Configuring the TCP attributes for a switch...
  • Page 18 Operation Manual – Overview Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 3 Product Overview Part Features 802.1X authentication 19 802.1x Guest VLAN Huawei authentication bypass protocol (HABP) Authentication, authorization, and accounting (AAA) Remote authentication dial-In user service (RADIUS) AAA&RADIUS&H Huawei terminal access controller access control system WTACACS&EAD...
  • Page 19 Operation Manual – Overview Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 3 Product Overview Part Features Simple network management protocol (SNMP) compatible with SNMP v1/v2 33 SNMP&RMON Remote monitoring (RMON) 34 NTP Network time protocol (NTP) Secure shell (SSH) 35 SSH Terminal...

  • Page 20: Chapter 4 Networking Applications

    Operation Manual – Overview Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 4 Networking Applications Chapter 4 Networking Applications You can deploy S3900 series on many types of networks, such as enterprise networks and broadband access networks. Following are several typical networking applications.

  • Page 21: Application In Large Enterprise And Campus Networks

    Operation Manual – Overview Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 4 Networking Applications Internet/ enterprise network Internet/ enterprise network Router Router 路由器 路由器 GE (1,000 M) GE (1,000 M) GE(1000 M) GE(1000 M) serv er serv er S3900 series...
  • Page 22 Operation Manual – Overview Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 4 Networking Applications serv er serv er L2/L3 L2/L3 L2/L3 L2/L3 L2/L3 L2/L3 L2/L3 L2/L3 L2/L3 L2/L3 L2/L3 L2/L3 L2/L3 L2/L3 L2/L3 L2/L3 100 M/1,000 M 100 M/1,000 M...
  • Page 23 Operation Manual - CLI Quidway S3900 Series Ethernet Switches-Release 1510 Table of Contents Table of Contents Chapter 1 CLI Overview ........................ 1-1 1.1 Introduction to the CLI ....................... 1-1 1.2 Command Level/Command View ..................1-1 1.2.1 Switching between User Levels ................1-2 1.2.2 Configuring the Level of a Specific Command in a Specific View ......

  • Page 24: Introduction To The Cli

    Operation Manual - CLI Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 CLI Overview Chapter 1 CLI Overview 1.1 Introduction to the CLI A Quidway series Ethernet switch provides a command line interface (CLI) and commands for you to configure and manage the Ethernet switch. The CLI is featured by the following: Commands are grouped by levels.

  • Page 25: Switching Between User Levels

    Operation Manual - CLI Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 CLI Overview 1.2.1 Switching between User Levels A user can switch the user level from one to another by executing a related command after logging into a switch. The administrator can also set user level switching passwords as required.

  • Page 26: Configuring The Level Of A Specific Command In A Specific View

    Operation Manual - CLI Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 CLI Overview 1.2.2 Configuring the Level of a Specific Command in a Specific View You can configure the level of a specific command in a specific view. Commands fall into four command levels: visit, monitor, system, and manage, which are identified as 0, 1, 2, and 3 respectively.
  • Page 27 Operation Manual - CLI Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 CLI Overview OSPF view OSPF area view Routing policy view Basic ACL view Advanced ACL view Layer 2 ACL view User-defined ACL view QoS profile view RADIUS scheme view...
  • Page 28 Operation Manual - CLI Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 CLI Overview Available Prompt View Enter method Quit method operation example Execute quit command to return Execute Configure to system view. VLAN [Quidway-vla vlan VLAN view command Execute the return parameters system view.
  • Page 29 Operation Manual - CLI Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 CLI Overview Available Prompt View Enter method Quit method operation example Execute quit command to return Execute Configure to system view. Cluster [Quidway-clu cluster cluster view ster] command...
  • Page 30 Operation Manual - CLI Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 CLI Overview Available Prompt View Enter method Quit method operation example Execute quit Execute command to return route-policy Routing Configure to system view. [Quidway-ro policy1 permit policy routing...
  • Page 31 Operation Manual - CLI Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 CLI Overview Available Prompt View Enter method Quit method operation example Execute quit command to return Execute [Quidway-qo to system view. Define QoS qos-profile profile s-profile-a12 profile a123 command...

  • Page 32: Cli Features

    Operation Manual - CLI Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 CLI Overview Note: The function of <Ctrl + Z> is the same as that of the return command. 1.3 CLI Features 1.3.1 Online Help CLI provides two types of online help: complete online help and partial online help.

  • Page 33: Terminal Display

    Operation Manual - CLI Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 CLI Overview [Quidway] interface vlan-interface 1 ? <cr> The string <cr> means no argument is available in the position occupied by the "?" character. You can execute the command without providing any other information.

  • Page 34: Command History

    Operation Manual - CLI Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 CLI Overview 1.3.3 Command History CLI can store the latest executed commands as history commands so that users can recall and execute them again. By default, CLI can store 10 history commands for each user.

  • Page 35: Command Edit

    Operation Manual - CLI Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 CLI Overview Error message Description Ambiguous command The parameters entered are ambiguous. Wrong parameter found at '^' The parameter labeled by '^' is unrecognizable. position. 1.3.5 Command Edit The CLI provides basic command edit functions and supports multi-line editing.
  • Page 36 Operation Manual – Login Quidway S3900 Series Ethernet Switches-Release 1510 Table of Contents Table of Contents Chapter 1 Logging into an Ethernet Switch ................1-1 1.1 Logging into an Ethernet Switch ..................1-1 1.2 Introduction to the User Interface ..................1-1 1.2.1 Supported User Interfaces ..................
  • Page 37 Operation Manual – Login Quidway S3900 Series Ethernet Switches-Release 1510 Table of Contents Chapter 4 Logging in Using Modem.................... 4-1 4.1 Introduction ........................4-1 4.2 Configuration on the Administrator Side................4-1 4.3 Configuration on the Switch Side..................4-1 4.3.1 Modem Configuration....................4-1 4.3.2 Switch Configuration ....................

  • Page 38: Logging Into An Ethernet Switch

    Operation Manual – Login Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 Logging into an Ethernet Switch Chapter 1 Logging into an Ethernet Switch 1.1 Logging into an Ethernet Switch You can log into an S3900 series Ethernet switch in one of the following ways:...

  • Page 39: Common User Interface Configuration

    Operation Manual – Login Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 Logging into an Ethernet Switch A relative user interface index can be obtained by appending a number to the identifier of a user interface type. It is generated by user interface type. The...
  • Page 40 Operation Manual – Login Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 Logging into an Ethernet Switch Caution: The auto-execute command command may cause you unable to perform common configuration in the user interface, so use it with caution. Before executing the auto-execute command command and save your configuration, make sure you can log into the switch in other modes and cancel the configuration.

  • Page 41: Logging In Through The Console Port

    Operation Manual – Login Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 2 Logging in through the Console Port Chapter 2 Logging in through the Console Port 2.1 Introduction To log in through the Console port is the most common way to log into a switch. It is also the prerequisite to configure other login methods.
  • Page 42 Operation Manual – Login Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 2 Logging in through the Console Port the configuration shown in Figure 2-2 through Figure 2-4 for the connection to be created. Normally, the parameters of a terminal are configured as those listed in Table 2-1.

  • Page 43: Console Port Login Configuration

    Operation Manual – Login Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 2 Logging in through the Console Port Figure 2-4 Set port parameters Turn on the switch. You will be prompted to press the Enter key if the switch successfully completes POST (power-on self test). The prompt (such as <Quidway>) appears after you press the Enter key.

  • Page 44: Console Port Login Configurations For Different Authentication Modes

    Operation Manual – Login Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 2 Logging in through the Console Port Table 2-2 Common configuration of Console port login Configuration Remarks Optional Baud rate The default baud rate is 9,600 bps. Optional By default, the check mode of the Console Check mode port is set to “none”, which means no check...
  • Page 45 Operation Manual – Login Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 2 Logging in through the Console Port Table 2-3 Console port login configurations for different authentication modes Authentication Console port login Remarks mode configuration Optional Perform common Perform configuration for...

  • Page 46: Console Port Login Configuration With Authentication Mode Being None

    Operation Manual – Login Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 2 Logging in through the Console Port 2.4 Console Port Login Configuration with Authentication Mode Being None 2.4.1 Configuration Procedure Table 2-4 Console port login configuration with the authentication mode being none...
  • Page 47 Operation Manual – Login Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 2 Logging in through the Console Port Operation Command Description Optional default, screen can contain up to 24 lines. Set the maximum number of screen-length You can use the...

  • Page 48: Configuration Example

    Operation Manual – Login Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 2 Logging in through the Console Port Table 2-5 Determine the command level (A) Scenario Command Authentication level User type Command mode The user privilege level Users Level 3...

  • Page 49: Console Port Login Configuration With Authentication Mode Being Password

    Operation Manual – Login Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 2 Logging in through the Console Port <Quidway> system-view # Enter AUX user interface view. [Quidway] user-interface aux 0 # Specify not to authenticate users logging in through the Console port.
  • Page 50 Operation Manual – Login Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 2 Logging in through the Console Port Operation Command Description Optional The default baud rate of an AUX speed speed-value baud rate port (also the Console port) is 9,600 bps.
  • Page 51 Operation Manual – Login Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 2 Logging in through the Console Port Note that the level the commands of which are available to users logging into a switch depends on both the authentication-mode password and the user privilege level level command, as listed in the following table.
  • Page 52 Operation Manual – Login Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 2 Logging in through the Console Port II. Network diagram Ethernet1/0/1 Ethernet1/0/1 Ethernet Ethernet User PC running Telnet User PC running Telnet Figure 2-6 Network diagram for AUX user interface configuration (with the authentication mode being password) III.

  • Page 53: Console Port Login Configuration With Authentication Mode Being Scheme

    Operation Manual – Login Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 2 Logging in through the Console Port 2.6 Console Port Login Configuration with Authentication Mode Being Scheme 2.6.1 Configuration Procedure Table 2-8 Console port login configuration with the authentication mode being scheme...
  • Page 54 Operation Manual – Login Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 2 Logging in through the Console Port Operation Command Description Required The specified AAA scheme Configure authentication-mode determines whether authenticate users scheme [ command- authenticate users locally or locally or remotely authorization ] remotely.
  • Page 55 Operation Manual – Login Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 2 Logging in through the Console Port Operation Command Description Optional The default timeout time of a user interface is 10 minutes. With the timeout time being 10 minutes, the connection to a...
  • Page 56 Operation Manual – Login Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 2 Logging in through the Console Port The commands of level 2 are available to users logging into the AUX user interface. The baud rate of the Console port is 19,200 bps.
  • Page 57 Operation Manual – Login Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 2 Logging in through the Console Port [Quidway-ui-aux0] user privilege level 2 # Set the baud rate of the Console port to 19,200 bps. [Quidway-ui-aux0] speed 19200 # Set the maximum number of lines the screen can contain to 30.

  • Page 58: Chapter 3 Logging In Through Telnet

    Operation Manual – Login Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 3 Logging in through Telnet Chapter 3 Logging in through Telnet 3.1 Introduction You can manage and maintain a switch remotely by Telneting to the switch. To achieve this, you need to configure both the switch and the Telnet terminal accordingly.

  • Page 59: Telnet Configurations For Different Authentication Modes

    Operation Manual – Login Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 3 Logging in through Telnet Table 3-2 Common Telnet configuration Configuration Description Optional Configure the command level available to users By default, commands of level 0 is logging into the VTY user...
  • Page 60 Operation Manual – Login Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 3 Logging in through Telnet Authentication Telnet configuration Description mode Optional configuration Specify specifies Local authentication perform local whether performed by default. authentication perform local Refer RADIUS authentication AAA&RADIUS&HWTACACS&...

  • Page 61: Telnet Configuration With Authentication Mode Being None

    Operation Manual – Login Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 3 Logging in through Telnet 3.2 Telnet Configuration with Authentication Mode Being None 3.2.1 Configuration Procedure Table 3-4 Telnet configuration with the authentication mode being none Operation Command Description...
  • Page 62 Operation Manual – Login Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 3 Logging in through Telnet Operation Command Description Optional The default timeout time of a user interface is 10 minutes. With the timeout time being 10 minutes, the connection to...
  • Page 63 Operation Manual – Login Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 3 Logging in through Telnet II. Network diagram RS-232 RS-232 Console port Console port Console cable Console cable Figure 3-1 Network diagram for Telnet configuration (with the authentication mode being none) III.

  • Page 64: Telnet Configuration With Authentication Mode Being Password

    Operation Manual – Login Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 3 Logging in through Telnet 3.3 Telnet Configuration with Authentication Mode Being Password 3.3.1 Configuration Procedure Table 3-6 Telnet configuration with the authentication mode being password Operation Command Description...
  • Page 65 Operation Manual – Login Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 3 Logging in through Telnet Operation Command Description Optional The default timeout time of a user interface is 10 minutes. With the timeout time being 10 minutes, the connection to...
  • Page 66 Operation Manual – Login Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 3 Logging in through Telnet II. Network diagram RS-232 RS-232 Console port Console port Console cable Console cable Figure 3-2 Network diagram for Telnet configuration (with the authentication mode being password) III.

  • Page 67: Telnet Configuration With Authentication Mode Being Scheme

    Operation Manual – Login Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 3 Logging in through Telnet 3.4 Telnet Configuration with Authentication Mode Being Scheme 3.4.1 Configuration Procedure Table 3-8 Telnet configuration with the authentication mode being scheme Operation Command Description...
  • Page 68 Operation Manual – Login Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 3 Logging in through Telnet Operation Command Description Required The specified AAA scheme Configure authentication-mode determines whether authenticate users scheme [ command- authenticate users locally or locally or remotely authorization ] remotely.
  • Page 69 Operation Manual – Login Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 3 Logging in through Telnet Note that if you configure to authenticate the users in the scheme mode, the command level available to users logging into a switch depends on the authentication-mode...
  • Page 70 Operation Manual – Login Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 3 Logging in through Telnet Scenario Command Authenticati level User type Command on mode The user privilege level level command is executed, and the service-type command specifies the available command level.
  • Page 71 Operation Manual – Login Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 3 Logging in through Telnet The screen can contain up to 30 lines. The history command buffer can store up to 20 commands. The timeout time of VTY 0 is 6 minutes.

  • Page 72: Telneting To A Switch

    Operation Manual – Login Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 3 Logging in through Telnet [Quidway-ui-vty0] history-command max-size 20 # Set the timeout time to 6 minutes. [Quidway-ui-vty0] idle-timeout 6 3.5 Telneting to a Switch 3.5.1 Telneting to a Switch from a Terminal Assign an IP address to the interface of the management VLAN of a switch.
  • Page 73 Operation Manual – Login Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 3 Logging in through Telnet Figure 3-5 The terminal window Perform the following operations in the terminal window to assign an IP address to the management VLAN interface of the switch.
  • Page 74 Operation Manual – Login Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 3 Logging in through Telnet Workstation Workstation Ethernet port Ethernet port Ethernet Ethernet PC w ith Telnet PC w ith Telnet Server Server Workstation Workstation running on it running on it...

  • Page 75: Telneting To Another Switch From The Current Switch

    Operation Manual – Login Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 3 Logging in through Telnet Note: A Telnet connection is terminated if you delete or modify the IP address of the VLAN interface in the Telnet session. By default, commands of level 0 are available to Telnet users authenticated by password.
  • Page 76 Operation Manual – Login Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 3 Logging in through Telnet Step 5: After successfully Telneting to the switch, you can configure the switch or display the information about the switch by executing corresponding commands.

  • Page 77: Configuration On The Administrator Side

    Operation Manual – Login Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 4 Logging in Using Modem Chapter 4 Logging in Using Modem 4.1 Introduction The administrator can log into the Console port of a remote switch using a modem through PSTN (public switched telephone network) if the remote switch is connected to the PSTN through a modem to configure and maintain the switch remotely.

  • Page 78: Switch Configuration

    Operation Manual – Login Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 4 Logging in Using Modem AT&K0 ----------------------- Disable flow control AT&R1 ----------------------- Ignore RTS signal AT&S0 ----------------------- Set DSR to high level by force ATEQ1&W ----------------------- Disable the modem from returning command response and the result, save the changes You can verify your configuration by executing the AT&V command.

  • Page 79: Modem Connection Establishment

    Operation Manual – Login Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 4 Logging in Using Modem III. Configuration on switch when the authentication mode is scheme Refer to section 2.6 “Console Port Login Configuration with Authentication Mode Being Scheme”. 4.4 Modem Connection Establishment Before using Modem to log in the switch, perform corresponding configuration for different authentication modes on the switch.
  • Page 80 Operation Manual – Login Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 4 Logging in Using Modem Serial cable Serial cable Modem Modem Telephone line Telephone line PSTN PSTN Modem Modem Console port Console port Telephone number: 82882285 Telephone number: 82882285...
  • Page 81 Operation Manual – Login Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 4 Logging in Using Modem Figure 4-3 Call the modem Provide the password when prompted. If the password is correct, the prompt (such as <Quidway>) appears. You can then configure or manage the switch. You can also enter the character ? at anytime for help.

  • Page 82: Http Connection Establishment

    Operation Manual – Login Chapter 5 Logging in through Web-based Quidway S3900 Series Ethernet Switches-Release 1510 Network Management System Chapter 5 Logging in through Web-based Network Management System 5.1 Introduction An S3900 series switch has a Web server built in. You can log into an S3900 series switch through a Web browser and manage and maintain the switch intuitively by interacting with the built-in Web server.
  • Page 83 Operation Manual – Login Chapter 5 Logging in through Web-based Quidway S3900 Series Ethernet Switches-Release 1510 Network Management System (1) (1) (2) (2) (3) (3) (1) RS-232 port (2) Console port (3) Configuration cable Figure 5-1 Connect to the Console port Launch a terminal emulation utility (such as Terminal in Windows 3.X or...
  • Page 84 Operation Manual – Login Chapter 5 Logging in through Web-based Quidway S3900 Series Ethernet Switches-Release 1510 Network Management System [Quidway-Vlan-interface1] ip address 10.153.17.82 255.255.255.0 Configure the user name and the password for the Web-based network management system. Add a WEB user account for the switch, setting the user level to level 3 (the administration level).

  • Page 85: Web Server Shutdown/Startup

    Operation Manual – Login Chapter 5 Logging in through Web-based Quidway S3900 Series Ethernet Switches-Release 1510 Network Management System When the login interface (as shown in Figure 5-4) appears, enter the user name and the password configured in step 2 and click <Login> to bring up the main page of the Web-based network management system.
  • Page 86 Operation Manual – Login Chapter 5 Logging in through Web-based Quidway S3900 Series Ethernet Switches-Release 1510 Network Management System Caution: After the Web file is upgraded, you need to reboot and then specify the new Web file in the Boot menu. Otherwise, you cannot use the Web Server normally.

  • Page 87: Connection Establishment Using Nms

    Operation Manual – Login Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 6 Logging in through NMS Chapter 6 Logging in through NMS 6.1 Introduction You can also log into a switch through an NMS (network management station), and then configure and manage the switch through the agent module on the switch.
  • Page 88 Operation Manual – Login Chapter 7 Configuring Source IP Address Quidway S3900 Series Ethernet Switches-Release 1510 for Telnet Service Packets Chapter 7 Configuring Source IP Address for Telnet Service Packets You can configure source IP address or source interface for the Telnet server and Telnet client.

  • Page 89: Displaying Source Ip Address Configuration

    Operation Manual – Login Chapter 7 Configuring Source IP Address Quidway S3900 Series Ethernet Switches-Release 1510 for Telnet Service Packets Note: To perform the configurations listed in Table 7-1 and Table 7-2, make sure that: The IP address specified is that of the local device.

  • Page 90: Controlling Telnet Users

    Operation Manual – Login Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 8 User Control Chapter 8 User Control 8.1 Introduction A switch provides ways to control different types of login users, as listed in Table 8-1. Table 8-1 Ways to control different types of login users...

  • Page 91: Controlling Telnet Users By Source And Destination Ip Addresses

    Operation Manual – Login Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 8 User Control Table 8-2 Control Telnet users by source IP addresses Operation Command Description Enter system view system-view — number Create a basic ACL number acl-number command, config...

  • Page 92: Controlling Telnet Users By Source Mac Addresses

    Operation Manual – Login Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 8 User Control Operation Command Description rule [ rule-id ] { permit | deny } protocol [ source { source-addr wildcard | destination { dest-addr wildcard | any } ]...
  • Page 93 Operation Manual – Login Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 8 User Control Operation Command Description rule [ rule-id ] { permit | deny } [ [ type protocol-type type-mask | lsap lsap-type type-mask ] | format-type | Required...

  • Page 94: Controlling Network Management Users By Source Ip Addresses

    Operation Manual – Login Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 8 User Control <Quidway> system-view [Quidway] acl number 2000 match-order config [Quidway-acl-basic-2000] rule 1 permit source 10.110.100.52 0 [Quidway-acl-basic-2000] rule 2 permit source 10.110.100.46 0 [Quidway-acl-basic-2000] rule 3 deny source any [Quidway-acl-basic-2000] quit # Apply the ACL.
  • Page 95 Operation Manual – Login Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 8 User Control Operation Command Description Quit system — quit view snmp-agent community Optional Apply read write while configuring By default, SNMPv1 and community-name SNMP SNMPv2c community [ [ mib-view view-name ] | community name name to access.

  • Page 96: Controlling Web Users By Source Ip Address

    Operation Manual – Login Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 8 User Control II. Network diagram Internet Internet Sw itch Sw itch Figure 8-2 Network diagram for controlling SNMP users using ACLs III. Configuration procedure # Define a basic ACL.

  • Page 97: Controlling Web Users By Source Ip Addresses

    Operation Manual – Login Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 8 User Control 8.4.2 Controlling Web Users by Source IP Addresses Controlling Web users by source IP addresses is achieved by applying basic ACLs, which are numbered from 2000 to 2999.
  • Page 98 Operation Manual – Login Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 8 User Control II. Network diagram Internet Internet Sw itch Sw itch Figure 8-3 Network diagram for controlling Web users using ACLs III. Configuration procedure # Define a basic ACL.
  • Page 99 Operation Manual – Configuration File Management Quidway S3900 Series Ethernet Switches-Release 1510 Table of Contents Table of Contents Chapter 1 Configuration File Management ................. 1-1 1.1 Introduction to Configuration File..................1-1 1.2 Configuration File-Related Operations ................1-1 Huawei Technologies Proprietary...

  • Page 100: Introduction To Configuration File

    Operation Manual – Configuration File Management Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 Configuration File Management Chapter 1 Configuration File Management 1.1 Introduction to Configuration File Configuration file records and stores user configurations performed to a switch. It also enables users to check switch configurations easily.
  • Page 101 Operation Manual – Configuration File Management Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 Configuration File Management Table 1-1 Configure a configuration file Operation Command Description Save the current configuration to a specified Optional configuration file save [ cfgfile | [safely ]...
  • Page 102 Operation Manual – Configuration File Management Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 Configuration File Management Caution: Currently, the extension of a configuration file is cfg. Configuration files are saved in the root directory of the Flash. In the following conditions, it may be necessary for you to remove the configuration files...
  • Page 103 Operation Manual – VLAN Quidway S3900 Series Ethernet Switches-Release 1510 Table of Contents Table of Contents Chapter 1 VLAN Overview ......................1-1 1.1 VLAN Overview........................1-1 1.1.1 Introduction to VLAN ....................1-1 1.1.2 VLAN Principles ...................... 1-2 1.2 Port-Based VLAN....................... 1-3 1.3 Protocol-Based VLAN......................

  • Page 104: Vlan Overview

    Operation Manual -- VLAN Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 VLAN Overview Chapter 1 VLAN Overview 1.1 VLAN Overview 1.1.1 Introduction to VLAN The traditional Ethernet is a flat network, where all hosts are in the same broadcast domain and connected with each other through hubs or switches.

  • Page 105: Vlan Principles

    Operation Manual -- VLAN Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 VLAN Overview A VLAN can span across multiple switches, or even routers. This enables hosts in a VLAN to be dispersed in a looser way. That is, hosts in a VLAN can belong to different physical network segment.

  • Page 106: Port-Based Vlan

    VLAN of the inbound port for transmission. For the details about setting the default VLAN of a port, refer to section “Port Basic Configuration” in Quidway S3900 Series Ethernet Switches – Operation Manual.
  • Page 107 Operation Manual -- VLAN Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 VLAN Overview I. Ethernet II and 802.3 encapsulation In the link layer, there are two main packet encapsulation types: Ethernet II and 802.3, whose encapsulation formats are described in the following figures.
  • Page 108 Operation Manual -- VLAN Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 VLAN Overview DA&SA(12) DA&SA(12) Length(2) Length(2) DSAP(1) SSAP(1) Control(1) DSAP(1) SSAP(1) Control(1) DATA DATA Figure 1-7 802.3 LLC encapsulation format The DSAP field and the SSAP field in the LLC part are used to identify the upper layer protocol.

  • Page 109: Procedure For The Switch To Judge Packet Protocol

    Operation Manual -- VLAN Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 VLAN Overview 1.3.3 Procedure for the Switch to Judge Packet Protocol Receive packets Receive packets Receive packets Receive packets 0x05DC to 0x0600 0x05DC to 0x0600 0x05DC to 0x0600...
  • Page 110 Operation Manual -- VLAN Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 VLAN Overview The protocol template is the standard to determine the protocol to which a packet belongs. Protocol templates include standard templates and user-defined templates: The standard template adopts the RFC-defined packet encapsulation formats and values of some specific fields as the matching criteria.

  • Page 111: Vlan Configuration

    Operation Manual -- VLAN Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 2 VLAN Configuration Chapter 2 VLAN Configuration 2.1 VLAN Configuration 2.1.1 Basic VLAN Configuration Table 2-1 Basic VLAN configuration Operation Command Description Enter system view system-view — Create multiple...

  • Page 112: Displaying Vlan Configuration

    Operation Manual -- VLAN Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 2 VLAN Configuration II. Configuration procedure Table 2-2 Basic VLAN interface configuration Operation Command Description Enter system view system-view — Create VLAN Required interface and enter interface Vlan-interface The vlan-id argument ranges...
  • Page 113 VLAN, you can use the port trunk permit vlan command or the port hybrid vlan command only in Ethernet port view. For the configuration procedure, refer to the section "Port Basic Configuration – Operation" in Quidway S3900 Series Ethernet Switches – Operation Manual.

  • Page 114: Configuring A Protocol-Based Vlan

    Operation Manual -- VLAN Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 2 VLAN Configuration II. Network diagram Switch Switch E1/0/1 E1/0/1 E1/0/2 E1/0/2 E1/0/3 E1/0/3 E1/0/4 E1/0/4 VLAN2 VLAN2 VLAN2 VLAN2 VLAN2 VLAN2 VLAN2 VLAN2 VLAN3 VLAN3 VLAN3 VLAN3 VLAN3...

  • Page 115: Associating A Port With The Protocol-Based Vlan

    Operation Manual -- VLAN Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 2 VLAN Configuration Operation Command Description protocol-vlan [ protocol-index ] { at | ip | ipx { ethernetii | llc | raw | Create protocol snap } | mode { ethernetii...

  • Page 116: Displaying Protocol-Based Vlan Configuration

    Operation Manual -- VLAN Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 2 VLAN Configuration II. Configuration procedure Table 2-6 Associate a port with the protocol-based VLAN Operation Command Description Enter system view system-view — interface interface-type Enter port view Required...
  • Page 117 Operation Manual -- VLAN Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 2 VLAN Configuration 2.3.4 Protocol-Based VLAN Configuration Example I. Standard-template-protocol-based VLAN configuration example Network requirements Create VLAN 5 and configure it to be a protocol-based VLAN, with the protocol-index being 1 and the protocol being IP.
  • Page 118 Operation Manual – IP Address and Performance Confiugration Quidway S3900 Series Ethernet Switches-Release 1510 Table of Contents Table of Contents Chapter 1 IP Address Configuration ................... 1-1 1.1 IP Address Overview ......................1-1 1.1.1 IP Address Classification and Representation............1-1 1.1.2 Subnet and Mask ....................

  • Page 119: Ip Address Overview

    Operation Manual – IP Address and Performance Confiugration Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 IP Address Configuration Chapter 1 IP Address Configuration 1.1 IP Address Overview 1.1.1 IP Address Classification and Representation An IP address is a 32-bit address allocated to a device connected to the Internet. It consists of two fields: net-id and host-id.
  • Page 120 Operation Manual – IP Address and Performance Confiugration Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 IP Address Configuration Table 1-1 Classes and ranges of IP addresses Network IP network Address range Description type range An IP address with all 0s...

  • Page 121: Subnet And Mask

    Operation Manual – IP Address and Performance Confiugration Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 IP Address Configuration 1.1.2 Subnet and Mask The traditional IP address classification method wastes IP addresses greatly. In order to make full use of the available IP addresses, the concepts of mask and subnet were introduced.

  • Page 122: Configuring An Ip Address For A Vlan Interface

    Operation Manual – IP Address and Performance Confiugration Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 IP Address Configuration Allocated by the BOOTP server Allocated by the DHCP server The three methods are mutually exclusive and the use of a new method will result in the IP address obtained by the old method being released.

  • Page 123: Ip Address Configuration Example

    Operation Manual – IP Address and Performance Confiugration Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 IP Address Configuration Table 1-3 Display IP address configuration Operation Command Description display interface View VLAN [ brief [ interface-type You can execute the display...
  • Page 124 Operation Manual – IP Address and Performance Confiugration Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 IP Address Configuration can only send but cannot receive ARP packets, errors may occur at the Ethernet physical layer. Huawei Technologies Proprietary...

  • Page 125: Ip Performance Configuration

    Operation Manual – IP Address and Performance Confiugration Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 2 IP Performance Configuration Chapter 2 IP Performance Configuration 2.1 IP Performance Configuration 2.1.1 Introduction to IP Performance Configuration IP performance configuration mainly refers to TCP attribute configuration. The TCP attributes that can be configured include: synwait timer: This timer is started when TCP sends a syn packet.

  • Page 126: Configuring Direct-Connected Broadcast Packet Receiving And Forwarding

    Operation Manual – IP Address and Performance Confiugration Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 2 IP Performance Configuration Operation Command Description Optional Configure timeout time for tcp timer fin-timeout By default, the value the finwait timer in TCP time-value of the TCP finwait timer is 675 seconds.
  • Page 127 Operation Manual – IP Address and Performance Confiugration Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 2 IP Performance Configuration Operation Command Description View IP traffic statistics display ip statistics View ICMP traffic display icmp statistics statistics display ip socket [ socktype...
  • Page 128 Operation Manual – IP Address and Performance Confiugration Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 2 IP Performance Configuration 2.3 Troubleshooting Symptom: IP packets are forwarded normally, but TCP and UDP cannot work normally. Solution: Enable the corresponding debugging information output to view the debugging information.
  • Page 129 Operation Manual - Management VLAN Quidway S3900 Series Ethernet Switches-Release 1510 Table of Contents Table of Contents Chapter 1 Management VLAN Configuration ................1-1 1.1 Introduction to Management VLAN..................1-1 1.1.1 Management VLAN....................1-1 1.1.2 Static Route......................1-1 1.2 Management VLAN Configuration ..................1-2 1.2.1 Prerequisites ......................

  • Page 130: Management Vlan

    Operation Manual - Management VLAN Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 Management VLAN Configuration Chapter 1 Management VLAN Configuration 1.1 Introduction to Management VLAN 1.1.1 Management VLAN To manage an Ethernet switch remotely through Telnet or network management, the switch need to be assigned an IP address.

  • Page 131: Management Vlan Configuration

    Operation Manual - Management VLAN Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 Management VLAN Configuration 1.2 Management VLAN Configuration 1.2.1 Prerequisites Before configuring the management VLAN, make sure the VLAN operating as the management VLAN exists. If VLAN 1 (the default VLAN) is the management VLAN, just go ahead.
  • Page 132 Operation Manual - Management VLAN Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 Management VLAN Configuration Operation Command Description Shut down the Optional management shutdown By default, a management VLAN VLAN interface interface is down if all the Ethernet ports management VLAN are down;...

  • Page 133: Displaying Management Vlan Configuration

    Operation Manual - Management VLAN Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 Management VLAN Configuration # Configure the IP address of VLAN 10 interface to be 1.1.1.1. [QuidwayA-Vlan-interface10] ip address 1.1.1.1 255.255.255.0 [QuidwayA-Vlan-interface10] quit # Configure a default route.

  • Page 134: Introduction To Dhcp Client

    Operation Manual - Management VLAN Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 2 DHCP/BOOTP Client Configuration Chapter 2 DHCP/BOOTP Client Configuration 2.1 Introduction to DHCP Client As the network scale expands and the network complexity increases, the network configurations become more and more complex accordingly. It is usually the case that the computer locations change (such as the portable computers or wireless networks) or the number of the computers exceeds that of the available IP addresses.
  • Page 135 Operation Manual - Management VLAN Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 2 DHCP/BOOTP Client Configuration DHCP Client DHCP Client DHCP Client DHCP Server DHCP Server DHCP Server DHCP Client DHCP Client DHCP Client DHCP Server DHCP Server DHCP Server...

  • Page 136: Introduction To Bootp Client

    Operation Manual - Management VLAN Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 2 DHCP/BOOTP Client Configuration Acknowledgement. Upon receiving the DHCP_Request packet, the DHCP server that owns the IP address the DHCP_Request packet carries sends a DHCP_ACK packet to the DHCP client. In this way, the DHCP client binds TCP/IP protocol components to its MAC address.

  • Page 137: Dhcp/Bootp Client Configuration

    Operation Manual - Management VLAN Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 2 DHCP/BOOTP Client Configuration The BOOTP packets are based on user datagram protocol (UDP). To ensure reliable packet transmission, a timer is triggered when the BOOTP client sends a request packet to the server.

  • Page 138: Displaying Dhcp/Bootp Client

    Operation Manual - Management VLAN Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 2 DHCP/BOOTP Client Configuration Configuring the management VLAN interface to obtain an IP address through DHCP Configuring a default route II. Configuration procedures # Enter system view. <QuidwayA> system-view # Create VLAN 10 and configure VLAN 10 to be the management VLAN.
  • Page 139 Operation Manual – Voice VLAN Quidway S3900 Series Ethernet Switches-Release 1510 Table of Contents Table of Contents Chapter 1 Voice VLAN Configuration..................1-1 1.1 Voice VLAN Overview ....................... 1-1 1.1.1 Configuring Operation Modes of Voice VLAN according to Voice Stream ..... 1-2 1.1.2 Supporting Information of Voice VLAN on Various Ports ........

  • Page 140: Voice Vlan Overview

    Operation Manual – Voice VLAN Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 Voice VLAN Configuration Chapter 1 Voice VLAN Configuration 1.1 Voice VLAN Overview Voice VLANs are VLANs configured specially for voice data stream. By adding the ports with voice devices attached to voice VLANs, you can perform QoS (quality of service)-related configuration for voice data, ensuring the transmission priority of voice data stream and voice quality.

  • Page 141: Configuring Operation Modes Of Voice Vlan According To Voice Stream

    Operation Manual – Voice VLAN Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 Voice VLAN Configuration 1.1.1 Configuring Operation Modes of Voice VLAN according to Voice Stream A voice VLAN can operate in two modes: automatic mode and manual mode. You can configure the operation mode for a voice VLAN according to data stream passing through the ports of the voice VLAN.
  • Page 142 Operation Manual – Voice VLAN Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 Voice VLAN Configuration Table 1-2 Matching relationship between port modes and voice stream types Port voice Voice stream Port VLAN Supported or not type type mode Access...

