1. Manuals
  2. Brands
  3. Huawei Manuals
  4. Network Router
  5. Quidway S3000-EI Series
  6. Operation manual

Huawei Quidway S3000-EI Series Operation Manual

Hide thumbs Also See for Quidway S3000-EI Series:
Table of Contents

Advertisement

Quick Links

See also: Installation Manual
HUAWEI
Quidway S3000-EI Series Ethernet Switches
Operation Manual
VRP3.10
1. Getting Started
2. Port
3. VLAN
4. Multicast
5. QoS/ACL
6. Integrated Management
7. STP
8. Security
9. Network Protocol
10. System Management
11. Remote Power-feeding
12. Appendix
Huawei Technologies Proprietary

Advertisement

Table of Contents
loading

Related Manuals for Huawei Quidway S3000-EI Series

Summary of Contents for Huawei Quidway S3000-EI Series

  • Page 1 1. Getting Started 2. Port 3. VLAN 4. Multicast 5. QoS/ACL 6. Integrated Management 7. STP 8. Security 9. Network Protocol 10. System Management 11. Remote Power-feeding 12. Appendix Quidway S3000-EI Series Ethernet Switches Operation Manual VRP3.10 Huawei Technologies Proprietary...
  • Page 2 31161091 Huawei Technologies Co., Ltd. provides customers with comprehensive technical support and service. If you purchase the products from the sales agent of Huawei Technologies Co., Ltd., please contact our sales agent. If you purchase the products from Huawei Technologies Co., Ltd. directly, Please feel free to contact our local office, customer care center or company headquarters.
  • Page 3 Copyright © 2005 Huawei Technologies Co., Ltd. All Rights Reserved No part of this manual may be reproduced or transmitted in any form or by any means without prior written consent of Huawei Technologies Co., Ltd. Trademarks , HUAWEI, C&C08, EAST8000, HONET,...

  • Page 4: About This Manual

    About This Manual Release Notes The product version that corresponds to the manual is VRP3.10. Related Manuals The following manuals provide more information about the Quidway S3000-EI Series Ethernet Switches. Manual Content Quidway S3026C-PWR Introduces the system installation, booting, Ethernet Switch Installation...
  • Page 5 Customers who are familiar with network fundamentals Conventions The manual uses the following conventions: I. General conventions Convention Description Arial Normal paragraphs are in Arial. Boldface Headings are in Boldface. Terminal Display is in Courier New. Courier New Huawei Technologies Proprietary...
  • Page 6 <Enter>, <Tab>, <Backspace>, or <A>. Press the keys concurrently. For example, <Ctrl+Alt+A> <Key1+Key2> means the three keys should be pressed concurrently. Press the keys in turn. For example, <Alt, A> means the <Key1, Key2> two keys should be pressed in turn. Huawei Technologies Proprietary...
  • Page 7 Eye-catching symbols are also used in the manual to highlight the points worthy of special attention during the operation. They are defined as follows: Caution, Warning: Means reader be extremely careful during the operation. Note: Means a complementary description. Huawei Technologies Proprietary...

  • Page 8: Getting Started

    HUAWEI Quidway S3000-EI Series Ethernet Switches Operation Manual Getting Started Huawei Technologies Proprietary...

  • Page 9: Table Of Contents

    Operation Manual - Getting Started Quidway S3000-EI Series Ethernet Switches Table of Contents Table of Contents Chapter 1 Product Overview ......................1-1 1.1 Product Overview....................... 1-1 1.2 Function Features ......................1-2 Chapter 2 Logging in Switch......................2-1 2.1 Setting up Configuration Environment via the Console Port ..........2-1 2.2 Setting up Configuration Environment through Telnet............
  • Page 10 Operation Manual - Getting Started Quidway S3000-EI Series Ethernet Switches Table of Contents 5.2.3 Setting/Deleting the Management VLAN Interface Description Character String... 5-5 5.2.4 Enabling/Disabling a Management VLAN Interface..........5-6 5.2.5 Configuring the Hostname and Host IP Address ............ 5-6 5.2.6 Configuring a Static Route ..................

  • Page 11: Chapter 1 Product Overview

    Chapter 1 Product Overview 1.1 Product Overview Quidway S3000-EI Series Ethernet Switches, the L2 Ethernet Switches independently developed by Huawei, provide wire-speed L2 switching function. The series include the following main types of switches: S3026G Ethernet Switch S3026C Ethernet Switch...

  • Page 12: Function Features

    Operation Manual - Getting Started Quidway S3000-EI Series Ethernet Switches Chapter 1 Product Overview 1.2 Function Features Table 1-1 Function features Features Implementation Supports VLAN compliant with IEEE 802.1Q Standard VLAN Supports port-based VLAN Supports GARP VLAN Registration Protocol (GVRP)
  • Page 13 RMON MIB Group 1, 2, 3 and 9) Supports system log Maintenance Supports level alarms Supports Huawei Group Management Protocol (HGMP) V2 Supports output of the debugging information Supports PING and Tracert Supports the remote maintenance via Telnet or Modem or SSH...

  • Page 14: Chapter 2 Logging In Switch

    Operation Manual - Getting Started Quidway S3000-EI Series Ethernet Switches Chapter 2 Logging in Switch Chapter 2 Logging in Switch 2.1 Setting up Configuration Environment via the Console Port Step 1: As shown in the figure below, to set up the local configuration environment, connect the serial port of a PC (or a terminal) to the Console port of the switch with the Console cable.
  • Page 15 Operation Manual - Getting Started Quidway S3000-EI Series Ethernet Switches Chapter 2 Logging in Switch Figure 2-3 Configuring the port for connection Figure 2-4 Setting communication parameters Step 3: The switch is powered on. Display self-test information of the switch and prompt you to press Enter to show the command line prompt such as <Quidway>.

  • Page 16: Setting Up Configuration Environment Through Telnet

    Operation Manual - Getting Started Quidway S3000-EI Series Ethernet Switches Chapter 2 Logging in Switch 2.2 Setting up Configuration Environment through Telnet 2.2.1 Connecting a PC to the Switch through Telnet After you have correctly configured IP address of a VLAN interface for a switch via...

  • Page 17: Telneting A Switch Through Another Switch

    Operation Manual - Getting Started Quidway S3000-EI Series Ethernet Switches Chapter 2 Logging in Switch Figure 2-6 Running Telnet Step 4: The terminal displays “Login authentication” and prompts the user to input the logon password. After you input the correct password, it displays the command line prompt (such as <Quidway>).

  • Page 18: Setting Up Configuration Environment Through A Dial-Up The Modem

    Operation Manual - Getting Started Quidway S3000-EI Series Ethernet Switches Chapter 2 Logging in Switch Telnet Server Telnet Client Figure 2-7 Providing Telnet Client service Step 1: Authenticate the Telnet user via the Console port on the Telnet Server (switch) before login.
  • Page 19 Operation Manual - Getting Started Quidway S3000-EI Series Ethernet Switches Chapter 2 Logging in Switch Note: By default, the password is required for authenticating the Modem user to log in the switch. If a user logs in via the Modem without password, he will see an error prompt.
  • Page 20 Operation Manual - Getting Started Quidway S3000-EI Series Ethernet Switches Chapter 2 Logging in Switch Modem serial port line Modem Telephone line PSTN Modem Console port Remote tel: 82882285 Figure 2-8 Setting up remote configuration environment Step 4: Dial for connection to the switch, using the terminal emulator and Modem on the remote end.
  • Page 21 Operation Manual - Getting Started Quidway S3000-EI Series Ethernet Switches Chapter 2 Logging in Switch Figure 2-10 Dialing on the remote PC Step 5: Enter the preset login password on the remote terminal emulator and wait for the prompt such as <Quidway>. Then you can configure and manage the switch. Enter “?”...

  • Page 22: Chapter 3 Command Line Interface

    Operation Manual - Getting Started Quidway S3000-EI Series Ethernet Switches Chapter 3 Command Line Interface Chapter 3 Command Line Interface 3.1 Command Line Interface Quidway series switches provide a series of configuration commands and command line interfaces for configuring and managing the switch. The command line interface has the following characteristics: Local configuration via the Console port.
  • Page 23 Operation Manual - Getting Started Quidway S3000-EI Series Ethernet Switches Chapter 3 Command Line Interface Management level: They are commands that influence basis operation of the system and system support module, which plays a support role on service. Commands of this level involve file system commands, FTP commands, TFTP commands, XModem downloading commands, user management commands, and level setting commands.
  • Page 24 Operation Manual - Getting Started Quidway S3000-EI Series Ethernet Switches Chapter 3 Command Line Interface ISP domain view The following table describes the function features of different views and the ways to enter or quit. Table 3-1 Function feature of command view...
  • Page 25 Operation Manual - Getting Started Quidway S3000-EI Series Ethernet Switches Chapter 3 Command Line Interface Command Command to Function Prompt Command to exit view enter returns quit system view Cluster Configure Cluster [Quidway-clust Key in cluster in view parameters system view...

  • Page 26: Featuresfeature And Functions Of Command Line

    Operation Manual - Getting Started Quidway S3000-EI Series Ethernet Switches Chapter 3 Command Line Interface Command Command to Function Prompt Command to exit view enter returns quit RADIUS radius system view Configure radius [Quidway-radiu server scheme parameters s-1] return returns to...

  • Page 27: Displaying Characteristics Of Command Line

    Operation Manual - Getting Started Quidway S3000-EI Series Ethernet Switches Chapter 3 Command Line Interface <cr> <cr> indicates no parameter in this position. The next command line repeats the command, you can press <Enter> to execute it directly. Input a character string with a “?”, then all the commands with this character string as their initials will be listed.

  • Page 28: Common Command Line Error Messages

    Operation Manual - Getting Started Quidway S3000-EI Series Ethernet Switches Chapter 3 Command Line Interface Table 3-3 Retrieving history command Operation Result Display history Display history command by user display command inputting history-command Retrieve Up cursor key <↑> or Retrieve the previous history...
  • Page 29 Operation Manual - Getting Started Quidway S3000-EI Series Ethernet Switches Chapter 3 Command Line Interface Table 3-5 Editing functions Function Insert from the cursor position and the cursor moves to the Common keys right, if the edition buffer still has free space.

  • Page 30: Chapter 4 User Interface Configuration

    Operation Manual - Getting Started Quidway S3000-EI Series Ethernet Switches Chapter 4 User Interface Configuration Chapter 4 User Interface Configuration 4.1 User Interface Overview User interface configuration is another way provided by the switch to configure and manage the port data.