  • Page 143: Voice Vlan Configuration

    Operation Manual – Voice VLAN Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 Voice VLAN Configuration Caution: If the voice stream transmitted by an IP voice device is with VLAN tag and the port which the IP voice device is attached to is enabled with 802.1x authentication and 802.1x guest VLAN assign different VLAN IDs for the voice VLAN, the default VLAN...
  • Page 144 Operation Manual – Voice VLAN Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 Voice VLAN Configuration Operation Command Description Optional voice vlan mac-address address that can By default, the switch uses the mask oui-mask be identified by the default address...

  • Page 145: Configuring A Voice Vlan To Operate In Manual Mode

    Operation Manual – Voice VLAN Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 Voice VLAN Configuration 1.2.3 Configuring a voice VLAN to operate in manual mode Table 1-4 Configure a voice VLAN to operate in manual mode Operation Command Description —...
  • Page 146 VLAN do not operate in the security mode. Note: To add a Trunk port or a Hybrid port to the voice VLAN, refer to the Port Basic Configurations part of the Quidway S3900 Series Ethernet Switches Command Manual for the related command. Huawei Technologies Proprietary...

  • Page 147: Voice Vlan Configuration Displaying

    Operation Manual – Voice VLAN Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 Voice VLAN Configuration 1.3 Voice VLAN Configuration Displaying After the above configurations, you can execute the display command in any view to view the running status and verify the configuration effect.

  • Page 148: Voice Vlan Configuration Example (Manual Mode)

    Operation Manual – Voice VLAN Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 Voice VLAN Configuration # Enable the voice VLAN function for the port and configure the port to operate in automatic mode. [Quidway-GigabitEthernet1/0/1] voice vlan enable [Quidway-GigabitEthernet1/0/1] voice vlan mode auto # Enable the voice VLAN function globally.
  • Page 149 Operation Manual – Voice VLAN Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 Voice VLAN Configuration Voice Vlan ID: 3 Voice Vlan security mode: Security Voice Vlan aging time: 1440 minutes Current voice vlan enabled port mode: PORT MODE ----------------------------------------...
  • Page 150 Operation Manual – GVRP Quidway S3900 Series Ethernet Switches-Release 1510 Table of Contents Table of Contents Chapter 1 GVRP Configuration ....................1-1 1.1 Introduction to GVRP......................1-1 1.1.1 GVRP Mechanism....................1-1 1.1.2 GVRP Packet Format....................1-3 1.1.3 Protocol Specifications.................... 1-4 1.2 GVRP Configuration ......................

  • Page 151: Chapter 1 Gvrp Configuration

    Operation Manual – GVRP Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 GVRP Configuration Chapter 1 GVRP Configuration 1.1 Introduction to GVRP GVRP (GARP VLAN registration protocol) is an implementation of GARP (generic attribute registration protocol). It maintains dynamic VLAN registration information and propagates the information to other switches by adopting the same mechanism as that of GARP.
  • Page 152 Operation Manual – GVRP Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 GVRP Configuration attribute information to be registered can be propagated to all the switches in the same switched network. GARP uses the following timers: Hold: When a GARP entity receives a piece of registration information, it does not send out a Join message immediately.

  • Page 153: Gvrp Packet Format

    Operation Manual – GVRP Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 GVRP Configuration them by their destination MAC addresses and delivers them to different GARP application (for example, GVRP) for further processing. 1.1.2 GVRP Packet Format The GVRP packets are in the following format: Figure 1-1 Format of GVRP packets The following table describes the fields of a GVRP packet.

  • Page 154: Protocol Specifications

    Operation Manual – GVRP Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 GVRP Configuration Field Description Value 0: LeaveAll Event 1: JoinEmpty 2: JoinIn The event described by the Attribute Event attribute 3: LeaveEmpty 4: LeaveIn 5: Empty The attribute value of GVRP...
  • Page 155 Operation Manual – GVRP Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 GVRP Configuration Operation Command Description Exit and return to quit — system view Required Enable GVRP gvrp By default, GVRP is disabled globally globally. Enter Ethernet interface interface-type —...

  • Page 156: Displaying And Maintaining Gvrp

    Operation Manual – GVRP Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 GVRP Configuration Timer Lower threshold Upper threshold This lower threshold This upper threshold is less than the greater than twice the timeout timeout time of the LeaveAll timer.

  • Page 157: Network Diagram

    Operation Manual – GVRP Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 GVRP Configuration 1.4.2 Network diagram E1/0/1 E1/0/2 Switch A Switch A Switch A Switch A Switch B Switch B Switch B Switch B Figure 1-2 Network diagram for GVRP configuration 1.4.3 Configuration procedure...
  • Page 158 Operation Manual – Port Basic Configuration Quidway S3900 Series Ethernet Switches-Release 1510 Table of Contents Table of Contents Chapter 1 Port Basic Configuration .................... 1-1 1.1 Ethernet Port Overview...................... 1-1 1.1.1 Types and Numbers of Ethernet Ports..............1-1 1.1.2 Link Types of Ethernet Ports................... 1-2 1.1.3 Configuring the Default VLAN ID for an Ethernet Port..........

  • Page 159: Ethernet Port Overview

    Operation Manual – Port Basic Configuration Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 Port Basic Configuration Chapter 1 Port Basic Configuration 1.1 Ethernet Port Overview 1.1.1 Types and Numbers of Ethernet Ports Table 1-1 lists the types and numbers of the ports available on the Quidway S3900 series Ethernet switches.

  • Page 160: Link Types Of Ethernet Ports

    Operation Manual – Port Basic Configuration Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 Port Basic Configuration 1.1.2 Link Types of Ethernet Ports An Ethernet port on an S3900 switch can operate in one of the three link types: Access: An access port can belong to only one VLAN, and is generally used to connect user PCs.

  • Page 161: Adding An Ethernet Port To Specified Vlans

    Operation Manual – Port Basic Configuration Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 Port Basic Configuration Table 1-2 Processing of incoming/outgoing packets Processing of an incoming packet If the Port Processing of an outgoing packet If the packet carries a...

  • Page 162: Ethernet Port Configuration

    Operation Manual – Port Basic Configuration Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 Port Basic Configuration An access port can only be added to one VLAN, while hybrid and trunk ports can be added to multiple VLANs. Note: The access ports or hybrid ports must be added to an existing VLAN.

  • Page 163: Limiting Traffic On Individual Ports

    Operation Manual – Port Basic Configuration Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 Port Basic Configuration 1.2.2 Limiting Traffic on individual Ports By performing the following configurations, you can limit different types of incoming traffic on individual ports. When a type of incoming traffic exceeds the threshold you set, the system drops the packets exceeding the traffic limit to reduce the traffic ratio of this type to the reasonable range, so as to keep normal network service.

  • Page 164: Configuring Access Port Attribute

    Operation Manual – Port Basic Configuration Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 Port Basic Configuration Operation Command Remarks interface Enter Ethernet port view interface-type — interface-number Enable flow control on By default, flow control is not flow-control the Ethernet port enabled on the port.

  • Page 165: Configuring Trunk Port Attribute

    Operation Manual – Port Basic Configuration Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 Port Basic Configuration Operation Command Remarks Optional For a hybrid port, you can Add the current hybrid port hybrid vlan configure to tag the packets port to a specified...

  • Page 166: Configuring Loopback Detection For An Ethernet Port

    Operation Manual – Port Basic Configuration Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 Port Basic Configuration Link aggregation control protocol (LACP) configuration: includes LACP enable/disable status; QoS configuration: includes rate limit, port priority, and default 802.1p priority on the port;...

  • Page 167: Configuring The Ethernet Port To Run Loopback Test

    Operation Manual – Port Basic Configuration Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 Port Basic Configuration Table 1-10 Set loopback detection for an Ethernet port Operation Command Remarks Enter system view system-view — Optional Enable loopback loopback-detection By default, loopback detection...

  • Page 168: Enabling The System To Test Connected Cable

    Operation Manual – Port Basic Configuration Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 Port Basic Configuration Table 1-11 Configure the Ethernet port to run loopback test Operation Command Remarks Enter system view system-view — interface interface-type Enter Ethernet port view —...

  • Page 169: Enabling Giant-Frame Statistics Function

    Operation Manual – Port Basic Configuration Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 Port Basic Configuration When you use the display interface interface-type interface-number command to display the information of a port, the system performs statistical analysis on the traffic flow passing through the port during the specified interval and displays the average rates in the interval.

  • Page 170: Ethernet Port Configuration Example

    Operation Manual – Port Basic Configuration Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 Port Basic Configuration Table 1-15 Display basic port configuration Operation Command Remarks Display port display interface configuration [ interface-type | interface-type information interface-number ] display Display...

  • Page 171: Troubleshooting Ethernet Port Configuration

    Operation Manual – Port Basic Configuration Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 Port Basic Configuration II. Network diagram E1/0/1 E1/0/1 E1/0/1 E1/0/1 Switch A Switch A Switch B Switch B Figure 1-1 Network diagram for Ethernet port configuration III.
  • Page 172 Operation Manual – Link Aggregation Quidway S3900 Series Ethernet Switches-Release 1510 Table of Contents Table of Contents Chapter 1 Link Aggregation Configuration ................1-1 1.1 Overview ..........................1-1 1.1.1 Introduction to Link Aggregation ................1-1 1.1.2 Introduction to LACP ....................1-1 1.1.3 Operation Key ......................

  • Page 173: Introduction To Link Aggregation

    Operation Manual – Link Aggregation Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 Link Aggregation Configuration Chapter 1 Link Aggregation Configuration 1.1 Overview 1.1.1 Introduction to Link Aggregation Link aggregation means aggregating several ports together to form an aggregation group, so as to implement outgoing/incoming load sharing among the member ports in the group and to enhance the connection reliability.

  • Page 174: Operation Key

    Operation Manual – Link Aggregation Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 Link Aggregation Configuration After LACP is enabled on a port, LACP notifies the following information of the port to its peer by sending LACPDUs: priority and MAC address of this system, priority, number and operation key of the port.

  • Page 175: Static Lacp Aggregation Group

    Operation Manual – Link Aggregation Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 Link Aggregation Configuration Port precedence descends in the following order: full duplex/high speed, full duplex/low speed, half duplex/high speed, half duplex/low speed. The system sets the ports unable to aggregate with the master port (due to some hardware limit, for example, cross-board aggregation unavailability) to unselected state.

  • Page 176: Dynamic Lacp Aggregation Group

    Operation Manual – Link Aggregation Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 Link Aggregation Configuration the system will remain the member ports of the group in LACP-enabled state and re-aggregate the ports to form one or more dynamic LACP aggregation groups.
  • Page 177 Operation Manual – Link Aggregation Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 Link Aggregation Configuration aggregation only when it is LACP-enabled. Ports can be aggregated into a dynamic aggregation group only when they are connected to the same peer device and have the same basic configuration (such as rate and duplex mode).

  • Page 178: Aggregation Group Categories

    Operation Manual – Link Aggregation Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 Link Aggregation Configuration When two device IDs are compared, the system priorities are compared first, and the system MAC addresses are compared when the system priorities are the same. The device with smaller device ID will be considered as the preferred one.

  • Page 179: Link Aggregation Configuration

    Operation Manual – Link Aggregation Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 Link Aggregation Configuration The priorities of aggregation groups for allocating load-sharing aggregation resources are as follows: An aggregation group containing special ports (such as 10GE port) which require hardware aggregation resources has higher priority than any aggregation group containing no special port.

  • Page 180: Configuring A Manual Aggregation Group

    Operation Manual – Link Aggregation Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 Link Aggregation Configuration Caution: The commands of link aggregation cannot be configured with the commands of port loopback detection feature at the same time. The ports where the mac-address max-mac-count command is configured cannot be added to an aggregation group.

  • Page 181: Configuring A Static Lacp Aggregation Group

    Operation Manual – Link Aggregation Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 Link Aggregation Configuration When creating an aggregation group: If the aggregation group you are creating already exists but contains no port, its type will change to the type you set.

  • Page 182: Configuring A Dynamic Lacp Aggregation Group

    Operation Manual – Link Aggregation Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 Link Aggregation Configuration Operation Command Description Add the port to the port link-aggregation Required aggregation group group agg-id Note: For a static LACP aggregation group or a manual aggregation group, you are recommended not to cross cables between the two devices at the two ends of the aggregation group.

  • Page 183: Displaying And Maintaining Link Aggregation Configuration

    Operation Manual – Link Aggregation Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 Link Aggregation Configuration Operation Command Description interface Enter Ethernet — interface-type port view interface-number Required Enable LACP on lacp enable the port By default, LACP is disabled on a port.

  • Page 184: Link Aggregation Configuration Example

    Operation Manual – Link Aggregation Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 Link Aggregation Configuration 1.4 Link Aggregation Configuration Example I. Network requirements Switch A connects to Switch B with three ports Ethernet1/0/1 to Ethernet1/0/3. It is required that incoming/outgoing load between the two switch can be shared among the three ports.
  • Page 185 Operation Manual – Link Aggregation Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 Link Aggregation Configuration [Quidway-Ethernet1/0/1] port link-aggregation group 1 [Quidway-Ethernet1/0/1] interface Ethernet1/0/2 [Quidway-Ethernet1/0/2] port link-aggregation group 1 [Quidway-Ethernet1/0/2] interface Ethernet1/0/3 [Quidway-Ethernet1/0/3] port link-aggregation group 1 Adopting dynamic LACP aggregation mode # Enable LACP on Ethernet1/0/1 through Ethernet1/0/3.
  • Page 186 Operation Manual - Port Isolation Quidway S3900 Series Ethernet Switches-Release 1510 Table of Contents Table of Contents Chapter 1 Port Isolation Configuration ..................1-1 1.1 Port Isolation Overview...................... 1-1 1.2 Port Isolation Configuration ....................1-1 1.3 Displaying Port Isolation Configuration................1-2 1.4 Port Isolation Configuration Example ................

  • Page 187: Port Isolation Overview

    Operation Manual - Port Isolation Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 Port Isolation Configuration Chapter 1 Port Isolation Configuration 1.1 Port Isolation Overview Through the port isolation feature, you can add the ports to be controlled into an isolation group to isolate the Layer 2 and Layer 3 data between each port in the isolation group.

  • Page 188: Displaying Port Isolation Configuration

    Operation Manual - Port Isolation Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 Port Isolation Configuration 1.3 Displaying Port Isolation Configuration After the above configuration, you can execute the display command in any view to display the running state after port isolation configuration. You can verify the configuration effect through checking the displayed information.
  • Page 189 Operation Manual - Port Isolation Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 Port Isolation Configuration <Quidway> system-view System View: return to User View with Ctrl+Z. [Quidway] interface ethernet1/0/2 [Quidway-Ethernet1/0/2] port isolate [Quidway-Ethernet1/0/2] quit [Quidway] interface ethernet1/0/3 [Quidway-Ethernet1/0/3] port isolate...
  • Page 190 Operation Manual – Port Security & Port Binding Quidway S3900 Series Ethernet Switches-Release 1510 Table of Contents Table of Contents Chapter 1 Port Security Configuration..................1-1 1.1 Introduction to Port Security ....................1-1 1.1.1 Port Security Overview.................... 1-1 1.1.2 Port Security Features .................... 1-1 1.1.3 Port Security Modes....................

  • Page 191: Introduction To Port Security

    Operation Manual – Port Security & Port Binding Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 Port Security Configuration Chapter 1 Port Security Configuration 1.1 Introduction to Port Security 1.1.1 Port Security Overview Port security is a security mechanism that controls network access. It is an expansion to the current 802.1x and MAC address authentication.
  • Page 192 Operation Manual – Port Security & Port Binding Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 Port Security Configuration Table 1-1 Description of the port security modes Security Description Feature mode In this mode, the learned MAC addresses will change to Security MAC addresses.
  • Page 193 Operation Manual – Port Security & Port Binding Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 Port Security Configuration Security Description Feature mode The port is enabled only after the access user passes the 802.1x authentication. Even after the port is enabled, only the packets of the successfully authenticated user can pass through the port.

  • Page 194: Port Security Configuration

    Operation Manual – Port Security & Port Binding Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 Port Security Configuration 1.2 Port Security Configuration 1.2.1 Configuring Basic Port Security Attribute Table 1-2 Basic port security configuration Operation Command Description Enter system view...
  • Page 195 The dot1x, dot1x port-method, dot1x port-control, and mac-authentication commands are inapplicable. Note: Refer to the 802.1x module of Quidway S3900 Series Ethernet Switches Operation Manual for details on 802.1x authentication. You cannot add a port that configured port security feature to a link aggregation group.

  • Page 196: Configuring Security Mac

    Operation Manual – Port Security & Port Binding Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 Port Security Configuration 1.2.2 Configuring Security MAC Security MAC is a special type MAC address and similar with static MAC address. One Security MAC can only be added to one port in the same VLAN. Using this feature, you can bind a MAC address with a port in the same VLAN.

  • Page 197: Displaying Port Security Configuration

    Operation Manual – Port Security & Port Binding Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 Port Security Configuration Note that: The port-security port-mode autolearn command cannot be configured with the following features at the same time: Static and black-hole MAC address Voice VLAN feature 802.1x feature...
  • Page 198 Operation Manual – Port Security & Port Binding Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 Port Security Configuration II. Network diagram Switch A Switch A Switch A Switch A Switch A Switch A Switch A Switch A Switch B...

  • Page 199: Displaying Port Binding Configuration

    Operation Manual – Port Security & Port Binding Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 2 Port Binding Configuration Chapter 2 Port Binding Configuration 2.1 Introduction to Port Binding 2.1.1 Port Binding Overview The network manager may bind the MAC addresses and IP addresses of legal user to specific port through the port binding feature.

  • Page 200: Port Binding Configuration Example

    Operation Manual – Port Security & Port Binding Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 2 Port Binding Configuration Table 2-2 Display port binding configuration Operation Command Description display user-bind Display interface interface-type The display command can be information about interface-number executed in any view.
  • Page 201 Operation Manual - DLDP Quidway S3900 Series Ethernet Switches-Release 1510 Table of Contents Table of Contents Chapter 1 DLDP Configuration ....................1-1 1.1 DLDP Overview ......................... 1-1 1.1.1 DLDP Fundamentals....................1-2 1.1.2 Precautions During DLDP Configuration ..............1-6 1.2 DLDP Configuration......................1-7 1.2.1 DLDP Configuration Tasks..................

  • Page 202: Dldp Overview

    Operation Manual - DLDP Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 DLDP Configuration Chapter 1 DLDP Configuration 1.1 DLDP Overview You may have encountered unidirectional links in networking. When a unidirectional link occurs, the local device can receive packets from the peer device through the link layer, but the peer device cannot receive packets from the local device.

  • Page 203: Dldp Fundamentals

    Operation Manual - DLDP Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 DLDP Configuration SwitchA SwitchA SwitchA SwitchA GE2/1/3 GE2/1/3 GE2/1/3 GE2/1/3 GE2/1/4 GE2/1/4 GE2/1/4 GE2/1/4 GE2/1/3 GE2/1/3 GE2/1/3 GE2/1/3 GE2/1/4 GE2/1/4 GE2/1/4 GE2/1/4 SwitchB SwitchB SwitchB SwitchB Figure 1-2 Fiber which is not connected or disconnected...
  • Page 204 Operation Manual - DLDP Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 DLDP Configuration Status Description DHCP sends packets to check if it is a unidirectional link. It enables Probe the probe sending timer and an echo waiting timer for each target neighbor.
  • Page 205 Operation Manual - DLDP Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 DLDP Configuration Timer Description When a new neighbor joins, a neighbor entry is created, and the corresponding entry aging timer is enabled When an advertisement packet is received from a neighbor, the...
  • Page 206 Operation Manual - DLDP Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 DLDP Configuration Table 1-3 DLDP operating mode and neighbor entry aging Whether DLDP Whether entry aging Whether enhanced DLDP probes neighbor timer is enabled timer is enabled operating...

  • Page 207: Precautions During Dldp Configuration

    Operation Manual - DLDP Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 DLDP Configuration Packet type Processing procedure Send echo Create the neighbor entry if this neighbor entry packets does not exist on the local device. containing both Probe packet...

  • Page 208: Dldp Configuration

    Operation Manual - DLDP Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 DLDP Configuration down unidirectional links. On the contrary, if too short an interval is set, network traffic increases, and port bandwidth is reduced. DLDP does not process any LACP event, and treats each link in the aggregation group as independent.

  • Page 209: Resetting Dldp Status

    Operation Manual - DLDP Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 DLDP Configuration Operation Command Description Optional default, DLDP works in dldp work-mode { enhance normal mode Set the DLDP operating mode | normal } and does not identify...

  • Page 210: Dldp Network Example

    Operation Manual - DLDP Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 DLDP Configuration Note: After the ports are DLDP down due to the detection of unidirectional link., you can use the command here to reset the DLDP status of these ports to retrieve DLDP probes.
  • Page 211 Operation Manual - DLDP Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 DLDP Configuration II. Network diagram SwitchA SwitchA SwitchA SwitchA GE2/1/4 GE2/1/4 GE2/1/4 GE2/1/4 GE2/1/3 GE2/1/3 GE2/1/3 GE2/1/3 GE2/1/3 GE2/1/3 GE2/1/3 GE2/1/3 GE2/1/4 GE2/1/4 GE2/1/4 GE2/1/4 SwitchB SwitchB SwitchB...
  • Page 212 Operation Manual - DLDP Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 DLDP Configuration Note: When two switches are connected through fibers in a crossed way, two or three ports may be in the disable state, and the rest in the inactive state.
  • Page 213 Operation Manual – MAC Address Table Quidway S3900 Series Ethernet Switches-Release 1510 Table of Contents Table of Contents Chapter 1 MAC Address Table Management................1-1 1.1 Overview ..........................1-1 1.1.1 Introduction to MAC Address Learning ..............1-1 1.1.2 Entries in a MAC Address Table ................1-3 1.2 Configuring MAC Address Table Management ..............

  • Page 214: Chapter 1 Mac Address Table Management

    This chapter describes the management of static, dynamic, and blackhole MAC address entries. For information about the management of multicast MAC address entries, refer to the section related to multicast protocol in Quidway S3900 Series Ethernet Switches Operation Manual. 1.1 Overview 1.1.1 Introduction to MAC Address Learning...
  • Page 215 Operation Manual – MAC Address Table Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 MAC Address Table Management MAC Address MAC Address Port Port MACA MACA MACB MACB MACC MACC MACD MACD MACD MACD MACA MACA .... Port 1...

  • Page 216: Configuring Mac Address Table Management

    Operation Manual – MAC Address Table Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 MAC Address Table Management Note: The switch learns only unicast addresses by using the MAC address learning mechanism but directly drops any packet with a broadcast source MAC address.

  • Page 217: Configuring A Mac Address Entry

    Operation Manual – MAC Address Table Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 MAC Address Table Management Configuring the maximum number of MAC addresses a port can learn 1.2.1 Configuring a MAC Address Entry You can add, modify, or remove one MAC address entry, remove all MAC address entries (unicast MAC addresses only) concerning a specific port, or remove specific type of MAC address entries (dynamic or static MAC address entries).

  • Page 218: Setting The Aging Time Of Mac Address Entries

    Operation Manual – MAC Address Table Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 MAC Address Table Management Caution: When you add a MAC address entry, the port specified by the interface argument must belong to the VLAN specified by the vlan argument in the command. Otherwise, the entry will not be added.

  • Page 219: Displaying And Maintaining Mac Address Table Configuration

    Operation Manual – MAC Address Table Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 MAC Address Table Management Table 1-5 Set the maximum number of MAC addresses a port can learn Operation Command Description Enter system view system-view — Enter Ethernet port...
  • Page 220 Operation Manual – MAC Address Table Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 MAC Address Table Management II. Network diagram Internet Internet Network port Network port Console port Console port Switch Switch Figure 1-2 Network diagram for MAC address table configuration III.
  • Page 221 Operation Manual – Auto Detect Quidway S3900 Series Ethernet Switches-Release 1510 Table of Contents Table of Contents Chapter 1 Auto Detect Configuration ..................1-1 1.1 Introduction to the Auto Detect Function ................1-1 1.1.1 Configuring the Auto Detect Function ..............1-1 1.1.2 Displaying Auto Detect Configuration ..............

  • Page 222: Introduction To The Auto Detect Function

    Operation Manual – Auto Detect Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 Auto Detect Configuration Chapter 1 Auto Detect Configuration 1.1 Introduction to the Auto Detect Function The auto detect function uses ICMP request/reply packets to test the connectivity of a network regularly.

  • Page 223: Auto Detect Configuration Example

    Operation Manual – Auto Detect Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 Auto Detect Configuration Table 1-2 Display auto detect configuration Operation Command Description The display command Display the configuration of display detect-group can be executed in any a detecting group [ group-number ] view.
  • Page 224 Operation Manual – Auto Detect Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 Auto Detect Configuration # Specify to detect the IP address of 192.168.2.2, setting the detecting number to 2. [Quidway-detect-group-10] detect-list 2 ip address 192.168.2.2 # Specify to return reachable as the detecting result if one of the two IP addresses is reachable.

  • Page 225: Auto Detect Implementation In Static Routing

    Operation Manual – Auto Detect Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 2 Auto Detect Implementation Chapter 2 Auto Detect Implementation 2.1 Introduction The results of auto detect operations (reachable or unreachable) can be used to trigger other functions, such as:...
  • Page 226 Operation Manual – Auto Detect Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 2 Auto Detect Implementation Operation Command Description ip route-static ip-address { mask | mask-length } Bind a detecting next-hop preference group to a static Required preference-value ] [ reject |...

  • Page 227: Auto Detect Implementation In Vrrp

    Operation Manual – Auto Detect Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 2 Auto Detect Implementation [Quidway A-detect-group-8] detect-list 1 ip address 10.1.1.4 nexthop 192.168.1.2 [Quidway A-detect-group-8] quit # Enable the static route when the detecting group is reachable. Disable the static route when the detecting group is unreachable.
  • Page 228 Operation Manual – Auto Detect Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 2 Auto Detect Implementation Table 2-2 Configure the auto detect function for VRRP Operation Command Description Enter system view system-view — Enter VLAN interface vlan-interface — interface view...

  • Page 229: Auto Detect Implementation In Vlan Interface Backup

    Operation Manual – Auto Detect Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 2 Auto Detect Implementation # Specify to detect the reachability of the IP address 10.1.1.4/24, setting the detect number to 1. [Quidway B-detect-group-9] detect-list 1 ip address 10.1.1.4 [Quidway B-detect-group-9] quit # Assign an IP address to VLAN 1 interface.

  • Page 230: Configuring The Auto Detect Function For Vlan Interface Backup

    Operation Manual – Auto Detect Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 2 Auto Detect Implementation When the link between the primary VLAN interface and the destination recovers (that is, the result of the detecting group becomes reachable again), the system enables the primary VLAN interface and shuts down the secondary VLAN interface.
  • Page 231 Operation Manual – Auto Detect Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 2 Auto Detect Implementation II. Network diagram 192.168.1.2 192.168.1.2/24 192.168.1.2 192.168.1.2/24 192.168.1.2 192.168.1.2/24 192.168.1.2 192.168.1.2/24 10.1.1.3 10.1.1.3/24 10.1.1.3 10.1.1.3/24 10.1.1.3 10.1.1.3/24 10.1.1.3 10.1.1.3/24 VLAN 1 VLAN 1 VLAN 1...
  • Page 232 Operation Manual – Auto Detect Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 2 Auto Detect Implementation # Create detecting group 10. [Quidway A] detect-group 10 # Add the IP address of 10.1.1.4 to detecting group 10 to detect the reachability of the IP address, with the IP address of 192.168.1.2/24 as the next hop, and the detecting...
  • Page 233 Operation Manual – MSTP Quidway S3900 Series Ethernet Switches-Release 1510 Table of Contents Table of Contents Chapter 1 MSTP Configuration ....................1-1 1.1 MSTP Overview ......................... 1-1 1.1.1 MSTP Protocol Data Unit ..................1-1 1.1.2 Basic MSTP Terminologies..................1-2 1.1.3 Implementation of MSTP..................1-5 1.1.4 MSTP Implementation on Switches ................
  • Page 234 Operation Manual – MSTP Quidway S3900 Series Ethernet Switches-Release 1510 Table of Contents 1.5.2 Prerequisites ......................1-34 1.5.3 BPDU Protection Configuration................1-34 1.5.4 Root Protection Configuration ................1-35 1.5.5 Loop Prevention Configuration................1-36 1.5.6 TC-BPDU Attack Prevention Configuration ............1-36 1.5.7 BPDU Packets Drop Configuration ...............

  • Page 235: Mstp Overview

    Operation Manual – MSTP Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 MSTP Configuration Chapter 1 MSTP Configuration 1.1 MSTP Overview Spanning tree protocol (STP) cannot enable Ethernet ports to transit their states rapidly. It costs two times of the forward delay for a port to transit to the forwarding state even if the port is on a point-to-point link or the port is an edge port.

  • Page 236: Basic Mstp Terminologies

    Operation Manual – MSTP Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 MSTP Configuration 1.1.2 Basic MSTP Terminologies Figure 1-1 illustrates basic MSTP terms (assuming that MSTP is enabled on each switch in this figure). Region A0 CIST: Common and Internal...
  • Page 237 Operation Manual – MSTP Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 MSTP Configuration III. VLAN mapping table A VLAN mapping table is a property of an MST region. It contains information about how VLANs are mapped to MSTIs. For example, in Figure 1-1, the information contained in the VLAN mapping table of region A0 is: VLAN 1 is mapped to MSTI 1;...
  • Page 238 Operation Manual – MSTP Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 MSTP Configuration A master port connects a MST region to the common root. The path from the master port to the common root is the shortest path between the MST region and the common root.

  • Page 239: Implementation Of Mstp

    Operation Manual – MSTP Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 MSTP Configuration X. Port states Ports can be in the following three states: Forwarding state: Ports in this state can forward user packets and receive/send BPDU packets. Learning state: Ports in this state can receive/send BPDU packets.
  • Page 240 Operation Manual – MSTP Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 MSTP Configuration Each switch sends out its configuration BPDUs and operates in the following way when receiving a configuration BPDU on one of its ports from another switch:...

  • Page 241: Root Bridge Configuration

    Operation Manual – MSTP Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 MSTP Configuration 1.1.4 MSTP Implementation on Switches MSTP is compatible with both STP and RSTP. That is, switches with MSTP employed can recognize the protocol packets of STP and RSTP and use them to generate spanning trees.
  • Page 242 Operation Manual – MSTP Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 MSTP Configuration Operation Remarks Related section Maximum hops of Section 1.2.7 “MST region Optional Region Maximum Hops configuration Configuration” Optional Network diameter Section 1.2.8 “Network configuration Diameter Configuration”...
  • Page 243 Operation Manual – MSTP Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 MSTP Configuration Operation Command Description Required Configure a name for The default MST region region-name name the MST region name of a switch is its MAC address. Required...

  • Page 244: Root Bridge/Secondary Root Bridge Configuration

    Operation Manual – MSTP Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 MSTP Configuration II. Configuration example # Configure an MST region, with the name being “info”, the MSTP revision level being level 1, VLAN 2 through VLAN 10 being mapped to spanning tree instance 1, and VLAN 20 through VLAN 30 being mapped to spanning tree 2.
  • Page 245 Operation Manual – MSTP Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 MSTP Configuration II. Secondary root bridge configuration Table 1-5 Specify the current switch as the secondary root bridge of a specified spanning tree Operation Command Description Enter system view —...

  • Page 246: Bridge Priority Configuration

    Operation Manual – MSTP Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 MSTP Configuration Note: You can configure a switch as the root bridges of multiple spanning tree instances. But you cannot configure two or more root bridges for one spanning tree instance.

  • Page 247: Mstp Packet Format Configuration

    Operation Manual – MSTP Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 MSTP Configuration Caution: Once you specify a switch as the root bridge or a secondary root bridge by using the stp root primary or stp root secondary command, the bridge priority of the switch is not configurable.
  • Page 248 Operation Manual – MSTP Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 MSTP Configuration Table 1-7 Configure MSTP packet format for a port Operation Command Description Enter system view — system-view Enter Ethernet port interface interface-type — view interface-number Required...

  • Page 249: Mst Region Maximum Hops Configuration

    Operation Manual – MSTP Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 MSTP Configuration Operation Command Description Required Configure the MSTP stp mode { stp | rstp | A MSTP-enabled switch operation mode for the mstp } operates MSTP switch mode by default.

  • Page 250: Network Diameter Configuration

    Operation Manual – MSTP Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 MSTP Configuration II. Configuration example # Configure the maximum hops of the MST region to be 30 (assuming that the current switch operates as the region root). <Quidway> system-view [Quidway] stp max-hops 30 1.2.8 Network Diameter Configuration...
  • Page 251 Operation Manual – MSTP Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 MSTP Configuration when the new spanning trees are generated, loops may occur if the new root ports and designated ports begin to forward packets immediately. This can be avoided by adopting a state transition mechanism. With this mechanism, newly selected root ports and designated ports undergo an intermediate state before they begin to forward packets.
  • Page 252 Operation Manual – MSTP Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 MSTP Configuration Caution: The Forward delay parameter and the network diameter are correlated. Normally, a large network diameter corresponds to a large Forward delay. A too small Forward delay parameter may result in temporary redundant paths.
  • Page 253 Operation Manual – MSTP Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 MSTP Configuration 1.2.10 Timeout Time Factor Configuration A switch regularly sends protocol packets to its neighboring devices at the interval specified by the Hello time parameter to test the links. Normally, a switch regards its...
  • Page 254 Operation Manual – MSTP Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 MSTP Configuration I. Configuration procedure (in system view) Table 1-13 Configure the maximum transmitting speed for specified ports in system view Operation Command Description Enter system view —...
  • Page 255 Operation Manual – MSTP Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 MSTP Configuration edge port, rapid transition is applicable to the port. That is, when the port changes from blocking state to forwarding state, it does not have to wait for a delay.
  • Page 256 Operation Manual – MSTP Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 MSTP Configuration [Quidway] stp interface ethernet1/0/1 edged-port enable Configure in Ethernet port view. <Quidway> system-view [Quidway] interface ethernet1/0/1 [Quidway-Ethernet1/0/1] stp edged-port enable 1.2.13 Point-to-point Link-Related Configuration A point-to-point link directly connects two switches. If the roles of the two ports at the...
  • Page 257 Operation Manual – MSTP Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 MSTP Configuration II. Configuration procedure (in Ethernet port view) Table 1-18 Specify whether or not the link connected to a specific port is a point-to-point link (in Ethernet port view)

  • Page 258: Mstp Configuration

    Operation Manual – MSTP Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 MSTP Configuration <Quidway> system-view [Quidway] interface Ethernet1/0/1 [Quidway-Ethernet1/0/1] stp point-to-point force-true 1.2.14 MSTP Configuration I. Configuration procedure Table 1-19 Enable MSTP in system view Operation Command Description Enter system view —...

  • Page 259: Leaf Node Configuration

    Operation Manual – MSTP Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 MSTP Configuration Operation Command Description Optional default, MSTP enabled on all ports after you enable MSTP in system view. To enable a switch to Disable MSTP on the...
  • Page 260 Operation Manual – MSTP Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 MSTP Configuration Operation Remarks Related section Section 1.2.6 ”MSTP MSTP operation Optional Operation Mode mode configuration Configuration” Timeout time factor Section 1.2.10 “Timeout Optional configuration Time Factor Configuration”...

  • Page 261: Path Cost Configuration

    Operation Manual – MSTP Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 MSTP Configuration 1.3.4 Timeout Time Factor Configuration Refer to section 1.2.10 “Timeout Time Factor Configuration”. 1.3.5 Maximum Transmitting Speed Configuration Refer to section 1.2.11 “Maximum Transmitting Speed Configuration”.
  • Page 262 Operation Manual – MSTP Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 MSTP Configuration Table 1-23 Transmission speeds and the corresponding path costs Transm Operation mode Proprietary ission 802.1D-1998 IEEE 802.1t (half-/full-duplex) standard speed 65,535 200,000,000 200,000 Half-duplex/Full-duplex 200,000 2,000...
  • Page 263 Operation Manual – MSTP Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 MSTP Configuration Operation Command Description Required stp interface interface-list Configure the path cost A MSTP-enabled switch [ instance instance-id ] for specified ports can calculate path costs for cost cost all its ports automatically.

  • Page 264: Port Priority Configuration

    Operation Manual – MSTP Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 MSTP Configuration [Quidway-Ethernet1/0/1] undo stp instance 1 cost [Quidway-Ethernet1/0/1] quit [Quidway] stp pathcost-standard dot1d-1998 1.3.8 Port Priority Configuration Port priority is an important criterion on determining the root port. In the same condition, ports with smaller port priority values are more potential to become the root port than those with bigger priority values.

  • Page 265: The Mcheck Configuration

    Operation Manual – MSTP Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 MSTP Configuration You can configure port priorities according to actual networking requirements. III. Configuration example # Configure the port priority of Ethernet1/0/1 port in spanning tree instance 1 to be 16.

  • Page 266: Protection Function Configuration

    Operation Manual – MSTP Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 MSTP Configuration I. Performing the mCheck operation in system view Table 1-28 Perform the mCheck operation in system view Operation Command Description Enter system view — System-view Perform the mCheck...
  • Page 267 Operation Manual – MSTP Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 MSTP Configuration receiving configuration BPDUs, which causes spanning tree regeneration and network topology jitter. Normally, no configuration BPDU will reach edge ports. But malicious users can attack a network by sending configuration BPDUs deliberately to edge ports to cause network jitter.

  • Page 268: Bpdu Protection Configuration

    Operation Manual – MSTP Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 MSTP Configuration With the TC-BPDU prevention function enabled, the switch performs only one removing operation in a specified period (it is 10 seconds by default) after it receives a TC-BPDU.

  • Page 269: Root Protection Configuration

    Operation Manual – MSTP Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 MSTP Configuration Caution: As Gigabit ports of an S3900 series switch cannot be shut down, the BPDU protection function is not applicable to these ports even if you enable the BPDU protection function and specify these ports to be MSTP edge ports.

  • Page 270: Loop Prevention Configuration

    Operation Manual – MSTP Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 MSTP Configuration 1.5.5 Loop Prevention Configuration I. Configuration Procedure Table 1-33 Enable the loop prevention function on a port Operation Command Description Enter system view — system-view Enter...

  • Page 271: Digest Snooping Configuration

    Operation Manual – MSTP Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 MSTP Configuration 1.5.7 BPDU Packets Drop Configuration Table 1-35 BPDU packets drop configuration procedure Operation Command Description Enter system view — system - view Enter Ethernet port —...
  • Page 272 Operation Manual – MSTP Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 MSTP Configuration 1.6.2 Digest Snooping Configuration Configure the digest snooping feature on a switch to enable it to interwork with other switches that adopt proprietary protocols to calculate configuration digests in the same MST region through MSTIs.

  • Page 273: Rapid Transition Configuration

    Operation Manual – MSTP Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 MSTP Configuration Note: The digest snooping feature is needed only when your S3900 series switch is connected to partner's proprietary protocol-adopted switches. To enable the digest snooping feature successfully, you must first enable it on all the ports of your S3900 series switch that are connected to partner's proprietary protocol-adopted switches and then enable it globally.
  • Page 274 Operation Manual – MSTP Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 MSTP Configuration Upstream sw itch Upstream sw itch Upstream sw itch Upstream sw itch Dow nstream switch Dow nstream switch Dow nstream switch Dow nstream switch Sends proposal packets to...
  • Page 275 Operation Manual – MSTP Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 MSTP Configuration upstream ports after they receive proposal packets from the upstream designated ports, instead of waiting for agreement packets from the upstream switch. This enables designated ports of the upstream switch to change their states rapidly.

  • Page 276: Bpdu Tunnel Configuration

    Operation Manual – MSTP Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 MSTP Configuration Table 1-37 Configure the rapid transition feature in system view Operation Command Description Enter system view — system-view Required stp interface interface-type Enable the rapid interface-number...
  • Page 277 Operation Manual – MSTP Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 MSTP Configuration Operator’ s Operator’ s Network Network Packet ingress/egress Packet ingress/egress Packet ingress/egress Packet ingress/egress device device device device Network Network Users Users Network Network Network A...

  • Page 278: Mstp Displaying And Debugging

    Operation Manual – MSTP Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 MSTP Configuration Note: The BPDU Tunnel function can only be enabled on devices with STP enabled. The BPDU Tunnel function can only be enabled on access ports. To enable the BPDU Tunnel function, make sure the links between operator’s networks are trunk links.
  • Page 279 Operation Manual – MSTP Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 MSTP Configuration II. Network diagram Permit :all VLAN Permit :all VLAN Switch A Switch A Switch B Switch B Permit : Permit : Permit : Permit : VLAN 10, 20...
  • Page 280 Operation Manual – MSTP Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 MSTP Configuration # Configure the MST region. [Quidway-mst-region] region-name example [Quidway-mst-region] instance 1 vlan 10 [Quidway-mst-region] instance 3 vlan 30 [Quidway-mst-region] instance 4 vlan 40 [Quidway-mst-region] revision-level 0 # Activate the settings of the MST region.

  • Page 281: Bpdu Tunnel Configuration Example

    Operation Manual – MSTP Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 MSTP Configuration 1.11 BPDU Tunnel Configuration Example I. Network requirements S3900 series switches operate as the access devices of the operator’s network, that is, Switch C and Switch D in the network diagram.
  • Page 282 Operation Manual – MSTP Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 MSTP Configuration Configure Switch C. # Enable MSTP. <Quidway> system-view [Quidway] stp enable # Enable the BPDU Tunnel function. [Quidway] vlan-vpn tunnel # Add port Ethernet1/0/1 to VLAN 10.
  • Page 283 Operation Manual – MSTP Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 MSTP Configuration [Quidway] interface Ethernet 1/0/1 [Quidway-Ethernet1/0/1] port link-type trunk # Add the trunk port to all VLANs. [Quidway-Ethernet1/0/1] port trunk permit vlan all Huawei Technologies Proprietary 1-49...
  • Page 284 Operation Manual – Routing Protocol Quidway S3900 Series Ethernet Switches-Release 1510 Table of Contents Table of Contents Chapter 1 IP Routing Protocol Overview ..................1-1 1.1 Introduction to IP Route and Routing Table ..............1-1 1.1.1 IP Route and Route Segment ................. 1-1 1.1.2 Route Selection through the Routing Table ............
  • Page 285 Operation Manual – Routing Protocol Quidway S3900 Series Ethernet Switches-Release 1510 Table of Contents Chapter 4 OSPF Configuration ....................4-1 4.1 OSPF Overview ......................... 4-1 4.1.1 Introduction to OSPF....................4-1 4.1.2 OSPF Route Calculation ..................4-2 4.1.3 Basic OSPF Concepts .................... 4-2 4.1.4 OSPF Network Type ....................
  • Page 286 Operation Manual – Routing Protocol Quidway S3900 Series Ethernet Switches-Release 1510 Table of Contents 4.9.2 Configuring OSPF Virtual Link ................4-29 4.10 Troubleshooting OSPF Configuration................4-31 Chapter 5 IP Routing Policy Configuration ................5-1 5.1 IP Routing Policy Overview ....................5-1 5.2 IP Routing Policy Configuration Tasks ................

  • Page 287: Introduction To Ip Route And Routing Table

    Operation Manual – Routing Protocol Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 IP Routing Protocol Overview Chapter 1 IP Routing Protocol Overview Note: When running a routing protocol, the Ethernet switch also functions as a router. The word “router” and the router icons covered in the following text represent routers in common sense and Ethernet switches running a routing protocol.

  • Page 288: Route Selection Through The Routing Table

    Operation Manual – Routing Protocol Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 IP Routing Protocol Overview Route Segment Host A Host C Host B Figure 1-1 Route segment The number of route segments on the path between a source and destination can be used to measure the "length"...
  • Page 289 Operation Manual – Routing Protocol Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 IP Routing Protocol Overview Network mask: Along with the destination address, it identifies the address of the network segment where the destination host or router resides. By performing “logical AND”...

  • Page 290: Routing Management Policy

    12.0.0.0 Figure 1-2 Routing table The Quidway S3900 Series Ethernet Switches (hereinafter referred to as S3900 series) support the configuration of static routes as well as a series of dynamic routing protocols such as RIP and OSPF. Moreover, the switches in operation can automatically obtain some direct routes according to interface status and user configuration.

  • Page 291: Traffic Sharing And Route Backup

    Operation Manual – Routing Protocol Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 IP Routing Protocol Overview route. Routing protocols and their default route preferences (the smaller the value, the higher the preference is) are shown in Table 1-1. In the table, “0” is used for directly connected routes, and “255” is used for routes from untrusted source.

  • Page 292: Routes Shared Between Routing Protocols

    Operation Manual – Routing Protocol Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 IP Routing Protocol Overview route is implemented. When the main route recovers, the router will restore it and re-select a route. And, as the main route has the highest preference, the router will choose the main route to send data.

  • Page 293: Introduction To Static Route

    Operation Manual – Routing Protocol Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 2 Static Route Configuration Chapter 2 Static Route Configuration 2.1 Introduction to Static Route 2.1.1 Static Route Static routes are special routes. They are manually configured by the administrator.

  • Page 294: Static Route Configuration

    Operation Manual – Routing Protocol Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 2 Static Route Configuration routing table, the router will select the default route for the packet; in this case, if there is no default route, the packet will be discarded, and an Internet control message protocol (ICMP) packet will be returned to inform the source host that the destination host or network is unreachable.

  • Page 295: Displaying The Routing Table

    Operation Manual – Routing Protocol Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 2 Static Route Configuration 2.3 Displaying the Routing Table After the above configuration, use the display command in any view to display and verify the static route configuration.

  • Page 296: Static Route Configuration Example

    Operation Manual – Routing Protocol Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 2 Static Route Configuration 2.4 Static Route Configuration Example I. Network requirements As shown in Figure 2-1, the masks of all the IP addresses in the figure are 255.255.255.0.

  • Page 297: Troubleshooting A Static Route

    Operation Manual – Routing Protocol Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 2 Static Route Configuration [Switch B] ip route-static 0.0.0.0 0.0.0.0 1.1.4.1 # Configure the default gateway of Host C to 1.1.1.1. [Switch C] ip route-static 1.1.1.0 255.255.255.0 1.1.1.1 Now, all the hosts/switches in the figure can interconnect with each other.

  • Page 298: Rip Overview

    Operation Manual – Routing Protocol Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 3 RIP Configuration Chapter 3 RIP Configuration 3.1 RIP Overview Routing information protocol (RIP) is a simple interior gateway protocol (IGP) suitable for small-sized networks. 3.1.1 Basic Concepts I.

  • Page 299: Rip Startup And Operation

    Operation Manual – Routing Protocol Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 3 RIP Configuration Period update timer: This timer is used to periodically trigger routing information update so that the router to send all RIP routes to all the neighbors.

  • Page 300: Rip Configuration Tasks

    Operation Manual – Routing Protocol Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 3 RIP Configuration 3.2 RIP Configuration Tasks Table 3-1 RIP configuration tasks Related Configuration task Description section Enabling RIP globally and on the interface of a Required 3.3.2 I.

  • Page 301: Basic Rip Configuration

    Operation Manual – Routing Protocol Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 3 RIP Configuration 3.3 Basic RIP Configuration 3.3.1 Configuration Prerequisites Before configuring basic RIP functions, perform the following tasks: Configuring the link layer protocol Configuring the network layer addresses of interfaces so that adjacent nodes are reachable to each other at the network layer 3.3.2 Configuring Basic RIP Functions...

  • Page 302: Rip Route Control

    Operation Manual – Routing Protocol Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 3 RIP Configuration Operation Command Description Enable the interface to receive update rip input Optional packets By default, except for Enable the interface to loopback interface, all send...

  • Page 303: Configuring Rip Route Control

    Operation Manual – Routing Protocol Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 3 RIP Configuration Set the preference of RIP to change the preference order of routing protocols. This order makes sense when more than one route to the same destination is discovered by multiple routing protocols.
  • Page 304 Operation Manual – Routing Protocol Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 3 RIP Configuration II. Configuring RIP route summary Route summary means that different subnet routes in the same natural network segment can be aggregated into one route with a natural mask for transmission to another network segment.
  • Page 305 Operation Manual – Routing Protocol Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 3 RIP Configuration Table 3-8 Configure RIP to filter incoming/outgoing routes Operation Command Description Enter system view system-view — Enter RIP view — filter-policy { acl-number | Required...
  • Page 306 Operation Manual – Routing Protocol Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 3 RIP Configuration V. Setting RIP preference Table 3-9 Set RIP preference Operation Command Description Enter system view system-view — Enter RIP view — Optional Set the RIP preference...

  • Page 307: Rip Network Adjustment And Optimization

    Operation Manual – Routing Protocol Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 3 RIP Configuration 3.5 RIP Network Adjustment and Optimization In some special network environments, some RIP features need to be configured and RIP network performance needs to be adjusted and optimized. By performing the...
  • Page 308 Operation Manual – Routing Protocol Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 3 RIP Configuration II. Configuring split horizon Table 3-13 Configure split horizon Operation Command Description Enter system view system-view — interface interface-type Enter interface view — interface-number Optional...
  • Page 309 Operation Manual – Routing Protocol Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 3 RIP Configuration Simple authentication cannot provide complete security, because the authentication keys sent along with packets are not unencrypted. Therefore, simple authentication cannot be applied where high security is required.

  • Page 310: Displaying And Maintaining Rip Configuration

    Operation Manual – Routing Protocol Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 3 RIP Configuration 3.6 Displaying and Maintaining RIP Configuration After the above configuration, you can use the display command in any view to display the running status of RIP and verify the RIP configuration. You can use the reset command in RIP view to reset the system configuration related to RIP.

  • Page 311: Troubleshooting Rip Configuration

    Operation Manual – Routing Protocol Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 3 RIP Configuration III. Configuration procedure Note: Only the configuration related to RIP is listed below. Before the following configuration, make sure the Ethernet link layer works normally and the IP addresses of VLAN interfaces are configured correctly.

  • Page 312: Ospf Overview

    Operation Manual – Routing Protocol Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 4 OSPF Configuration Chapter 4 OSPF Configuration Note: Among S3900 series, only S3900-EI series support OSPF protocol. 4.1 OSPF Overview 4.1.1 Introduction to OSPF Open shortest path first (OSPF) is a link state-based interior gateway protocol developed by IETF.

  • Page 313: Ospf Route Calculation

    Operation Manual – Routing Protocol Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 4 OSPF Configuration 4.1.2 OSPF Route Calculation Taking no account of area partition, the routing calculation process of the OSPF protocol is as follows: Each OSPF-capable router maintains a link state database (LSDB), which describes the topology of the whole AS.
  • Page 314 Operation Manual – Routing Protocol Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 4 OSPF Configuration II. Area If all the routers on an ever-growing huge network run OSPF, the large number of routers will result in an enormous LSDB, which will consume an enormous storage space, complicate the running of SPF algorithm, and increase CPU load.

  • Page 315: Ospf Network Type

    Operation Manual – Routing Protocol Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 4 OSPF Configuration For example, in Figure 4-1, there are three intra-area routes in Area 19: 19.1.1.0/24, 19.1.2.0/24, and 19.1.3.0/24. If route summary is configured, the three routes are aggregated into one route 19.1.0.0/16, and only one corresponding LSA, which...
  • Page 316 Operation Manual – Routing Protocol Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 4 OSPF Configuration packets. Therefore, you must manually specify an IP address for the adjacent router and whether the adjacent router has the right to vote for a DR.

  • Page 317: Ospf Packets

    Operation Manual – Routing Protocol Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 4 OSPF Configuration In Figure 4-2, the solid lines represent physical Ethernet connections and the dotted lines represent adjacencies established. The figure shows that, with the DR/BDR mechanism adopted, seven adjacencies suffice among the five routers.

  • Page 318: Lsa Types

    Operation Manual – Routing Protocol Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 4 OSPF Configuration I. Hello packet: Hello packets are most commonly used OSPF packets, which are periodically sent by a router to its neighbors. A Hello packet contains the values of some timers, the DR, the BDR and the known peers.

  • Page 319: Ospf Features

    Operation Manual – Routing Protocol Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 4 OSPF Configuration Summary-LSAs are for routes to networks (that is, their destinations are segments), while Type-4 Summary-LSAs are for routes to ASBRs. AS-external-LSA: Type-5 LSA, also called ASE LSA, generated by ASBRs to describe the routes to other ASs and advertised to the whole AS (excluding stub areas).

  • Page 320: Ospf Configuration Tasks

    Operation Manual – Routing Protocol Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 4 OSPF Configuration 4.2 OSPF Configuration Tasks Table 4-1 OSPF configuration tasks Related Configuration task Description section Basic OSPF configuration Required OSPF area attribute configuration Optional Configuring the network Optional 4.5.2...

  • Page 321: Basic Ospf Configuration

    Operation Manual – Routing Protocol Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 4 OSPF Configuration Related Configuration task Description section Configuring OSPF timers Optional 4.7.2 Configuring Optional 4.7.3 transmission delay Configuring Optional 4.7.4 calculation interval Disabling OSPF packet transmission Optional 4.7.5...
  • Page 322 Operation Manual – Routing Protocol Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 4 OSPF Configuration AS. A common practice is to set the router ID to the IP address of an interface on the router. Enabling OSPF VRP (versatile routing platform) supports multiple OSPF processes. To enable multiple OSPF processes on a router, you need to specify different process IDs.

  • Page 323: Ospf Area Attribute Configuration

    Operation Manual – Routing Protocol Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 4 OSPF Configuration Note: The ID of an OSPF process or OSPF multi-instance is unique. That is, the ID of OSPF multi-instance must be different from any in-use process ID.

  • Page 324: Ospf Network Type Configuration

    Operation Manual – Routing Protocol Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 4 OSPF Configuration Operation Command Description Optional Configure the current area to be By default, no area is stub [ no-summary ] a stub area configured as a stub area.

  • Page 325: Configuring The Network Type Of An Ospf Interface

    Operation Manual – Routing Protocol Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 4 OSPF Configuration In addition, when configuring a broadcast network or NBMA network, you can also specify DR priority for each interface to control the DR/BDR selection in the network.

  • Page 326: Setting The Dr Priority On An Ospf Interface

    Operation Manual – Routing Protocol Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 4 OSPF Configuration Table 4-5 Set NBMA neighbor Operation Command Description Enter system view system-view — ospf process-id Enter OSPF view Required [ router-id router-id ] ] Required...

  • Page 327: Ospf Route Control

    Operation Manual – Routing Protocol Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 4 OSPF Configuration 4.6 OSPF Route Control Perform the following configurations to control the advertisement and reception of the routing information discovered by OSPF and import routing information discovered by other protocols.

  • Page 328: Configuring Ospf To Filter Received Routes

    Operation Manual – Routing Protocol Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 4 OSPF Configuration Operation Command Description Required This command takes asbr-summary effect only when it is ip-address mask Enable ASBR route summary configured [ not-advertise | tag ASBR.

  • Page 329: Setting Ospf Route Priority

    Operation Manual – Routing Protocol Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 4 OSPF Configuration Operation Command Description Optional default, OSPF calculates the cost for sending packets on an Configure the cost for sending interface according to ospf cost value...

  • Page 330: Configuring Ospf To Import External Routes

    Operation Manual – Routing Protocol Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 4 OSPF Configuration 4.6.7 Configuring OSPF to Import External Routes Table 4-13 Configure OSPF to import external routes Operation Command Description Enter system view system-view — ospf process-id...

  • Page 331: Ospf Network Adjustment And Optimization

    Operation Manual – Routing Protocol Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 4 OSPF Configuration Note: The import-route command cannot import the default route. To import the default route, you must use the default-route-advertise command. The filtering of advertised routes by OSPF means that OSPF only converts the external routes meeting the filter criteria into Type-5 or Type-7 LSAs and advertises them.
  • Page 332 Operation Manual – Routing Protocol Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 4 OSPF Configuration After a router sends an LSA to a neighbor, it waits for an acknowledgement packet from the neighbor. If the router receives no acknowledgement packet from the neighbor within the retransmission interval, it retransmits the LSA to the neighbor.

  • Page 333: Configuring The Lsa Transmission Delay

    Operation Manual – Routing Protocol Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 4 OSPF Configuration Note: Default Hello and Dead timer values will be restored once the network type is changed. Do not set an LSA retransmission interval that is too short. Otherwise, unnecessary retransmission will occur.

  • Page 334: Disabling Ospf Packet Transmission On An Interface

    Operation Manual – Routing Protocol Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 4 OSPF Configuration Table 4-16 Set the SPF calculation interval Operation Command Description Enter system view system-view — ospf [ process-id [ router-id Enter OSPF view Required router-id ] ]...

  • Page 335: Configuring Ospf Authentication

    Operation Manual – Routing Protocol Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 4 OSPF Configuration 4.7.6 Configuring OSPF Authentication Table 4-18 Configure OSPF authentication Operation Command Description Enter system view system-view — ospf process-id Enter OSPF view Required [ router-id router-id ] ]...

  • Page 336: Enabling Ospf Logging

    Operation Manual – Routing Protocol Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 4 OSPF Configuration Table 4-19 Configure to fill the MTU field when an interface transmits DD packets Operation Command Description Enter system view system-view — Enter Ethernet interface...

  • Page 337: Displaying And Maintaining Ospf Configuration

    Operation Manual – Routing Protocol Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 4 OSPF Configuration Operation Command Description snmp-agent trap enable ospf process-id [ ifauthfail | ifcfgerror | ifrxbadpkt Optional ifstatechange iftxretransmit You can configure OSPF lsdbapproachoverflow | to send diversified SNMP...

  • Page 338: Ospf Configuration Example

    Operation Manual – Routing Protocol Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 4 OSPF Configuration Operation Command Description display ospf Display OSPF routing table [ process-id ] routing display ospf Display OSPF virtual links [ process-id ] vlink display ospf...
  • Page 339 Operation Manual – Routing Protocol Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 4 OSPF Configuration II. Network diagram Sw itch A Sw itch A 1.1.1.1 1.1.1.1 Sw itch D Sw itch D 4.4.4.4 4.4.4.4 196.1.1.4/24 196.1.1.4/24 196.1.1.1/24 196.1.1.1/24 196.1.1.3/24 196.1.1.3/24 196.1.1.2/24...

  • Page 340: Configuring Ospf Virtual Link

    Operation Manual – Routing Protocol Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 4 OSPF Configuration [Switch C-ospf-1] area 0 [Switch C-ospf-1-area-0.0.0.0] network 196.1.1.0 0.0.0.255 # Configure Switch D. <Switch D> system-view [Switch D] interface Vlan-interface 1 [Switch D-Vlan-interface1] ip address 196.1.1.4 255.255.255.0 [Switch D] router id 4.4.4.4...
  • Page 341 Operation Manual – Routing Protocol Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 4 OSPF Configuration II. Network diagram Sw itch A Sw itch A 1.1.1.1 1.1.1.1 Area 0 Area 0 196.1.1.1/24 196.1.1.1/24 196.1.1.2/24 196.1.1.2/24 Sw itch B Sw itch B 197.1.1.2/24...

  • Page 342: Troubleshooting Ospf Configuration

    Operation Manual – Routing Protocol Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 4 OSPF Configuration [Switch B-ospf-1-area-0.0.0.1] network 197.1.1.0 0.0.0.255 [Switch B-ospf-1-area-0.0.0.1] vlink-peer 3.3.3.3 # Configure Switch C. <Switch C> system-view [Switch C] interface Vlan-interface 1 [Switch C-Vlan-interface1] ip address 152.1.1.1 255.255.255.0...
  • Page 343 Operation Manual – Routing Protocol Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 4 OSPF Configuration be the same, and the network segments and the masks must also be consistent (p2p or virtually linked segments can have different segments and masks).

  • Page 344: Ip Routing Policy Overview

    Operation Manual – Routing Protocol Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 5 IP Routing Policy Configuration Chapter 5 IP Routing Policy Configuration 5.1 IP Routing Policy Overview When a router distributes or receives routing information, it may need to implement some policies to filter the routing information, so as to receive or distribute only the routing information meeting given conditions.

  • Page 345: Ip Routing Policy Configuration Tasks

    Operation Manual – Routing Protocol Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 5 IP Routing Policy Configuration II. ACL The S3900 series support four types of ACLs: advanced, basic, user-defined, and layer 2 ACLs. Normally, a basic ACL is used to filter routing information. You can specify a range of IP addresses or subnets when defining a basic ACL so as to match the destination network segment addresses or next-hop addresses of routing information.

  • Page 346: Route-Policy Configuration

    Operation Manual – Routing Protocol Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 5 IP Routing Policy Configuration 5.3 Route-Policy Configuration A route-policy is used to match given routing information or some attributes of routing information and change the attributes of the routing information if the conditions are met.

  • Page 347: Defining If-Match Clauses And Apply Clauses

    Operation Manual – Routing Protocol Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 5 IP Routing Policy Configuration Note: The permit argument specifies the matching mode for a defined node in the route-policy to be in permit mode. If a route matches the rules for the node, the apply clauses for the node will be executed and the test of the next node will not be taken.
  • Page 348 Operation Manual – Routing Protocol Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 5 IP Routing Policy Configuration Operation Command Description Optional default, Define rule matching match the next-hop if-match interface interface-type performed on the interface of routing interface-number next-hop interface...

  • Page 349: Ip-Prefix Configuration

    Operation Manual – Routing Protocol Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 5 IP Routing Policy Configuration Note: A route-policy comprises multiple nodes. The relationship among the nodes in a route-policy is “OR”. As a result, the system examines the nodes in sequence, and once the route passes a node in the route-policy, it will pass the matching test of the route-policy without entering the test of the next node.

  • Page 350: Displaying Ip Routing Policy

    Operation Manual – Routing Protocol Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 5 IP Routing Policy Configuration Table 5-4 Configure an IPv4 ip-prefix list Operation Command Description Enter system view system-view — Required By default, no ip-prefix list is specified. If all the list items...
  • Page 351 Operation Manual – Routing Protocol Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 5 IP Routing Policy Configuration Configure three static routes and enable OSPF on Switch A. By configuring route filtering rules on Switch B, make the three received static routes partially visible and partially shielded: the routes of network segments 20.0.0.0 and...
  • Page 352 Operation Manual – Routing Protocol Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 5 IP Routing Policy Configuration [Switch A-acl-basic-2000] rule permit source any [Switch A-acl-basic-2000] quit # Configure a route-policy. [Switch A] route-policy ospf permit node 10 [Switch A -route-policy] if-match acl 2000 [Switch A -route-policy] quit # Apply route policy when the static routes are imported.

  • Page 353: Troubleshooting Ip Routing Policy

    Operation Manual – Routing Protocol Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 5 IP Routing Policy Configuration Intra Area: 1 Inter Area: 0 ASE: 2 NSSA: 0 5.7 Troubleshooting IP Routing Policy Symptom: Routing information cannot be filtered when the routing protocol runs normally.

  • Page 354: Route Capacity Configuration Overview

    Operation Manual – Routing Protocol Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 6 Route Capacity Configuration Chapter 6 Route Capacity Configuration 6.1 Route Capacity Configuration Overview 6.1.1 Introduction In practical networking applications, there are a large number of routes, especially OSPF routes, in the routing table.

  • Page 355: Setting The Lower Limit And The Safety Value Of The Switch Memory

    Operation Manual – Routing Protocol Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 6 Route Capacity Configuration Setting the lower limit and the safety value of switch memory, Enabling/disabling the switch to recover the disconnected routing protocol automatically. 6.2.1 Setting the Lower Limit and the Safety Value of the Switch Memory...

  • Page 356: Displaying Route Capacity Configuration

    Operation Manual – Routing Protocol Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 6 Route Capacity Configuration Table 6-3 Disable automatic protocol recovery Operation Command Description Enter system view system-view — Optional Disable automatic protocol memory auto-establish Perform this recovery disable...
  • Page 357 Operation Manual – Multicast Protocol Quidway S3900 Series Ethernet Switches-Release 1510 Table of Contents Table of Contents Chapter 1 Multicast Overview ...................... 1-1 1.1 Multicast Overview......................1-1 1.1.1 Information Transmission in the Unicast Mode............1-1 1.1.2 Information Transmission in the Broadcast Mode........... 1-2 1.1.3 Information Transmission in the Multicast Mode.............
  • Page 358 Operation Manual – Multicast Protocol Quidway S3900 Series Ethernet Switches-Release 1510 Table of Contents 4.3 Displaying and Maintaining Multicast MAC Address ............4-2 Chapter 5 Unknown Multicast Packet Drop Configuration ............5-1 5.1 Overview ..........................5-1 5.2 Unknown Multicast Packet Drop Configuration ..............5-1 Chapter 6 IGMP Configuration .....................
  • Page 359 Operation Manual – Multicast Protocol Quidway S3900 Series Ethernet Switches-Release 1510 Table of Contents 7.7 Troubleshooting PIM......................7-23 Chapter 8 MSDP Configuration....................8-1 8.1 Overview ..........................8-1 8.1.1 MSDP Working Mechanism ..................8-4 8.2 Configuring MSDP Basic Functions................... 8-6 8.2.1 Configuration Prerequisites..................8-7 8.2.2 Configuring MSDP Basic Functions ................

  • Page 360: Multicast Overview

    Operation Manual – Multicast Protocol Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 Multicast Overview Chapter 1 Multicast Overview Note: Among S3900 series Ethernet switches, S3900-EI series support all the multicast protocols listed in this manual; while S3900-SI series only support IGMP Snooping protocol.

  • Page 361: Information Transmission In The Broadcast Mode

    Operation Manual – Multicast Protocol Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 Multicast Overview User A User B Unicast User C User D Server User E Figure 1-1 Information transmission in the unicast mode Assume that users B, D and E need this information. The source server establishes transmission channels for the devices of these users respectively.

  • Page 362: Information Transmission In The Multicast Mode

    Operation Manual – Multicast Protocol Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 Multicast Overview the same network need the information, the utilization ratio of the network resources is very low and the bandwidth resources are greatly wasted. Therefore, broadcast is disadvantageous in transmitting data to specified users;...

  • Page 363: Advantages And Applications Of Multicast

    Operation Manual – Multicast Protocol Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 Multicast Overview In the multicast mode, network components can be divided in to the following roles: An information sender is referred to as a multicast source. Multiple receivers receiving the same information form a multicast group. Multicast group is not limited by physical area.

  • Page 364: Multicast Architecture

    Operation Manual – Multicast Protocol Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 Multicast Overview II. Application of multicast The multicast technology effectively addresses the issue of point-to-multipoint data transmission. By enabling high-efficiency point-to-multipoint data transmission, over an IP network, multicast greatly saves network bandwidth and reduces network load.

  • Page 365: Multicast Address

    Operation Manual – Multicast Protocol Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 Multicast Overview Addressing mechanism: Information is sent from a multicast source to a group of receivers through multicast addresses. Host registration: A receiving host joins and leaves a multicast group dynamically to implement membership registration.
  • Page 366 Operation Manual – Multicast Protocol Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 Multicast Overview A multicast group whose addresses are assigned by IANA is a permanent multicast group. It is also called reserved multicast group. Note that: The IP addresses of a permanent multicast group keep unchanged, while the members of the group can be changed.
  • Page 367 Operation Manual – Multicast Protocol Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 Multicast Overview Class D address range Description 224.0.0.7 Shared tree routers 224.0.0.8 Shared tree hosts 224.0.0.9 RIP-2 routers 224.0.0.11 Mobile agents 224.0.0.12 DHCP server / relay agent 224.0.0.13...

  • Page 368: Ip Multicast Protocols

    Operation Manual – Multicast Protocol Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 Multicast Overview Five bits are lost Five bits are lost XXXXX XXXXX XXXXX XXXXX XXXXX XXXXX XXXXX 1110XXXX 1110XXXX 1110XXXX 1110XXXX 1110XXXX 1110XXXX 1110XXXX XXXXXXXX XXXXXXXX XXXXXXXX...

  • Page 369: Forwarding Mechanism Of Multicast Packets

    Operation Manual – Multicast Protocol Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 Multicast Overview III. Multicast routing protocols A multicast routing protocol operates between multicast routers to establish and maintain multicast routes and forward multicast packets accurately and effectively. A multicast route establishes a loop-free data transport path from a data source to multiple receivers.

  • Page 370: Chapter 2 Igmp Snooping Configuration

    Operation Manual – Multicast Protocol Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 2 IGMP Snooping Configuration Chapter 2 IGMP Snooping Configuration 2.1 Overview 2.1.1 IGMP Snooping Fundamentals Internet group management protocol snooping (IGMP Snooping) is a multicast control mechanism running on Layer 2 switch. It is used to manage and control multicast groups.

  • Page 371: Igmp Snooping Implementation

    Operation Manual – Multicast Protocol Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 2 IGMP Snooping Configuration Multicast packet transmission Multicast packet transmission Multicast packet transmission Multicast packet transmission Multicast packet transmission Multicast packet transmission Multicast packet transmission Multicast packet transmission...
  • Page 372 Operation Manual – Multicast Protocol Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 2 IGMP Snooping Configuration II. Layer 2 multicast with IGMP Snooping The switch runs IGMP Snooping to listen to IGMP messages and map the host, the port corresponding to the host, and the corresponding multicast MAC address.
  • Page 373 Operation Manual – Multicast Protocol Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 2 IGMP Snooping Configuration Message Sender Receiver Purpose Switch action yes, multicast group address to the MAC multicast group table. If not, add If yes, add yes, the port to...
  • Page 374 Operation Manual – Multicast Protocol Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 2 IGMP Snooping Configuration Message Sender Receiver Purpose Switch action If no response received from the port before timer times out, the switch will check whether port corresponds to...

  • Page 375: Igmp Snooping Configuration

    Operation Manual – Multicast Protocol Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 2 IGMP Snooping Configuration Caution: An IGMP-Snooping-enabled S3900 series Ethernet switch judges whether the multicast group exists when it receives an IGMP leave packet sent by a host in a multicast group.

  • Page 376: Configuring Timers

    Operation Manual – Multicast Protocol Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 2 IGMP Snooping Configuration Operation Command Description — Enter VLAN view vlan vlan-id Required Enable IGMP Snooping default, IGMP igmp-snooping enable on the VLAN Snooping is disabled on the VLAN.

  • Page 377: Enabling Igmp Fast Leave

    Operation Manual – Multicast Protocol Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 2 IGMP Snooping Configuration Operation Command Description Optional igmp-snooping Configure query By default, the query max-response-time response timer response timeout time is seconds 10 seconds. Optional Configure the aging timer...

  • Page 378: Configuring To Limit Number Of Multicast Groups On A Port

    Operation Manual – Multicast Protocol Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 2 IGMP Snooping Configuration corresponding multicast group or not. If yes, it adds the port to the forward port list of the multicast group. If not, it drops the IGMP report message and does not forward the corresponding data stream to the port.