  • Page 31: User Interface Configuration

    Operation Manual - Getting Started Quidway S3000-EI Series Ethernet Switches Chapter 4 User Interface Configuration 4.2 User Interface Configuration User interface configuration includes: Entering user interface view Configuring the user interface-supported protocol Configuring the attributes of AUX (Console) port Configuring the terminal attributes...

  • Page 32: Configuring The Attributes Of Aux (Console) Port

    Operation Manual - Getting Started Quidway S3000-EI Series Ethernet Switches Chapter 4 User Interface Configuration Caution: If Telnet protocol is specified, to ensure a successful login via the Telnet, you must configure the password by default. If SSH protocol is specified, to ensure a successful login, you must configure the local or remote authentication of username and password using the command.

  • Page 33: Configuring The Terminal Attributes

    Operation Manual - Getting Started Quidway S3000-EI Series Ethernet Switches Chapter 4 User Interface Configuration III. Configuring parity on the AUX (Console) port Table 4-5 Configuring parity on the AUX (Console) port Operation Command Configure parity mode on the AUX (Console)
  • Page 34 Operation Manual - Getting Started Quidway S3000-EI Series Ethernet Switches Chapter 4 User Interface Configuration out, he cannot log in again. In this case, a user can log in to the switch through the user interface only when the terminal service is enabled again.

  • Page 35: Managing Users

    Operation Manual - Getting Started Quidway S3000-EI Series Ethernet Switches Chapter 4 User Interface Configuration If a command displays more than one screen of information, you can use the following command to set how many lines to be displayed in a screen, so that the information can be separated in different screens and you can view it more conveniently.
  • Page 36 In the following example, local username and password authentication are configured. # Perform username and password authentication when a user logs in through VTY 0 user interface and set the username and password to zbr and huawei respectively. [Quidway-ui-vty0] authentication-mode scheme...
  • Page 37 Operation Manual - Getting Started Quidway S3000-EI Series Ethernet Switches Chapter 4 User Interface Configuration Note: By default, the password is required for authenticating the Modem and Telnet users when they log in. If the password has not been set, when a user logs in, he will see the prompt “Login password has not been set !”.

  • Page 38: Configure Redirection

    Operation Manual - Getting Started Quidway S3000-EI Series Ethernet Switches Chapter 4 User Interface Configuration By default, a user can access the commands at Level 3 after logging in through the AUX user interface, and the commands at Level 0 after logging in through the VTY user interface.

  • Page 39: Displaying And Debugging User Interface

    Operation Manual - Getting Started Quidway S3000-EI Series Ethernet Switches Chapter 4 User Interface Configuration Perform the following configuration in user view. Table 4-18 Configuring to send messages between different user interfaces. Operation Command Configuring to send messages between different send { all | number | type user interfaces.
  • Page 40 Operation Manual - Getting Started Quidway S3000-EI Series Ethernet Switches Chapter 4 User Interface Configuration Table 4-20 Displaying and debugging user interface Operation Command free user-interface [ type ] Clear a specified user interface number Display the user application information of the...

  • Page 41: Chapter 5 System Ip Configuration

    Operation Manual - Getting Started Quidway S3000-EI Series Ethernet Switches Chapter 5 System IP Configuration Chapter 5 System IP Configuration 5.1 System IP Overview 5.1.1 Management VLAN Before performing remote management such as Telnet and web management, the IP address of the switch has to be configured first. For the Quidway series Layer 2 Ethernet switch, only one VLAN interface can be configured with an IP address, and the VLAN that corresponds to this interface becomes the management VLAN.
  • Page 42 Operation Manual - Getting Started Quidway S3000-EI Series Ethernet Switches Chapter 5 System IP Configuration When using IP addresses, it should also be noted that some of them are reserved for special uses, and are seldom used. The IP addresses you can use are listed in the following table.
  • Page 43 Operation Manual - Getting Started Quidway S3000-EI Series Ethernet Switches Chapter 5 System IP Configuration Network Address IP network Note class range range Other 255.255.2 255.255.255.2 255.255.255.255 is used as LAN addresses 55.255 broadcast address. II. Subnet and mask Nowadays, with rapid development of the Internet, IP addresses are depleting very fast.

  • Page 44: Static Route

    Huawei Layer 2 Series Ethernet Switches can be configured with static route, used for login to the switch through the network.

  • Page 45: Assigning/Deleting The Ip Address For/Of The Management Vlan Interface

    Operation Manual - Getting Started Quidway S3000-EI Series Ethernet Switches Chapter 5 System IP Configuration Table 5-2 Creating/deleting a management VLAN interface Operation Command Create a management VLAN interface interface vlan-interface vlan-id and enter its view Delete a management VLAN interface...

  • Page 46: Enabling/Disabling A Management Vlan Interface

    Operation Manual - Getting Started Quidway S3000-EI Series Ethernet Switches Chapter 5 System IP Configuration By default, the description character string is HUAWEI, Quidway Series, Vlan-interface1 Interface. Vlan-interface1 is the management VLAN interface name. 5.2.4 Enabling/Disabling a Management VLAN Interface The following command can be used for disabling or enabling the management VLAN interface.

  • Page 47: Configuring A Static Route

    Operation Manual - Getting Started Quidway S3000-EI Series Ethernet Switches Chapter 5 System IP Configuration 5.2.6 Configuring a Static Route You can use the following command to configure a static route for login to the switch via the network. Perform the following configuration in system view.
  • Page 48 Operation Manual - Getting Started Quidway S3000-EI Series Ethernet Switches Chapter 5 System IP Configuration Table 5-9 Displaying and debugging system IP Operation Command View all the hosts and their IP addresses display ip host on the network View related IP information of the...
  • Page 49 HUAWEI Quidway S3000-EI Series Ethernet Switches Operation Manual Port Huawei Technologies Proprietary...
  • Page 50 Operation Manual - Port Quidway S3000-EI Series Ethernet Switches Table of Contents Table of Contents Chapter 1 Ethernet Port Configuration ..................1-1 1.1 Ethernet Port Overview...................... 1-1 1.2 Ethernet Port Configuration ....................1-2 1.2.1 Enter Ethernet port view..................1-2 1.2.2 Enable/Disable Ethernet Port.................. 1-2 1.3 Set Description Character String for Ethernet Port............

  • Page 51: Chapter 1 Ethernet Port Configuration

    Operation Manual - Port Quidway S3000-EI Series Ethernet Switches Chapter 1 Ethernet Port Configuration Chapter 1 Ethernet Port Configuration 1.1 Ethernet Port Overview S3026G Ethernet Switch provides 24 10/100Base-T fixed Ethernet ports and two GBIC uplink ports. You can select the gigabit optical module.

  • Page 52: Ethernet Port Configuration

    Operation Manual - Port Quidway S3000-EI Series Ethernet Switches Chapter 1 Ethernet Port Configuration Gigabit Ethernet port operates in gigabit full-duplex mode. The operating mode can be set to full (full-duplex) and auto (auto-negotiation) and its speed can be set to 1000 (1000Mbps) and auto (auto-negotiation).

  • Page 53: Set Description Character String For Ethernet Port

    Operation Manual - Port Quidway S3000-EI Series Ethernet Switches Chapter 1 Ethernet Port Configuration Perform the following configuration in Ethernet port view. Table 1-2 Enable/Disable an Ethernet port Operation Command Disable an Ethernet port shutdown Enable an Ethernet port undo shutdown By default, the port is enabled.

  • Page 54: Set Speed On The Ethernet Port

    Operation Manual - Port Quidway S3000-EI Series Ethernet Switches Chapter 1 Ethernet Port Configuration The Gigabit electrical Ethernet port can operate in full duplex, half duplex or auto-negotiation mode. When the port operates at 1000Mbps, the duplex mode can be set to full (full duplex) or auto (auto-negotiation).

  • Page 55: Enable/Disable Flow Control For Ethernet Port

    Operation Manual - Port Quidway S3000-EI Series Ethernet Switches Chapter 1 Ethernet Port Configuration Table 1-6 Set the type of the cable connected to the Ethernet port Operation Command Set the type of the cable connected to mdi { across | auto | normal } the Ethernet port.

  • Page 56: Set Link Type For Ethernet Port

    Operation Manual - Port Quidway S3000-EI Series Ethernet Switches Chapter 1 Ethernet Port Configuration Table 1-8 Set Ethernet port broadcast suppression ratio Operation Command Set Ethernet port broadcast suppression ratio broadcast-suppression ratio Restore the default Ethernet port broadcast undo broadcast-suppression...

  • Page 57: Set The Default Vlan Id For The Ethernet Port

    Operation Manual - Port Quidway S3000-EI Series Ethernet Switches Chapter 1 Ethernet Port Configuration Perform the following configuration in Ethernet port view. Table 1-10 Add the Ethernet port to specified VLANs Operation Command Add the current access port to a...

  • Page 58: Set Loopback Detection For The Ethernet Port

    Operation Manual - Port Quidway S3000-EI Series Ethernet Switches Chapter 1 Ethernet Port Configuration Operation Command Restore the default VLAN ID of the hybrid undo port hybrid pvid port to the default value Restore the default VLAN ID of the trunk port...

  • Page 59: Set The Time Interval Of Calculating Port Statistics Information

    Operation Manual - Port Quidway S3000-EI Series Ethernet Switches Chapter 1 Ethernet Port Configuration Operation Command Configure that the system performs loopback loopback-detection per-vlan detection to all VLANs on Trunk and Hybrid ports enable (Ethernet port view) Configure that the system only performs loopback...
  • Page 60 Operation Manual - Port Quidway S3000-EI Series Ethernet Switches Chapter 1 Ethernet Port Configuration I. Port Traffic Threshold Configuration Task Table 1-14 Port traffic threshold configuration task Item Command Remarks Enter system view <Quidway> system-view – Enter Ethernet port [Quidway] interface { interface_type –...

  • Page 61: Display And Debug Ethernet Port

    Operation Manual - Port Quidway S3000-EI Series Ethernet Switches Chapter 1 Ethernet Port Configuration 1.4 Display and Debug Ethernet Port After the above configuration, execute display command in any view to display the running of the Ethernet port configuration, and to verify the effect of the configuration.