  • Page 379: Configuring Igmp Querier

    Operation Manual – Multicast Protocol Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 2 IGMP Snooping Configuration 2.2.6 Configuring IGMP Querier In an IGMP-enabled network, a specific query multicast router or Layer 3 multicast switch is responsible for sending IGMP query packets.
  • Page 380 Operation Manual – Multicast Protocol Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 2 IGMP Snooping Configuration By configuring a multicast VLAN, adding switch ports to the multicast VLAN and enabling IGMP Snooping, you can make users in different VLANs share the same multicast VLAN.
  • Page 381 Operation Manual – Multicast Protocol Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 2 IGMP Snooping Configuration Operation Command Description Required Enable IGMP Snooping By default, the IGMP igmp-snooping enable on the VLAN Snooping feature disabled Enable multicast VLAN service-type multicast...

  • Page 382: Displaying And Maintaining Igmp Snooping

    Operation Manual – Multicast Protocol Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 2 IGMP Snooping Configuration 2.3 Displaying and Maintaining IGMP Snooping After the configuration above, you can execute the display command in any view to verify the configuration by checking the displayed information.
  • Page 383 Operation Manual – Multicast Protocol Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 2 IGMP Snooping Configuration II. Network diagram Internet Router Multicast Switch Figure 2-3 Network diagram for IGMP Snooping configuration III. Configuration procedure # Enable IGMP Snooping in system view.
  • Page 384 Operation Manual – Multicast Protocol Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 2 IGMP Snooping Configuration Table 2-14 Network devices and their configurations Device Description The interface IP address of VLAN 20 is 168.10.1.1. The Ethernet1/0/1 port is connected to the workstation and belongs to VLAN 20.
  • Page 385 Operation Manual – Multicast Protocol Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 2 IGMP Snooping Configuration <SwitchA> system-view [SwitchA] multicast routing-enable [SwitchA] vlan 20 [SwitchA-vlan20] interface Vlan-interface 20 [SwitchA-Vlan-interface20] ip address 168.10.1.1 255.255.255.0 [SwitchA-Vlan-interface20] pim dm [SwitchA-Vlan-interface20] quit # Configure multicast VLAN 10.

  • Page 386: Troubleshooting Igmp Snooping

    Operation Manual – Multicast Protocol Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 2 IGMP Snooping Configuration [SwitchB-vlan10] igmp-snooping enable [SwitchB-vlan10] quit # Define Ethernet 1/0/10 as a hybrid port, add the port to VLAN 2, VLAN 3 and VLAN 10, and configure the port to include VLAN tags in its outbound packets of VLAN 2, VLAN 3 and VLAN 10.
  • Page 387 Operation Manual – Multicast Protocol Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 2 IGMP Snooping Configuration Use the display igmp-snooping group command to check if the multicast groups are expected ones. If the multicast group set up by IGMP Snooping is not correct, contact your technical support personnel.

  • Page 388: Common Multicast Configuration

    Operation Manual – Multicast Protocol Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 3 Common Multicast Configuration Chapter 3 Common Multicast Configuration 3.1 Overview Common multicast configuration tasks are the common contents of multicast group management protocol and multicast routing protocol. You must enable the common multicast configuration on the switch before enabling the two protocols.

  • Page 389: Enable Multicast And Configure Limit On The Number Of Route Entries

    Operation Manual – Multicast Protocol Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 3 Common Multicast Configuration 3.2.1 Enable multicast and Configure Limit on the Number of Route Entries Table 3-2 Enable multicast and configure limit on the number of route entries...

  • Page 390: Configure Suppression On The Multicast Source Port

    Operation Manual – Multicast Protocol Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 3 Common Multicast Configuration 3.2.2 Configure Suppression on the Multicast Source Port I. Configure suppression on the multicast source port in system view Table 3-3 Configure suppression on the multicast source port in system view...

  • Page 391: Displaying Common Multicast Configuration

    Operation Manual – Multicast Protocol Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 3 Common Multicast Configuration Operation Command Description reset multicast routing-table { all | { group-address [ mask { group-mask | Clear the route Clear the route group-mask-length } ] | source-address...
  • Page 392 Operation Manual – Multicast Protocol Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 3 Common Multicast Configuration Table 3-6 Display common multicast configuration Operation Command Description execute display commanding any view. If neither the port type nor the port number is...
  • Page 393 Operation Manual – Multicast Protocol Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 3 Common Multicast Configuration Three kinds of tables affect data transmission. The correlations of them are: Each multicast routing protocol has its own multicast routing table. The multicast routing information of all multicast routing protocols is integrated to form the core multicast routing table.

  • Page 394: Configuring A Multicast Mac Address Entry

    Operation Manual – Multicast Protocol Chapter 4 Multicast MAC Address Entry Quidway S3900 Series Ethernet Switches-Release 1510 Configuration Chapter 4 Multicast MAC Address Entry Configuration 4.1 Overview In Layer 2 multicast, the system can add multicast forwarding entries dynamically through Layer 2 multicast protocol. However, you can also statically bind a port to a multicast address entry by configuring a multicast MAC address entry manually.

  • Page 395: Displaying And Maintaining Multicast Mac Address

    Operation Manual – Multicast Protocol Chapter 4 Multicast MAC Address Entry Quidway S3900 Series Ethernet Switches-Release 1510 Configuration Operation Command Description Required mac-address argument must Create a multicast MAC mac-address multicast multicast MAC address address entry. mac-address vlan vlan-id The vlan-id argument is the ID of the VLAN to which the port belongs.

  • Page 396: Unknown Multicast Packet Drop Configuration

    Operation Manual – Multicast Protocol Chapter 5 Unknown Multicast Packet Quidway S3900 Series Ethernet Switches-Release 1510 Drop Configuration Chapter 5 Unknown Multicast Packet Drop Configuration 5.1 Overview Generally, if the multicast address of the multicast packet received on the switch is not registered on the local switch, the packet will be broadcast in the VLAN.

  • Page 397: Chapter 6 Igmp Configuration

    Operation Manual – Multicast Protocol Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 6 IGMP Configuration Chapter 6 IGMP Configuration 6.1 Overview 6.1.1 Introduction to IGMP Internet group management protocol (IGMP) is responsible for the management of IP multicast members. It is used to establish and maintain membership between IP hosts and their directly connected neighboring routers.

  • Page 398: Working Procedure Of Igmp

    Operation Manual – Multicast Protocol Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 6 IGMP Configuration I. Multicast router election mechanism on a shared network segment A shared network segment is a network segment with multiple multicast routers. In this case, all routers running IGMP on this network segment can receive the membership report messages from hosts.
  • Page 399 Operation Manual – Multicast Protocol Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 6 IGMP Configuration All the receiver hosts participating in multicast transmission must support the IGMP protocol. The hosts participating IP multicast transmission can join in or exit a multicast group anywhere and anytime, without being restricted on the total number of group members.

  • Page 400: Query Messages

    Operation Manual – Multicast Protocol Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 6 IGMP Configuration group G2, they will send IGMP host report packets about G2 to respond to the query messages. After the query/response process, the IGMP routers get to know that receivers...

  • Page 401: Igmp Configuration

    Operation Manual – Multicast Protocol Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 6 IGMP Configuration Figure 6-2 is an IGMP Proxy diagram for a leaf network. Configure Switch B as follows: Enable multicast routing on VLAN interface 1 and VLAN interface 2, and then configure the PIM protocol on it.

  • Page 402: Configuring Igmp Version

    Operation Manual – Multicast Protocol Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 6 IGMP Configuration Operation Description Related section Configure router ports to Section 6.2.4 Configuring Router join specified Optional Ports to Join the Specified Multicast multicast group Group Section 6.2.5...
  • Page 403 Operation Manual – Multicast Protocol Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 6 IGMP Configuration also sends query packets periodically. When it receives the IGMP join packets of a group member, it will refresh the membership information of the network segment.
  • Page 404 Operation Manual – Multicast Protocol Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 6 IGMP Configuration Table 6-3 Configure IGMP query packets Operation Command Description — Enter system view system-view interface Enter VLAN interface — Vlan-interface view interface-number Required Enable IGMP on the...

  • Page 405: Configuring Igmp Multicast Groups On The Interface

    Operation Manual – Multicast Protocol Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 6 IGMP Configuration 6.2.3 Configuring IGMP Multicast Groups on the Interface You can perform the following configurations on the interface for the IGMP multicast groups: Limit the number of joined multicast groups Limit the range of multicast groups that the interface serves I.
  • Page 406 Operation Manual – Multicast Protocol Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 6 IGMP Configuration Operation Command Description Optional By default, the filter is not configured, that is, any multicast group is permitted on a port. If the port keyword is...

  • Page 407: Configuring Router Ports To Join The Specified Multicast Group

    Operation Manual – Multicast Protocol Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 6 IGMP Configuration Caution: If the number of joined multicast groups on the interface exceeds the user-defined limit, new groups are not allowed to join any more. If you configure the number of IGMP groups on the interface to 1, the new group takes the priority.

  • Page 408: Configuring Igmp Proxy

    Operation Manual – Multicast Protocol Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 6 IGMP Configuration Operation Command Description interface interface-type — Enter Ethernet port view interface-number Optional igmp host-join Configure router ports to By default, the router port group-address vlan...

  • Page 409: Displaying Igmp

    Operation Manual – Multicast Protocol Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 6 IGMP Configuration Caution: Both the multicast routing protocol and the IGMP protocol must be enabled on the proxy interface. You must enable the PIM protocol on the interface before configuring the igmp proxy command.
  • Page 410 Operation Manual – Multicast Protocol Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 6 IGMP Configuration Operation Command Description Display IGMP display igmp interface configuration and running interface-type information interface-number ] interface Huawei Technologies Proprietary 6-14...

  • Page 411: Pim Overview

    Operation Manual – Multicast Protocol Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 7 PIM Configuration Chapter 7 PIM Configuration 7.1 PIM Overview Protocol independent multicast (PIM) means that the unicast routing protocols providing routes for the multicast could be static routes, RIP, OSPF, IS-IS, or BGP. The multicast routing protocol is independent of unicast routing protocols only if unicast routing protocols can generate route entries.
  • Page 412 Operation Manual – Multicast Protocol Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 7 PIM Configuration Neighbor discovery SPT establishing Graft RPF check Assert mechanism I. Neighbor discovery In PIM-DM network, the multicast router needs to use Hello messages to perform neighbor discovery and maintain the neighbor relation when it is started.
  • Page 413 Operation Manual – Multicast Protocol Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 7 PIM Configuration User A Receiver User B Source Prune User C Multicast Receiver Prune Server User D packets Receiver User E Prune Figure 7-1 Diagram for SPT establishment in PIM-DM The process above is called "Flooding and Pruning".

  • Page 414: Introduction To Pim-Sm

    Operation Manual – Multicast Protocol Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 7 PIM Configuration V. Assert mechanism In the shared network such as Ethernet, the same packets may be sent repeatedly. For example, the LAN network segments contains many multicast routers, A, B, C, and D.

  • Page 415: Work Mechanism Of Pim-Sm

    Operation Manual – Multicast Protocol Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 7 PIM Configuration PIM-SM routers with receivers. RP is adopted in multicast forwarding. As a result, the network bandwidth that the data packets and control packets occupy is reduced, and the processing overhead of the router is also reduced.
  • Page 416 Operation Manual – Multicast Protocol Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 7 PIM Configuration User A Hello Hello Hello Hello Source Hello Ethernet Join Register User B Hello Hello Hello Hello Hello Hello Register Message Hello Join Figure 7-3 Diagram for DR election Each router on the shared network sends Hello messages with the DR priority option to each other.
  • Page 417 Operation Manual – Multicast Protocol Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 7 PIM Configuration Collecting the Advertisement messages sent by the Candidate-RP (C-RP) in the network. Selecting part of the C-RP information to constitute the RP-set, namely, the mapping database between the multicast group and RP.
  • Page 418 Operation Manual – Multicast Protocol Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 7 PIM Configuration C-BSRs can elect a new BSR through auto-election. Thus, the service is prevented from being interrupted. In the same way, multiple C-RPs can be configured in a PIM-SM domain, the RP corresponding to each multicast group is worked out through the BSR mechanism.
  • Page 419 Operation Manual – Multicast Protocol Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 7 PIM Configuration will encapsulate the received packet into a registration packet and send it to the corresponding RP in unicast form, as shown in Figure 7-6: User A...

  • Page 420: Common Pim Configuration

    Operation Manual – Multicast Protocol Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 7 PIM Configuration 7.2 Common PIM Configuration You can configure the PIM feature of the switch in interface view. The configuration includes: Table 7-1 Configuration tasks Operation Description...

  • Page 421: Configuring Pim Neighbors

    Operation Manual – Multicast Protocol Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 7 PIM Configuration Table 7-3 Configure the interval of sending Hello packets Operation Command Description — Enter system view system-view Enable multicast multicast Required routing protocol routing-enable Enter...

  • Page 422: Clearing The Related Pim Entries

    Operation Manual – Multicast Protocol Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 7 PIM Configuration Operation Command Description Enter VLAN interface interface Vlan-interface — view interface-number Required Enable PIM-DM/PIM-SM Configure pim dm / pim sm on the current interface protocol...

  • Page 423: Pim-Dm Configuration

    Operation Manual – Multicast Protocol Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 7 PIM Configuration Table 7-5 Clear the related PIM entries Operation Command Description reset pim routing-table { all | { group-address [ mask group-mask | mask-length group-mask-length source-address [ mask...

  • Page 424: Pim-Sm Configuration

    Operation Manual – Multicast Protocol Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 7 PIM Configuration Caution: If you configure basic ACLs, the source address match is performed on all the received multicast packets. The packets failing to match are discarded.
  • Page 425 Operation Manual – Multicast Protocol Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 7 PIM Configuration Operation Command Description c-bsr Optional interface-type Configure candidate By default, candidate BSRs are interface-number BSRs not set for the switch and the hash-mask-len value of priority is 0.

  • Page 426: Configuring Pim-Sm Domain Boundary

    Operation Manual – Multicast Protocol Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 7 PIM Configuration Caution: Only one candidate BSR can be configured on a Layer 3 switch. The BSR configuration on another interface will replace the former configuration. You are recommended to configure both the candidate BSR and candidate RP on the Layer 3 switch in the backbone.

  • Page 427: Filtering The Registration Packets From Rp To Dr

    Operation Manual – Multicast Protocol Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 7 PIM Configuration Operation Command Description Required Configure PIM-SM default, domain pim bsr-boundary domain boundary boundary is not set for the switch. Caution: When the PIM-SM domain boundary is set, Bootstrap messages cannot pass the boundary in any direction.

  • Page 428: Displaying And Debugging Pim

    Operation Manual – Multicast Protocol Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 7 PIM Configuration Operation Command Description Required You can configure to filter the IP addresses Configure to filter the some multicast register-policy registration packets from groups in ACL.

  • Page 429: Pim Configuration Examples

    Operation Manual – Multicast Protocol Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 7 PIM Configuration Table 7-12 Display and maintain PIM Configuration Command Description display routing-table [ { { *g [ group-address [ mask { mask-length | mask } ] ] |...
  • Page 430 Operation Manual – Multicast Protocol Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 7 PIM Configuration II. Network diagram VLAN20 VLAN20 VLAN10 VLAN10 VLAN11 VLAN11 RECEIVER 1 RECEIVER 1 Lanswitch2 Lanswitch2 VLAN30 VLAN30 Multicast Multicast VLAN12 VLAN12 Lanswitch1 Lanswitch1 Source Source...

  • Page 431: Pim-Sm Configuration Example

    Operation Manual – Multicast Protocol Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 7 PIM Configuration 7.6.2 PIM-SM Configuration Example I. Network requirements All Ethernet switches are reachable for each other in the practical network. LS_A is connected to LS_B through Vlan-interface 10, to Host A through Vlan-interface 11 and to LS_C through Vlan-interface 12.
  • Page 432 Operation Manual – Multicast Protocol Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 7 PIM Configuration [Quidway-vlan10] quit [Quidway] interface Vlan-interface 10 [Quidway-Vlan-interface10] pim sm [Quidway-Vlan-interface10] quit [Quidway] vlan 11 [Quidway-vlan11] port Ethernet 1/0/4 to Ethernet 1/0/5 [Quidway-vlan11] quit [Quidway] interface Vlan-interface 11...

  • Page 433: Troubleshooting Pim

    Operation Manual – Multicast Protocol Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 7 PIM Configuration [Quidway] pim [Quidway-pim] c-bsr Vlan-interface 10 30 2 # Configure candidate RPs. [Quidway] acl number 2000 [Quidway-acl-basic-2000] rule permit source 225.0.0.0 0.255.255.255 [Quidway] pim [Quidway-pim] c-rp Vlan-interface 10 group-policy 2000...
  • Page 434 Operation Manual – Multicast Protocol Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 7 PIM Configuration Make sure that the unicast routing is right before troubleshooting PIM. Because PIM-SM needs the support of RP and BSR, you must execute the display pim bsr-info command to see whether BSR information exists. If not, you must check whether there are unicast routes to the BSR.

  • Page 435: Chapter 8 Msdp Configuration

    Operation Manual – Multicast Protocol Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 8 MSDP Configuration Chapter 8 MSDP Configuration Note: The multicast source discovery protocol (MSDP) does not support the IRF feature, so MSDP cannot be configured in Fabric. Routers and router icons in this chapter represent routers in the common sense and Ethernet switches running routing protocols.
  • Page 436 Operation Manual – Multicast Protocol Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 8 MSDP Configuration user PIM-SM 2 user PIM-SM 4 Join Source PIM-SM 1 user PIM-SM 3 SA message Join MSDP peers Figure 8-1 MSDP peering relationship Note: MSDP peers are interconnected over TCP connections (via port 639). A TCP...
  • Page 437 Operation Manual – Multicast Protocol Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 8 MSDP Configuration (SPT) based on the multicast source S. However, a rendezvous point tree (RPT) exists between RP4 and receivers in the PIM-SM4 domain. Note: Through MSDP, a PIM-SM domain receiving information from the multicast source S does not rely on RPs in other PIM-SM domains, that is, receivers can directly join the SPT tree based on the multicast source without passing RPs in other PIM-SM domains.

  • Page 438: Msdp Working Mechanism

    Operation Manual – Multicast Protocol Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 8 MSDP Configuration RP load balancing can be achieved. When an RP fails, the multicast source and receivers previously registered to/joined it will register to or join another nearest RP automatically, thus implementing RP redundancy backup.
  • Page 439 Operation Manual – Multicast Protocol Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 8 MSDP Configuration If group members (namely, receivers) exists in the PIM-SM domains where MSDP peers of RP1 reside, for example, if group members exist in the PIM-SM4 domain, RP4 decapsulates the multicast data in the SA message and distributes the multicast data to receivers along the RPT.

  • Page 440: Configuring Msdp Basic Functions

    Operation Manual – Multicast Protocol Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 8 MSDP Configuration If an RP has only one MSDP peer (for example, when RP2 sends an SA message to RP1), the receiver accepts the SA message from the peer.
  • Page 441 Operation Manual – Multicast Protocol Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 8 MSDP Configuration peer. If you configure multiple RPF peers, you need to handle them different rules according to the configured policies. When configuring multiple static RPF peers for the same router, you must follow the...

  • Page 442: Configuring Connection Between Msdp Peers

    Operation Manual – Multicast Protocol Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 8 MSDP Configuration Operation Command Description Optional For an area containing only static-rpf-peer Configure a static RPF one MSDP peer, if the BGP peer-address [ rp-policy peer or MBGP does not run in this...

  • Page 443: Configuring Description Information For Msdp Peers

    Operation Manual – Multicast Protocol Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 8 MSDP Configuration Operation Description Related section Section 8.3.5 Configuring Configure MSDP peer Optional MSDP Peer Connection connection control Control 8.3.2 Configuring Description Information for MSDP Peers You can configure description information for each MSDP peer to manage and memorize the MSDP peers.

  • Page 444: Configuring An Msdp Mesh Group

    Operation Manual – Multicast Protocol Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 8 MSDP Configuration Operation Command Description Required Configure the RP address originating-rp default, carried interface-type address in SA messages messages interface-number address configured by PIM. Note: In Anycast RP application, C-BSR and C-RP must be configured on different devices or ports.

  • Page 445: Configuring Sa Message Transmission

    Operation Manual – Multicast Protocol Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 8 MSDP Configuration 8.3.5 Configuring MSDP Peer Connection Control The connection between MSDP peers can be flexibly controlled. You can disable the MSDP peering relationships temporarily by shutting down the MSDP peers. As a result, SA messages cannot be transmitted between such two peers.

  • Page 446: Configuring The Transmission And Filtering Of Sa Request Messages

    Operation Manual – Multicast Protocol Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 8 MSDP Configuration 8.4.1 Configuration Prerequisites Before you configure SA message transmission, perform the following tasks: Configuring a unicast routing protocol. Configuring basic IP multicast functions. Configuring basic PIM-SM functions.

  • Page 447: Configuring A Rule For Filtering The Multicast Sources Of Sa Messages

    Operation Manual – Multicast Protocol Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 8 MSDP Configuration Table 8-8 Configure the transmission and filtering of SA request messages Operation Command Description — Enter system view system-view — Enter MSDP view Msdp Optional...

  • Page 448: Configuring A Rule For Filtering Received And Forwarded Sa Messages

    Operation Manual – Multicast Protocol Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 8 MSDP Configuration Operation Command Description Optional You can configure the rule for filtering related multicast Configure filter import-source group IP addresses in ACL. multicast sources acl-number ]...

  • Page 449: Configuring Sa Message Cache

    Operation Manual – Multicast Protocol Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 8 MSDP Configuration Operation Command Description Configure Optional minimum TTL for the peer peer-address multicast packets sent By default, the value of TTL minimum-ttl ttl-value to the specified MSDP threshold is 0.
  • Page 450 Operation Manual – Multicast Protocol Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 8 MSDP Configuration Table 8-12 Display and debug MSDP configuration Operation Command Description Display brief information of MSDP display msdp brief peer state Display detailed display msdp peer-status...

  • Page 451: Msdp Configuration Example

    Operation Manual – Multicast Protocol Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 8 MSDP Configuration 8.6 MSDP Configuration Example 8.6.1 Configuration Example of Anycast RP Application I. Network requirements Each PIM-SM network is a single-BSR administrative domain, with multiple multicast sources (S) and receivers.

  • Page 452: Troubleshooting Msdp Configuration

    Operation Manual – Multicast Protocol Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 8 MSDP Configuration [SwitchC-Vlan-interface100] pim sm [SwitchC-Vlan-interface100] quit [SwitchC] interface Vlan-interface 200 [SwitchC-Vlan-interface200] pim sm [SwitchC-Vlan-interface200] quit [SwitchC] interface Vlan-interface 110 [SwitchC-Vlan-interface110] pim sm [SwitchC-Vlan-interface110] quit # Configure the same Loopback10 interface address on SwitchC and SwitchD and configure the locations of C-BSR and C-RP.

  • Page 453: No Sa Entry In The Sa Cache Of The Router

    Operation Manual – Multicast Protocol Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 8 MSDP Configuration address of local connect-interface interface is inconsistent with the peer address configured on the peer router, no TCP connection can be established. If there is no route between the two peers, no TCP connection can be established.
  • Page 454 Operation Manual – 802.1x Quidway S3900 Series Ethernet Switches-Release 1510 Table of Contents Table of Contents Chapter 1 802.1x Configuration ....................1-1 1.1 Introduction to 802.1x ......................1-1 1.1.1 Architecture of 802.1x Authentication ..............1-1 1.1.2 The Mechanism of an 802.1x Authentication System..........1-3 1.1.3 Encapsulation of EAPoL Messages ................

  • Page 455: Chapter 1 802.1X Configuration

    Operation Manual – 802.1x Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 802.1x Configuration Chapter 1 802.1x Configuration 1.1 Introduction to 802.1x The 802.1x protocol (802.1x for short) was developed by IEEE802 LAN/WAN committee to address security issues of wireless LANs. It was then used in Ethernet as a common access control mechanism for LAN ports to address mainly authentication and security problems.
  • Page 456 Operation Manual – 802.1x Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 802.1x Configuration The authenticator system authenticates the supplicant system. The authenticator system is usually an 802.1x-supported network device (such as a Quidway series switch). It provides the port (physical or logical) for the supplicant system to access the LAN.

  • Page 457: The Mechanism Of An 802.1X Authentication System

    Operation Manual – 802.1x Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 802.1x Configuration IV. The way a port is controlled A port of a Quidway series switch can be controlled in the following two ways. Port-based authentication. When a port is controlled in this way, all the supplicant systems connected to the port can access the network without being authenticated after one supplicant system among them passes the authentication.
  • Page 458 Operation Manual – 802.1x Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 802.1x Configuration PAE Ethernet type PAE Ethernet type Protocol version Protocol version Type Type Length Length Packet body Packet body Figure 1-3 The format of an EAPoL packet In an EAPoL packet: The PAE Ethernet type field holds the protocol identifier.
  • Page 459 Operation Manual – 802.1x Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 802.1x Configuration The Code field specifies the EAP packet type, which can be Request, Response, Success, or Failure. The Identifier field is used to match a Response packets with the corresponding Request packet.

  • Page 460: X Authentication Procedure

    Operation Manual – 802.1x Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 802.1x Configuration Message-authenticator field, otherwise the packet is regarded as invalid and is discarded. type=80 length=18 string... Figure 1-7 The format of an Message-authenticator field 1.1.4 802.1x Authentication Procedure A Quidway 3900 series switch can authenticate supplicant systems in EAP terminating mode or EAP relay mode.
  • Page 461 Operation Manual – 802.1x Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 802.1x Configuration EAPoR EAPoR EAPoR EAPoL EAPoL EAPoL RADIUS server RADIUS server RADIUS server RADIUS server RADIUS server RADIUS server RADIUS server RADIUS server RADIUS server RADIUS server...
  • Page 462 Operation Manual – 802.1x Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 802.1x Configuration Upon receiving the key(encapsulated in an EAP-request/MD5 challenge packet) from the switch, the client program encrypts the password of the supplicant system with the key and sends the encrypted password (contained in an EAP-response/MD5 challenge packet) to the RADIUS server through the switch.

  • Page 463: X Timer

    Operation Manual – 802.1x Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 802.1x Configuration EAPOL EAPOL EAPOL RADIUS RADIUS RADIUS RADIUS ser ver RADIUS ser ver RADIUS ser ver Supplicant Supplicant Supplicant Switc h Switc h Switc h system system...

  • Page 464: X Implementation On An S3900 Series Switch

    Operation Manual – 802.1x Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 802.1x Configuration another request/identity packet to the supplicant system if the supplicant system fails to send a reply packet to the switch when this timer times out. The second case is when the switch authenticates the 802.1x client who does not request for...
  • Page 465 Note: The client-checking function needs the support of Huawei’s 802.1x client program. The proxy detecting function should be enabled on both the 802.1x client program and CAMS. The client version detecting should be enabled on the switch (achieved via the dot1x version-check command).

  • Page 466: X Configuration

    Operation Manual – 802.1x Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 802.1x Configuration Note: The client-version-checking function needs the support of Huawei’s 802.1x client program. III. The Guest VLAN function The Guest VLAN function enables supplicant systems that do not pass the authentication to access a LAN in a restrained way.

  • Page 467: Basic 802.1X Configuration

    Operation Manual – 802.1x Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 802.1x Configuration If you specify to use the RADIUS scheme, that is to say the supplicant systems are authenticated by a remote RADIUS server, you need to configure the related user names and passwords on the RADIUS server and perform RADIUS client-related configuration on the switches.

  • Page 468: Timer And Maximum User Number Configuration

    Operation Manual – 802.1x Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 802.1x Configuration Operation Command Description Optional dot1x port-control port access authorized-force By default, an 802.1x-enabled control mode for unauthorized-force | auto } port operates in an auto specified ports [ interface interface-list ] mode.
  • Page 469 Operation Manual – 802.1x Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 802.1x Configuration Operation Command Description In system view: dot1x max-user Configure Optional user-number interface maximum number interface-list ] default, concurrent concurrent on-line users are on-line users for In port view: allowed on each port.

  • Page 470: Advanced 802.1X Configuration

    Operation Manual – 802.1x Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 802.1x Configuration 1.5 Advanced 802.1x Configuration Advanced 802.1x configurations, as listed below, are all optional. CAMS cooperation configuration, including multiple network adapters detecting, proxy detecting, and so on.

  • Page 471: Configuring Client Version Checking

    Chapter 1 802.1x Configuration Note: The proxy checking function needs the support of Huawei's 802.1x client program. The configuration listed in Table 1-3 takes effect only when it is performed on CAMS as well as on the switch and the client version checking function is enabled on the switch (by the dot1x version-check command).

  • Page 472: Configuring Guest Vlan

    Operation Manual – 802.1x Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 802.1x Configuration Table 1-5 Enable DHCP-triggered authentication Operation Command Description — Enter system view system-view Optional Enable DHCP-triggered dot1x dhcp-launch By default, DHCP-triggered authentication authentication is disabled. 1.5.5 Configuring Guest VLAN...

  • Page 473: X Configuration Example

    Operation Manual – 802.1x Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 802.1x Configuration Table 1-7 Display and debug 802.1x Operation Command Description Display the configuration, display dot1x [ sessions You can execute the session, statistics | statistics ] [ interface display command in any information about 802.1x...
  • Page 474 Operation Manual – 802.1x Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 802.1x Configuration servers with the domain name truncated. Connected to the switch is a server group comprised of two RADIUS servers whose IP addresses are 10.11.1.1 and 10.11.1.2 respectively, with the former being the primary authentication and the secondary counting server, and the latter the secondary authentication and the primary counting server.
  • Page 475 Operation Manual – 802.1x Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 802.1x Configuration # Enable 802.1x globally. <Quidway> system-view System View: return to User View with Ctrl+Z. [Quidway] dot1x # Enable 802.1x for Ethernet1/0/1 port. [Quidway] dot1x interface Ethernet 1/0/1 # Set the access control method to be MAC-address-based ( can be omitted as MAC-address-based is the default configuration).
  • Page 476 Operation Manual – 802.1x Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 802.1x Configuration # Specify to adopt radius1 as the RADIUS scheme of the user domain. If RADIUS server is invalid, specify to adopt local authentication scheme. [Quidway-isp-aabbcc.net] scheme radius-scheme radius1 local # Specify the maximum number of users the user domain can accommodate to 30.

  • Page 477: Introduction To Habp

    802.1x, their received packets will be filtered. This means that users can no longer manage the attached switches. To address this problem, Huawei authentication bypass protocol (HABP) has been developed. An HABP packet carries the MAC addresses of the attached switches with it. It can bypass the 802.1x authentications when traveling between HABP-enabled switches,...

  • Page 478: Habp Client Configuration

    Operation Manual – 802.1x Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 2 HABP Configuration Operation Command Description Required Enable HABP habp enable HABP is enabled by default. Required By default, a switch operates as an HABP client after you Configure...
  • Page 479 Operation Manual – 802.1x Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 2 HABP Configuration Table 2-3 Display HABP Operation Command Description Display HABP configuration and status display habp information You can execute the display command in any Display the MAC address...
  • Page 480 Operation Manual – AAA & RADIUS & HWTACACS & EAD Quidway S3900 Series Ethernet Switches-Release 1510 Table of Contents Table of Contents Chapter 1 AAA & RADIUS & HWTACACS Configuration ............1-1 1.1 Overview ..........................1-1 1.1.1 Introduction to AAA ....................1-1 1.1.2 Introduction to ISP Domain ..................
  • Page 481 Operation Manual – AAA & RADIUS & HWTACACS & EAD Quidway S3900 Series Ethernet Switches-Release 1510 Table of Contents 1.7.1 Remote RADIUS Authentication of Telnet/SSH Users ......... 1-43 1.7.2 Local Authentication of FTP/Telnet Users ............1-45 1.7.3 TACACS Authentication/Authorization of Telnet Users ........1-46 1.8 Troubleshooting AAA &...

  • Page 482: Introduction To Aaa

    Operation Manual – AAA & RADIUS & HWTACACS & EAD Chapter 1 AAA & RADIUS & HWTACACS Quidway S3900 Series Ethernet Switches-Release 1510 Configuration Chapter 1 AAA & RADIUS & HWTACACS Configuration 1.1 Overview 1.1.1 Introduction to AAA AAA is shortened from the three security functions: authentication, authorization and accounting.

  • Page 483: Introduction To Radius

    Operation Manual – AAA & RADIUS & HWTACACS & EAD Chapter 1 AAA & RADIUS & HWTACACS Quidway S3900 Series Ethernet Switches-Release 1510 Configuration bound together, and you cannot perform RADIUS authorization alone without RADIUS authentication. HWTACACS authorization: Users are authorized by TACACS server.
  • Page 484 Operation Manual – AAA & RADIUS & HWTACACS & EAD Chapter 1 AAA & RADIUS & HWTACACS Quidway S3900 Series Ethernet Switches-Release 1510 Configuration Server: The RADIUS server runs on a computer or workstation at the center. It stores and maintains the information on user authentication and network service access.
  • Page 485 Operation Manual – AAA & RADIUS & HWTACACS & EAD Chapter 1 AAA & RADIUS & HWTACACS Quidway S3900 Series Ethernet Switches-Release 1510 Configuration RADIUS RADIUS RADIUS RADIUS RADIUS RADIUS RADIUS RADIUS Server server Server server Client client Client client...
  • Page 486 Operation Manual – AAA & RADIUS & HWTACACS & EAD Chapter 1 AAA & RADIUS & HWTACACS Quidway S3900 Series Ethernet Switches-Release 1510 Configuration III. RADIUS packet structure RADIUS uses UDP to transmit messages. It ensures the correct message exchange between RADIUS server and client through the following mechanisms: timer management, retransmission, and backup server.
  • Page 487 Operation Manual – AAA & RADIUS & HWTACACS & EAD Chapter 1 AAA & RADIUS & HWTACACS Quidway S3900 Series Ethernet Switches-Release 1510 Configuration Code Packet type Packet description Direction: server->client. The server transmits this packet to the client to notify...
  • Page 488 Operation Manual – AAA & RADIUS & HWTACACS & EAD Chapter 1 AAA & RADIUS & HWTACACS Quidway S3900 Series Ethernet Switches-Release 1510 Configuration Value of Value of the Type the Type Attribute type Attribute type field field Framed-IP-Address Called-Station-Id...

  • Page 489: Introduction To Hwtacacs

    1.1.4 Introduction to HWTACACS I. What is HWTACACS HUAWEI Terminal Access Controller Access Control System (HWTACACS) is an enhanced security protocol based on TACACS (RFC1492). Similar to the RADIUS protocol, it implements AAA for different types of users (such as PPP/VPDN login users and terminal users) through communications with TACACS servers in the Client-Server mode.
  • Page 490 Operation Manual – AAA & RADIUS & HWTACACS & EAD Chapter 1 AAA & RADIUS & HWTACACS Quidway S3900 Series Ethernet Switches-Release 1510 Configuration 终端用户 终端用户 TACACS 服务器 TACACS 服务器 129.7.66.66 129.7.66.66 ISDN/PSTN ISDN/PSTN HWTACACS 客户端 HWTACACS 客户端 拨号用户 拨号用户...
  • Page 491 Operation Manual – AAA & RADIUS & HWTACACS & EAD Chapter 1 AAA & RADIUS & HWTACACS Quidway S3900 Series Ethernet Switches-Release 1510 Configuration HWTACACS HWTACACS HWTACACS HWTACACS User User Client Client Server Server User logs in User logs in...
  • Page 492 Operation Manual – AAA & RADIUS & HWTACACS & EAD Chapter 1 AAA & RADIUS & HWTACACS Quidway S3900 Series Ethernet Switches-Release 1510 Configuration The TACACS client sends the user authorization request packet to the TACACS server. The TACACS server sends back the authorization response, indicating that the user has passed the authorization.
  • Page 493 Operation Manual – AAA & RADIUS & HWTACACS & EAD Chapter 1 AAA & RADIUS & HWTACACS Quidway S3900 Series Ethernet Switches-Release 1510 Configuration Operation Description Related section Section 1.3.5 Configure dynamic VLAN Optional “Configuring Dynamic assignment VLAN Assignment” Section 1.3.6...
  • Page 494 Operation Manual – AAA & RADIUS & HWTACACS & EAD Chapter 1 AAA & RADIUS & HWTACACS Quidway S3900 Series Ethernet Switches-Release 1510 Configuration Operation Description Related section Section 1.4.10 Configure the timers for “Configuring Optional RADIUS servers Timers of RADIUS Servers”...