  • Page 62: Ethernet Port Troubleshooting

    Operation Manual - Port Quidway S3000-EI Series Ethernet Switches Chapter 1 Ethernet Port Configuration II. Networking diagram Switch A Switch B Figure 1-1 Configure the default VLAN for a trunk port III. Configuration procedure The following configurations are used for Switch A. Please configure Switch B in the similar way.

  • Page 63: Chapter 2 Link Aggregation Configuration

    Operation Manual - Port Quidway S3000-EI Series Ethernet Switches Chapter 2 Link Aggregation Configuration Chapter 2 Link Aggregation Configuration 2.1 Link Aggregation Overview The link aggregation means aggregating several ports together to implement the outgoing/incoming payload balance among the member ports and enhance the connection reliability.

  • Page 64: Display And Debug Link Aggregation

    Operation Manual - Port Quidway S3000-EI Series Ethernet Switches Chapter 2 Link Aggregation Configuration Note that the Ethernet ports to be aggregated can not work in auto-negotiation mode and must work in the same mode, which can be 10M_FULL (10Mbps speed, full duplex), 100M_FULL (100Mbps speed, full duplex), or 1000M_FULL (1000Mbps speed, full duplex), otherwise, they cannot be aggregated.

  • Page 65: Ethernet Link Aggregation Troubleshooting

    Operation Manual - Port Quidway S3000-EI Series Ethernet Switches Chapter 2 Link Aggregation Configuration III. Configuration procedure The following configurations are used for Switch A, please configure Switch B in the similar way to activate aggregation. # Aggregate Ethernet0/1 through Ethernet0/3.
  • Page 66 HUAWEI Quidway S3000-EI Series Ethernet Switches Operation Manual VLAN Huawei Technologies Proprietary...
  • Page 67 Operation Manual - VLAN Quidway S3000-EI Series Ethernet Switches Table of Contents Table of Contents Chapter 1 VLAN Configuration ....................1-1 1.1 VLAN Overview........................1-1 1.2 Configure VLAN ......................... 1-1 1.2.1 Enable/Disable VLAN Feature ................1-1 1.2.2 Create/Delete a VLAN..................... 1-2 1.2.3 Add Ethernet Ports to a VLAN ................
  • Page 68 Operation Manual - VLAN Quidway S3000-EI Series Ethernet Switches Table of Contents 4.2.5 Enabling/Disabling Voice VLAN Auto Mode ............4-4 4.2.6 Setting the Aging Time of Voice VLAN ..............4-5 4.3 Displaying and Debugging of Voice VLAN ................ 4-5 4.4 Voice VLAN Configuration Example .................. 4-6...

  • Page 69: Chapter 1 Vlan Configuration

    Operation Manual - VLAN Quidway S3000-EI Series Ethernet Switches Chapter 1 VLAN Configuration Chapter 1 VLAN Configuration 1.1 VLAN Overview Virtual Local Area Network (VLAN) groups the devices of a LAN logically but not physically into segments to implement the virtual workgroups. IEEE issued the IEEE 802.1Q in 1999, which was intended to standardize VLAN implementation solutions.

  • Page 70: Create/Delete A Vlan

    Operation Manual - VLAN Quidway S3000-EI Series Ethernet Switches Chapter 1 VLAN Configuration Note that you will see error prompt when creating VLAN after VLAN feature is disabled. 1.2.2 Create/Delete a VLAN You can use the following command to create/delete a VLAN.

  • Page 71: Display And Debug Vlan

    Operation Manual - VLAN Quidway S3000-EI Series Ethernet Switches Chapter 1 VLAN Configuration Table 1-4 Set/Delete VLAN description character string Operation Command Set the description character string for VLAN description string Restore the default description of current VLAN undo description By default, VLAN description character string is VLAN ID of the VLAN, e.g.
  • Page 72 Operation Manual - VLAN Quidway S3000-EI Series Ethernet Switches Chapter 1 VLAN Configuration # Add Ethernet 0/1 and Ethernet 0/2 to VLAN2. [Quidway-vlan2] port ethernet 0/1 to ethernet 0/2 # Create VLAN 3 and enters its view. [Quidway-vlan2] vlan 3 # Add Ethernet 0/3 and Ethernet 0/4 to VLAN3.

  • Page 73: Chapter 2 Isolate-User-Vlan Configuration

    Chapter 2 Isolate-User-Vlan Configuration 2.1 Isolate-user-vlan Overview Isolate-user-vlan is a new feature of the Ethernet Switches launched by Huawei Technologies Co., Ltd., through which can save the VLAN source. isolate-user-vlan adopts the Layer-2 VLAN architecture. (On an Ethernet Switch configure the isolate-user-vlan and Secondary VLAN.) An isolate-user-vlan corresponds to several...

  • Page 74: Configure Secondary Vlan

    Operation Manual - VLAN Quidway S3000-EI Series Ethernet Switches Chapter 2 Isolate-User-Vlan Configuration An Ethernet switch can have several isolate-user-vlans, each of which can include more than one port. isolate-user-vlan cannot be configured together with the Trunk port. That is to say, you cannot configure a Trunk port on the Ethernet switch already configured with the isolate-user-vlan, and vise versa.

  • Page 75: Configure Vlan Id Of Igmp Packets

    Operation Manual - VLAN Quidway S3000-EI Series Ethernet Switches Chapter 2 Isolate-User-Vlan Configuration Without the specified secondary secondary_vlan_numlist parameter, the undo isolate-user-vlan command will remove the mapping relationship between the specified isolate-user-vlan and all the Secondary VLANs. Otherwise the relationship between the specified isolate-user-vlan and the specified Secondary VLAN will be removed.
  • Page 76 Operation Manual - VLAN Quidway S3000-EI Series Ethernet Switches Chapter 2 Isolate-User-Vlan Configuration Ethernet0/3 and VLAN4 includes Ethernet0/4. Seen from the Switch A, either Switch B or Switch C carries one VLAN, VLAN 5 and VLAN 6 respectively. II. Networking diagram...
  • Page 77 Operation Manual - VLAN Quidway S3000-EI Series Ethernet Switches Chapter 2 Isolate-User-Vlan Configuration [Quidway-vlan3] vlan 4 [Quidway-vlan4] port ethernet0/4 # Configure the isolate-user-vlan to Map the Secondary VLAN [Quidway-vlan4] quit [Quidway] isolate-user-vlan 6 secondary 3 to 4 Huawei Technologies Proprietary...

  • Page 78: Chapter 3 Garp/Gvrp Configuration

    Operation Manual - VLAN Quidway S3000-EI Series Ethernet Switches Chapter 3 GARP/GVRP Configuration Chapter 3 GARP/GVRP Configuration 3.1 Configure GARP 3.1.1 GARP Overview Generic Attribute Registration Protocol (GARP) offers a mechanism that is used by the members in the same switching network to distribute, propagate and register such information as VLAN and multicast addresses.

  • Page 79: Set Garp Timer

    Operation Manual - VLAN Quidway S3000-EI Series Ethernet Switches Chapter 3 GARP/GVRP Configuration Note: The value of GARP timer will be used in all the GARP applications, including GVRP and GMRP, running in one switching network. In one switching network, the GARP timers on all the switching devices should be set to the same value.

  • Page 80: Display And Debug Garp

    Operation Manual - VLAN Quidway S3000-EI Series Ethernet Switches Chapter 3 GARP/GVRP Configuration Note that, the value of Join timer should be no less than the doubled value of Hold timer, and the value of Leave timer should be greater than the doubled value of Join timer and smaller than the Leaveall timer value.

  • Page 81: Enable/Disable Global Gvrp

    Operation Manual - VLAN Quidway S3000-EI Series Ethernet Switches Chapter 3 GARP/GVRP Configuration GVRP is described in details in the IEEE 802.1Q standard. Quidway Series Ethernet Switches fully support the GARP compliant with the IEEE standards. Main GVRP configuration includes:...

  • Page 82: Display And Debug Gvrp

    Operation Manual - VLAN Quidway S3000-EI Series Ethernet Switches Chapter 3 GARP/GVRP Configuration When an Ethernet port is set to be in Normal registration mode, the dynamic and manual creation, registration and logout of VLAN are allowed on this port.

  • Page 83: Gvrp Configuration Example

    Operation Manual - VLAN Quidway S3000-EI Series Ethernet Switches Chapter 3 GARP/GVRP Configuration 3.2.6 GVRP Configuration Example I. Networking requirements To dynamically register and update VLAN information among switches, GVRP needs to be enabled on the switches. II. Networking diagram...

  • Page 84: Chapter 4 Voice Vlan Configuration

    Operation Manual - VLAN Quidway S3000-EI Series Ethernet Switches Chapter 4 Voice VLAN Configuration Chapter 4 Voice VLAN Configuration 4.1 Introduction to Voice VLAN Voice VLAN is specially designed for user’s voice flow, and it distributes different port precedence in different cases.

  • Page 85: Voice Vlan Configuration

    Operation Manual - VLAN Quidway S3000-EI Series Ethernet Switches Chapter 4 Voice VLAN Configuration Table 4-1 The corresponding relation between port mode and IP Phone Voice Type of IP VLAN Port Mode Phone Mode Access: Do not support Trunk: Support, but the default VLAN of the connected port must exist and cannot be the voice VLAN.

  • Page 86: Enabling/Disabling Voice Vlan Features

    Operation Manual - VLAN Quidway S3000-EI Series Ethernet Switches Chapter 4 Voice VLAN Configuration If you change the status of Voice VLAN security mode, you must first enable Voice VLAN features globally. 4.2.1 Enabling/Disabling Voice VLAN Features Enable/disable the Voice VLAN in system view.

  • Page 87: Enabling/Disabling Voice Vlan Security Mode

    Operation Manual - VLAN Quidway S3000-EI Series Ethernet Switches Chapter 4 Voice VLAN Configuration Table 4-4 Configuring the OUI address learned by Voice VLAN Operation command Set the OUI address learned by Voice voice vlan mac-address oui mask VLAN oui-mask [ description string ]...

  • Page 88: Setting The Aging Time Of Voice Vlan

    Operation Manual - VLAN Quidway S3000-EI Series Ethernet Switches Chapter 4 Voice VLAN Configuration Table 4-7 Configuring the Voice VLAN auto mode Operation Command Enable the Voice VLAN auto mode voice vlan mode auto Disable the Voice VLAN auto mode (that is, to...

  • Page 89: Voice Vlan Configuration Example

    Operation Manual - VLAN Quidway S3000-EI Series Ethernet Switches Chapter 4 Voice VLAN Configuration 4.4 Voice VLAN Configuration Example I. Networking Requirements Create VLAN 2 as the Voice VLAN in manual mode and enable its security mode. It is required to set the aging time to 100 minutes, the OUI address to 0011-2200-0000, and configure the port Ethernet1/0/2 as the IP Phone access port.
  • Page 90 HUAWEI Quidway S3000-EI Series Ethernet Switches Operation Manual Multicast Huawei Technologies Proprietary...
  • Page 91 Operation Manual - Multicast Quidway S3000-EI Series Ethernet Switches Table of Contents Table of Contents Chapter 1 GMRP Configuration ....................1-1 1.1 GMRP Overview ........................ 1-1 1.2 Configure GMRP........................ 1-1 1.2.1 Enable/Disable GMRP Globally ................1-1 1.2.2 Enable/Disable GMRP on the Port................1-2 1.3 Display and debug GMRP ....................

  • Page 92: Chapter 1 Gmrp Configuration

    Operation Manual - Multicast Quidway S3000-EI Series Ethernet Switches Chapter 1 GMRP Configuration Chapter 1 GMRP Configuration 1.1 GMRP Overview GMRP (GARP Multicast Registration Protocol), based on GARP, is used for maintaining dynamic multicast registration information of the switch. All the switches supporting GMRP can receive multicast registration information from other switches and dynamically update local multicast registration information.

  • Page 93: Enable/Disable Gmrp On The Port

    Operation Manual - Multicast Quidway S3000-EI Series Ethernet Switches Chapter 1 GMRP Configuration 1.2.2 Enable/Disable GMRP on the Port Perform the following configuration in Ethernet port view. Table 1-2 Enable/Disable GMRP on the port Operation Command Enable GMRP on the port...
  • Page 94 Operation Manual - Multicast Quidway S3000-EI Series Ethernet Switches Chapter 1 GMRP Configuration III. Configuration procedure Configure LS_A: # Enable GMRP globally. [Quidway] gmrp # Enable GMRP on the port. [Quidway] interface Ethernet 0/1 [Quidway-Ethernet0/1] gmrp Configure LS_B: # Enable GMRP globally.

  • Page 95: Chapter 2 Igmp Snooping Configuration

    Operation Manual - Multicast Quidway S3000-EI Series Ethernet Switches Chapter 2 IGMP Snooping Configuration Chapter 2 IGMP Snooping Configuration 2.1 IGMP Snooping Overview 2.1.1 IGMP Snooping Principle IGMP Snooping (Internet Group Management Protocol Snooping) is a multicast control mechanism running on the Layer 2 Ethernet switch and it is used for multicast group management and control.

  • Page 96: Implement Igmp Snooping

    Operation Manual - Multicast Quidway S3000-EI Series Ethernet Switches Chapter 2 IGMP Snooping Configuration Video stream Internet / Intranet Multicast router Video stream VOD Server Layer 2 Ethernet Switch Video stream Video stream Video stream Multicast group member Non-multicast Non-multicast...
  • Page 97 Operation Manual - Multicast Quidway S3000-EI Series Ethernet Switches Chapter 2 IGMP Snooping Configuration II. Implement Layer 2 multicast with IGMP Snooping The Ethernet switch runs IGMP Snooping to listen to the IGMP messages and map the host and its ports to the corresponding multicast group address. To implement IGMP...

  • Page 98: Configure Igmp Snooping

    Operation Manual - Multicast Quidway S3000-EI Series Ethernet Switches Chapter 2 IGMP Snooping Configuration multicast group exists but does not contains the port received the report message, the switch adds the port into the multicast group and starts the port aging timer.

  • Page 99: Configure Router Port Aging Time

    Operation Manual - Multicast Quidway S3000-EI Series Ethernet Switches Chapter 2 IGMP Snooping Configuration IGMP Snooping and GMRP cannot run at the same time. You can check if GMRP is running, using the display gmrp status command, in any view, before enabling IGMP Snooping.

  • Page 100: Enabling/Disabling The Function Of Fast Removing A Port From A Multicast Group

    Operation Manual - Multicast Quidway S3000-EI Series Ethernet Switches Chapter 2 IGMP Snooping Configuration Table 2-4 Configure aging time of the multicast member Operation Command Configure aging time of the multicast igmp-snooping host-aging-time member seconds Restore the default setting undo igmp-snooping host-aging-time By default, the aging time of the multicast member is 260 seconds.

  • Page 101: Setting The Maximum Number Of Multicast Groups Permited On A Port

    Operation Manual - Multicast Quidway S3000-EI Series Ethernet Switches Chapter 2 IGMP Snooping Configuration 2.2.6 Setting the maximum number of multicast groups permited on a port Perform the following configuration in Ethernet port view. Table 2-6 Setting the maximum number of multicast groups permited on a port...

  • Page 102: Multicast Source Port Suppression Configuration

    Operation Manual - Multicast Quidway S3000-EI Series Ethernet Switches Chapter 2 IGMP Snooping Configuration Note: Each VLAN of each port can only be configured with one ACL rule. If no ACL rule is configured or the configured port doesn’t belong to the specified VLAN, the filtering configured by this command will not take effect.

  • Page 103: Display And Debug Igmp Snooping

    Operation Manual - Multicast Quidway S3000-EI Series Ethernet Switches Chapter 2 IGMP Snooping Configuration Table 2-9 Display and debug multicast source port suppression Operation Command display multicast-source-deny Display statistics about multicast source interface interface_type port suppression [ interface_number ] | interface_name } ] If the port type and port number are not specified, the multicast source port checking information about all ports on the switch is displayed;...

  • Page 104: Troubleshoot Igmp Snooping

    Operation Manual - Multicast Quidway S3000-EI Series Ethernet Switches Chapter 2 IGMP Snooping Configuration II. Networking diagram Internet Router Multicast Switch Figure 2-4 IGMP Snooping configuration networking III. Configuration procedure # Display the status of GMRP. <Quidway> display gmrp status # Display the current status of IGMP Snooping when GMRP is disabled.
  • Page 105 Operation Manual - Multicast Quidway S3000-EI Series Ethernet Switches Chapter 2 IGMP Snooping Configuration Enable IGMP Snooping group in user view and then input the command display igmp-snooping group to check if MAC multicast forwarding table in the bottom layer and that created by IGMP Snooping is consistent. You may also input the...

  • Page 106: Chapter 3 Unknown Multicast Dropping Configuration

    Operation Manual - Multicast Chapter 3 Unknown Multicast Dropping Quidway S3000-EI Series Ethernet Switches Configuration Chapter 3 Unknown Multicast Dropping Configuration 3.1 Introduction to Unknown Multicast Dropping Normally, if the multicast address of multicast data packet received by the switch is not registered on this switch, this packet will be broadcasted within this VLAN.

  • Page 107: Chapter 4 Adding Multicast Mac Address Configuration

    Operation Manual - Multicast Chapter 4 Adding Multicast MAC Address Quidway S3000-EI Series Ethernet Switches Configuration Chapter 4 Adding Multicast MAC Address Configuration 4.1 Introduction In Layer 2 multicast, you can not only dynamically create multicast forwarding entries using the Layer 2 multicast protocol, but also set manually the multicast MAC address and bind multicast entries to ports.

  • Page 108: Chapter 5 Multicast Vlan Configuration

    Operation Manual - Multicast Quidway S3000-EI Series Ethernet Switches Chapter 5 Multicast VLAN Configuration Chapter 5 Multicast VLAN Configuration 5.1 Introduction to Multicast VLAN Generally, when users in different virtual LANs (VLANs) order a multicast stream, each of these VLANs copies the same multicast stream to itself. In this method, a great deal of bandwidth is wasted.
  • Page 109 Operation Manual - Multicast Quidway S3000-EI Series Ethernet Switches Chapter 5 Multicast VLAN Configuration Item Command Description port hybrid vlan vlan_id_list { tagged | Setting the default VLAN untagged } Required ID of the Ethernet port port trunk pvid vlan...

  • Page 110: Multicast Vlan Configuration Example

    Operation Manual - Multicast Quidway S3000-EI Series Ethernet Switches Chapter 5 Multicast VLAN Configuration Note: The isolate vlan cannot be set to a multicast VLAN. Only one multicast VLAN can be specified for a port. The type of the ports connected with user terminals can only be hybrid.
  • Page 111 Operation Manual - Multicast Quidway S3000-EI Series Ethernet Switches Chapter 5 Multicast VLAN Configuration II. Network diagram Switch A Switch A Workstation Workstation Workstation Switch B Switch B PC 1 PC 1 PC 1 PC 1 PC 1 PC 1...
  • Page 112 Operation Manual - Multicast Quidway S3000-EI Series Ethernet Switches Chapter 5 Multicast VLAN Configuration [Switch A] multicast routing-enable [Switch A] interface Vlan-interface 10 [Switch A-Vlan-interface10] pim dm [Switch A-Vlan-interface10] igmp enable Configure switch B as follows: # Enable IGMP Snooping <Switch B>...
  • Page 113 HUAWEI Quidway S3000-EI Series Ethernet Switches Operation Manual QoS/ACL Huawei Technologies Proprietary...
  • Page 114 Operation Manual - QoS/ACL Quidway S3000-EI Series Ethernet Switches Table of Contents Table of Contents Chapter 1 ACL Configuration....................... 1-1 1.1 Brief Introduction to ACL....................1-1 1.1.1 ACL Overview ......................1-1 1.1.2 ACL Supported by the Ethernet Switch ..............1-2 1.2 Configuring ACL.........................
  • Page 115 Operation Manual - QoS/ACL Quidway S3000-EI Series Ethernet Switches Table of Contents 2.2.11 QoS Configuration Example................2-11 Chapter 3 Logon User ACL Control Configuration..............3-1 3.1 Overview ..........................3-1 3.2 Configuring ACL Control over the TELNET Users ............3-1 3.2.1 Defining ACL ......................3-1 3.2.2 Calling ACL to Control TELNET Users ..............

  • Page 116: Chapter 1 Acl Configuration

    Operation Manual - QoS/ACL Quidway S3000-EI Series Ethernet Switches Chapter 1 ACL Configuration Chapter 1 ACL Configuration 1.1 Brief Introduction to ACL 1.1.1 ACL Overview A series of matching rules are required for the network devices to identify the packets to be filtered.