  • Page 495: Aaa Configuration

    Operation Manual – AAA & RADIUS & HWTACACS & EAD Chapter 1 AAA & RADIUS & HWTACACS Quidway S3900 Series Ethernet Switches-Release 1510 Configuration 1.3 AAA Configuration The goal of AAA configuration is to protect network devices against unauthorized access and at the same time provide network access services to authorized users. If you need to use ISP domains to implement AAA management on access users, you need to configure the ISP domains.
  • Page 496 Operation Manual – AAA & RADIUS & HWTACACS & EAD Chapter 1 AAA & RADIUS & HWTACACS Quidway S3900 Series Ethernet Switches-Release 1510 Configuration Operation Command Description Optional By default, once an domain created, it is in the Activate/deactivate the ISP...

  • Page 497: Configuring An Aaa Scheme For An Isp Domain

    Note: Huawei's CAMS Server is a service management system used to manage networks and secure networks and user information. Cooperating with other network devices (such as switches) in a network, the CAMS Server implements the AAA (authentication, authorization and accounting) services and rights management.
  • Page 498 Operation Manual – AAA & RADIUS & HWTACACS & EAD Chapter 1 AAA & RADIUS & HWTACACS Quidway S3900 Series Ethernet Switches-Release 1510 Configuration Operation Command Description Required scheme local none Configure radius-scheme By default, the ISP scheme for the ISP...
  • Page 499 Operation Manual – AAA & RADIUS & HWTACACS & EAD Chapter 1 AAA & RADIUS & HWTACACS Quidway S3900 Series Ethernet Switches-Release 1510 Configuration Authorization: none. Accounting: RADIUS or none. You can configure combined authentication, authorization and accounting schemes by using the above implementations.

  • Page 500: Configuring Dynamic Vlan Assignment

    Operation Manual – AAA & RADIUS & HWTACACS & EAD Chapter 1 AAA & RADIUS & HWTACACS Quidway S3900 Series Ethernet Switches-Release 1510 Configuration Note: If a bound AAA scheme is configured as well as the separate authentication, authorization and accounting schemes, the separate ones will be adopted in precedence.

  • Page 501: Configuring The Attributes Of A Local User

    Operation Manual – AAA & RADIUS & HWTACACS & EAD Chapter 1 AAA & RADIUS & HWTACACS Quidway S3900 Series Ethernet Switches-Release 1510 Configuration Table 1-9 Configure dynamic VLAN assignment Operation Command Description Enter system system-view — view Create domain and enter domain isp-name —...
  • Page 502 Operation Manual – AAA & RADIUS & HWTACACS & EAD Chapter 1 AAA & RADIUS & HWTACACS Quidway S3900 Series Ethernet Switches-Release 1510 Configuration Operation Command Description Required Add a local user and enter local-user user-name By default, there is no local local user view user in the system.

  • Page 503: Cutting Down User Connections Forcibly

    Operation Manual – AAA & RADIUS & HWTACACS & EAD Chapter 1 AAA & RADIUS & HWTACACS Quidway S3900 Series Ethernet Switches-Release 1510 Configuration Caution: The character string of user-name cannot contain “/”, “:”, “*”, “?”, “<” and “>”. Moreover, “@” can be used no more than once.

  • Page 504: Radius Configuration

    Operation Manual – AAA & RADIUS & HWTACACS & EAD Chapter 1 AAA & RADIUS & HWTACACS Quidway S3900 Series Ethernet Switches-Release 1510 Configuration 1.4 RADIUS Configuration The RADIUS protocol configuration is performed on a RADIUS scheme basis. In an...

  • Page 505: Configuring Radius Authentication/Authorization Servers

    Operation Manual – AAA & RADIUS & HWTACACS & EAD Chapter 1 AAA & RADIUS & HWTACACS Quidway S3900 Series Ethernet Switches-Release 1510 Configuration Operation Command Description Optional Enable UDP port for AAA radius client enable By default, UDP port for AAA RADIUS client RADIUS client is enabled.

  • Page 506: Configuring Radius Accounting Servers

    Operation Manual – AAA & RADIUS & HWTACACS & EAD Chapter 1 AAA & RADIUS & HWTACACS Quidway S3900 Series Ethernet Switches-Release 1510 Configuration Caution: The authentication response sent from the RADIUS server to the RADIUS client carries the authorization information. Therefore, no separate authorization server can be specified.
  • Page 507 Operation Manual – AAA & RADIUS & HWTACACS & EAD Chapter 1 AAA & RADIUS & HWTACACS Quidway S3900 Series Ethernet Switches-Release 1510 Configuration Operation Command Description Optional Set the maximum number retry By default, the maximum number real-time realtime-accounting...
  • Page 508 Operation Manual – AAA & RADIUS & HWTACACS & EAD Chapter 1 AAA & RADIUS & HWTACACS Quidway S3900 Series Ethernet Switches-Release 1510 Configuration Operation Command Description Required Create a RADIUS radius scheme By default, a RADIUS scheme scheme and enter radius-scheme-name named "system"...

  • Page 509: Configuring The Supported Radius Server Type

    Operation Manual – AAA & RADIUS & HWTACACS & EAD Chapter 1 AAA & RADIUS & HWTACACS Quidway S3900 Series Ethernet Switches-Release 1510 Configuration Operation Command Description Set the maximum Optional number transmission retry retry-times By default, the system tries three attempts times to transmit a RADIUS request.

  • Page 510: Configuring The Attributes For Data To Be Sent To Radius Servers

    Operation Manual – AAA & RADIUS & HWTACACS & EAD Chapter 1 AAA & RADIUS & HWTACACS Quidway S3900 Series Ethernet Switches-Release 1510 Configuration Operation Command Description Required By default, a RADIUS Create a RADIUS radius scheme scheme named scheme and enter radius-scheme-name "system"...
  • Page 511 Operation Manual – AAA & RADIUS & HWTACACS & EAD Chapter 1 AAA & RADIUS & HWTACACS Quidway S3900 Series Ethernet Switches-Release 1510 Configuration Operation Command Description Optional Set the units of data-flow-format data { byte | measure giga-byte kilo-byte...

  • Page 512: Configuring A Local Radius Authentication Server

    Operation Manual – AAA & RADIUS & HWTACACS & EAD Chapter 1 AAA & RADIUS & HWTACACS Quidway S3900 Series Ethernet Switches-Release 1510 Configuration Caution: Generally, the access users are named in the userid@isp-name format. Where, isp-name behind the @ character represents the ISP domain name, by which the device determines which ISP domain it should ascribe the user to.

  • Page 513: Configuring The Timers Of Radius Servers

    Operation Manual – AAA & RADIUS & HWTACACS & EAD Chapter 1 AAA & RADIUS & HWTACACS Quidway S3900 Series Ethernet Switches-Release 1510 Configuration Caution: When you use the local RADIUS authentication server function, the UDP port number for the authentication/authorization service must be 1645, the UDP port number for the accounting service is 1646, and the IP addresses of the servers must be set to the addresses of the switch.

  • Page 514: Configuring The User Re-Authentication Upon Device Restart Function

    Operation Manual – AAA & RADIUS & HWTACACS & EAD Chapter 1 AAA & RADIUS & HWTACACS Quidway S3900 Series Ethernet Switches-Release 1510 Configuration Operation Command Description Required Create RADIUS radius scheme By default, a RADIUS scheme scheme radius-scheme-name named "system" has already enter its view been created in the system.
  • Page 515 Operation Manual – AAA & RADIUS & HWTACACS & EAD Chapter 1 AAA & RADIUS & HWTACACS Quidway S3900 Series Ethernet Switches-Release 1510 Configuration Note: The function applies to the environment where the RADIUS authentication/accounting server is CAMS. In an environment with a CAMS server, if the switch reboots after an exclusive user (a...

  • Page 516: Hwtacacs Configuration

    Operation Manual – AAA & RADIUS & HWTACACS & EAD Chapter 1 AAA & RADIUS & HWTACACS Quidway S3900 Series Ethernet Switches-Release 1510 Configuration Table 1-23 Enable the user re-authentication upon device restart function Operation Command Description Enter system view system-view —...

  • Page 517: Configuring Hwtacacs Authentication Servers

    Operation Manual – AAA & RADIUS & HWTACACS & EAD Chapter 1 AAA & RADIUS & HWTACACS Quidway S3900 Series Ethernet Switches-Release 1510 Configuration 1.5.2 Configuring HWTACACS Authentication Servers Table 1-25 Configure HWTACACS authentication servers Operation Command Description Enter system view system-view —...

  • Page 518: Configuring Hwtacacs Accounting Servers

    Operation Manual – AAA & RADIUS & HWTACACS & EAD Chapter 1 AAA & RADIUS & HWTACACS Quidway S3900 Series Ethernet Switches-Release 1510 Configuration Operation Command Description Required Set the IP address and default, port number primary authorization address of the primary...
  • Page 519 Operation Manual – AAA & RADIUS & HWTACACS & EAD Chapter 1 AAA & RADIUS & HWTACACS Quidway S3900 Series Ethernet Switches-Release 1510 Configuration Operation Command Description Required Set the IP address and default, port number secondary accounting address secondary...

  • Page 520: Configuring The Attributes For Data To Be Sent To Tacacs Servers

    Operation Manual – AAA & RADIUS & HWTACACS & EAD Chapter 1 AAA & RADIUS & HWTACACS Quidway S3900 Series Ethernet Switches-Release 1510 Configuration Operation Command Description Set a shared key Required accounting HWTACACS authorization By default, the TACACS server...

  • Page 521: Configuring The Timers Of Tacacs Servers

    Operation Manual – AAA & RADIUS & HWTACACS & EAD Chapter 1 AAA & RADIUS & HWTACACS Quidway S3900 Series Ethernet Switches-Release 1510 Configuration Caution: Generally, the access users are named in the userid@isp-name format. Where, isp-name behind the @ character represents the ISP domain name. If the TACACS...

  • Page 522: Displaying And Maintaining Aaa & Radius & Hwtacacs Information

    Operation Manual – AAA & RADIUS & HWTACACS & EAD Chapter 1 AAA & RADIUS & HWTACACS Quidway S3900 Series Ethernet Switches-Release 1510 Configuration Caution: The setting of real-time accounting interval is indispensable to real-time accounting. After an interval value is set, the device transmits the accounting information of online users to the TACACS accounting server at intervals of this value.
  • Page 523 Operation Manual – AAA & RADIUS & HWTACACS & EAD Chapter 1 AAA & RADIUS & HWTACACS Quidway S3900 Series Ethernet Switches-Release 1510 Configuration Operation Command Description display local-user [ domain isp-name | idle-cut { disable | enable } | vlan vlan-id |...

  • Page 524: Aaa & Radius & Hwtacacs Configuration Example

    Operation Manual – AAA & RADIUS & HWTACACS & EAD Chapter 1 AAA & RADIUS & HWTACACS Quidway S3900 Series Ethernet Switches-Release 1510 Configuration Table 1-33 Display and maintain HWTACACS protocol information Operation Command Description Display the configuration display hwtacacs...
  • Page 525 RADIUS server to "expert". You can use a CAMS server as the RADIUS server. If you use a third-party RADIUS server, you can select standard or huawei as the server type in the RADIUS scheme. On the RADIUS server: Set the shared key it uses to exchange packets with the switch to "expert".

  • Page 526: Local Authentication Of Ftp/Telnet Users

    Operation Manual – AAA & RADIUS & HWTACACS & EAD Chapter 1 AAA & RADIUS & HWTACACS Quidway S3900 Series Ethernet Switches-Release 1510 Configuration [Quidway-isp-cams] quit # Configure a RADIUS scheme. [Quidway] radius scheme cams [Quidway-radius-cams] accounting optional [Quidway-radius-cams] primary authentication 10.110.91.164 1812...

  • Page 527: Tacacs Authentication/Authorization Of Telnet Users

    You only need to change the server IP address, the authentication password, and the UDP port number for authentication service in configuration step "Configure a RADIUS scheme" in section 1.7.1 to 127.0.0.1, huawei, and 1645 respectively, and configure local users (whether the name of local user carries domain name should be consistent with the configuration in RADIUS scheme).

  • Page 528: Troubleshooting Aaa & Radius & Hwtacacs Configuration

    Operation Manual – AAA & RADIUS & HWTACACS & EAD Chapter 1 AAA & RADIUS & HWTACACS Quidway S3900 Series Ethernet Switches-Release 1510 Configuration II. Network diagram Authentication server Authentication server Authentication server ( IP address:10.110.91.164 ) ( IP address:10.110.91.164 ) ( IP address:10.110.91.164 )

  • Page 529: Troubleshooting The Hwtacacs Protocol

    Operation Manual – AAA & RADIUS & HWTACACS & EAD Chapter 1 AAA & RADIUS & HWTACACS Quidway S3900 Series Ethernet Switches-Release 1510 Configuration Possible reasons and solutions: The user name is not in the userid@isp-name format, or no default ISP domain is specified on the switch —...

  • Page 530: Introduction To Ead

    Operation Manual – AAA & RADIUS & HWTACACS & EAD Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 2 EAD Configuration Chapter 2 EAD Configuration 2.1 Introduction to EAD Endpoint admission defense (EAD) is an attack defense solution that monitors endpoint admission.

  • Page 531: Ead Configuration

    Operation Manual – AAA & RADIUS & HWTACACS & EAD Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 2 EAD Configuration The security client (software installed on PC) checks the security status of a client that just passes the authentication, and interacts with the security policy server. If the client is not compliant with the security standard, the security policy server issues ACL control packets to the switch, which then grants the client to access the virus patch server only.
  • Page 532 Operation Manual – AAA & RADIUS & HWTACACS & EAD Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 2 EAD Configuration A user is connected to Ethernet1/0/1 of the switch The user adopts 802.1X client supporting H3C extended function By configuring the switch, user remote authentication is implemented through RADIUS server and EAD control is achieved through security policy server.
  • Page 533 Operation Manual – AAA & RADIUS & HWTACACS & EAD Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 2 EAD Configuration [Quidway] radius scheme cams [Quidway-radius-cams] primary authentication 10.110.91.164 1812 [Quidway-radius-cams] key authentication expert [Quidway-radius-cams] server-type huawei # Configure the IP address for the security policy server.
  • Page 534 Operation Manual – VRRP Quidway S3900 Series Ethernet Switches-Release 1510 Table of Contents Table of Contents Chapter 1 VRRP Configuration ....................1-1 1.1 VRRP Overview ......................... 1-1 1.1.1 Virtual Router Overview ..................1-2 1.1.2 Introduction to Backup Group ................. 1-4 1.1.3 Introduction to the Port Tracking Function ..............

  • Page 535: Vrrp Overview

    Operation Manual – VRRP Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 VRRP Configuration Chapter 1 VRRP Configuration Note: The S3900-EI series switches support the VRRP feature, but not the S3900-SI series. 1.1 VRRP Overview Virtual router redundancy protocol (VRRP) is a fault-tolerant protocol.

  • Page 536: Virtual Router Overview

    Operation Manual – VRRP Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 VRRP Configuration Network Actual IP address10.100.10.2 Actual IP address10.100.10.3 Master Backup Virtual IP address10.100.10.1 Virtual IP address10.100.10.1 Ethernet 10.100.10.7 10.100.10.8 10.100.10.9 Host 1 Host 2 Host 3 Figure 1-2 Virtual router The switches in a backup group have the following features: This virtual router has its own IP address: 10.100.10.1 (which can be the interface...
  • Page 537 Operation Manual – VRRP Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 VRRP Configuration A backup group is established if it is assigned an IP address for the first time. If you then add other IP addresses to the backup group, the IP addresses are added to the virtual router IP address list of the backup group.

  • Page 538: Introduction To Backup Group

    Operation Manual – VRRP Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 VRRP Configuration 1.1.2 Introduction to Backup Group I. Configurations available on switches in a backup group VRRP can group switches in a LAN into a virtual router, which is also known as a backup group.
  • Page 539 Operation Manual – VRRP Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 VRRP Configuration III. Configuring preemptive mode for a switch in a backup group As long as a switch in the backup group becomes the master switch, other switches, even if they are configured with a higher priority later, do not preempt the master switch unless they operate in preemptive mode.

  • Page 540: Introduction To The Port Tracking Function

    Operation Manual – VRRP Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 VRRP Configuration VRRP packets from the master after a specific period (determined by the master-down-interval argument), they consider the master is down and initiates the process to determine the master switch.

  • Page 541: Vrrp Configuration

    Operation Manual – VRRP Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 VRRP Configuration You can control the priority of the VRRP backup group according to the auto detect result to enable automatic switch between the master switch and the standby switch as...

  • Page 542: Configuring Backup Group-Related Parameters

    Operation Manual – VRRP Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 VRRP Configuration Operation Command Description — This operation creates the VLAN to which the backup Create a VLAN vlan vlan-id group corresponds. vlan-id argument is the ID of the VLAN.

  • Page 543: Configuring The Port Tracking Function

    Operation Manual – VRRP Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 VRRP Configuration Operation Command Description Optional Specify vrrp vrid virtual-router-id value-reduced: Value interface track vlan-interface vlan-id which the priority is to be tracked [ reduced value-reduced ] reduced.

  • Page 544: Displaying And Maintaining Vrrp

    Operation Manual – VRRP Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 VRRP Configuration Table 1-6 Configure the auto detect function for VRRP Operation Command Description Enter system view system-view — Enter VLAN interface vlan-interface — interface view vlan-id Vrrp...
  • Page 545 Operation Manual – VRRP Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 VRRP Configuration Virtual router IP address: 202.38.160.111 Master switch: Switch A Backup switch: Switch B Preemptive mode: enabled Table 1-8 Network description Ethernet port IP address of Switch...
  • Page 546 Operation Manual – VRRP Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 VRRP Configuration [LSW-A-Vlan-interface2] ip address 202.38.160.1 255.255.255.0 [LSW-A-Vlan-interface2] quit # Enable a backup group to respond to ping operations destined for its virtual router IP address. [LSW-A] vrrp ping-enable # Create a backup group.

  • Page 547: Vrrp Tracking Interface Configuration

    Operation Manual – VRRP Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 VRRP Configuration 1.4.2 VRRP Tracking Interface Configuration I. Network requirements Even when Switch A is still functioning, Switch B (with another link to connect with the outside) can function as a gateway when the interface on Switch A and connecting to Internet does not function properly.
  • Page 548 Operation Manual – VRRP Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 VRRP Configuration # Configure that the virtual router can be pinged. [LSW-A] vrrp ping-enable # Create a backup group. [LSW-A] interface Vlan-interface 2 [LSW-A-Vlan-interface2] vrrp vrid 1 virtual-ip 202.38.160.111 # Set the priority for the backup group.

  • Page 549: Multiple-Vrrp Backup Group Configuration

    Operation Manual – VRRP Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 VRRP Configuration When VLAN 3 interface recovers, switch A will resume its gateway function as the master. 1.4.3 Multiple-VRRP Backup Group Configuration I. Network requirements A switch can function as backup switches of multiple backup groups.

  • Page 550: Port Tracking Configuration Example

    Operation Manual – VRRP Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 VRRP Configuration [LSW-A-vlan2] quit [LSW-A] interface Vlan-interface 2 [LSW-A-Vlan-interface2] ip address 202.38.160.1 255.255.255.0 # Create backup group 1. [LSW-A-Vlan-interface2] vrrp vrid 1 virtual-ip 202.38.160.111 # Set the priority for backup group 1.
  • Page 551 Operation Manual – VRRP Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 VRRP Configuration The master switch is connected to the upstream network through its Ethernet1/0/1 port. The backup switch is connected to the upstream network through its Ethernet1/0/2 port.

  • Page 552: Vrrp Auto Detect Configuration Example

    Operation Manual – VRRP Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 VRRP Configuration 1.4.5 VRRP Auto Detect Configuration Example I. Network requirements Switch B and switch D form VRRP backup group 1, whose virtual IP address is 192.168.1.10.Packets sourced from Switch A and destined for Switch C is forwarded by Switch B under normal situations.

  • Page 553: Troubleshooting Vrrp

    Operation Manual – VRRP Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 VRRP Configuration # Set the backup group priority value of switch B to 110, and specify to decrease the priority value by 20 when the result of detecting group 9 is unreachable.
  • Page 554 Operation Manual – VRRP Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 VRRP Configuration III. Symptom 3: VRRP state of a switch changes repeatedly Such problems occur when the backup group timer duration is too short. They can be solved through prolonging the duration or configuring the preemption delay period.
  • Page 555 Operation Manual -- Centralized MAC Address Authentication Quidway S3900 Series Ethernet Switches-Release 1510 Table of Contents Table of Contents Chapter 1 Centralized MAC Address Authentication Configuration........1-1 1.1 Centralized MAC Address Authentication Overview ............1-1 1.2 Centralized MAC Address Authentication Configuration ........... 1-2 1.2.1 Enabling Centralized MAC Address Authentication Globally........

  • Page 556: Authentication Configuration

    Operation Manual -- Centralized MAC Address Authentication Chapter 1 Centralized MAC Address Quidway S3900 Series Ethernet Switches-Release 1510 Authentication Configuration Chapter 1 Centralized MAC Address Authentication Configuration 1.1 Centralized MAC Address Authentication Overview Centralized MAC address authentication is port-/MAC address-based authentication used to control user permissions to access a network.

  • Page 557: Centralized Mac Address Authentication Configuration

    Operation Manual -- Centralized MAC Address Authentication Chapter 1 Centralized MAC Address Quidway S3900 Series Ethernet Switches-Release 1510 Authentication Configuration For fixed mode, configure the user names and passwords as that for fixed mode. The service type of a local user needs to be configured as lan-access.

  • Page 558: Configuring Centralized Mac Address Authentication Mode

    Operation Manual -- Centralized MAC Address Authentication Chapter 1 Centralized MAC Address Quidway S3900 Series Ethernet Switches-Release 1510 Authentication Configuration Operation Command Description Required Enable centralized address mac-authentication By default, centralized MAC authentication interface interface-list address authentication specified ports disabled on a port.

  • Page 559: Configuring The Isp Domain For Mac Address Authentication Users

    Operation Manual -- Centralized MAC Address Authentication Chapter 1 Centralized MAC Address Quidway S3900 Series Ethernet Switches-Release 1510 Authentication Configuration Operation Command Description Required for fixed mode Set a user name mac-authentication By default, the user name is for fixed mode...

  • Page 560: Displaying And Debugging Centralized Mac Address Authentication

    Operation Manual -- Centralized MAC Address Authentication Chapter 1 Centralized MAC Address Quidway S3900 Series Ethernet Switches-Release 1510 Authentication Configuration Table 1-6 Configure the timers used in centralized MAC address authentication Operation Command Description Enter system view system-view — Optional...
  • Page 561 Operation Manual -- Centralized MAC Address Authentication Chapter 1 Centralized MAC Address Quidway S3900 Series Ethernet Switches-Release 1510 Authentication Configuration Note: Centralized MAC address authentication configuration is similar to that of 802.1x. In this example, the differences between the two lie in: Centralized MAC address authentication needs to be enabled both globally and for port.
  • Page 562 Operation Manual – ARP Quidway S3900 Series Ethernet Switches-Release 1510 Table of Contents Table of Contents Chapter 1 ARP Configuration....................... 1-1 1.1 Introduction to ARP......................1-1 1.1.1 Necessity of the Address Resolution ..............1-1 1.1.2 ARP Packet Structure ..................... 1-1 1.1.3 ARP Table .......................

  • Page 563: Chapter 1 Arp Configuration

    Operation Manual – ARP Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 ARP Configuration Chapter 1 ARP Configuration 1.1 Introduction to ARP Address resolution protocol (ARP) is used to map IP addresses to the corresponding MAC addresses so that packets can be delivered to their destinations correctly.

  • Page 564: Arp Table

    Operation Manual – ARP Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 ARP Configuration Field Description Identifies the type of the protocol used by the sending device. Normally, the field takes the Protocol type value of 1 in TCP/IP networks, which stands for EtherType.

  • Page 565: Arp Implementation Procedure

    Operation Manual – ARP Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 ARP Configuration mapping table. S3900 series Ethernet switches provide the display arp command to display the information about ARP mapping entries. Figure 1-2 shows the structure of an ARP mapping table.
  • Page 566 Operation Manual – ARP Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 ARP Configuration Suppose there are two hosts on the same network segment: Host A and Host B. The IP address of Host A is IP_A and that of Host B is IP_B. To send a packet to Host B, Host A checks its own ARP mapping table first to see if the ARP entry corresponding to IP_B exists.

  • Page 567: Introduction To Gratuitous Arp

    Operation Manual – ARP Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 ARP Configuration Figure 1-3 ARP work flow Once ARP is deployed, the ARP work flow is automatically processed. 1.1.5 Introduction to Gratuitous ARP The following are the characteristics of gratuitous ARP packets:...

  • Page 568: Arp Configuration

    Operation Manual – ARP Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 ARP Configuration When the gratuitous ARP packet learning function is enabled on a switch and the switch receives a gratuitous ARP packet, the switch updates the existing ARP entry (contained in the cache of the switch) that matches the received gratuitous ARP packet using the hardware address of the sender carried in the gratuitous ARP packet.

  • Page 569: Configuring The Arp Aging Timer For Dynamic Arp Entries

    Operation Manual – ARP Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 ARP Configuration Caution: Static ARP mapping entries are valid as long as the Ethernet switch operates. But the following operations result in ARP entries being removed: changing/removing a VLAN interface, removing a VLAN, or removing a port from a VLAN.

  • Page 570: Displaying And Debugging Arp

    Operation Manual – ARP Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 ARP Configuration 1.3 Gratuitous ARP Packet Configuration 1.3.1 Configuring Sending of Gratuitous ARP Packets Sending of gratuitous ARP packets is enabled as long as an S3900 series switch operates.
  • Page 571 Operation Manual – ARP Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 ARP Configuration Operation Command Description Execute this Clear specific ARP reset arp [ dynamic | static | interface command in user mapping entries interface-type interface-number ] view. Huawei Technologies Proprietary...

  • Page 572: Resilient Arp Configuration

    Operation Manual – ARP Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 2 Resilient ARP Configuration Chapter 2 Resilient ARP Configuration 2.1 Introduction to Resilient ARP In intelligent resilient framework (IRF) network application, normally you need to connect redundancy links between the fabric and other devices to support the resilient network.

  • Page 573: Resilient Arp Configuration Example

    Operation Manual – ARP Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 2 Resilient ARP Configuration Operation Command Description Required Enable the Resilient ARP resilient-arp enable By default, the Resilient function ARP function is enabled. Optional Configure VLAN resilient-arp interface By default, Resilient ARP...
  • Page 574 Operation Manual – ARP Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 2 Resilient ARP Configuration II. Network diagram Switch Switch Switch Switch Unit 1 Unit 1 Unit 1 Unit 1 Unit3 Unit3 Unit3 Unit3 Unit 4 Unit 4 Unit 4...
  • Page 575 Operation Manual - DHCP Quidway S3900 Series Ethernet Switches-Release 1510 Table of Contents Table of Contents Chapter 1 DHCP Overview......................1-1 1.1 Introduction to DHCP......................1-1 1.2 DHCP IP Address Assignment ..................1-1 1.2.1 IP Address Assignment Policy ................1-1 1.2.2 Obtaining IP Addresses Dynamically..............
  • Page 576 Operation Manual - DHCP Quidway S3900 Series Ethernet Switches-Release 1510 Table of Contents 2.4.2 Configuring Private DHCP Server Detecting ............2-23 2.4.3 Configuring IP Address Detecting ................. 2-24 2.5 Option 82 Supporting Configuration ................2-25 2.5.1 Introduction to DHCP-Server Option 82..............2-25 2.5.2 Configuration Prerequisites...................

  • Page 577: Introduction To Dhcp

    Operation Manual - DHCP Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 DHCP Overview Chapter 1 DHCP Overview 1.1 Introduction to DHCP With networks getting larger in size and more complicated in structure, lack of available IP addresses becomes the common situation the network administrators have to face, and network configuration becomes a tough task for the network administrators.

  • Page 578: Obtaining Ip Addresses Dynamically

    Operation Manual - DHCP Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 DHCP Overview Dynamic assignment. The DHCP server assigns IP addresses to DHCP clients for predetermined period of time. In this case, a DHCP client must apply for an IP address at the expiration of the period.

  • Page 579: Dhcp Packet Format

    Operation Manual - DHCP Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 DHCP Overview By default, a DHCP client updates its IP address lease automatically by unicasting a DHCP-REQUEST packet to the DHCP server when half of the lease time elapses. The DHCP server responds with a DHCP-ACK packet to notify the DHCP client of a new IP lease if the server can assign the same IP address to the client.

  • Page 580: Dhcp Packet Processing Modes

    Operation Manual - DHCP Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 DHCP Overview flags: The first bit is the broadcast response flag bit. It is used to identify that the DHCP response packet is sent in the unicast or broadcast mode. Other bits are reserved.
  • Page 581 Operation Manual - DHCP Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 DHCP Overview RFC1542: Clarifications and Extensions for the Bootstrap Protocol Huawei Technologies Proprietary...

  • Page 582: Introduction To Dhcp Server

    Operation Manual - DHCP Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 2 DHCP Server Configuration Chapter 2 DHCP Server Configuration Note: The contents of this chapter are only applicable to the S3900-EI series among S3900 Series Switches. 2.1 Introduction to DHCP Server 2.1.1 Usage of DHCP Server...

  • Page 583: Dhcp Address Pool

    Operation Manual - DHCP Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 2 DHCP Server Configuration DHCP is an UDP-based protocol operating at the application layer. When a DHCP server in a fabric system runs on a Layer 2 network device, DHCP packets are directly forwarded by hardware instead of being delivered to the DHCP server, or being redirected to the master unit by UDP HELPER.

  • Page 584: Dhcp Ip Address Preferences

    Operation Manual - DHCP Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 2 DHCP Server Configuration If an interface is configured with a valid unicast IP address, you can create an interface-based address pool for the interface by executing the dhcp select interface command in interface view.

  • Page 585: Configuration Overview

    Operation Manual - DHCP Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 2 DHCP Server Configuration The first IP address found among the available IP addresses in the DHCP address pool. If no IP address is available, the DHCP server queries lease-expired and conflicted IP addresses.
  • Page 586 Operation Manual - DHCP Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 2 DHCP Server Configuration Configuration task Remarks Section 2.2.9 Configure the connection between Configuring Connection the DHCP global address pool and Optional Between a DHCP Global the BIMS server Address Pool and a BIMS Server”...

  • Page 587: Configuring Global Address Pool Mode On Interface(S)

    Operation Manual - DHCP Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 2 DHCP Server Configuration 2.2.3 Configuring Global Address Pool Mode on Interface(s) You can configure the global address pool mode on the specified or all interfaces of a DHCP server. After that, when the DHCP server receives DHCP packets from DHCP clients through these interfaces, it assigns IP addresses in the global address pool to the DHCP clients.
  • Page 588 Operation Manual - DHCP Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 2 DHCP Server Configuration When some DHCP clients send DHCP-DISCOVER packets to the DHCP server to apply for IP addresses, they construct client IDs and add them in the DHCP-DISCOVER packets.
  • Page 589 Operation Manual - DHCP Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 2 DHCP Server Configuration Note: The static-bind ip-address command and the static-bind mac-address command or the static-bind client-identifier command must be coupled. In the same global DHCP address pool, if you configure the static-bind client-identifier command after configuring the static-bind mac-address command, the new configuration overwrites the previous one.
  • Page 590 Operation Manual - DHCP Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 2 DHCP Server Configuration The lease time can differ with address pools. But that of the IP addresses of the same address pool are the same. Lease time is not inherited, that is to say, the lease time of a child address pool is not affected by the configuration of the parent address pool.
  • Page 591 Operation Manual - DHCP Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 2 DHCP Server Configuration Note: In the same DHCP global address pool, the network command can be executed repeatedly. In this case, the new configuration overwrites the previous one.

  • Page 592: Configuring Netbios Services For The Dhcp Server

    Operation Manual - DHCP Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 2 DHCP Server Configuration 2.2.6 Configuring NetBIOS Services for the DHCP Server For Microsoft Windows-based DHCP clients that communicate through NetBIOS protocol, the host name-to-IP address translation is carried out by Windows internet naming service (WINS) servers.

  • Page 593: Customizing Dhcp Service

    Operation Manual - DHCP Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 2 DHCP Server Configuration Operation Command Description Optional Configure DHCP By default, no NetBIOS node clients to be of a netbios-type { b-node | type of the DHCP client is...

  • Page 594: Configuring Connection Between A Dhcp Global Address Pool And A Bims Server

    2.2.9 Configuring Connection Between a DHCP Global Address Pool and a BIMS Server Branch intelligent management system (BIMS) is a kind of network management software, provided by Huawei Technologies Co., Ltd. With BIMS you can manage and monitor network devices that dynamically obtain IP addresses universally and effectively.

  • Page 595: Interface Address Pool-Based Dhcp Server Configuration

    Operation Manual - DHCP Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 2 DHCP Server Configuration 2.3 Interface Address Pool-based DHCP Server Configuration Caution: In the interface address pool mode, after the addresses in the interface address pool have been assigned, the DHCP server picks IP addresses from the global interface address pool containing the segment of the interface address pool and assigns them to the DHCP clients.
  • Page 596 Operation Manual - DHCP Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 2 DHCP Server Configuration Configuration task Remarks Section Configure to bind among address these Configure statically options assign 2.3.4 “Configuring DHCP clients required. addresses Assign IP Addresses of These...

  • Page 597: Configuring To Assign The Ip Addresses Of Interface Address Pools To Dhcp Clients

    Operation Manual - DHCP Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 2 DHCP Server Configuration 2.3.3 Configuring to Assign the IP Addresses of Interface Address Pools to DHCP Clients If the DHCP server works in the interface address pool mode, it picks IP addresses from the interface address pools and assigns them to the DHCP clients.

  • Page 598: Configuring To Assign Ip Addresses Of Dhcp Address Pools To Dhcp Clients

    Operation Manual - DHCP Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 2 DHCP Server Configuration 2.3.4 Configuring to Assign IP Addresses of DHCP Address Pools to DHCP Clients You can assign IP addresses by static binding or assign IP addresses dynamically to DHCP clients as needed.
  • Page 599 Operation Manual - DHCP Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 2 DHCP Server Configuration Note: The IP addresses statically bound in interface address pools and the interface IP addresses must be in the same segment. There is no limit to the number of IP addresses statically bound in an interface address pool, but the IP addresses statically bound in interface address pools and the interface IP addresses must be in the same segment.
  • Page 600 Operation Manual - DHCP Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 2 DHCP Server Configuration Operation Command Description dhcp server expired { day Configure day [ hour hour [ minute multiple minute ] ] | unlimited } interfaces { interface interface-type...

  • Page 601: Configuring Netbios Services For Dhcp Clients

    Operation Manual - DHCP Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 2 DHCP Server Configuration Table 2-16 Configure DNS services for the DHCP server Operation Command Description Enter system view system-view — interface interface-type interface-number Configure current dhcp server domain-name...
  • Page 602 Operation Manual - DHCP Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 2 DHCP Server Configuration B-node. Nodes of this type establish their mappings through broadcasting (The character b stands for the word broadcast). The source node obtains the IP address of the destination node by sending the broadcast packet containing the host name of the destination node.
  • Page 603 Operation Manual - DHCP Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 2 DHCP Server Configuration Operation Command Description interface interface-type interface-number Configure dhcp server netbios-type Required the current Configure { b-node | h-node | m-node | default, interface NetBIOS p-node }...

  • Page 604: Dhcp Security Configuration

    Operation Manual - DHCP Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 2 DHCP Server Configuration 2.3.8 Configure Connection Between the DHCP Interface Address Pool and the BIMS Server After configuring the connection between the DHCP interface address pool and the BIMS server, you can enable the BIMS server to manage the devices that have obtained IP addresses from the interface address pool.

  • Page 605: Configuring Ip Address Detecting

    Operation Manual - DHCP Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 2 DHCP Server Configuration Table 2-20 Enable detection of a private DHCP server Operation Command Description Enter system view system-view — Required Enable the private By default, the private DHCP...

  • Page 606: Option 82 Supporting Configuration

    2.6.1 Introduction to Option 184 Option 184 is an RFC reserved option, and the information it carries can be customized. Huawei-3Com defines four proprietary sub-options for this option, enabling the DHCP server to put the information required by a DHCP client in the response packet to the client.
  • Page 607 Operation Manual - DHCP Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 2 DHCP Server Configuration I. Basic concept The four sub-options of option 184 mainly carry information about voice. The following lists the sub-options and the carried information: option: An option in a DHCP message. This option may be a field in variable length.
  • Page 608 Operation Manual - DHCP Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 2 DHCP Server Configuration Sub-option Feature Function Note The alternate NCP server identified by sub-option option 184 acts as the backup of the AS-IP NCP server. The AS-IP sub-option...
  • Page 609 Operation Manual - DHCP Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 2 DHCP Server Configuration Sub-option Feature Function Note The fail-over call routing sub-option carries address fail-over call When routing and the server associated dial unreachable, a SIP number. The IP...

  • Page 610: Configuring The Option 184 Supporting Function

    Operation Manual - DHCP Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 2 DHCP Server Configuration Note: Only when the DHCP client specifies in option 55 of the request packet that it requires option 184, does the DHCP server add option 184 in the response packet sent to the client.
  • Page 611 Operation Manual - DHCP Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 2 DHCP Server Configuration Operation Command Description dhcp server voice-config as-ip Configure the AS-IP ip-address interface sub-option interface-type interface-number [ to interface-type interface-number ] } dhcp server voice-config Configure the voice...
  • Page 612 Operation Manual - DHCP Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 2 DHCP Server Configuration Operation Command Description Configure interface operate in DHCP server mode dhcp select and assign the IP addresses of Required interface interface-based address pool to DHCP clients...
  • Page 613 Operation Manual - DHCP Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 2 DHCP Server Configuration III. Configuring the option 184 supporting function in global DHCP address pool view Table 2-26 Configure the option 184 supporting function in global DHCP address pool...
  • Page 614 Operation Manual - DHCP Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 2 DHCP Server Configuration 2.6.4 Configuration Example I. Network requirements A 3COM VCX device operating as a DHCP client requests the DHCP server for all sub-options of option 184. A Quidway series switch operates as the DHCP server. The option 184 supporting function is configured for a global DHCP address pool.

  • Page 615: Displaying And Debugging A Dhcp Server

    Operation Manual - DHCP Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 2 DHCP Server Configuration [Quidway-Vlan-interface2] ip address 10.1.1.1 255.255.255.0 [Quidway-Vlan-interface2] quit # Configure VLAN 2 interface to operate in the DHCP server mode. [Quidway] dhcp select global interface Vlan-interface 2 # Enter DHCP address pool view.

  • Page 616: Dhcp Server Configuration Example

    Operation Manual - DHCP Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 2 DHCP Server Configuration Operation Command Description Display the statistics on a display dhcp server DHCP server statistics display dhcp server tree Display information about { pool [ pool-name ] |...
  • Page 617 Operation Manual - DHCP Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 2 DHCP Server Configuration address pool belong, is divided into two sub-network segment: 10.1.1.0/25 and 10.1.1.128/25. The switch operating as the DHCP server hosts two VLANs, whose interface IP addresses are 10.1.1.1/25 and 10.1.1.129/25 respectively.
  • Page 618 Operation Manual - DHCP Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 2 DHCP Server Configuration II. Network diagram NetBIOS Server NetBIOS Server NetBIOS Server NetBIOS Server NetBIOS Server NetBIOS Server Client Client Client Client Client Client Client Client Client Client...

  • Page 619: Troubleshooting A Dhcp Server

    Operation Manual - DHCP Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 2 DHCP Server Configuration # Configure DHCP address pool 2, including address range, gateway, WINS server address, and lease time. [Quidway] dhcp server ip-pool 2 [Quidway-dhcp-pool-2] network 10.1.1.128 mask 255.255.255.128 [Quidway-dhcp-pool-2] domain-name aabbcc.com...

  • Page 620: Introduction To Dhcp Relay

    Operation Manual - DHCP Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 3 DHCP Relay Configuration Chapter 3 DHCP Relay Configuration 3.1 Introduction to DHCP Relay 3.1.1 Usage of DHCP Relay Since the packets are broadcasted in the process of obtaining IP addresses, DHCP is...

  • Page 621: Option 82 Supporting

    Operation Manual - DHCP Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 3 DHCP Relay Configuration After receiving the packets, the network device providing the DHCP relay function unicasts the packet to the designated DHCP server based on the configuration. The DHCP server assigns IP addresses, and then broadcasts the configuration information to the client through the DHCP relay.
  • Page 622 Operation Manual - DHCP Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 3 DHCP Relay Configuration RFC3046 DHCP Relay Agent Information Option IV. Mechanism of option 82 supporting on DHCP relay The procedure for a DHCP client to obtain an IP address from a DHCP server through a DHCP relay is similar to that for the client to obtain an IP address from a DHCP server directly.

  • Page 623: Dhcp Relay Configuration

    Operation Manual - DHCP Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 3 DHCP Relay Configuration 3.2 DHCP Relay Configuration Note: If a switch belongs to a fabric, you need to enable the UDP-helper function on it before configure it to be a DHCP relay.

  • Page 624: Configuring An Interface To Operate In Dhcp Relay Mode

    Operation Manual - DHCP Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 3 DHCP Relay Configuration 3.2.3 Configuring an Interface to Operate in DHCP Relay Mode When an interface operates in the relay mode, the interface forwards the DHCP packets received from DHCP clients to an external DHCP server, which assigns IP addresses to the DHCP clients.

  • Page 625: Configuring Dhcp Relay Security

    Operation Manual - DHCP Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 3 DHCP Relay Configuration Note: You can configure up to eight external DHCP IP addresses in a DHCP server group. You can map multiple VLAN interfaces to one DHCP server group. But one VLAN interface can be mapped to only one DHCP server group.
  • Page 626 Operation Manual - DHCP Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 3 DHCP Relay Configuration Operation Command Description interface interface-type Enter interface view — interface-number Required Enable the address address-check enable default, address checking function checking function is disabled II. Configuring DHCP relay handshake...
  • Page 627 Operation Manual - DHCP Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 3 DHCP Relay Configuration III. Configuring the dynamic user address entry updating function When a DHCP client obtains an IP address from a DHCP server with the help of a...

  • Page 628: Configuring Option 82 Supporting

    Operation Manual - DHCP Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 3 DHCP Relay Configuration After the pseudo DHCP server detection function is enabled on a DHCP relay, when a DHCP client sends the DHCP-REQUEST message, the DHCP relay can obtain the IP...

  • Page 629: Displaying And Debugging Dhcp Relay

    Operation Manual - DHCP Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 3 DHCP Relay Configuration Operation Command Description Configure strategy dhcp relay Optional DHCP relay information By default, the replace policy is process request strategy { drop | adopted packets...

  • Page 630: Dhcp Relay Configuration Example

    Operation Manual - DHCP Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 3 DHCP Relay Configuration Operation Command Description reset command Clear the statistics information of the reset dhcp-server specified DHCP server group groupNo executed in user view 3.4 DHCP Relay Configuration Example I.

  • Page 631: Troubleshooting Dhcp Relay

    Operation Manual - DHCP Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 3 DHCP Relay Configuration [Quidway] interface Vlan-interface 2 [Quidway-Vlan-interface2] dhcp-server 1 # Configure an IP address for VLAN 2 interface, so that this interface is on the same network segment with the DHCP clients.) [Quidway-Vlan-interface2] ip address 10.110.1.1 255.255.0.0...

  • Page 632: Introduction To Dhcp Snooping

    Operation Manual - DHCP Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 4 DHCP Snooping Configuration Chapter 4 DHCP Snooping Configuration 4.1 Introduction to DHCP Snooping For the sake of security, the IP addresses used by online DHCP clients need to be...

  • Page 633: Dhcp Snooping Configuration

    Operation Manual - DHCP Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 4 DHCP Snooping Configuration DHCP client DHCP client DHCP client DHCP server DHCP server DHCP server DHCP client DHCP client DHCP client DHCP server DHCP server DHCP server DHCP client...

  • Page 634: Displaying Dhcp Snooping

    Operation Manual - DHCP Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 4 DHCP Snooping Configuration Operation Command Description Enter Ethernet interface interface-type — port view interface-number port Optional connected dhcp-snooping trust By default, all ports of a DHCP server to a...
  • Page 635 Operation Manual - DHCP Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 4 DHCP Snooping Configuration Table 4-2 Display DHCP snooping Operation Command Description Display the user IP-MAC address display mapping entries recorded by the dhcp-snooping [ unit You can execute the...

  • Page 636: Introduction To Dhcp Accounting

    Operation Manual - DHCP Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 5 DHCP Accounting Configuration Chapter 5 DHCP Accounting Configuration 5.1 Introduction to DHCP Accounting DHCP accounting allows a DHCP server to notify the RADIUS server of the start/end of accounting when it assigns/releases a lease. The cooperation of DHCP server and RADIUS server implements the network accounting function and ensures network security at the same time.

  • Page 637: Configuring Dhcp Accounting

    Operation Manual - DHCP Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 5 DHCP Accounting Configuration 5.2.2 Configuring DHCP Accounting Table 5-1 Configure DHCP accounting Operation Command Description Enter system view system-view — Enter address pool dhcp server ip-pool Required view...
  • Page 638 Operation Manual - DHCP Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 5 DHCP Accounting Configuration <Quidway> system-view # Create VLAN 2. [Quidway] vlan 2 [Quidway-vlan2] quit # Create VLAN 3. [Quidway] vlan 3 [Quidway-vlan3] quit # Enter Ethernet1/0/2 port view and add the port to VLAN 2.
  • Page 639 Operation Manual – ACL Quidway S3900 Series Ethernet Switches-Release 1510 Table of Contents Table of Contents Chapter 1 ACL Configuration....................... 1-1 1.1 ACL Overview ........................1-1 1.1.1 Ways to Apply ACL on a Switch................1-1 1.1.2 ACL Match Order ....................1-2 1.1.3 ACLs Based on Time Ranges.................

  • Page 640: Acl Overview

    Operation Manual – ACL Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 ACL Configuration Chapter 1 ACL Configuration 1.1 ACL Overview An access control list (ACL) is used primarily to identify traffic flows. In order to filter data packets, a series of match rules must be configured on the network device to identify the packets to be filtered.

  • Page 641: Acl Match Order

    Operation Manual – ACL Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 ACL Configuration II. ACL referenced by the upper-level modules The switch also uses ACLs to filter packets processed by software and implements traffic classification. In this case, there are two types of match orders for the rules in an ACL: config (user-defined match order) and auto (the system performs automatic ordering, namely according “depth-first”...

  • Page 642: Configuring Time Ranges

    Operation Manual – ACL Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 ACL Configuration If the number and type of ACEs are the same for multiple rules, then the sum of ACE values of a rule determines its priority. The smaller the sum, the higher the priority.

  • Page 643: Defining Basic Acls

    Operation Manual – ACL Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 ACL Configuration Operation Command Description time-range time-name start-time end-time days-of-the-week from Create time start-time start-date ] [ to Required range end-time end-date ] | from start-time start-date [ to...

  • Page 644: Configuration Preparation

    Operation Manual – ACL Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 ACL Configuration The value range for basic ACL numbers is 2,000 to 2,999. 1.3.1 Configuration Preparation Before configuring an ACL rule containing time range arguments, you need to configure define the corresponding time ranges.

  • Page 645: Defining Advanced Acls

    Operation Manual – ACL Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 ACL Configuration 1.3.3 Configuration Example # Configure ACL 2000 to deny packets whose source IP address is 1.1.1.1. <Quidway> system-view [Quidway] acl number 2000 [Quidway-acl-basic-2000] rule deny source 1.1.1.1 0...
  • Page 646 Operation Manual – ACL Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 ACL Configuration Operation Command Description Define comment string of Optional rule rule-id comment text the ACL rule Define description description text Optional information of the Optional Display display...
  • Page 647 Operation Manual – ACL Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 ACL Configuration Parameter Type Function Description dest-addr dest-wildcard is used specify Specifies destination destination address of the Destination destination dest-addr packet, expressed in dotted address address dest-wildcard decimal notation.
  • Page 648 Operation Manual – ACL Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 ACL Configuration Keyword DSCP value in decimal DSCP value in binary af42 100100 af43 100110 001000 010000 011000 100000 101000 110000 111000 be (default) 000000 If the protocol type is TCP or UDP, you can also define the following information:...
  • Page 649 Operation Manual – ACL Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 ACL Configuration Table 1-7 ICMP-specific rule information Parameter Type Function Description Type Specifies icmp-type: ICMP message message type icmp-type type, ranging 0 to 255 code message code icmp-type...

  • Page 650: Defining Layer 2 Acls

    Operation Manual – ACL Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 ACL Configuration 1.4.3 Configuration Example # Configure ACL 3000 to permit ICMP packets to pass. <Quidway> system-view [Quidway] acl number 3000 [Quidway-acl-adv-3000] rule 0 permit icmp [Quidway-acl-adv-3000] display acl 3000...
  • Page 651 Operation Manual – ACL Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 ACL Configuration Operation Command Description Optional Display display This command information acl-number } executed in any view. In the case that you specify the rule ID when defining a rule:...

  • Page 652: Defining User-Defined Acls

    Operation Manual – ACL Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 ACL Configuration Parameter Type Function Description dest-addr: destination MAC Specifies the address, in the format of Destination destination H-H-H dest dest-addr MAC address MAC address dest-mask dest-mask: destination MAC...
  • Page 653 Operation Manual – ACL Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 ACL Configuration 1.6.2 Configuration Procedure Table 1-11 Define a user-defined ACL rule Operation Command Description Enter system view system-view — Create or enter user-defined ACL acl number acl-number...

  • Page 654: Applying Acls On Ports

    Operation Manual – ACL Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 ACL Configuration 1.6.3 Configuration Example # Configure ACL 5001. <Quidway> system-view [Quidway] acl number 5001 [Quidway-acl-user-5001] rule 25 permit ff 12 5 time-range t1 [Quidway-acl-user-5001] display acl 5001...

  • Page 655: Displaying Acl Configuration

    Operation Manual – ACL Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 ACL Configuration Apply all the rules in a Link type ACL link-group acl-number separately Apply one rule in a Link type ACL link-group acl-number rule rule separately Apply all the rules in a user-defined ACL...

  • Page 656: Acl Configuration Example

    Operation Manual – ACL Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 ACL Configuration The display acl command displays matched information processed by the software of the switch. To view the statistics of data forwarded by the hardware of the switch, use the display qos-interface traffic-statistic command.

  • Page 657: Basic Acl Configuration Example

    Operation Manual – ACL Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 ACL Configuration # Define an ACL rule for requests destined for the wage server. [Quidway-acl-adv-3000] rule 1 deny ip destination 192.168.1.2 255.255.255.0 time-range test [Quidway-acl-adv-3000] quit Apply the ACL on the port.

  • Page 658: Layer 2 Acl Configuration Example

    Operation Manual – ACL Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 ACL Configuration [Quidway-acl-basic-2000] rule 1 deny source 10.1.1.1 0 time-range test [Quidway-acl-basic-2000] quit Apply the ACL on the port # Apply ACL 2000 on the port. [Quidway] interface gigabitethernet1/1/1 [Quidway-GigabitEthernet1/1/1] packet-filter inbound ip-group 2000 1.9.3 Layer 2 ACL Configuration Example...

  • Page 659: User-Defined Acl Configuration Example

    Operation Manual – ACL Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 ACL Configuration # Define an ACL rule to deny packets with the source MAC address of 00e0-fc01-0101 and destination MAC address of 00e0-fc01-0303, specifying the time range named test for the ACL rule.
  • Page 660 Operation Manual – ACL Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 ACL Configuration [Quidway-acl-user-5000] rule 1 deny 06 ff 35 time-range aaa Activate the ACL. # Activate ACL 5000. [Quidway] interface Ethernet1/0/1 [Quidway-Ethernet1/0/1] packet-filter inbound user-group 5000 Huawei Technologies Proprietary...
  • Page 661 Operation Manual - QoS&QoS Profile Quidway S3900 Series Ethernet Switches-Release 1510 Table of Contents Table of Contents Chapter 1 QoS Configuration....................... 1-1 1.1 Overview ..........................1-1 1.1.1 Traffic ........................1-1 1.1.2 Traffic Classification ....................1-1 1.1.3 Precedence ......................1-1 1.1.4 Priority of Protocol Packets ..................1-5 1.1.5 Priority Remark......................
  • Page 662 Operation Manual - QoS&QoS Profile Quidway S3900 Series Ethernet Switches-Release 1510 Table of Contents 1.10.1 Configuration Prerequisites................. 1-22 1.10.2 Configuration Procedure ..................1-22 1.10.3 Configuration Example..................1-23 1.11 Configuring Congestion Avoidance ................1-24 1.11.1 Configuration Prerequisites................. 1-24 1.11.2 Configuration Procedure ..................1-25 1.11.3 Configuration Example..................

  • Page 663: Traffic Classification

    Operation Manual - QoS&QoS Profile Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 QoS Configuration Chapter 1 QoS Configuration 1.1 Overview QoS (Quality of Service) is a concept generally existing in occasions with service supply and demand. It evaluates the ability to meet the need of the customers in service.
  • Page 664 Operation Manual - QoS&QoS Profile Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 QoS Configuration Figure 1-1 DS fields and TOS bytes The TOS field in an IP header contains 8 bits: The first three bits indicate IP precedence in the range of 0 to 7.
  • Page 665 Operation Manual - QoS&QoS Profile Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 QoS Configuration service level can be segmented. The QoS rank of the AF class is lower than that of the EF class; Class selector (CS) class: This class comes from the IP TOS field and includes 8 classes;...
  • Page 666 Operation Manual - QoS&QoS Profile Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 QoS Configuration Figure 1-2 An Ethernet frame with a 802.1Q tag header As shown in the figure above, each host supporting 802.1Q protocol adds a 4-bit 802.1Q tag header after the source address of the former Ethernet frame header when sending packets.

  • Page 667: Priority Of Protocol Packets

    Operation Manual - QoS&QoS Profile Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 QoS Configuration 1.1.4 Priority of Protocol Packets Protocol packets carry their own priority. You can perform QoS actions on protocol packets by setting their priorities. 1.1.5 Priority Remark The priority remark function is to use ACL rules in traffic identification and remark the priority for the packets matching with the ACL rules.
  • Page 668 Operation Manual - QoS&QoS Profile Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 QoS Configuration I. Traffic evaluation and the token bucket The token bucket can be considered as a container with a certain capacity to hold tokens. The system puts tokens into the bucket at the set rate. When the token bucket is full, the extra tokens will overflow and the number of tokens in the bucket stops increasing.

  • Page 669: Queue Scheduling Configuration Synchronization On Aggregation Ports

    Operation Manual - QoS&QoS Profile Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 QoS Configuration Peak information rate (PIR) Excess burst size (EBS) Two token buckets are used in this evaluation. Their rates of putting tokens into the buckets are CIR and PIR respectively, and their sizes are CBS and EBS respectively (the two buckets are called C bucket and E bucket respectively for short), representing different permitted burst levels.

  • Page 670: Queue Scheduling

    Operation Manual - QoS&QoS Profile Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 QoS Configuration Dynamic aggregation supported by queue scheduling modes on ports If the queue scheduling configuration information of some LACP-enabled up ports is the same, these ports can be aggregated into the same aggregation group.
  • Page 671 Operation Manual - QoS&QoS Profile Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 QoS Configuration high priority high priority high priority queue 7 queue 7 queue 7 Packets sent via this Packets sent via this Packets sent via this queue 6...
  • Page 672 Operation Manual - QoS&QoS Profile Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 QoS Configuration queue1 weight1 queue1 weight1 queue1 weight1 queue1 weight1 Packets sent via this interface Packets sent via this interface Packets sent via this interface Packets sent via this interface...

  • Page 673: Traffic-Based Traffic Statistics

    Operation Manual - QoS&QoS Profile Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 QoS Configuration queue1 weight1 queue1 weight1 queue1 weight1 queue1 weight1 Packets sent via this interface Packets sent via this interface Packets sent via this interface Packets sent via this interface...

  • Page 674: Configuring The Mapping Between 802.1P Priority And Queues

    Operation Manual - QoS&QoS Profile Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 QoS Configuration Specification Related command priority priority-level Port priority Supported priority trust — traffic-limit Priority — traffic-priority remark Redirect — traffic-redirect Support SP, WFQ, and WRR Queue...

  • Page 675: Setting To Use The Port Priority Or Packet Priority

    Operation Manual - QoS&QoS Profile Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 QoS Configuration cos-local-precedence-map cos0-map-local-prec cos1-map-local-prec Configure cos2-map-local-prec COS-to-local-precedence Optional cos3-map-local-prec mapping table cos4-map-local-prec cos5-map-local-prec cos6-map-local-prec cos7-map-local-prec Optional display You can execute the Display the mapping table cos-local-precedence-map...

  • Page 676: Configuring Priority Remark

    Operation Manual - QoS&QoS Profile Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 QoS Configuration II. Configuration procedure Table 1-6 Set to use the port priority Operation Command Description Enter system view system-view — Enter Ethernet port interface interface-type —...
  • Page 677 Operation Manual - QoS&QoS Profile Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 QoS Configuration Priority remark can be implemented in the following ways: Through TP. When configuring TP, you can define the action of marking the 802.1p priority or DSCP priority of the packets within the traffic limit or define the action of remarking the 802.1p priority or DSCP priority of the packets out of the...

  • Page 678: Setting The Precedence Of Protocol Packet

    Operation Manual - QoS&QoS Profile Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 QoS Configuration Table 1-9 Ways of issuing combined ACLs ACL combination Form of the acl-rule argument Apply all the rules in an IP ACL ip-group acl-number separately...

  • Page 679: Configuring Rate Limit On Ports

    Operation Manual - QoS&QoS Profile Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 QoS Configuration 1.6.2 Configuration Procedure Table 1-10 Set the precedence of the protocol packet Operation Command Description Enter system system-view — view Required protocol-priority You can modify the IP precedence...

  • Page 680: Configuring Tp

    Operation Manual - QoS&QoS Profile Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 QoS Configuration 1.7.2 Configuration Procedure Table 1-11 Configure rate limit on ports Operation Command Description Enter system system-view — view Enter Ethernet interface interface-type — port view...

  • Page 681: Configuration Procedure Of Tp

    Operation Manual - QoS&QoS Profile Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 QoS Configuration 1.8.1 Configuration Prerequisites ACL rules used for traffic identifying are defined. Refer to the ACL module in the book for defining ACL rules The limit rate for TP, the actions for the packets within the specified traffic and the actions for the packets beyond the specified traffic have been specified.

  • Page 682: Configuring Redirect

    Operation Manual - QoS&QoS Profile Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 QoS Configuration Operation Command Description display qos-interface Display all the QoS interface-type settings of the port interface-number unit-id } all acl-rule: Applied ACL rules which can be the combination of various ACL rules. The way of combination is described in Table 1-9.
  • Page 683 Operation Manual - QoS&QoS Profile Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 QoS Configuration 1.9.1 Configuration Prerequisites ACL rules used for traffic identifying are defined. Refer to the ACL module in the book for defining ACL rules The port that the packets matching with the configurations rules are redirected to...

  • Page 684: Configuring Queue-Scheduling

    Operation Manual - QoS&QoS Profile Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 QoS Configuration Redirect all the traffic from the 10.1.1.1/24 network segment to Ethernet1/0/7 Configuration procedure: <Quidway> system-view System View: return to User View with Ctrl+Z. [Quidway] acl number 2000 [Quidway-acl-basic-2000] rule permit source 10.1.1.1 0.0.0.255...
  • Page 685 Operation Manual - QoS&QoS Profile Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 QoS Configuration Table 1-15 Configure queue scheduling in Ethernet port view Operation Command Description Enter system view system-view — Enter Ethernet port interface interface-type — view interface-number...

  • Page 686: Configuring Congestion Avoidance

    Operation Manual - QoS&QoS Profile Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 QoS Configuration Disable the applied queue scheduling mode. By default, all outbound queues on the port adopts the WRR queue scheduling algorithm and their default weight values are 1:2:3:4:5:9:13:15;...

  • Page 687: Configuring Traffic Statistics

    Operation Manual - QoS&QoS Profile Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 QoS Configuration 1.11.2 Configuration Procedure Table 1-16 Configure WRED parameters Operation Command Description Enter system view system-view — interface Enter Ethernet port interface-type — view interface-number Required...

  • Page 688: Clearing Traffic Statistics Information

    Operation Manual - QoS&QoS Profile Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 QoS Configuration Operation Command Description Use the ACL rules in traffic identifying and perform traffic traffic-statistic Required statistics inbound acl-rule packets matching with the ACL rules. display...

  • Page 689: Qos Configuration Example

    Operation Manual - QoS&QoS Profile Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 QoS Configuration System View: return to User View with Ctrl+Z. [Quidway] acl number 2000 [Quidway-acl-basic-2000] rule permit source 10.1.1.1 0.0.0.255 [Quidway-acl-basic-2000] quit [Quidway] interface Ethernet1/0/1 [Quidway-Ethernet1/0/1] traffic-statistic inbound ip-group 2000 1.13 QoS Configuration Example...

  • Page 690: Configuration Example Of Priority Remark

    Operation Manual - QoS&QoS Profile Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 QoS Configuration # Define ACL 3000 rules. [Quidway-acl-adv-3000] rule 1 permit ip source 129.110.1.2 0.0.0.0 destination [Quidway-acl-adv-3000] rule deny ip source any destination any [Quidway-acl-adv-3000] quit Limit the outbound traffic of the salary query server # Limit the average rate of outbound traffic within 640kbps and set the precedence of packets exceeding the specification to 4.
  • Page 691 Operation Manual - QoS&QoS Profile Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 QoS Configuration Remark ef precedence on the packets that PC1 sends [Quidway-Ethernet1/0/1] traffic-priority inbound ip-group 2000 dscp ef Huawei Technologies Proprietary 1-29...

  • Page 692: Chapter 2 Qos Profile Configuration

    Operation Manual - QoS&QoS Profile Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 2 QoS Profile Configuration Chapter 2 QoS Profile Configuration 2.1 Introduction to QoS Profile The switch can dynamically provide pre-defined QoS function for one or one group of authenticated user(s) through the combination of QoS profile function and 802.1x...

  • Page 693: Configuring Qos Profile

    Operation Manual - QoS&QoS Profile Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 2 QoS Profile Configuration The following table describes the QoS profile configurations: Table 2-1 Configure QoS profile Device Configuration Configuration link Configure user authentication — information Configure matching...
  • Page 694 Operation Manual - QoS&QoS Profile Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 2 QoS Profile Configuration Operation Command Description traffic-priority { inbound | outbound acl-rule { { dscp dscp-value | Add priority remark ip-precedence { pre-value Optional actions | from-cos } } | cos...
  • Page 695 Operation Manual - QoS&QoS Profile Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 2 QoS Profile Configuration The user name is someone and its authentication password is hello. It is accessed on Ethernet1/0/1 of the switch and belongs to the test163.net domain. Its corresponding QoS profile is “example”...

  • Page 696: Applying The Qos Profile To The Port Manually

    Operation Manual - QoS&QoS Profile Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 2 QoS Profile Configuration [Quidway-radius-radius1] quit # Create the user domain test163.net and specify radius1 as your RADIUS server group. [Quidway] domain test163.net [Quidway-isp-test163.net] radius-scheme radius1 [Quidway-isp-test163.net] quit...

  • Page 697: Displaying Qos Profile

    Operation Manual - QoS&QoS Profile Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 2 QoS Profile Configuration Operation Command Description Apply the QoS profile to apply qos-profile profile-name Required the current port manually 2.5 Displaying QoS Profile After finishing the configurations mentioned above, you can execute the display command in any view to check the running state of the QoS profile after the configuration.
  • Page 698 Operation Manual – Web Cache Redirection Quidway S3900 Series Ethernet Switches-Release 1510 Table of Contents Table of Contents Chapter 1 Web Cache Redirection Configuration..............1-1 1.1 Overview ..........................1-1 1.2 Web Cache Redirection Configuration ................1-2 1.2.1 Configuration Prerequisites..................1-2 1.2.2 Configuration Procedure ..................
  • Page 699 Operation Manual – Web Cache Redirection Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 Web Cache Redirection Configuration Chapter 1 Web Cache Redirection Configuration Note: The S3900-SI series switches do not support Web cache redirection. 1.1 Overview HTTP (hypertext transfer protocol) is one of the most widely used approaches to access the Internet.
  • Page 700 Operation Manual – Web Cache Redirection Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 Web Cache Redirection Configuration 1.2 Web Cache Redirection Configuration 1.2.1 Configuration Prerequisites The route between the switch and Web cache is valid. Enable the Web cache function on the Web cache.
  • Page 701 Operation Manual – Web Cache Redirection Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 Web Cache Redirection Configuration Operation Command Description cache parameters ip-address mac-address vlan vlan-id [ tcpport tcpport-num ] Quit to system view quit — Required specify multiple...
  • Page 702 Operation Manual – Web Cache Redirection Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 Web Cache Redirection Configuration respectively. Web cache IP address is 10.15.20.2, MAC address is 00e0-fc01-0101, and the Web cache VLAN is VLAN40. The port of the switch, Ethernet3/0/4, connects to Web cache.
  • Page 703 Operation Manual – Web Cache Redirection Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 Web Cache Redirection Configuration # Configure the VLAN where Web cache is located on the switch. [Quidway] vlan 40 [Quidway-vlan40] port Ethernet 1/0/4 [Quidway-vlan40] quit [Quidway] interface Vlan-interface 40 [Quidway-Vlan-interface40] ip address 10.15.20.1 255.255.255.0...
  • Page 704 Operation Manual – Mirroring Quidway S3900 Series Ethernet Switches Table of Contents Table of Contents Chapter 1 Mirroring Configuration ....................1-1 1.1 Overview ..........................1-1 1.1.1 Traffic Mirroring ....................... 1-1 1.1.2 Port Mirroring......................1-1 1.1.3 Remote Port Mirroring — RSPAN................1-1 1.2 Mirroring Supported by S3900...................

  • Page 705: Traffic Mirroring

    Operation Manual – Mirroring Quidway S3900 Series Ethernet Switches Chapter 1 Mirroring Configuration Chapter 1 Mirroring Configuration 1.1 Overview Mirroring refers to the process of copying packets that meet the specified rules to a destination port. Generally, a destination port is connected to a data detect device, which users can use to analyze the mirrored packets for monitoring and troubleshooting the network.
  • Page 706 Operation Manual – Mirroring Quidway S3900 Series Ethernet Switches Chapter 1 Mirroring Configuration Remote-probe VLAN Remote-probe VLAN Source Source Intermediate Switch Intermediate Switch Switch Switch Destination Destination Switch Switch Trunk port Trunk port Reflector port Reflector port Source Port Source Port...
  • Page 707 Operation Manual – Mirroring Quidway S3900 Series Ethernet Switches Chapter 1 Mirroring Configuration Switch Ports involved Function Trunk port Receive remote mirrored packets. Destination switch Destination port Monitor remote mirrored packets To implement remote port mirroring, you need to define a special VLAN, called remote-probe VLAN, on all the three types of switches.

  • Page 708: Mirroring Supported By S

    Operation Manual – Mirroring Quidway S3900 Series Ethernet Switches Chapter 1 Mirroring Configuration 1.2 Mirroring Supported by S3900 Table 1-2 Mirroring functions supported by S3900 and related command Function Specifications Related command Link Section 1.3.1 monitor-port Supports traffic “Configuring mirroring...

  • Page 709: Configuring Traffic Mirroring

    Operation Manual – Mirroring Quidway S3900 Series Ethernet Switches Chapter 1 Mirroring Configuration 1.3.1 Configuring Traffic Mirroring I. Configuration prerequisites ACLs for identifying traffics have been defined. For defining ACLs, see the description on the ACL module in this manual.

  • Page 710: Configuring Port Mirroring

    Operation Manual – Mirroring Quidway S3900 Series Ethernet Switches Chapter 1 Mirroring Configuration Table 1-5 Combined application of ACLs Combination mode Form of acl-rule Apply all rules in an IP type ACL (either a ip-group acl-number basic or an advanced ACL) separately...
  • Page 711 Operation Manual – Mirroring Quidway S3900 Series Ethernet Switches Chapter 1 Mirroring Configuration outbound: only mirrors the packets sent by the port; both: mirrors the packets received and sent by the port at the same time. The destination port is specified.
  • Page 712 Operation Manual – Mirroring Quidway S3900 Series Ethernet Switches Chapter 1 Mirroring Configuration Operation Command Description Enter Ethernet port interface interface-type view of the destination — interface-number port Required Define the current port mirroring-group group-id LACP and TCP must be...
  • Page 713 Operation Manual – Mirroring Quidway S3900 Series Ethernet Switches Chapter 1 Mirroring Configuration Note: Configurations listed in Table 1-6 do not involve specifying a mirroring group. Therefore these mirroring settings made in Ethernet port view applies to mirroring group 1 only.