  • Page 117: Acl Supported By The Ethernet Switch

    Operation Manual - QoS/ACL Quidway S3000-EI Series Ethernet Switches Chapter 1 ACL Configuration rule, i.e. in depth-first order). Once the user specifies the match-order of an access control rule, he cannot modify it later, unless he deletes all the content and specifies the match-order again.

  • Page 118: Configuring Acl

    Operation Manual - QoS/ACL Quidway S3000-EI Series Ethernet Switches Chapter 1 ACL Configuration Table 1-2 Quantitative limitation to ACL Item Value range Numbered basic ACL. 2000 to 2999 Numbered advanced ACL. 3000 to 3999 Numbered Layer-2 ACL. 4000 to 4999 Numbered user-defined ACL.

  • Page 119: Defining Acl

    The end time shall be later than the start time. 1.2.2 Defining ACL Huawei Switches support several kinds of ACLs. Here we will introduce how to define these ACLs. Defining ACL by following the steps below:...
  • Page 120 Operation Manual - QoS/ACL Quidway S3000-EI Series Ethernet Switches Chapter 1 ACL Configuration Table 1-4 Defining the basic ACL Operation Command Enter basic view(from acl { number acl-number | name acl-name system view) basic } [ match-order { config | auto } ]...
  • Page 121 Operation Manual - QoS/ACL Quidway S3000-EI Series Ethernet Switches Chapter 1 ACL Configuration the mnemonic symbols as shortcut. For example, “bgp” can represent the TCP number 179 used by BGP. III. Defining the Layer-2 ACL The rules of Layer-2 ACL are defined on the basis of the Layer-2 information such as source MAC address, source VLAN ID, Layer-2 protocol type, Layer-2 ports receiving and forwarding the packet and destination MAC address to process the data packets.
  • Page 122 Operation Manual - QoS/ACL Quidway S3000-EI Series Ethernet Switches Chapter 1 ACL Configuration The table below lists the meaning and offset of each letter. Table 1-7 Letters and their meanings Offs Letter Meaning Offset Letter Meaning Destination TTL field address...

  • Page 123: Activating Acl

    Operation Manual - QoS/ACL Quidway S3000-EI Series Ethernet Switches Chapter 1 ACL Configuration Note: When user defines user-defined ACL, please calculate and set the correct offsets according to the data frames of SNAP+tag format with the 802.3 standard described above.

  • Page 124: Displaying And Debugging Acl

    Operation Manual - QoS/ACL Quidway S3000-EI Series Ethernet Switches Chapter 1 ACL Configuration Note: This command supports the process to activate the Layer-2 and IP ACLs at the same time(IP ACLs include basic and advanced ACLs), however the actions of the combination items should be consistent.
  • Page 125 Operation Manual - QoS/ACL Quidway S3000-EI Series Ethernet Switches Chapter 1 ACL Configuration II. Networking diagram Office of President 129.111.1.2 Pay query server 129.110.1.2 Switch Financial Department Administration Department subnet address subnet address Connected to a router 10.120.0.0 10.110.0.0 Figure 1-2 Access control configuration example III.

  • Page 126: Basic Acl Configuration Example

    Define the time range # Define time range from 8:00 to 18:00. [Quidway] time-range huawei 8:00 to 18:00 daily Define the ACL for packet which source IP is 10.1.1.1. # Enter the named basic ACL, named as traffic-of-host. [Quidway] acl name traffic-of-host basic # Define the rules for packet which source IP is 10.1.1.1.

  • Page 127: User-Defined Acl Configuration Example

    Define the time range # Define time range from 8:00 to 18:00. [Quidway] time-range huawei 8:00 to 18:00 daily Define the ACL for packet which source MAC address is 00e0-fc01-0101 and destination MAC address is 00e0-fc01-0303. # Enter the named link ACL, named as traffic-of-link.
  • Page 128 # Enter the named user-defined ACL, named as traffic-of-tcp. [Quidway] acl name traffic-of-tcp user # Define the rules for TCP packet. [Quidway-acl-user-traffic-of-tcp] rule 1 deny 06 ff 35 time-range huawei Activate ACL. # Activate the ACL traffic-of-tcp . [Quidway] packet-filter user-group traffic-of-tcp...

  • Page 129: Chapter 2 Qos Configuration

    Operation Manual - QoS/ACL Quidway S3000-EI Series Ethernet Switches Chapter 2 QoS Configuration Chapter 2 QoS Configuration 2.1 QoS Overview In the traditional IP network, all the packets are treated equally without priority difference. Every switch/router handles the packets following the First In First Out (FIFO) policy.

  • Page 130: Packet Filter

    Operation Manual - QoS/ACL Quidway S3000-EI Series Ethernet Switches Chapter 2 QoS Configuration 2.1.3 Packet Filter Packet filter is to filter traffic. For example, the operation “deny” discards the traffic that is matched with a traffic classification rule, while allowing other traffic to pass through.
  • Page 131 Operation Manual - QoS/ACL Quidway S3000-EI Series Ethernet Switches Chapter 2 QoS Configuration high queue Packets sent via this Packets sent interface middle queue normal queue Classify Sending queue Dequeue bottom queue Figure 2-1 SP The SP is specially designed for the key service application. A significant feature of the key service is requiring for priority to enjoy the service to reduce the responding delay when congestion occurs.

  • Page 132: Traffic Mirroring

    Operation Manual - QoS/ACL Quidway S3000-EI Series Ethernet Switches Chapter 2 QoS Configuration Comparing to the common WRR, the Delay bounded WRR also guarantee the packets in the highest-priority queue to leave the queue before the configured delay. 2.1.9 Traffic Mirroring The traffic mirroring function is carried out by copying the specified data packets to the monitoring port for network diagnosis and troubleshooting.

  • Page 133: Configuring Trust Packet Priority

    Operation Manual - QoS/ACL Quidway S3000-EI Series Ethernet Switches Chapter 2 QoS Configuration The port of Ethernet Switch supports 8 priority levels. You can configure the port priority at your requirements. priority-level ranges from 0 to 7. By default, the port priority is 0 and switch replaces the priority carried by a packet with the port priority.

  • Page 134: Port Traffic Limit

    Operation Manual - QoS/ACL Quidway S3000-EI Series Ethernet Switches Chapter 2 QoS Configuration The purpose of this configuration task is to implement the traffic policing over the data flow matching the ACL. The traffic beyond the limit will be dealt with in some other way, such as discarding.

  • Page 135: Configuring Priority Marking

    Operation Manual - QoS/ACL Quidway S3000-EI Series Ethernet Switches Chapter 2 QoS Configuration Note: The configuration of redirection only takes effects on the rules with action permit. For details about the command, refer to the Command Manual. 2.2.6 Configuring Priority Marking The priority marking configuration is a policy to tag the priority for the packets matching the ACL.
  • Page 136 Operation Manual - QoS/ACL Quidway S3000-EI Series Ethernet Switches Chapter 2 QoS Configuration Table 2-7 Default “CoS → Local-precedence” mapping table CoS Value Local Precedence Table 2-8 Relationship between 802.1p priority and output queue 802.1p priority Queue ID Table 2-9 Relationship between local-precedence and output queue...
  • Page 137 Operation Manual - QoS/ACL Quidway S3000-EI Series Ethernet Switches Chapter 2 QoS Configuration CoS Value Local Precedence Using the following commands, you can configure the maps. Perform the following configuration in system view. Table 2-11 Map configuration Operation Command cos-local-precedence-map...

  • Page 138: Configuring Traffic Mirroring

    Operation Manual - QoS/ACL Quidway S3000-EI Series Ethernet Switches Chapter 2 QoS Configuration For details about the command, refer to the Command Manual. 2.2.8 Configuring Traffic Mirroring The function of Traffic mirroring is to copy the traffic matching ACL rule to the designated observing port to analyze and monitor the packets.

  • Page 139: Displaying And Debugging Qos

    Operation Manual - QoS/ACL Quidway S3000-EI Series Ethernet Switches Chapter 2 QoS Configuration 2.2.10 Displaying and Debugging QoS After the above configuration, execute display command in all views to display the running of the QoS configuration, and to verify the effect of the configuration. Execute reset command in user view to clear the statistics of QoS module.
  • Page 140 Operation Manual - QoS/ACL Quidway S3000-EI Series Ethernet Switches Chapter 2 QoS Configuration preferences of those not match the rules to 4. And It is required to limit the traffic from other department to the server to no more than 20M.

  • Page 141: Chapter 3 Logon User Acl Control Configuration

    Chapter 3 Logon User ACL Control Configuration 3.1 Overview As the Ethernet switches launched by Huawei Technologies are used more and more widely over the networks, the security issue becomes even more important. The switches provide several logon and device accessing measures, mainly including TELNET access, SNMP access, and HTTP access.

  • Page 142: Calling Acl To Control Telnet Users

    Operation Manual - QoS/ACL Quidway S3000-EI Series Ethernet Switches Chapter 3 Logon User ACL Control Configuration Table 3-1 Defining the basic ACL Operation Command Enter basic view(from acl { number acl-number | name acl-name system view) basic } [ match-order { config | auto } ]...

  • Page 143: Configuring Acl Control Over The Snmp Users

    [Quidway-user-interface-vty0-4] acl 2020 inbound 3.3 Configuring ACL Control over the SNMP Users Huawei Quidway Ethernet switch series support the remote management with the network management software. The network management users can access the switch with SNMP. Controlling such users with ACL can help filter the illegal NM users and prevent them from accessing the local switch.
  • Page 144 Operation Manual - QoS/ACL Quidway S3000-EI Series Ethernet Switches Chapter 3 Logon User ACL Control Configuration You can use the following commands to call an ACL. Perform the following configuration in system view. Table 3-3 Defining a numbered basic ACL...

  • Page 145: Configuration Example

    [Quidway-acl-basic-2020] rule 2 permit source 10.110.100.46 0 [Quidway-acl-basic-2020] quit # Call the basic ACLs. [Quidway] snmp-agent community read huawei acl 2020 [Quidway] snmp-agent group v2c huaweigroup acl 2020 [Quidway] snmp-agent usm-user v2c huaweiuser huaweigroup acl 2020 3.4 Configuring ACL Control over the HTTP Users Quidway Ethernet switch series support the remote management through WEB.

  • Page 146: Defining Acl

    Operation Manual - QoS/ACL Quidway S3000-EI Series Ethernet Switches Chapter 3 Logon User ACL Control Configuration 3.4.1 Defining ACL So far, you can only call the numbered basic ACL, ranging from 2000 to 2999, to implement ACL control function. Use the same configuration commands introduced in the last section.
  • Page 147 Operation Manual - QoS/ACL Quidway S3000-EI Series Ethernet Switches Chapter 3 Logon User ACL Control Configuration III. Configuration procedure # Define the basic ACL. [Quidway] acl number 2030 match-order config [Quidway-acl-basic-2030] rule 1 permit source 10.110.100.46 0 [Quidway-acl-basic-2030] quit # Call the basic ACL.
  • Page 148 HUAWEI Quidway S3000-EI Series Ethernet Switches Operation Manual Integrated Management Huawei Technologies Proprietary...
  • Page 149 Operation Manual - Integrated Management Quidway S3000-EI Series Ethernet Switches Table of Contents Table of Contents Chapter 1 Stack Function Configuration ..................1-1 1.1 Stack Function Overview ....................1-1 1.2 Configure Stack Function ....................1-1 1.2.1 Configure IP Address Pool for the Stack ..............1-1 1.2.2 Enable/Disable a Stack ...................
  • Page 150 Operation Manual - Integrated Management Quidway S3000-EI Series Ethernet Switches Table of Contents 2.4.7 Set up a Cluster Automatically................2-14 2.4.8 Set Cluster Holdtime ..................... 2-15 2.4.9 Set Cluster Timer to Specify the Handshaking Message Interval......2-15 2.4.10 Configure Remote Control over the Member device........... 2-16 2.4.11 Configure the Cluster Server and Network Management and Log Hosts...

  • Page 151: Chapter 1 Stack Function Configuration

    Operation Manual - Integrated Management Quidway S3000-EI Series Ethernet Switches Chapter 1 Stack Function Configuration Chapter 1 Stack Function Configuration 1.1 Stack Function Overview A stack is a management domain including several Ethernet switches (one main switch and some slave switches) connected through stack ports. These Ethernet switches stacked together can act as one set of equipment and the user can manage them through the main switch.

  • Page 152: Enable/Disable A Stack

    Operation Manual - Integrated Management Quidway S3000-EI Series Ethernet Switches Chapter 1 Stack Function Configuration Before setting up a stack, the user should configure a public IP address pool for the slave switch of the stack. Please note that the above configurations can only be performed on the non-stack switches.

  • Page 153: Stack Function Configuration Example

    Operation Manual - Integrated Management Quidway S3000-EI Series Ethernet Switches Chapter 1 Stack Function Configuration Table 1-4 Display and Debug Stack Function Operation Command Display the stack state information on display stacking [ members ] the main switch Display the stack state information on a...
  • Page 154 Operation Manual - Integrated Management Quidway S3000-EI Series Ethernet Switches Chapter 1 Stack Function Configuration [Quidway] stacking enable # Display stack information on the main switch, Switch A. <stack_0.Quidway> display stacking Main device for stack. Total members:3 # Display stack member information on the main switch, Switch A.
  • Page 155 Operation Manual - Integrated Management Quidway S3000-EI Series Ethernet Switches Chapter 1 Stack Function Configuration <stack_2.Quidway> quit <stack_0.Quidway> Huawei Technologies Proprietary...

  • Page 156: Chapter 2 Hgmp V2 Configuration

    Operation Manual - Integrated Management Quidway S3000-EI Series Ethernet Switches Chapter 2 HGMP V2 Configuration Chapter 2 HGMP V2 Configuration 2.1 HGMP V2 Overview 2.1.1 Overview By HGMP V2 function, the network administrator can manage multiple switches at a managing switch with a public IP address. The managing switch is called administrator device and the managed switches are called member devices.
  • Page 157 Operation Manual - Integrated Management Quidway S3000-EI Series Ethernet Switches Chapter 2 HGMP V2 Configuration device receives and processes the management commands from the network. If the command is destined to a member device, the administrator device will forward it to the member device. The administrator device has the functions such...

  • Page 158: Functions

    Operation Manual - Integrated Management Quidway S3000-EI Series Ethernet Switches Chapter 2 HGMP V2 Configuration Note: To configure the cluster function, perform the following operations on the administrator device: Enable system NDP and port NDP Configure NDP parameter Enable system NTDP and port NTDP...

  • Page 159: Configure Ndp

    Operation Manual - Integrated Management Quidway S3000-EI Series Ethernet Switches Chapter 2 HGMP V2 Configuration Network topology collection is implemented by NTDP. It is used for collecting the information concerning device connection and the Candidate device. It can also be used for setting hops for topology discovery.

  • Page 160: Enable/Disable System Ndp

    Operation Manual - Integrated Management Quidway S3000-EI Series Ethernet Switches Chapter 2 HGMP V2 Configuration Note: On an administrator device, you need to enable system NDP and port NDP, meanwhile configure the NDP parameters as well. However, you only have to enable NDP on a device and the corresponding ports on member device.

  • Page 161: Set Ndp Holdtime

    Operation Manual - Integrated Management Quidway S3000-EI Series Ethernet Switches Chapter 2 HGMP V2 Configuration 2.2.4 Set NDP Holdtime The NDP holdtime specifies how long the adjacent node can keep the local node information. The adjacent device knows the holdtime from the received NDP packet and will discard the packet when it expires.

  • Page 162: Configure Ntdp

    Operation Manual - Integrated Management Quidway S3000-EI Series Ethernet Switches Chapter 2 HGMP V2 Configuration Table 2-5 Display and Debug NDP Operation Command Display global NDP configuration information display ndp (including NDP timer and holdtime). Display the information about the port enabled...

  • Page 163: Enable/Disable System Ntdp

    Operation Manual - Integrated Management Quidway S3000-EI Series Ethernet Switches Chapter 2 HGMP V2 Configuration Note: On an administrator device, you need to enable system NTDP and port NTDP, meanwhile configure the NTDP parameters as well. However, you only have to enable system NTDP and the corresponding port NTDP on member device.

  • Page 164: Set Hop Number For Topology Collection

    Operation Manual - Integrated Management Quidway S3000-EI Series Ethernet Switches Chapter 2 HGMP V2 Configuration By default, port NTDP is enabled on the ports supporting NDP. If you enable NTDP on a port not supporting NDP, NTDP cannot be run.

  • Page 165: Set Topology Collection Interval

    Operation Manual - Integrated Management Quidway S3000-EI Series Ethernet Switches Chapter 2 HGMP V2 Configuration Table 2-9 Set delay for collected device to forward topology collection request. Operation Command Set delay for collected device to forward ntdp timer hop-delay time topology collection request.

  • Page 166: Display And Debug Ntdp

    Operation Manual - Integrated Management Quidway S3000-EI Series Ethernet Switches Chapter 2 HGMP V2 Configuration Table 2-11 Start topology information collection Operation Command Start topology information collection ntdp explore 2.3.8 Display and Debug NTDP After the above configuration, execute display command in any view to display the running of the NTDP configuration, and to verify the effect of the configuration.

  • Page 167: Enable/Disable Cluster Function

    Operation Manual - Integrated Management Quidway S3000-EI Series Ethernet Switches Chapter 2 HGMP V2 Configuration Enable/Disable cluster function Enter cluster view Configure cluster IP address pool Name the administrator device and cluster. Add/delete a cluster member device Setup a cluster automatically.

  • Page 168: Configure Cluster Ip Address Pool

    Operation Manual - Integrated Management Quidway S3000-EI Series Ethernet Switches Chapter 2 HGMP V2 Configuration Table 2-14 enter cluster view Operation Command enter cluster view. cluster 2.4.4 Configure Cluster IP Address Pool Before setting up a cluster, you are supposed to configure a private IP address pool.

  • Page 169: Add/Delete A Cluster Member Device

    Operation Manual - Integrated Management Quidway S3000-EI Series Ethernet Switches Chapter 2 HGMP V2 Configuration By default, the switch is not an administrator device and no cluster name has been specified. 2.4.6 Add/Delete a Cluster Member device You can use the following command to add a member device or delete a member device.

  • Page 170: Set Cluster Holdtime

    Operation Manual - Integrated Management Quidway S3000-EI Series Ethernet Switches Chapter 2 HGMP V2 Configuration 2.4.8 Set Cluster Holdtime After a cluster is set up, some communication fault maybe occurs due to network problem or switch reset. If the fault has not been addressed before the hold time configured on switch expires, the member state goes down.

  • Page 171: Configure Remote Control Over The Member Device

    Operation Manual - Integrated Management Quidway S3000-EI Series Ethernet Switches Chapter 2 HGMP V2 Configuration Table 2-20 Set cluster timer to specify the handshaking message interval. Operation Command cluster timer specify timer interval handshaking message interval. Restore default handshaking undo timer message interval.

  • Page 172: Configure The Cluster Server And Network Management And Log Hosts

    Operation Manual - Integrated Management Quidway S3000-EI Series Ethernet Switches Chapter 2 HGMP V2 Configuration When using the reboot member command, you can decide to delete the configuration file or not with the eraseflash parameter. 2.4.11 Configure the Cluster Server and Network Management and Log...

  • Page 173: Display And Debug Cluster

    Operation Manual - Integrated Management Quidway S3000-EI Series Ethernet Switches Chapter 2 HGMP V2 Configuration the user password of the member device is different from the administrator device, you cannot configure the member device. The user level will be inherited from the administrator device when you configure the member device on the administrator device.
  • Page 174 Operation Manual - Integrated Management Quidway S3000-EI Series Ethernet Switches Chapter 2 HGMP V2 Configuration Ethernet1/1 carrying VLAN2 at 163.172.55.1. The entire cluster uses the same FTP server and TFTP server at 63.172.55.1 and the NM station and log host at 69.172.55.4.
  • Page 175 Operation Manual - Integrated Management Quidway S3000-EI Series Ethernet Switches Chapter 2 HGMP V2 Configuration # Configure that the collected device delays for 150 milliseconds before forwarding a topology collection request. [Quidway] ntdp timer hop-delay 150 # Configure that the port on the collected device delays for 15 milliseconds before forwarding a topology collection request.
  • Page 176 Operation Manual - Integrated Management Quidway S3000-EI Series Ethernet Switches Chapter 2 HGMP V2 Configuration [Quidway-Ethernet1/1] ntdp enable # Run the cluster function. [Quidway] cluster enable Note: Upon the completion of the above configurations, you can use the cluster switch-to...