  • Page 714: Configuring Rspan

    Operation Manual – Mirroring Quidway S3900 Series Ethernet Switches Chapter 1 Mirroring Configuration 1.3.3 Configuring RSPAN I. Configuration prerequisites The source switch, intermediate switch, and the destination switch have been determined. The source port, the reflector port, the destination port, and the remote-probe VLAN have been determined.
  • Page 715 Operation Manual – Mirroring Quidway S3900 Series Ethernet Switches Chapter 1 Mirroring Configuration Operation Command Description Required The remote reflector port must be of the Access type. LACP must disabled on this port. After port configured reflector port, switch does not allow...
  • Page 716 Operation Manual – Mirroring Quidway S3900 Series Ethernet Switches Chapter 1 Mirroring Configuration III. Configuring RSPAN on the intermediate switch Table 1-10 Configure RSPAN on the intermediate switch Operation Command Description Enter system view system-view — Create a remote-probe vlan-id is the ID of the...
  • Page 717 Operation Manual – Mirroring Quidway S3900 Series Ethernet Switches Chapter 1 Mirroring Configuration Operation Command Description Enter Ethernet port view of Trunk port through which interface interface-type destination switch is — interface-number connected source switch or an intermediate switch Required...
  • Page 718 Operation Manual – Mirroring Quidway S3900 Series Ethernet Switches Chapter 1 Mirroring Configuration Note: It is recommended that you do not configure a VLAN as a remote-probe VLAN if the mac-address max-mac-count 0 command is configured on a port in this VLAN.
  • Page 719 Operation Manual – Mirroring Quidway S3900 Series Ethernet Switches Chapter 1 Mirroring Configuration Data monitoring device GE1/1/2 Switch A GE1/1/1 GE1/1/1 Switch B GE1/1/2 GE1/1/1 Switch C GE1/1/2 Figure 1-3 Network diagram for RSPAN Configuration procedure # Configure Switch C.
  • Page 720 Operation Manual – Mirroring Quidway S3900 Series Ethernet Switches Chapter 1 Mirroring Configuration [Quidway-vlan10] quit [Quidway] interface GigabitEthernet 1/1/1 [Quidway-GigabitEthernet1/1/1] port trunk permit vlan 10 [Quidway-GigabitEthernet1/1/1] quit [Quidway] interface GigabitEthernet 1/1/2 [Quidway-GigabitEthernet1/1/2] port trunk permit vlan 10 # Configure Switch A.

  • Page 721: Mirroring Configuration Of S3900-Si

    Operation Manual – Mirroring Quidway S3900 Series Ethernet Switches Chapter 1 Mirroring Configuration 1.4 Mirroring Configuration of S3900-SI For mirroring features, refer to section 1.1 “Overview”. 1.4.1 Configuring Traffic Mirroring The traffic mirroring configurations of S3900-SI are the same as those of S3900-EI.
  • Page 722 Operation Manual – Mirroring Quidway S3900 Series Ethernet Switches Chapter 1 Mirroring Configuration III. Configuration Example The source port is GigabitEthernet 1/1/1. Mirror all packets received and sent via this port. The destination port is GigabitEthernet 1/1/4. Configuration procedure <Quidway> system-view...
  • Page 723 Operation Manual – IRF Fabric Quidway S3900 Series Ethernet Switches-Release 1510 Table of Contents Table of Contents Chapter 1 IRF Fabric Configuration..................... 1-1 1.1 Overview ..........................1-1 1.1.1 Introduction to IRF....................1-1 1.1.2 Introduction to RMON on IRF.................. 1-2 1.2 Peer Fabric Port Detection ....................1-2 1.2.1 Introduction to the Peer Fabric Port Detection Function .........

  • Page 724: Chapter 1 Irf Fabric Configuration

    Operation Manual – IRF Fabric Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 IRF Fabric Configuration Chapter 1 IRF Fabric Configuration 1.1 Overview 1.1.1 Introduction to IRF Several IRF (intelligent resilient framework) supported switches of the same model can be interconnected to form a fabric, in which each switch is a unit. The ports used to interconnect all the units are called fabric ports, while the other ports that are used to connect the fabric to users are called user ports.

  • Page 725: Peer Fabric Port Detection

    Operation Manual – IRF Fabric Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 IRF Fabric Configuration Note: The S3900-SI series switches, except S3924-SI, only support basic IRF fabric feature, that is, DDM (distributed device management) function. The S3900-EI series switches support enhanced IRF fabric feature, including DDM, DRR (distributed redundancy routing) and DLA (distributed link aggregation).

  • Page 726: Prompt Information And Solution

    Operation Manual – IRF Fabric Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 IRF Fabric Configuration type ID, fabric port information, and all fabric configuration information. The device information is released in the form of discovery packet (DISC). A new device can join a fabric only when its DISC packets pass the authentication performed by the existing devices in the fabric.
  • Page 727 Operation Manual – IRF Fabric Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 IRF Fabric Configuration IV. Connection error Analysis: The port matching errors (as listed in Table 1-1) may occur if a switch prompts the “connection error” message. Solution: Take the measures listed in Table 1-1 accordingly.

  • Page 728: Irf Fabric Configuration

    Operation Manual – IRF Fabric Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 IRF Fabric Configuration Solution: Make sure the software version of the new device is the same as that of the fabric. VIII. Auth failure Analysis: The “auth failure” message indicates error occurs when the switch authenticates a directly connected device.

  • Page 729: Setting A Unit Id For A Switch

    Operation Manual – IRF Fabric Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 IRF Fabric Configuration Operation Command Description Required Specify the VLAN used to By default, the VLAN used ftm fabric-vlan vlan-id form the IRF fabric to form the IRF fabric is...
  • Page 730 Operation Manual – IRF Fabric Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 IRF Fabric Configuration Table 1-5 Set an unit ID to a new value Operation Command Description Enter system view system-view — Set a unit ID to a new...

  • Page 731: Specifying The Fabric Port Of A Switch

    Operation Manual – IRF Fabric Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 IRF Fabric Configuration Table 1-6 Save the unit ID of each unit in the IRF fabric Operation Command Description Save the unit ID of each fabric save-unit-id Optional unit in the IRF fabric.

  • Page 732: Assigning A Unit Name To A Switch

    Operation Manual – IRF Fabric Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 IRF Fabric Configuration Note: Establishing an IRF system requires a high consistency of the configuration of each device. Hence, before you enable the fabric port, do not perform any configuration for the port, and do not enable some functions that affect the IRF (such as TACACAS and VLAN-VPN) for other ports or globally.

  • Page 733: Displaying And Debugging Irf Fabric

    Operation Manual – IRF Fabric Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 IRF Fabric Configuration Table 1-10 Set the IRF fabric authentication mode for a switch Operation Command Description Enter system view system-view — Optional irf-fabric fabric authentication-mode default,...

  • Page 734: Irf Fabric Configuration Example

    Operation Manual – IRF Fabric Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 IRF Fabric Configuration 1.5 IRF Fabric Configuration Example 1.5.1 Networking requirements Configure unit ID, unit name, IRF fabric name, and authentication mode for four switches to enable them to form an IRF fabric.
  • Page 735 Operation Manual – IRF Fabric Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 IRF Fabric Configuration # Configure the unit ID as 2. <Quidway> system-view [Quidway] change unit-id 1 to 2 # Configure the unit name as unit 2. [Quidway] set unit 1 name unit2 # Configure the fabric name as hello.
  • Page 736 Operation Manual – Cluster Quidway S3900 Series Ethernet Switches-Release 1510 Table of Contents Table of Contents Chapter 1 Cluster........................... 1-1 1.1 Cluster Overview........................ 1-1 1.1.1 Introduction to HGMP V2 ..................1-1 1.1.2 Introduction to NDP....................1-2 1.1.3 Introduction to NTDP....................1-3 1.1.4 Introduction to Cluster .....................

  • Page 737: Cluster Overview

    1.1 Cluster Overview 1.1.1 Introduction to HGMP V2 A cluster is implemented through HGMP V2. By employing huawei group management protocol (HGMP V2), a network administrator can manage multiple switches using the public IP address of a switch known as a management device. The switches under the management of the management device are member devices.

  • Page 738: Introduction To Ndp

    Operation Manual – Cluster Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 Cluster Software upgrading and parameter configuring can be performed simultaneously on multiple switches. Free of topology and distance limitations Saving IP address resource HGMP V2 is comprised of the following three protocols:...

  • Page 739: Introduction To Ntdp

    Operation Manual – Cluster Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 Cluster the received NDP packets rather than forward them. The corresponding data entry in the NDP table is updated when the received information is different from the existing one.

  • Page 740: Switch Roles In The Cluster

    Operation Manual – Cluster Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 Cluster The management device of a cluster recognizes and controls all the member devices in the cluster, no matter where they are located on the network or how they are connected.
  • Page 741 Operation Manual – Cluster Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 Cluster The following three switch roles exist in a cluster: management device, member device, and candidate device. Table 1-1 Switch roles in the cluster Role Configuration Description Provide...
  • Page 742 Operation Manual – Cluster Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 Cluster Candidate device Candidate device Management device Management device Member device Member device Figure 1-2 Role switching roles Each cluster has one (and only one) management device. A management device collects NDP/NTDP information to discover and determine candidate devices, which can be then added into the cluster through manual configurations.

  • Page 743: Management Device Configuration

    Operation Manual – Cluster Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 Cluster 1.2 Management Device Configuration 1.2.1 Management Device Configuration Tasks Table 1-2 Management device configuration tasks Operation Description Related section Enable Section 1.2.2 Enabling NDP globally Required Globally and for Specific Ports...
  • Page 744 Operation Manual – Cluster Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 Cluster 1.2.2 Enabling NDP Globally and for Specific Ports Table 1-3 Enable NDP globally and for a specific port Operation Command Description Enter system view system-view — Required...

  • Page 745: Configuring Ntdp-Related Parameters

    Operation Manual – Cluster Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 Cluster Operation Command Description Enable NTDP Required ntdp enable globally Enter Ethernet port interface interface-type — view interface-number Enable NTDP for Required ntdp enable the Ethernet port 1.2.5 Configuring NTDP-related Parameters...

  • Page 746: Configuring Cluster Parameters

    Operation Manual – Cluster Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 Cluster Operation Command Description Optional Enable the cluster cluster enable By default, the cluster function function globally is enabled 1.2.7 Configuring Cluster Parameters I. Configuring cluster parameters manually...

  • Page 747: Configuring Interaction For The Cluster

    Operation Manual – Cluster Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 Cluster II. Building a cluster automatically Table 1-9 Enable the cluster function automatically Operation Command Description Enter system view system-view — Enter cluster view cluster — Configure the rang...

  • Page 748: Member Device Configuration

    Operation Manual – Cluster Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 Cluster II. Configuration procedure Table 1-11 Configure NM interface for the cluster Operation Command Description Enter system view system-view — Enter cluster view cluster Required Configure Optional network...
  • Page 749 Operation Manual – Cluster Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 Cluster Note: To protect the unused sockets against malicious attacks and improve the switch security, S3900 series Ethernet switches provide the following function: When the cluster function is enabled, socket UDP 40000 used by the cluster is enabled;...

  • Page 750: Configure Member Devices To Access Ftp/Tftp Server Of The Cluster

    Operation Manual – Cluster Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 Cluster 1.3.3 Enabling NTDP Globally and for Specific Ports Table 1-14 Enable NTDP globally and for specific ports Operation Command Description Enter system view system-view — Enable system...

  • Page 751: Displaying And Maintaining A Cluster

    Operation Manual – Cluster Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 Cluster Operation Command Description Remove a member delete-member device from Optional member-num cluster reboot member Reboot a specified member-num Optional member device mac-address H-H-H [ eraseflash ] Return to system quit —...

  • Page 752: Cluster Configuration Example

    Operation Manual – Cluster Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 Cluster Operation Command Description Display state and statistics display cluster information about a cluster Display display cluster candidates information about [ mac-address H-H-H | candidate verbose ] devices of a cluster...
  • Page 753 Operation Manual – Cluster Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 Cluster II. Network diagram SNMP host/log host SNMP host/log host 69.172.55.4 69.172.55.4 69.172.55.4 69.172.55.4 FTP serv er/TFTP serv er FTP serv er/TFTP serv er FTP serv er/TFTP serv er...
  • Page 754 Operation Manual – Cluster Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 Cluster [Quidway] ndp enable [Quidway] interface Ethernet 1/0/2 [Quidway-Ethernet1/0/2] ndp enable [Quidway-Ethernet1/0/2] interface Ethernet 1/0/3 [Quidway-Ethernet1/0/3] ndp enable [Quidway-Ethernet1/0/3] quit # Configure the holdtime of NDP information to be 200 seconds.
  • Page 755 Operation Manual – Cluster Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 Cluster [aaa_0.Quidway-cluster] # Add the attached two switches to the cluster. [aaa_0.Quidway-cluster] add-member 1 mac-address 00e0-fc01-0011 [aaa_0.Quidway-cluster] add-member 17 mac-address 00e0-fc01-0012 # Configure the holdtime of the member device information to be 100 seconds.

  • Page 756: Nm Interface Configuration Example

    Operation Manual – Cluster Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 Cluster Note: Upon the completion of the above configurations, you can execute the cluster switch-to { member-num | mac-address H-H-H } command on the management device to switch to member device view to maintain and manage a member device.
  • Page 757 Operation Manual – Cluster Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 Cluster II. Network diagram VLAN 2 VLAN 2 VLAN 2 VLAN 2 VLAN 2 VLAN 2 VLAN 2 VLAN 2 S3900 S3900 S3900 S3900 (IP Address192.168.4.22 (IP Address192.168.4.22 (IP Address192.168.4.22...
  • Page 758 Operation Manual – PoE & PoE Profile Quidway S3900 Series Ethernet Switches-Release 1510 Table of Contents Table of Contents Chapter 1 PoE Configuration ....................... 1-1 1.1 PoE Overview ........................1-1 1.1.1 Introduction to PoE....................1-1 1.1.2 PoE Features supported by S3900 ................. 1-1 1.2 PoE Configuration Tasks ....................

  • Page 759: Poe Overview

    Operation Manual – PoE & PoE Profile Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 PoE Configuration Chapter 1 PoE Configuration 1.1 PoE Overview 1.1.1 Introduction to PoE Power over Ethernet (PoE) uses 10BaseT, 100Base-TX, and 1000Base-T twisted pairs to supply power to the remote powered devices (PD) in the network and implement power supply and data transmission simultaneously.

  • Page 760: Poe Configuration Tasks

    Operation Manual – PoE & PoE Profile Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 PoE Configuration Through the fixed 24/48 Ethernet electrical ports, it can supply power to up to 24/48 remote Ethernet switches with a maximum distance of 100 m (328 feet).

  • Page 761: Enabling The Poe Feature On A Port

    Operation Manual – PoE & PoE Profile Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 PoE Configuration Operation Description Related section Section 1.5 Setting PoE Set PoE management mode and Optional Management Mode and PoE priority of a port PoE Priority of a Port Section 1.6...

  • Page 762: Setting Poe Management Mode And Poe Priority Of A Port

    Operation Manual – PoE & PoE Profile Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 PoE Configuration Operation Command Description Required By default, the Set the maximum output poe max-power max-power maximum output power on the port power on a port is 15400 mW 1.5 Setting PoE Management Mode and PoE Priority of a...

  • Page 763: Setting The Poe Mode On A Port

    Operation Manual – PoE & PoE Profile Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 PoE Configuration Operation Command Description interface interface-type Enter Ethernet port view — interface-number Required Se the PoE priority of a poe priority { critical |...

  • Page 764: Configuring Poe Over-Temperature Protection On The Switch

    Operation Manual – PoE & PoE Profile Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 PoE Configuration 1.8 Configuring PoE Over-Temperature Protection on the Switch If this function is enabled, the switch disables the PoE feature on all ports when its...

  • Page 765: Displaying Poe Configuration

    Operation Manual – PoE & PoE Profile Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 PoE Configuration Note: The refresh update mode is to upgrade the valid software in the PSE through refreshing the software, while the full update mode is to delete the invalid software in PSE completely and then reload the software.

  • Page 766: Poe Configuration Example

    Operation Manual – PoE & PoE Profile Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 PoE Configuration 1.11 PoE Configuration Example I. Networking requirements The Ethernet 1/0/1 and Ethernet 1/0/2 ports of the S3928P-PWR-EI switch are connected to an S2016C switch and an AP respectively; the Ethernet 1/0/24 port is intended to be connected with an important AP.
  • Page 767 Operation Manual – PoE & PoE Profile Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 PoE Configuration # Set the maximum output power of Ethernet 1/0/1 and Ethernet 1/0/2 to 12000 mW and 2500 mW respectively. [Quidway] interface Ethernet 1/0/1...

  • Page 768: Introduction To Poe Profile

    Operation Manual – PoE & PoE Profile Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 2 PoE Profile Configuration Chapter 2 PoE Profile Configuration 2.1 Introduction to PoE Profile On a large-sized network or a network with mobile users, to help network administrators to monitor the PoE features of the switch, S3900 series ethernet switches provide the PoE profile features.
  • Page 769 Operation Manual – PoE & PoE Profile Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 2 PoE Profile Configuration Operation Command Description Required The PoE feature Enable poe enable port feature on a port disabled default Optional Configure By default, PoE...

  • Page 770: Displaying Poe Profile Configuration

    Operation Manual – PoE & PoE Profile Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 2 PoE Profile Configuration When the apply poe-profile command is used to apply a PoE profile to a port, the PoE profile is applied successfully only if one PoE feature in the PoE profile is applied properly.

  • Page 771: Poe Profile Configuration Example

    Operation Manual – PoE & PoE Profile Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 2 PoE Profile Configuration 2.4 PoE profile Configuration Example I. Network requirements Ethernent1/0/1 through Ethernet1/0/10 of the S3928P-PWR-EI switch are used by users of group A who have the following requirements: All ports in use can enable PoE function;...
  • Page 772 Operation Manual – PoE & PoE Profile Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 2 PoE Profile Configuration <Quidway> system-view [Quidway] poe-profile Profile1 # In profile 1, add the PoE policy configuration applicable to Ethernet1/0/1 through Ethernet1/0/5 ports for users of group A.
  • Page 773 Operation Manual – UDP-Helper Quidway S3900 Series Ethernet Switches Table of Contents Table of Contents Chapter 1 UDP-Helper Configuration ..................1-1 1.1 Introduction to UDP-Helper....................1-1 1.2 Configuring UDP-Helper ....................1-2 1.3 Displaying and Debugging UDP-Helper ................1-3 1.4 UDP-Helper Configuration Example .................. 1-3 1.4.1 Network requirements .....................

  • Page 774: Chapter 1 Udp-Helper Configuration

    Operation Manual – UDP-Helper Chapter 1 Quidway S3900 Series Ethernet Switches UDP-Helper Configuration Chapter 1 UDP-Helper Configuration 1.1 Introduction to UDP-Helper UDP-Helper is designed to relay specified broadcast UDP packets. It enables a device to operate as a UDP packet relay. That is, it can convert broadcast UDP packets into unicast packets and forward them to a specified server.

  • Page 775: Configuring Udp-Helper

    Operation Manual – UDP-Helper Chapter 1 Quidway S3900 Series Ethernet Switches UDP-Helper Configuration 1.2 Configuring UDP-Helper Table 1-2 Configure UDP-Helper Operation Command Description Enter system view — system-view Required Enable UDP-Helper udp-helper enable UDP-Helper is disabled by default If the port is a default UDP port, you do not need to configure it;...

  • Page 776: Network Requirements

    Operation Manual – UDP-Helper Chapter 1 Quidway S3900 Series Ethernet Switches UDP-Helper Configuration If the destination server is configured on a VLAN interface, the broadcast UDP packets received from the ports in the VLAN with specific UDP-Helper destination ports are forwarded to the destination server configured on the VLAN interface.
  • Page 777 Operation Manual – UDP-Helper Chapter 1 Quidway S3900 Series Ethernet Switches UDP-Helper Configuration 1.4.2 Network diagram PC1 192.168.1.1 PC1 192.168.1.1 PC1 192.168.1.1 PC1 192.168.1.1 PC1 192.168.1.1 PC1 192.168.1.1 PC1 192.168.1.1 10.2.72.1 10.2.72.1 10.2.72.1 10.2.72.1 10.2.72.1 10.2.72.1 10.2.72.1 VLAN interface 20 VLAN interface 20 10.2.72.39...
  • Page 778 Operation Manual – SNMP and RMON Quidway S3900 Series Ethernet Switches-Release 1510 Table of Contents Table of Contents Chapter 1 SNMP Configuration....................1-1 1.1 SNMP Overview......................... 1-1 1.1.1 SNMP Operation Mechanism.................. 1-1 1.1.2 SNMP Versions ....................... 1-1 1.1.3 MIBs Supported by the Device................1-2 1.2 Configuring SNMP Basic Functions...................

  • Page 779: Snmp Overview

    Operation Manual – SNMP and RMON Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 SNMP Configuration Chapter 1 SNMP Configuration 1.1 SNMP Overview By far, the simple network management protocol (SNMP) has gained the most extensive application in the computer networks. SNMP has been put into use and widely accepted as an industry standard in practice.

  • Page 780: Mibs Supported By The Device

    Operation Manual – SNMP and RMON Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 SNMP Configuration name can limit access to SNMP Agent from SNMP NMS, functioning as a password. You can define the following features related to the community name.

  • Page 781: Configuring Snmp Basic Functions

    Operation Manual – SNMP and RMON Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 SNMP Configuration Table 1-1 Common MIBs MIB attribute MIB content References MIB II based on TCP/IP network device RFC1213 RFC1493 BRIDGE MIB RFC2675 RIP MIB RFC1724...
  • Page 782 Operation Manual – SNMP and RMON Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 SNMP Configuration Table 1-2 Configure SNMP basic functions for SNMP V1 and SNMP V2C Operation Command Description Enter system view system-view — Optional default, SNMP Agent is disabled...
  • Page 783 Operation Manual – SNMP and RMON Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 SNMP Configuration Operation Command Description Optional By default, the device snmp-agent Set the device engine ID engine local-engineid engineid "Enterprise Number + device information". Optional snmp-agent mib-view...

  • Page 784: Configuring Trap

    Operation Manual – SNMP and RMON Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 SNMP Configuration Operation Command Description snmp-agent usm-user user-name group-name [ authentication-mode Add a new user for an SNMP Required group auth-password [ privacy-mode des56 priv-password ] ] [ acl...
  • Page 785 Operation Manual – SNMP and RMON Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 SNMP Configuration 1.3.1 Configuration Prerequisites Complete SNMP basic configuration. 1.3.2 Configuration Tasks Table 1-4 Configure Trap Operation Command Description — Enter system view system-view snmp-agent trap...

  • Page 786: Displaying Snmp

    Operation Manual – SNMP and RMON Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 SNMP Configuration 1.4 Setting the Logging Function for Network Management Table 1-5 Set the logging function for network management Operation Command Description — Enter system view system-view Optional;...

  • Page 787: Snmp Configuration Example

    Operation Manual – SNMP and RMON Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 SNMP Configuration Operation Command Description display snmp-agent Display Trap list information trap-list display snmp-agent Display currently configured community [ read | community name write ] display...
  • Page 788 5000 params securityname public IV. Configuring NMS The S3900 series switch supports Huawei’s QuidView NMS. SNMP V3 adopts user name and password authentication. In [Quidview Authentication Parameter], you need to set a user name, choose security level, and set authorization mode, authorization password, encryption mode, and encryption password respectively according to different security levels.

  • Page 789: Introduction To Rmon

    Operation Manual – SNMP and RMON Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 2 RMON Configuration Chapter 2 RMON Configuration 2.1 Introduction to RMON Remote monitoring (RMON) is a kind of management information base (MIB) defined by Internet Engineering Task Force (IETF) and is a most important enhancement made to MIB II standards.

  • Page 790: Commonly Used Rmon Groups

    Operation Manual – SNMP and RMON Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 2 RMON Configuration switch, an NMS can obtain the information about the total traffic, error statistics and performance statistics of the network segments to which the ports of the managed network devices are connected.

  • Page 791: Rmon Configuration

    Operation Manual – SNMP and RMON Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 2 RMON Configuration IV. History group After a history group is configured, the Ethernet switch collects network statistics information periodically and stores the statistics information temporarily for later retrieval.

  • Page 792: Displaying Rmon

    Operation Manual – SNMP and RMON Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 2 RMON Configuration Operation Command Description rmon alarm entry-number Optional alarm-variable sampling-time Before adding an alarm delta absolute entry, you need to use the rising-threshold Add an alarm entry...

  • Page 793: Rmon Configuration Example

    Operation Manual – SNMP and RMON Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 2 RMON Configuration Table 2-2 Display RMON Descript Operation Command display rmon statistics interface-type Display RMON statistics interface-number unit unit-number ] display rmon history interface-type Display RMON history information...
  • Page 794 Operation Manual – SNMP and RMON Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 2 RMON Configuration II. Network diagram Internet Internet Netw ork Port Netw ork Port Console Por t Console Por t Sw itch Sw itch Figure 2-1 Network diagram for RMON configuration III.
  • Page 795 Operation Manual -- NTP Quidway S3900 Series Ethernet Switches-Release 1510 Table of Contents Table of Contents Chapter 1 NTP Configuration ....................... 1-1 1.1 Introduction to NTP......................1-1 1.1.1 Applications of NTP....................1-1 1.1.2 Working Principle of NTP ..................1-2 1.1.3 NTP Implementation Mode ..................1-4 1.2 NTP Implementation Mode Configuration .................

  • Page 796: Introduction To Ntp

    Operation Manual -- NTP Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 NTP Configuration Chapter 1 NTP Configuration 1.1 Introduction to NTP Network time protocol (NTP) is a time synchronization protocol defined by RFC1305. It is used for time synchronization among a set of distributed time servers and clients.

  • Page 797: Working Principle Of Ntp

    Operation Manual -- NTP Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 NTP Configuration Note: The accuracy of a clock is determined by its stratum, which ranges from 1 to 16. The stratum of the reference clock ranges from 1 to 15. The accuracy descends with the increasing of stratum number.
  • Page 798 Operation Manual -- NTP Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 NTP Configuration NTP Packet NTP Packet NTP Packet NTP Packet NTP Packet NTP Packet NTP Packet NTP Packet 10:00:00 am 10:00:00 am 10:00:00 am 10:00:00 am 10:00:00am 10:00:00am...

  • Page 799: Ntp Implementation Mode

    Operation Manual -- NTP Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 NTP Configuration 1.1.3 NTP Implementation Mode To accommodate networks of different structures and switches in different network positions, NTP can operate in multiple modes, as described in the following.
  • Page 800 Operation Manual -- NTP Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 NTP Configuration III. Broadcast mode Server Server Server Server Client Client Client Client Netw ork Netw ork Netw ork Netw ork Initiate a client/server mode Initiate a client/server mode...

  • Page 801: Ntp Implementation Mode Configuration

    Operation Manual -- NTP Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 NTP Configuration NTP implementation mode Configuration on S3900 switches Configure the S3900 switch to operate in NTP broadcast server mode. In this case, the S3900 switch broadcast NTP packets through the VLAN interface configured on the switch.

  • Page 802: Configuring Ntp Implementation Modes

    Operation Manual -- NTP Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 NTP Configuration 1.2.2 Configuring NTP Implementation Modes Table 1-2 Configure NTP implementation modes Operation Command Description Enter system view system-view — ntp-service unicast-server { remote-ip | server-name }...
  • Page 803 Operation Manual -- NTP Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 NTP Configuration Note: To reduce the risk of being attacked by malicious users against opened socket and enhance switch security, the S3900 series Ethernet switches provide the following functions, so that a socket is opened only when it is needed: Opening UDP port 123 (used for NTP) when NTP is enabled;...

  • Page 804: Access Control Permission Configuration

    Operation Manual -- NTP Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 NTP Configuration IV. NTP multicast server mode When an S3900 series switch operates in NTP multicast server mode, it multicasts a clock synchronization packet periodically. The devices which are configured to be in the NTP multicast client mode will response this packet and start the clock synchronization procedure.

  • Page 805: Configuring Ntp Authentication

    Operation Manual -- NTP Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 NTP Configuration 1.4.1 Prerequisites NTP authentication configuration involves: Configuring NTP authentication on the client Configuring NTP authentication on the server Note the following when performing NTP authentication configuration:...
  • Page 806 Operation Manual -- NTP Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 NTP Configuration Operation Command Description In NTP client mode and NTP client mode: NTP peer mode, you need ntp-service unicast-server to associate the specified { remote-ip | server-name }...

  • Page 807: Configuration Of Optional Ntp Parameters

    Operation Manual -- NTP Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 NTP Configuration Operation Command Description Enter VLAN interface Vlan-interface — interface view vlan-id In NTP broadcast server Broadcast server mode: mode and NTP multicast ntp-service server mode, you need to...

  • Page 808: Displaying And Debugging Ntp

    Operation Manual -- NTP Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 NTP Configuration Operation Command Description Enter VLAN — interface Vlan-interface interface view vlan-id Disable Optional interface from ntp-service in-interface By default, a VLAN interface receiving disable receives NTP packets.

  • Page 809: Ntp Server Mode Configuration

    Operation Manual -- NTP Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 NTP Configuration 1.7 Configuration Example 1.7.1 NTP Server Mode Configuration I. Network requirements Configure the local clock of Quidway1 to be NTP master clock, with the stratum being 2.

  • Page 810: Ntp Peer Mode Configuration

    Operation Manual -- NTP Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 NTP Configuration # After the above configuration, the S3900 switch is synchronized to Quidway1. View the NTP status of the S3900 series switch. [S3900] display ntp-service status Clock status: synchronized Clock stratum: 3 Reference clock ID: 1.0.1.11...
  • Page 811 Operation Manual -- NTP Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 NTP Configuration Note: This example assumes that: Quidway2 is a switch that allows its local clock to be the master clock. Quidway3 is a switch that allows its local clock to be the master clock and the stratum of its clock is 1.

  • Page 812: Ntp Broadcast Mode Configuration

    Operation Manual -- NTP Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 NTP Configuration Clock status: synchronized Clock stratum: 2 Reference clock ID: 3.0.1.32 Nominal frequency: 250.0000 Hz Actual frequency: 249.9992 Hz Clock precision: 2^19 Clock offset: 0.66 ms Root delay: 27.47 ms Root dispersion: 208.39 ms...
  • Page 813 Operation Manual -- NTP Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 NTP Configuration II. Network diagram 3.0.1.31/24 3.0.1.31/24 3.0.1.31/24 3.0.1.31/24 Vlan-interface 2 Vlan-interface 2 Vlan-interface 2 Vlan-interface 2 Quidway 3 Quidway 3 Quidway 3 Quidway 3 1.0.1.31/24 1.0.1.31/24 1.0.1.31/24 1.0.1.31/24...

  • Page 814: Ntp Multicast Mode Configuration

    Operation Manual -- NTP Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 NTP Configuration [S3900-2-Vlan-interface2] # Configure S3900-2 to be a broadcast client. [S3900-2-Vlan-interface2] ntp-service broadcast-client The above configuration configures S3900-1 and S3900-2 to listen to broadcast packets through their VLAN interface 2, and Quidway3 to send broadcast packets through VLAN interface 2.
  • Page 815 Operation Manual -- NTP Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 NTP Configuration Note: This example assumes that Quidway3 is a switch that supports the local clock being the master clock. II. Network diagram 3.0.1.31/24 3.0.1.31/24 3.0.1.31/24 3.0.1.31/24 Vlan-interface 2...

  • Page 816: Ntp Server Mode With Authentication Configuration

    Operation Manual -- NTP Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 NTP Configuration # Enter VLAN-interface 2 view. [[S3900-2] interface Vlan-interface 2 # Configure S3900-2 to be a multicast client. [S3900-2-Vlan-interface2] ntp-service multicast-client The above configuration configures S3900-1 and S3900-2 to listen to multicast packets through their VLAN interface 2, and Quidway3 to advertise multicast packets through VLAN interface 2.
  • Page 817 Operation Manual -- NTP Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 NTP Configuration An S3900 series switch operates in client mode with Quidway1 as the time server. Quidway1 operates in the server mode automatically. Meanwhile, NTP authentication is enabled on both sides.
  • Page 818 Operation Manual -- NTP Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 NTP Configuration [Quidway1] ntp-service authentication enable # Set the MD5 key to 42, with the content being aNiceKey. [Quidway1] ntp-service authentication-keyid 42 authentication-model md5 aNiceKey # Specify the key to be a trusted key.
  • Page 819 Operation Manual – SSH Terminal Service Quidway S3900 Series Ethernet Switches-Release 1510 Table of Contents Table of Contents Chapter 1 SSH Terminal Services....................1-1 1.1 SSH Terminal Services...................... 1-1 1.1.1 Introduction to SSH ....................1-1 1.1.2 SSH Server Configuration..................1-3 1.1.3 SSH Client Configuration ..................

  • Page 820: Ssh Terminal Services

    Operation Manual - SSH Terminal Services Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 SSH Terminal Services Chapter 1 SSH Terminal Services 1.1 SSH Terminal Services 1.1.1 Introduction to SSH Secure Shell (SSH) can provide information security and powerful authentication to prevent such assaults as IP address spoofing, plain-text password interception when users log on to the Switch remotely through an insecure network environment.
  • Page 821 Operation Manual - SSH Terminal Services Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 SSH Terminal Services Workstation Workstation Workstation Workstation Local Switch Local Switch Local Switch Local Switch Local Switch Local Switch Local Ethernet Local Ethernet Local Ethernet Local Ethernet...

  • Page 822: Ssh Server Configuration

    Operation Manual - SSH Terminal Services Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 SSH Terminal Services The server authenticates the username information from the client. If the user is configured as no authentication on the server, authentication stage is skipped and session request stage starts directly.
  • Page 823 Operation Manual - SSH Terminal Services Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 SSH Terminal Services Configuration Keyword Description Refer Generate a local RSA key pair rsa local-key-pair create “Generating local-key-pair destroying RSA key Destroy a local RSA key pair...
  • Page 824 Operation Manual - SSH Terminal Services Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 SSH Terminal Services Caution: When SSH protocol is specified, to ensure a successful login, you must configure the AAA authentication using the authentication-mode scheme command. protocol...
  • Page 825 Operation Manual - SSH Terminal Services Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 SSH Terminal Services Caution: For a successful SSH login, you must generate a local RSA key pair first. You just need to execute the command once, with no further action required even after the system is rebooted.
  • Page 826 Operation Manual - SSH Terminal Services Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 SSH Terminal Services Caution: If RSA authentication type is defined, then the RSA public key of the client user must be configured on the switch. By default, no authentication type is specified for a new user, so they cannot access the switch.
  • Page 827 Operation Manual - SSH Terminal Services Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 SSH Terminal Services V. Configuring client public keys You can configure RSA public keys for client users on the switch and specify RSA private keys, which correspond to the public keys, on the client. Then client keys are generated randomly by the SSHv2.0 client software.
  • Page 828 Operation Manual - SSH Terminal Services Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 SSH Terminal Services Operation Command Description Required Keyname is the name of an existing public key. If Assign public key to ssh user username assign the user already has a...

  • Page 829: Ssh Client Configuration

    Operation Manual - SSH Terminal Services Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 SSH Terminal Services Table 1-8 Specify source IP address for sending traffic packets Operation Command Description — Enter system view system-view Specify source IP address ssh-server source-ip ip-address Optional for SSH Server.

  • Page 830: Displaying Ssh Configuration

    Operation Manual - SSH Terminal Services Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 SSH Terminal Services Note: In the initial authentication, if the SSH client does not have the public key for the server which it accesses for the first time, the client continues to access the server and save locally the public key of the server.

  • Page 831: Ssh Server Configuration Example

    Operation Manual - SSH Terminal Services Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 SSH Terminal Services Operation Command Description Display the current source display ssh-server IP address specified for source-ip SSH Server. Display the current source IP address specified for display ssh2 source-ip SSHv2.0 Client.
  • Page 832 Operation Manual - SSH Terminal Services Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 SSH Terminal Services [Quidway] user-interface vty 0 4 [Quidway-ui-vty0-4] authentication-mode scheme # Set the user interfaces to support SSH. [Quidway-ui-vty0-4] protocol inbound ssh # Configure the login protocol for the clinet001 user as SSH and authentication type as password.

  • Page 833: Ssh Client Configuration Example

    Operation Manual - SSH Terminal Services Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 SSH Terminal Services [Quidway-rsa-key-code] public-key-code end [Quidway-rsa-public-key] peer-public-key end [Quidway] ssh user client002 assign rsa-key quidway002 # Start the SSH client software on the host which stores the RSA private keys and make corresponding configuration to establish an SSH connection.
  • Page 834 Operation Manual - SSH Terminal Services Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 SSH Terminal Services [Quidway-rsa-public-key] peer-public-key end [Quidway] ssh client 10.165.87.136 assign rsa-key public Start SSH client. Settings for the two authentication types are described respectively in the following: Use the password authentication and start the client using the default encryption algorithm.

  • Page 835: Sftp Service

    Operation Manual - SSH Terminal Services Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 SSH Terminal Services 1.2 SFTP Service 1.2.1 SFTP Overview Secure FTP (SFTP) is a new feature introduced in SSHv2.0. SFTP is established on SSH connections to secure remote users’ login to the switch, perform file management and file transfer (such as upgrade the system), and provide secured data transfer.

  • Page 836: Sftp Client Configuration

    Operation Manual - SSH Terminal Services Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 SSH Terminal Services Table 1-14 Set connection timeout time Operation Command Description — Enter system view system-view Required Set timeout time for the sftp timeout By default, the connection...
  • Page 837 Operation Manual - SSH Terminal Services Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 SSH Terminal Services Command Operation View Description Key word Rename a file on the rename SFTP server Download a file from remote SFTP server Upload a local file to...
  • Page 838 Operation Manual - SSH Terminal Services Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 SSH Terminal Services Operation Command Description three commands have Disable the SFTP client exit same function. quit III. Operating with SFTP directories SFTP directory-related operations include: changing or displaying the current directory, creating or deleting a directory, displaying files or information of a specific directory.
  • Page 839 Operation Manual - SSH Terminal Services Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 SSH Terminal Services Table 1-19 Operate with SFTP files Operation Command Description Enter system view system-view sftp host-ip Enter SFTP client view host-name } Change the name of a file...

  • Page 840: Sftp Configuration Example

    Operation Manual - SSH Terminal Services Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 SSH Terminal Services Operation Command Description Specify source Optional sftp source-ip ip-address address for sftp client Specify source sftp source-interface interface-type Optional interface for sftp client...
  • Page 841 Operation Manual - SSH Terminal Services Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 SSH Terminal Services # Specify SFTP service for SSH user abc. [Quidway] ssh user abc service-type sftp Configure Switch A (SFTP client) # Establish a connection to the remote SFTP server and enter SFTP client view.
  • Page 842 Operation Manual - SSH Terminal Services Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 SSH Terminal Services -rwxrwxrwx 1 noone nogroup 1759 Aug 23 06:52 vrpcfg.cfg -rwxrwxrwx 1 noone nogroup 225 Aug 24 08:01 pubkey2 -rwxrwxrwx 1 noone nogroup 283 Aug 24 07:39 pubkey1...
  • Page 843 Operation Manual – File System Management Quidway S3900 Series Ethernet Switches-Release 1510 Table of Contents Table of Contents Chapter 1 File System Management and Configuration............1-1 1.1 File Attribute Configuration ....................1-1 1.1.1 Introduction to File Attributes .................. 1-1 1.1.2 Configuring File Attributes..................1-2 1.2 File System Configuration....................

  • Page 844: File Attribute Configuration

    Operation Manual – File System Management Chapter 1 File System Management and Quidway S3900 Series Ethernet Switches-Release 1510 Configuration Chapter 1 File System Management and Configuration 1.1 File Attribute Configuration 1.1.1 Introduction to File Attributes An app file is an executable file, with .bin as the extension. A configuration file is used to store and restore configuration, with .cfg as the extension.

  • Page 845: Configuring File Attributes

    Operation Manual – File System Management Chapter 1 File System Management and Quidway S3900 Series Ethernet Switches-Release 1510 Configuration File operations and file attribute operations are independent of each other. For example, if you delete a file with the main attribute from the Flash memory, the main attribute is not deleted.

  • Page 846: File System Configuration

    Operation Manual – File System Management Chapter 1 File System Management and Quidway S3900 Series Ethernet Switches-Release 1510 Configuration Caution: Before configuring the main or backup attribute for a file in the fabric, make sure the file already exists on all devices in the fabric.

  • Page 847: Directory Operations

    Operation Manual – File System Management Chapter 1 File System Management and Quidway S3900 Series Ethernet Switches-Release 1510 Configuration Note: For Ethernet switches that support IRF (intelligent resilient framework), you can input a file path and file name in one of the following ways: In URL (universal resource locator) format and starting with “unit[No.]>flash:/”...

  • Page 848: File Operations

    Operation Manual – File System Management Chapter 1 File System Management and Quidway S3900 Series Ethernet Switches-Release 1510 Configuration Note: In the output information of the dir /all command, deleted files (that is, those in the recycle bin) are embraced in brackets.

  • Page 849: Flash Operations

    Operation Manual – File System Management Chapter 1 File System Management and Quidway S3900 Series Ethernet Switches-Release 1510 Configuration Operation Command Description copy fileurl-source Copy a file Optional fileurl-dest move fileurl-source Move a file Optional fileurl-dest Optional Display the content...

  • Page 850: Prompt Mode Configuration

    Operation Manual – File System Management Chapter 1 File System Management and Quidway S3900 Series Ethernet Switches-Release 1510 Configuration Caution: The format operation leads to the loss of all files, including the configuration files, on the Flash memory and is irretrievable.

  • Page 851: Configuration Backup And Restore

    Operation Manual – File System Management Chapter 1 File System Management and Quidway S3900 Series Ethernet Switches-Release 1510 Configuration (*) -with main attribute (b) -with backup attribute (*b) -with both main and backup attribute # Copy the file flash:/vrpcfg.cfg to flash:/test/, with 1.cfg as the name of the new file.

  • Page 852: Operation Preparation

    Operation Manual – File System Management Chapter 1 File System Management and Quidway S3900 Series Ethernet Switches-Release 1510 Configuration By using the configuration backup and restore feature, you can easily back up and restore the configurations in the whole fabric as well as in an individual unit.

  • Page 853: Ftp Lighting Configuration

    FTP client is uploading file to the FTP server (the S3900 switch), and will stop rotating when the file uploading is finished, as show in Figure 2-1. Huawei Technologies Proprietary...
  • Page 854 FTP client (the S3900 switch) is downloading file from a FTP server, and will stop rotating when the file downloading is finished, as show in Figure 2-1. Huawei Technologies Proprietary...

  • Page 855: Tftp Lighting Configuration

    The TFTP file transfer is initiated by a client: When a file needs to be downloaded, the client sends a read request to the TFTP server. It then receives data from the server and sends acknowledgement to the server. Huawei Technologies Proprietary...

  • Page 856: Tftp Lighting Procedure

    Table 2-3 Download file from an TFTP server to the switch acting as an TFTP client Device Operation Command Description Required detailed Enable TFTP configuration, refer to TFTP server — server configuration instruction relevant to TFTP server. Huawei Technologies Proprietary...
  • Page 857 Device Operation Command Description Log into a remote Required TFTP server, tftp tftp-server get This command should TFTP client download source-file be executed in user save a remote file [ dest-file ] view. to the local device Huawei Technologies Proprietary...
  • Page 858 Operation Manual – FTP and TFTP Quidway S3900 Series Ethernet Switches-Release 1510 Table of Contents Table of Contents Chapter 1 FTP and TFTP Configuration ..................1-1 1.1 FTP Configuration......................1-1 1.1.1 Introduction to FTP....................1-1 1.1.2 FTP Configuration: A Switch Operating as an FTP Server........1-2 1.1.3 Configuration Example: A Switch Operating as an FTP Server ......

  • Page 859: Ftp Configuration

    Operation Manual – FTP and TFTP Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 FTP and TFTP Configuration Chapter 1 FTP and TFTP Configuration 1.1 FTP Configuration 1.1.1 Introduction to FTP FTP (file transfer protocol) is commonly used in IP-based networks to transmit files.

  • Page 860: Ftp Configuration: A Switch Operating As An Ftp Server

    Operation Manual – FTP and TFTP Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 FTP and TFTP Configuration Device Configuration Default Description Log into the switch through an FTP client — — application. Caution: The FTP-related functions require that the route between a FTP client and the FTP server is reachable.
  • Page 861 Operation Manual – FTP and TFTP Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 FTP and TFTP Configuration Network Network Network Network Switch Switch Figure 1-1 Network diagram for FTP configurations The following configurations are performed on the FTP server:...
  • Page 862 Operation Manual – FTP and TFTP Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 FTP and TFTP Configuration Note: Only one user can access an S3900 switch at a given time when the latter operates as an FTP server. FTP services are implemented in this way: An FTP client sends FTP requests to the FTP server.
  • Page 863 Operation Manual – FTP and TFTP Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 FTP and TFTP Configuration Table 1-4 Specify the source interface and source IP address for an FTP server Operation Command Description Enter system view — system-view...

  • Page 864: Configuration Example: A Switch Operating As An Ftp Server

    Operation Manual – FTP and TFTP Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 FTP and TFTP Configuration Note: If you attempt to disconnect a user that is uploading/downloading data to/from the FTP server that is acted by an S3900, the S3900 will disconnect the user after the data transmission is completed.
  • Page 865 Operation Manual – FTP and TFTP Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 FTP and TFTP Configuration II. Network diagram Network Network Network Network Switch Switch Figure 1-2 Network diagram for FTP configurations III. Configuration procedure Configure the switch # Log into the switch.
  • Page 866 Operation Manual – FTP and TFTP Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 FTP and TFTP Configuration 230 User logged in. ftp> # Upload the switch.bin file. ftp> put switch.bin 200 Port command okay. 150 Opening ASCII mode data connection for switch.bin.

  • Page 867: Ftp Configuration: A Switch Operating As An Ftp Client

    Operation Manual – FTP and TFTP Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 FTP and TFTP Configuration 1.1.4 FTP Configuration: A Switch Operating as an FTP Client I. Basic configurations on an FTP client The function for a switch to operate as an FTP client is implemented by an application module built in the switch.
  • Page 868 Operation Manual – FTP and TFTP Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 FTP and TFTP Configuration Operation Command Description Upload a local file to the put localfile [ remotefile ] Optional remote FTP server Rename a file on a remote...
  • Page 869 Operation Manual – FTP and TFTP Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 FTP and TFTP Configuration Operation Command Description Specify the source IP address so that the FTP ftp { cluster | remote-server } client uses it to connect...

  • Page 870: Configuration Example: A Switch Operating As An Ftp Client

    Operation Manual – FTP and TFTP Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 FTP and TFTP Configuration 1.1.5 Configuration Example: A Switch Operating as an FTP Client I. Network requirements A switch operates as an FTP client and a remote PC as an FTP server.
  • Page 871 Operation Manual – FTP and TFTP Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 FTP and TFTP Configuration Caution: If available space on the Flash memory of the switch is not enough to hold the file to be uploaded, you need to delete files from the Flash memory to make room for the file.

  • Page 872: Tftp Configuration

    Operation Manual – FTP and TFTP Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 FTP and TFTP Configuration Note: For information about the boot boot-loader command and how to specify the startup file for a switch, refer to the “System Maintenance and Debugging” module of this manual.
  • Page 873 Operation Manual – FTP and TFTP Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 FTP and TFTP Configuration Network Network Network Network Switch Switch Figure 1-4 Network diagram for TFTP configuration Table 1-9 describes the operations needed when a switch operates as a TFTP client.
  • Page 874 Operation Manual – FTP and TFTP Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 FTP and TFTP Configuration Operation Command Description Optional Set the TFTP file tftp { ascii | binary } By default, the binary file transmission mode transmission mode is adopted.

  • Page 875: Tftp Configuration Example

    Operation Manual – FTP and TFTP Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 FTP and TFTP Configuration Note: The specified interface must be an existing one, and otherwise a prompt appears to show the configuration fails. The value of argument ip-address must be an IP address on the device where the configuration is performed, and otherwise a prompt appears to show the configuration fails.
  • Page 876 Operation Manual – FTP and TFTP Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 FTP and TFTP Configuration III. Configuration procedure Start the TFTP server and configure the work directory on the PC. Configure the switch. # Log into the switch. (You can log into a switch through the Console port or by Telneting to the switch.
  • Page 877 Operation Manual – FTP and TFTP Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 FTP and TFTP Configuration Note: For information about the boot boot-loader command and how to specify the startup file for a switch, refer to the “System Maintenance and Debugging” module of this manual.
  • Page 878 Operation Manual – Information Center Quidway S3900 Series Ethernet Switches-Release 1510 Table of Contents Table of Contents Chapter 1 Information Center....................... 1-1 1.1 Information Center Overview ..................... 1-1 1.2 Information Center Configuration..................1-5 1.2.1 Enabling Synchronous Terminal Output ..............1-6 1.2.2 Enabling Information Output to a Log Host.............

  • Page 879: Information Center Overview

    Operation Manual – Information Center Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 Information Center Chapter 1 Information Center 1.1 Information Center Overview Information center is an indispensable part of Ethernet switches and exists as an information hub of system software modules. The information center manages most information outputs;...
  • Page 880 Operation Manual – Information Center Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 Information Center It refers to the system name of the host, which is “Quidway” by default. You can modify the host name with the sysname command. Refer to System Maintaining and Debugging part of the manual for detailed operations.
  • Page 881 Operation Manual – Information Center Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 Information Center Module name Description Forwarding module Fabric topology management module FTMCMD Fabric topology management command module FTPS FTP server module High availability module HABP Huawei authentication bypass protocol module...
  • Page 882 Operation Manual – Information Center Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 Information Center Module name Description Public key infrastructure module Power over Ethernet module PORTSEC Port Security module PPRDT Protocol packet redirect module PTVL VLAN (Port VLAN) module...

  • Page 883: Information Center Configuration

    Operation Manual – Information Center Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 Information Center Severity Switch information falls into three categories: log information, debugging information and trap information. The information center classifies the information into eight levels by severity or emergency. The higher the information severity is, the lower the corresponding level is.

  • Page 884: Enabling Synchronous Terminal Output

    Operation Manual – Information Center Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 Information Center Table 1-3 Information channel names and numbers Output direction Channel number Default channel name Console console Monitor terminal monitor Log host loghost Trap buffer trapbuffer...

  • Page 885: Enabling Information Output To A Log Host

    Operation Manual – Information Center Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 Information Center Note: Running the info-center synchronous command during debugging information collection may result in a command prompt echoed after each item of debugging information. To avoid unnecessary output, it is recommended that you disable synchronous terminal output in such cases.

  • Page 886: Enabling Information Output To The Console

    Operation Manual – Information Center Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 Information Center Operation Command Description info-center source { modu-name | default } Define channel { channel-number | Required information source channel-name } [ { log | trap...
  • Page 887 Operation Manual – Information Center Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 Information Center Operation Command Description info-center source { modu-name | default } Define channel { channel-number | Required information source channel-name } [ { log | trap...

  • Page 888: Enabling Information Output To A Monitor Terminal

    Operation Manual – Information Center Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 Information Center 1.2.4 Enabling Information Output to a Monitor Terminal Table 1-8 lists the related configurations on the switch. Table 1-8 Enable information output to a monitor terminal...

  • Page 889: Enabling Information Output To The Log Buffer

    Operation Manual – Information Center Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 Information Center For example, to view log information of the switch on a monitor terminal, you need to not only enable log information output to the monitor terminal, but also enable log information terminal display function with the terminal logging command.

  • Page 890: Enabling Information Output To The Trap Buffer

    Operation Manual – Information Center Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 Information Center Operation Command Description info-center source { modu-name | default } Define channel { channel-number | Required information source channel-name } [ { log | trap...

  • Page 891: Enabling Information Output To The Snmp

    Operation Manual – Information Center Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 Information Center Operation Command Description Optional This is to set the time stamp format info-center timestamp { log | trap Set the format of log/debugging/trap | debugging } { boot | date | time stamp information output.

  • Page 892: Displaying And Debugging Information Center Configuration

    Operation Manual – Information Center Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 Information Center Note: To view debug information of specific modules, you need to set the information type as debug in the info-center source command, and enable debugging on corresponding modules with the debugging command as well.

  • Page 893: Information Center Configuration Examples

    Operation Manual – Information Center Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 Information Center 1.4 Information Center Configuration Examples 1.4.1 Log Output to a Unix Log Host I. Network requirements The switch sends the following log information in English to the Unix log host whose IP address is 202.38.1.10: the log information of the two modules ARP and IP, with...

  • Page 894: Log Output To A Linux Log Host

    Operation Manual – Information Center Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 Information Center # mkdir /var/log/Quidway # touch /var/log/Quidway/information Step 2: Edit the file “/etc/syslog.conf” as the superuser (root user) to add the following selector/action pair. # Quidway configuration messages local4.info...
  • Page 895 Operation Manual – Information Center Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 Information Center II. Network diagram Network Network Switch Switch Switch Figure 1-2 Network diagram for log output to a Linux log host III. Configuration procedure Configure the switch: # Enable the information center.

  • Page 896: Log Output To The Console

    Operation Manual – Information Center Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 Information Center Note: Note the following items when you edit file “/etc/syslog.conf”. A note must start in a new line following a “#" sign. In each pair, a tab should be used as a separator instead of a space.
  • Page 897 Operation Manual – Information Center Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 Information Center II. Network diagram console console console console Switch Switch Switch Switch Figure 1-3 Network diagram for log output to the console III. Configuration procedure # Enable the information center.
  • Page 898 Operation Manual – System Maintenance and Debugging Quidway S3900 Series Ethernet Switches-Release 1510 Table of Contents Table of Contents Chapter 1 BootROM and Host Software Loading ..............1-1 1.1 Introduction to Loading Approaches .................. 1-1 1.2 Local Software Loading ..................... 1-1 1.2.1 Boot Menu .......................
  • Page 899 Operation Manual – System Maintenance and Debugging Quidway S3900 Series Ethernet Switches-Release 1510 Table of Contents 4.2.5 Updating the BootROM ................... 4-3 4.2.6 Updating the Host Software in the Fabric ............... 4-3 4.3 Displaying the Device Management Configuration............4-3 4.4 Remote Switch Update Configuration Example ..............4-4...

  • Page 900: Introduction To Loading Approaches

    Operation Manual – System Maintenance and Debugging Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 BootROM and Host Software Loading Chapter 1 BootROM and Host Software Loading Traditionally, the loading of switch software is accomplished through a serial port. This approach is slow, inconvenient, and cannot be used for remote loading.

  • Page 901: Boot Menu

    Operation Manual – System Maintenance and Debugging Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 BootROM and Host Software Loading Note: The loading process of the BootROM software is the same as that of the host software, except that during the former process, you should press <Ctrl+U> and <Enter> after entering the Boot Menu and the system gives different prompts.

  • Page 902: Loading Software Using Xmodem Through Console Port

    Operation Manual – System Maintenance and Debugging Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 BootROM and Host Software Loading Input the correct BootROM password (no password is need by default). The system enters the Boot Menu: BOOT MENU 1. Download application file to flash 2.
  • Page 903 Operation Manual – System Maintenance and Debugging Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 BootROM and Host Software Loading 3. Set XMODEM protocol parameter 0. Return to boot menu Enter your choice(0-3): Step 2: Enter 3 in the above menu to download the BootROM software using XMODEM.
  • Page 904 Operation Manual – System Maintenance and Debugging Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 BootROM and Host Software Loading Figure 1-1 Properties dialog box Figure 1-2 Console port configuration dialog box Huawei Technologies Proprietary...
  • Page 905 Operation Manual – System Maintenance and Debugging Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 BootROM and Host Software Loading Step 5: Click the <Disconnect> button to disconnect the HyperTerminal from the switch and then click the <Connect> button to reconnect the HyperTerminal to the switch, as shown in Figure 1-3.
  • Page 906 Operation Manual – System Maintenance and Debugging Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 BootROM and Host Software Loading Figure 1-5 Sending file page Step 9: After the download completes, the system displays the following information: Loading ...CCCCCCCCCC done! Step 10: Reset HyperTerminal’s baud rate to 9600 bps (refer to Step 4 and 5).

  • Page 907: Loading Software Using Tftp Through Ethernet Port

    Operation Manual – System Maintenance and Debugging Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 BootROM and Host Software Loading 0. Return to boot menu Enter your choice(0-3): Step 2: Enter 3 in the above menu to download the host software using XMODEM.
  • Page 908 Operation Manual – System Maintenance and Debugging Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 BootROM and Host Software Loading At the prompt "Enter your choice(0-9):" in the Boot Menu, press <6> or <Ctrl+U>, and then press <Enter> to enter the BootROM update menu shown below: Bootrom update menu: 1.

  • Page 909: Loading Software Using Ftp Through Ethernet Port

    Operation Manual – System Maintenance and Debugging Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 BootROM and Host Software Loading Caution: When loading BootROM and host software using Boot menu, you are recommended to use the PC directly connected to the device as TFTP server to promote upgrading reliability.
  • Page 910 Operation Manual – System Maintenance and Debugging Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 BootROM and Host Software Loading Bootrom update menu: 1. Set TFTP protocol parameter 2. Set FTP protocol parameter 3. Set XMODEM protocol parameter 0. Return to boot menu Enter your choice(0-3): Step 4: Enter 2 in the above menu to download the BootROM software using FTP.

  • Page 911: Remote Software Loading

    Operation Manual – System Maintenance and Debugging Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 BootROM and Host Software Loading Caution: When loading BootROM and host software using Boot menu, you are recommended to use the PC directly connected to the device as TFTP server to promote upgrading reliability.
  • Page 912 Operation Manual – System Maintenance and Debugging Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 BootROM and Host Software Loading 331 Give me your password, please Password: 230 Logged in successfully [ftp] get s3900.btm [ftp] bye Note: When using different FTP server software on PC, different information will be output to the switch.
  • Page 913 Operation Manual – System Maintenance and Debugging Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 BootROM and Host Software Loading II. Loading Process Using FTP Server As shown in Figure 1-9, the switch is used as the FTP server. You can telnet to the switch, and then execute the FTP commands to download the BootROM program s3900.btm from the switch.
  • Page 914 Operation Manual – System Maintenance and Debugging Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 BootROM and Host Software Loading [Quidway-luser-test] password simple pass [Quidway-luser-test] service-type ftp Step 4: Enable FTP client software on PC. Refer to Figure 1-10 for the command line interface in Windows operating system.
  • Page 915 Operation Manual – System Maintenance and Debugging Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 BootROM and Host Software Loading Step 6: Enter “ftp 192.168.0.39” and enter the user name test, password pass, as shown in Figure 1-12, to log on the FTP server.

  • Page 916: Remote Loading Using Tftp

    Operation Manual – System Maintenance and Debugging Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 BootROM and Host Software Loading This will update Bootrom on unit 1. Continue? [Y/N] y Upgrading Bootrom, please wait... Upgrade Bootrom succeeded! <Quidway> reboot When rebooting the switch, use the file s3900.btm as BootROM to finish BootROM loading.

  • Page 917: Basic System Configuration

    Operation Manual – System Maintenance and Debugging Chapter 2 Basic System Configuration & Quidway S3900 Series Ethernet Switches-Release 1510 Debugging Chapter 2 Basic System Configuration & Debugging 2.1 Basic System Configuration 2.1.1 Basic System Configuration Tasks Table 2-1 Basic system configuration tasks...

  • Page 918: Setting The Summer Time

    Operation Manual – System Maintenance and Debugging Chapter 2 Basic System Configuration & Quidway S3900 Series Ethernet Switches-Release 1510 Debugging 2.1.3 Setting the System Name of the Switch Table 2-3 Set the system name of the switch Operation Command Description...

  • Page 919: Setting The Cli Language Mode

    Operation Manual – System Maintenance and Debugging Chapter 2 Basic System Configuration & Quidway S3900 Series Ethernet Switches-Release 1510 Debugging When the system reaches the specified end time, it automatically subtracts the specified offset from the current time, so as to toggle the summer time to normal system time.

  • Page 920: Displaying The System Status

    Operation Manual – System Maintenance and Debugging Chapter 2 Basic System Configuration & Quidway S3900 Series Ethernet Switches-Release 1510 Debugging 2.1.9 Returning from Current View to User View Table 2-9 Return from current view to user view Operation Command Description...
  • Page 921 Operation Manual – System Maintenance and Debugging Chapter 2 Basic System Configuration & Quidway S3900 Series Ethernet Switches-Release 1510 Debugging Terminal display, which controls whether the debugging information is output to a user screen. The relation between the two switches is as follows:...

  • Page 922: Displaying Debugging Status

    Operation Manual – System Maintenance and Debugging Chapter 2 Basic System Configuration & Quidway S3900 Series Ethernet Switches-Release 1510 Debugging 2.3.2 Displaying Debugging Status Table 2-12 Display the current debugging status in the system Operation Command Description display debugging { fabric |...

  • Page 923: Network Connectivity Test

    Operation Manual – System Maintenance and Debugging Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 3 Network Connectivity Test Chapter 3 Network Connectivity Test 3.1 Network Connectivity Test 3.1.1 ping You can use the ping command to check the network connectivity and the reachability of a host.
  • Page 924 Operation Manual – System Maintenance and Debugging Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 3 Network Connectivity Test Table 3-2 The tracert command Operation Command Description Trace the gateways tracert [ -a source-ip ] [ -f first-ttl ] You can execute the...

  • Page 925: Introduction To Device Management

    Operation Manual – System Maintenance and Debugging Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 4 Device Management Chapter 4 Device Management 4.1 Introduction to Device Management The device management function of the Ethernet switch can report the current status and event-debugging information of the boards to you. Through this function, you can maintain and manage your physical device, and restart the system when some functions of the system are abnormal.

  • Page 926: Scheduling A Reboot On The Switch

    Operation Manual – System Maintenance and Debugging Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 4 Device Management Note: When rebooting, the system checks whether there is any configuration change. If there is, it prompts you to indicate whether or not to proceed. This prevents you from losing your original configuration due to oblivion after system reboot.

  • Page 927: Updating The Bootrom

    Operation Manual – System Maintenance and Debugging Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 4 Device Management Table 4-4 Specify the APP to be adopted at reboot Operation Command Description Specify the APP to boot boot-loader [ backup-attribute ] adopted...

  • Page 928: Remote Switch Update Configuration Example

    Operation Manual – System Maintenance and Debugging Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 4 Device Management Table 4-7 Display the operating status of the device management Operation Command Description Display the APP to be display boot-loader adopted at reboot...
  • Page 929 Operation Manual – System Maintenance and Debugging Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 4 Device Management Configure an FTP user, whose name and password are switch and hello respectively. Authorize the user with the read-write right of the Switch directory on the PC.
  • Page 930 Operation Manual – System Maintenance and Debugging Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 4 Device Management Caution: If the Flash memory of the switch is not sufficient, delete the original applications in it before downloading the new ones. # Initiate an FTP connection with the following command in user view. Input the correct user name and password to log into the FTP server.
  • Page 931 Operation Manual – System Maintenance and Debugging Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 4 Device Management The current boot app is: switch.bin The main boot app is: switch.bin The backup boot app is: <Quidway> reboot Huawei Technologies Proprietary...
  • Page 932 Operation Manual – VLAN VPN Quidway S3900 Series Ethernet Switches-Release 1510 Table of Contents Table of Contents Chapter 1 VLAN-VPN Configuration.................... 1-1 1.1 VLAN-VPN Overview......................1-1 1.1.1 Introduction to VLAN-VPN ..................1-1 1.1.2 Implementation of VLAN-VPN................. 1-1 1.1.3 Adjusting the TPID Values of VLAN-VPN Packets ..........1-2 1.2 VLAN-VPN Configuration ....................

  • Page 933: Chapter 1 Vlan-Vpn Configuration

    Operation Manual – VLAN VPN Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 VLAN-VPN Configuration Chapter 1 VLAN-VPN Configuration 1.1 VLAN-VPN Overview 1.1.1 Introduction to VLAN-VPN The VLAN-VPN function enables packets to be transmitted across the operators’ backbone networks with VLAN tags of private networks encapsulated in those of public networks.

  • Page 934: Adjusting The Tpid Values Of Vlan-Vpn Packets

    Operation Manual – VLAN VPN Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 VLAN-VPN Configuration VLAN tag. If the packet already carries a VLAN tag, the packet becomes a dual-tagged packet. Otherwise, the packet becomes a packet carrying the default VLAN tag of the port.

  • Page 935: Vlan-Vpn Configuration

    Operation Manual – VLAN VPN Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 VLAN-VPN Configuration Protocol type Value 0x8137 IS-IS 0x8000 LACP 0x8809 802.1x 0x888E 1.2 VLAN-VPN Configuration 1.2.1 Configuration Prerequisites GARP VLAN registration protocol (GVRP), GARP multicast registration protocol (GMRP), intelligent resilient framework (IRF), neighbor topology discovery protocol (NTDP), spanning tree protocol (STP) and 802.1x protocol are disabled...

  • Page 936: Inner Vlan Tag Priority Replication Configuration

    Operation Manual – VLAN VPN Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 VLAN-VPN Configuration Operation Command Description Display VLAN VPN configuration You can execute the display display port vlan-vpn information about command in any view. all ports Note: After you enable the VLAN-VPN function for a port, you cannot change the attribute of the port to trunk or hybrid, or enable GVRP, GMRP, IRF, NTDP, or STP function for the port.

  • Page 937: Tpid Adjusting Configuration

    Operation Manual – VLAN VPN Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 VLAN-VPN Configuration Operation Command Description Display VLAN-VPN You can execute the display configuration display port vlan-vpn command in any view. information about all ports Caution: If you have configured the port priority, (refer to the QACL part of Quidway S3900...

  • Page 938: Vlan-Vpn Configuration Example

    Operation Manual – VLAN VPN Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 VLAN-VPN Configuration Caution: You can execute the vlan-vpn enable or vlan-vpn uplink enable command for a port, but do not execute both of the two commands for a port.

  • Page 939: Configuration Procedure

    Operation Manual – VLAN VPN Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 VLAN-VPN Configuration 1.5.3 Configuration Procedure Configure Switch A and Switch C. As the configuration performed on Switch A and Switch C is the same, configuration on Switch C is omitted.
  • Page 940 Operation Manual – VLAN VPN Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 VLAN-VPN Configuration Note: The following describes how a packet is forwarded from Switch A to Switch C. As the Ethernet1/0/1 port of Switch A is a VLAN-VPN port, when a packet from the user’s private network side reaches Ethernet1/0/1 port of Switch A, it is tagged with...

  • Page 941: Chapter 2 Bpdu Tunnel Configuration

    Operation Manual – VLAN VPN Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 2 BPDU Tunnel Configuration Chapter 2 BPDU Tunnel Configuration 2.1 BPDU Tunnel Overview 2.1.1 Introduction to the BPDU Tunnel Function In MAN networking solutions, the requirements may arise that the branches of an enterprise be interconnected through the operator’s network.

  • Page 942: Bpdu Tunnel Configuration

    Operation Manual – VLAN VPN Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 2 BPDU Tunnel Configuration Before the device in the operator’s network forwards the packet to the destination user network, the device restores the original protocol-specific MAC address. This ensures the data portion of the packet is consistent with that before the packet enters the tunnel.

  • Page 943: Configuration Prerequisites

    Operation Manual – VLAN VPN Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 2 BPDU Tunnel Configuration 2.2.1 Configuration Prerequisites One or more protocols among LACP, NDP, CDP, and VTP operate properly on the devices. 2.2.2 Configuring BPDU Tunnel Table 2-1 Configure BPDU Tunnel...
  • Page 944 Operation Manual – VLAN VPN Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 2 BPDU Tunnel Configuration II. Network diagram Customer1 Customer1 Customer1 Customer2 Customer2 Customer2 VLAN 2 VLAN 2 VLAN 2 Ethernet1/0/1 Ethernet1/0/1 Ethernet1/0/1 Ethernet1/0/4 Ethernet1/0/4 Ethernet1/0/4 VLAN 4 VLAN 4...
  • Page 945 Operation Manual - HWPing Quidway S3900 Series Ethernet Switches-Release 1510 Table of Contents Table of Contents Chapter 1 HWPing Configurations ....................1-1 1.1 Introduction to HWPing...................... 1-1 1.2 HWPing Configuration ....................... 1-1 1.2.1 Introduction to HWPing Configuration..............1-1 1.2.2 Configuring HWPing....................1-2 1.2.3 Displaying HWPing Configuration ................

  • Page 946: Chapter 1 Hwping Configurations

    Operation Manual - HWPing Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 HWPing Configurations Chapter 1 HWPing Configurations 1.1 Introduction to HWPing HWPing is a network diagnostic tool used to test the performance of protocols (only ICMP by far) operating on network. It is an enhanced alternative to the ping command.

  • Page 947: Configuring Hwping

    Operation Manual - HWPing Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 HWPing Configurations Number of test packets sent in a test If this parameter is set to a number greater than one, the system sends the second test packet once it receives a response to the first one, or when the test timer times out if it receives no response after sending the first one, and so forth until the last test packet is sent out.

  • Page 948: Displaying Hwping Configuration

    Operation Manual - HWPing Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 HWPing Configurations Operation Command Description Optional Configure timeout time of the timeout time By default, the timeout test. time is 3 seconds. Execute the test test-enable Required 1.2.3 Displaying HWPing Configuration...
  • Page 949 Operation Manual - HWPing Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 HWPing Configurations # Set the number of test packets sent in a test to 10. [Quidway-hwping-administrator-icmp] count 10 # Set the timeout time of test operations to 5.
  • Page 950 Operation Manual - DNS Quidway S3900 Series Ethernet Switches-Release 1510 Table of Contents Table of Contents Chapter 1 DNS Configuration....................... 1-1 1.1 DNS Overview ........................1-1 1.1.1 Static Domain Name Resolution ................1-1 1.1.2 Dynamic Domain Name Resolution ................ 1-1 1.2 Configuring Static Domain Name Resolution ..............

  • Page 951: Chapter 1 Dns Configuration

    1.1.2 Dynamic Domain Name Resolution I. Resolving procedure Huawei-3Com’s router supports the following dynamic domain name resolution procedures. The relationships of the user program, DNS Client and DNS Server are shown in Figure 1-1. A user program sends a name query to the resolver in the DNS Client.
  • Page 952 Operation Manual - DNS Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 DNS Configuration Request Request Request Request User program User program Resolver Resolver Response Response Response Response DNS Server DNS Server Save Save Read Read Cache Cache DNS Client...

  • Page 953: Configuring Static Domain Name Resolution

    Operation Manual - DNS Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 DNS Configuration 1.2 Configuring Static Domain Name Resolution Table 1-1 Configure static domain name resolution: Operation Command Description — Enter system system-view view Create Required hostname to IP...

  • Page 954: Dns Configuration Example

    Operation Manual - DNS Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 DNS Configuration 1.3.2 DNS Configuration Example I. Network requirements As shown in Figure 1-2, a router is used as a DNS Client with dynamic domain name resolution to visit host 1 with IP address 3.1.1.1/16. The DNS Server has IP address 2.1.1.2/16.

  • Page 955: Displaying And Maintaining Dns

    Operation Manual - DNS Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 DNS Configuration 1.4 Displaying and Maintaining DNS After the above configuration, you can execute the display command in any view to view the DNS configuration information to verify the configuration effect. And you can execute the reset command to clear the information stored in the caching memory of dynamic domain name resolution.

Table of Contents