  • Page 177: Chapter 3 Cluster Multicast Mac Address Configuration

    Operation Manual - Integrated Management Chapter 3 Cluster Multicast MAC Address Quidway S3000-EI Series Ethernet Switches Configuration Chapter 3 Cluster Multicast MAC Address Configuration 3.1 Configuring Cluster Multicast MAC Address 3.1.1 Configuring Cluster Multicast MAC Address After the establishment of the cluster, you can configure the multicast MAC address which can be learnt by both member and administrative devices for cluster administration.
  • Page 178 HUAWEI Quidway S3000-EI Series Ethernet Switches Operation Manual Huawei Technologies Proprietary...
  • Page 179 Operation Manual - STP Quidway S3000-EI Series Ethernet Switches Table of Contents Table of Contents Chapter 1 MSTP Region-configuration ..................1-1 1.1 MSTP Overview ......................... 1-1 1.1.1 MSTP Concepts ...................... 1-1 1.1.2 MSTP Principles...................... 1-4 1.2 Configure MSTP ........................ 1-9 1.2.1 Configure the MST Region for a Switch..............

  • Page 180: Mstp Overview

    Operation Manual - STP Quidway S3000-EI Series Ethernet Switches Chapter 1 MSTP Region-configuration Chapter 1 MSTP Region-configuration 1.1 MSTP Overview MSTP stands for Multiple Spanning Tree Protocol, which is compatible with STP and RSTP. STP cannot transit fast. Even on the point-to-point link or the edge port, it has to take an interval as long as twice forward delay before the network converges.
  • Page 181 Operation Manual - STP Quidway S3000-EI Series Ethernet Switches Chapter 1 MSTP Region-configuration VLAN-spanning tree mapping configuration, and MSTP revision level configuration, and the network segments between them. There can be several MST regions on a switching network. You can group several switches into a MST region, using MSTP configuration commands.
  • Page 182 Operation Manual - STP Quidway S3000-EI Series Ethernet Switches Chapter 1 MSTP Region-configuration VIII. Common Root Bridge The Common Root Bridge refers to the root bridge of CIST. There is only one common root bridge in the specified network. IX. Edge port The edge port refers to the port located at the MST region edge, connecting different MST regions, MST region and STP region, or MST region and RSTP region.

  • Page 183: Mstp Principles

    Operation Manual - STP Quidway S3000-EI Series Ethernet Switches Chapter 1 MSTP Region-configuration 1.1.2 MSTP Principles MSTP divides the entire Layer 2 network into several MST regions and calculates and generates CST for them. Multiple spanning trees are generated in a region and each of them is called an MSTI.
  • Page 184 Operation Manual - STP Quidway S3000-EI Series Ethernet Switches Chapter 1 MSTP Region-configuration Switch A Switch C Switch B Figure 1-3 Designated switch and designated port For a switch, the designated switch is a switch in charge of forwarding packets to the local switch via a port called the designated port accordingly.
  • Page 185 Operation Manual - STP Quidway S3000-EI Series Ethernet Switches Chapter 1 MSTP Region-configuration To facilitate the descriptions, only the first four parts of the configuration BPDU are described in the example. They are root ID (expressed as Ethernet switch priority), path cost to the root, designated switch ID (expressed as Ethernet switch priority) and the designated port ID (expressed as the port number).
  • Page 186 Operation Manual - STP Quidway S3000-EI Series Ethernet Switches Chapter 1 MSTP Region-configuration The port receiving the optimum configuration BPDU is designated to be the root port, whose configuration BPDU remains the same. Any other port, whose configuration BPDU has been updated in the step Select the optimum configuration BPDU, will be blocked and will not forward any data, in addition, it will only receive but not transmit BPDU and its BPDU remains the same.
  • Page 187 Operation Manual - STP Quidway S3000-EI Series Ethernet Switches Chapter 1 MSTP Region-configuration CP1 receives the configuration BPDU {0, 0, 0, AP2} from Switch A and Switch C launches the updating. The configuration BPDU is updated as {0, 0, 0, AP2}.

  • Page 188: Configure Mstp

    Operation Manual - STP Quidway S3000-EI Series Ethernet Switches Chapter 1 MSTP Region-configuration Upon the initiation of the network, all the switches regard themselves as the roots. The designated ports send the configuration BPDUs of local ports at a regular interval of HelloTime.

  • Page 189: Configure The Mst Region For A Switch

    Operation Manual - STP Quidway S3000-EI Series Ethernet Switches Chapter 1 MSTP Region-configuration Enable MSTP on the device Enable MSTP on a port Only after MSTP is enabled on the device will other configurations take effect. Before enabling MSTP, you can configure the related parameters of the device and Ethernet ports, which will take effect upon enabling MSTP and stay effective even after resetting MSTP.
  • Page 190 Operation Manual - STP Quidway S3000-EI Series Ethernet Switches Chapter 1 MSTP Region-configuration II. Configure the MST Region Perform the following configuration in MST region view. Table 1-2 Configure the MST region for a switch Operation Command Configure MST region name...

  • Page 191: Specify The Switch As Primary Or Secondary Root Switch

    Operation Manual - STP Quidway S3000-EI Series Ethernet Switches Chapter 1 MSTP Region-configuration Operation Command Manually activate the MST region configuration (from active MST region view) region-configuration Exit MST region view (from MST region view) quit 1.2.2 Specify the Switch as Primary or Secondary Root Switch MSTP can determine the spanning tree root through calculation.

  • Page 192: Configure The Mstp Running Mode

    Operation Manual - STP Quidway S3000-EI Series Ethernet Switches Chapter 1 MSTP Region-configuration information, refer to the configuration tasks “Configure switching network diameter” and “Configure the Hello Time of the switch”. Note: You can configure the current switch as the root of several STIs, however, it is not necessary to specify two or more roots for an STI.

  • Page 193: Configure The Bridge Priority For A Switch

    Operation Manual - STP Quidway S3000-EI Series Ethernet Switches Chapter 1 MSTP Region-configuration Generally, if there is STP switch on the switching network, the port connected to it will automatically transit from MSTP mode to STP-compatible mode. But the port cannot automatically transit back to MSTP mode after the STP switch is removed.

  • Page 194: Configure The Switching Network Diameter

    Operation Manual - STP Quidway S3000-EI Series Ethernet Switches Chapter 1 MSTP Region-configuration You can use the following command to configure the max hops in an MST region. Perform the following configuration in system view. Table 1-7 Configure the max hops in an MST region...
  • Page 195 Operation Manual - STP Quidway S3000-EI Series Ethernet Switches Chapter 1 MSTP Region-configuration Forward Delay is the switch state transition mechanism. The spanning tree will be recalculated upon link faults and its structure will change accordingly. However, the configuration BPDU recalculated cannot be immediately propagated throughout the network.

  • Page 196: Configure The Max Transmission Speed On A Port

    Operation Manual - STP Quidway S3000-EI Series Ethernet Switches Chapter 1 MSTP Region-configuration Caution: The Forward Delay configured on a switch depends on the switching network diameter. Generally, the Forward Delay is supposed to be longer when the network diameter is longer. Note that too short a Forward Delay may redistribute some redundant routes temporarily, while too long a Forward Delay may prolong the network connection resuming.

  • Page 197: Configure A Port As An Edge Port

    Operation Manual - STP Quidway S3000-EI Series Ethernet Switches Chapter 1 MSTP Region-configuration Table 1-10 Configure the max transmission speed on a port Operation Command Configure the max transmission speed stp interface interface-list transit-limit on a port. packetnum Restore the max transmission speed on...
  • Page 198 Operation Manual - STP Quidway S3000-EI Series Ethernet Switches Chapter 1 MSTP Region-configuration Operation Command Restore the default setting, non-edge undo interface interface-list port, of the port. edged-port II. Configure in Ethernet port view Perform the following configuration in Ethernet port view.

  • Page 199: Configure The Path Cost Of A Port

    Operation Manual - STP Quidway S3000-EI Series Ethernet Switches Chapter 1 MSTP Region-configuration 1.2.10 Configure the Path Cost of a Port Path Cost is related to the speed of the link connected to the port. On the MSTP switch, a port can be configured with different path costs for different STIs. Thus the traffic from different VLANs can run over different physical links, thereby implementing the VLAN-based load-balancing.

  • Page 200: Configure The Port (Not) To Connect With The Point-To-Point Link

    Operation Manual - STP Quidway S3000-EI Series Ethernet Switches Chapter 1 MSTP Region-configuration You can configure the port priority in the following ways. I. Configure in system view Perform the following configuration in system view. Table 1-16 Configure the port priority...
  • Page 201 Operation Manual - STP Quidway S3000-EI Series Ethernet Switches Chapter 1 MSTP Region-configuration Table 1-18 Configure the port (not) to connect with the point-to-point link Operation Command Configure the port to connect with the interface interface-list point-to-point link. point-to-point force-true...

  • Page 202: Configure The Mcheck Variable Of A Port

    Operation Manual - STP Quidway S3000-EI Series Ethernet Switches Chapter 1 MSTP Region-configuration Note: For a link aggregation, only the master port can be configured to connect with the point-to-point link. If a port in auto-negotiation mode operates in full-duplex mode upon negotiation, it can be configured to connect with the point-to-point link.

  • Page 203: Configure The Switch Security Function

    Operation Manual - STP Quidway S3000-EI Series Ethernet Switches Chapter 1 MSTP Region-configuration Note that the command can be used only if the switch runs MSTP. The command does not make any sense when the switch runs in STP-compatible mode.
  • Page 204 Operation Manual - STP Quidway S3000-EI Series Ethernet Switches Chapter 1 MSTP Region-configuration When the protection from TC-BPDU packet attack is enabled, the switch just perform one delete operation in a specified period after receiving TC-BPDU packets, as well as monitoring whether it receives TC-BPDU packets during this period.

  • Page 205: Enable Mstp On The Device

    Operation Manual - STP Quidway S3000-EI Series Ethernet Switches Chapter 1 MSTP Region-configuration When configure a port, only one configuration can be effective among loop protection, Root protection and Edge port configuration at same moment. By default, the switch does not enable BPDU protection or Root protection.

  • Page 206: Display And Debug Mstp

    Operation Manual - STP Quidway S3000-EI Series Ethernet Switches Chapter 1 MSTP Region-configuration II. Configure in Ethernet port view Perform the following configuration in Ethernet port view. Table 1-25 Enable/Disable MSTP on a port Operation Command Enable MSTP on a port.
  • Page 207 HUAWEI Quidway S3000-EI Series Ethernet Switches Operation Manual Security Huawei Technologies Proprietary...
  • Page 208 Operation Manual - Security Quidway S3000-EI Series Ethernet Switches Table of Contents Table of Contents Chapter 1 802.1x Configuration ....................1-1 1.1 802.1x Overview ........................ 1-1 1.1.1 802.1x Standard Overview..................1-1 1.1.2 802.1x System Architecture ..................1-1 1.1.3 802.1x Authentication Process................1-2 1.1.4 Implementing 802.1x on the Ethernet Switch ............
  • Page 209 Operation Manual - Security Quidway S3000-EI Series Ethernet Switches Table of Contents 2.2.8 Configuring Dynamic VLAN with RADIUS Server........... 2-8 2.3 Configuring RADIUS Protocol..................2-10 2.3.1 Creating/Deleting a RADIUS scheme ..............2-10 2.3.2 Setting IP Address and Port Number of RADIUS Server........2-11 2.3.3 Setting RADIUS Packet Encryption Key ...............

  • Page 210: Chapter 1 802.1X Configuration

    The LAN access control device needs to provide the Authenticator System of 802.1x. The devices at the user side such as the computers need to be installed with the 802.1x client Supplicant software, for example, the 802.1x client provided by Huawei Technologies Co., Ltd. (or by Microsoft Windows XP). The 802.1x Authentication Server system normally stays in the carrier’s AAA center.

  • Page 211: Authentication Process

    Operation Manual - Security Quidway S3000-EI Series Ethernet Switches Chapter 1 802.1x Configuration frame, which is to be encapsulated in the packets of other AAA upper layer protocols (e.g. RADIUS) so as to go through the complicated network to reach the Authentication Server.

  • Page 212: Implementing 802.1X On The Ethernet Switch

    Operation Manual - Security Quidway S3000-EI Series Ethernet Switches Chapter 1 802.1x Configuration 802.1x provides an implementation solution of user ID authentication. However, 802.1x itself is not enough to implement the scheme. The administrator of the access device should configure the AAA scheme by selecting RADIUS or local authentication so as to assist 802.1x to implement the user ID authentication.

  • Page 213: Enabling/Disabling 802.1X

    Operation Manual - Security Quidway S3000-EI Series Ethernet Switches Chapter 1 802.1x Configuration Enabling/disabling a quiet-period timer Among the above tasks, the first one is compulsory, otherwise 802.1x will not take any effect. The other tasks are optional. You can perform the configurations at requirements.

  • Page 214: Setting The Port Access Control Method

    Operation Manual - Security Quidway S3000-EI Series Ethernet Switches Chapter 1 802.1x Configuration of the port is unauthorized. It only permits EAPoL packets receiving/transmitting and does not permit the user to access the network resources. If the authentication flow is passed, the port will be switched to the authorized state and permit the user to access the network resources.

  • Page 215: Setting The Supplicant Number On A Port

    Operation Manual - Security Quidway S3000-EI Series Ethernet Switches Chapter 1 802.1x Configuration 1.2.5 Setting the Supplicant Number on a Port The following commands are used for setting number of users allowed by 802.1x on specified port. When no port is specified, all the ports accept the same number of supplicants.

  • Page 216: Enabling/Disabling Guest Vlan

    Operation Manual - Security Quidway S3000-EI Series Ethernet Switches Chapter 1 802.1x Configuration information to RADIUS server in the form of EAP packets directly and RADIUS server must support EAP authentication). For EAP authentication, PEAP, EAP-TLS and EAP-MD5 methods are available on the...

  • Page 217: Setting 802.1X Re-Authentication

    Operation Manual - Security Quidway S3000-EI Series Ethernet Switches Chapter 1 802.1x Configuration Table 1-8 Enabling/disabling Guest VLAN Operation Command Enabling Guest VLAN dot1x guest-vlan vlan-id [ interface interface-list ] Disabling Guest VLAN undo dot1x guest-vlan vlan-id [ interface interface-list ] Note the following: Guest VLAN is only supported in the port-based authentication mode.

  • Page 218: Setting 802.1X Client Version Authentication

    Operation Manual - Security Quidway S3000-EI Series Ethernet Switches Chapter 1 802.1x Configuration port view, the interface-list parameter cannot be specified, and you can use command only to enable the feature on the current interface. II. Configuring 802.1x re-authentication timeout timer...
  • Page 219 Operation Manual - Security Quidway S3000-EI Series Ethernet Switches Chapter 1 802.1x Configuration In system view, if the interface-list parameter is not specified, it means that to enable the 802.1x client version authentication feature on all interfaces; if the interface-list parameter is specified, it means that to enable the feature on the specified interfaces.

  • Page 220: Configuring 802.1X Dynamic User Binding

    If the users use static IP addresses, you must use 802.1x clients developed by Huawei Technologies and select the Upload user IP address option in the [802.1x Network Settings] dialog box when creating a new connection. II. Configuration Prerequisites Enable 802.1x feature globally and on a port.

  • Page 221: Setting The Maximum Times Of Authentication Request Message Retransmission

    Operation Manual - Security Quidway S3000-EI Series Ethernet Switches Chapter 1 802.1x Configuration III. Configuration Procedure Table 1-14 Configure 802.1x dynamic user binding Operation Command Remarks Enter system view — system-view Required. 802.1x dot1x Enable 802.1x dynamic dynamic user binding is...

  • Page 222: Configuring Timers

    Operation Manual - Security Quidway S3000-EI Series Ethernet Switches Chapter 1 802.1x Configuration Table 1-15 Setting the maximum times of the authentication request message retransmission Operation Command Set the maximum times of the authentication dot1x retry max-retry-value request message retransmission...

  • Page 223: Enabling/Disabling A Quiet-Period Timer

    Operation Manual - Security Quidway S3000-EI Series Ethernet Switches Chapter 1 802.1x Configuration server-timeout: Specify the timeout timer of an Authentication Server. If an Authentication Server has not responded before the specified period expires, the Authenticator will resend the authentication request.

  • Page 224: X Configuration Example

    Operation Manual - Security Quidway S3000-EI Series Ethernet Switches Chapter 1 802.1x Configuration Table 1-17 Enabling/disabling a quiet-period timer Operation Command Enable a quiet-period timer dot1x quiet-period Disable a quiet-period timer undo dot1x quiet-period By default, quiet-period timer is disabled.
  • Page 225 Operation Manual - Security Quidway S3000-EI Series Ethernet Switches Chapter 1 802.1x Configuration A server group, consisting of two RADIUS servers at 10.11.1.1 and 10.11.1.2 respectively, is connected to the switch. The former one acts as the primary-authentication/secondary-accounting server. The latter one acts as the primary-accounting server.
  • Page 226 Operation Manual - Security Quidway S3000-EI Series Ethernet Switches Chapter 1 802.1x Configuration # Set the access control mode. (This command could not be configured, when it is configured as MAC-based by default.) [Quidway] dot1x port-method macbased interface Ethernet 0/1 # Create the RADIUS scheme radius1 and enters its view.
  • Page 227 Operation Manual - Security Quidway S3000-EI Series Ethernet Switches Chapter 1 802.1x Configuration # Enable idle cut function for the user and set the idle cut parameter in the domain huawei163.net. [Quidway-isp-huawei163.net] idle-cut enable 20 2000 # Add a local supplicant and sets its parameter.

  • Page 228: Chapter 2 Aaa And Radius Protocol Configuration

    Operation Manual - Security Chapter 2 AAA and RADIUS Protocol Quidway S3000-EI Series Ethernet Switches Configuration Chapter 2 AAA and RADIUS Protocol Configuration 2.1 AAA and RADIUS Protocol Overview 2.1.1 AAA Overview Authentication, Authorization and Accounting (AAA) provide a uniform framework used for configuring these three security functions to implement the network security management.

  • Page 229: Implementing Aaa/Radius On Ethernet Switch

    Operation Manual - Security Chapter 2 AAA and RADIUS Protocol Quidway S3000-EI Series Ethernet Switches Configuration in PSTN environment or Ethernet switch with access function in Ethernet environment), NAS, namely RADIUS client end, will transmit user AAA request to the RADIUS server.

  • Page 230: Aaa Configuration

    Operation Manual - Security Chapter 2 AAA and RADIUS Protocol Quidway S3000-EI Series Ethernet Switches Configuration Authentication Authentication PC user1 PC user1 Server Server PC user2 PC user2 Accounting Accounting Server1 Server1 S3000-EI series ISP1 ISP1 S2000-SI series Accounting Accounting...

  • Page 231: Configuring Relevant Attributes Of Isp Domain

    Operation Manual - Security Chapter 2 AAA and RADIUS Protocol Quidway S3000-EI Series Ethernet Switches Configuration may be different, it is necessary to differentiate them through setting ISP domain. In Quidway Series Switches ISP domain view, you can configure a complete set of exclusive ISP domain attributes on a per-ISP domain basis, which includes AAA policy ( RADIUS scheme applied etc.)

  • Page 232: Enabling/Disabling The Messenger Alert

    Operation Manual - Security Chapter 2 AAA and RADIUS Protocol Quidway S3000-EI Series Ethernet Switches Configuration Table 2-2 Configuring relevant attributes of ISP domain Operation Command Specify the adopted RADIUS scheme radius-scheme radius-scheme-name Restore the adopted RADIUS scheme to undo radius-scheme...

  • Page 233: Configuring Self-Service Server Url

    Operation Manual - Security Chapter 2 AAA and RADIUS Protocol Quidway S3000-EI Series Ethernet Switches Configuration By default, messenger alert is disabled on the switch. 2.2.4 Configuring Self-Service Server URL The self-service-url enable command can be used to configure self-service server uniform resource locator (URL).

  • Page 234: Setting Attributes Of Local User

    Operation Manual - Security Chapter 2 AAA and RADIUS Protocol Quidway S3000-EI Series Ethernet Switches Configuration Table 2-5 Creating/Deleting a local user and relevant properties Operation Command Add local users local-user user-name Delete all the local users undo local-user all...

  • Page 235: Disconnecting A User By Force

    Operation Manual - Security Chapter 2 AAA and RADIUS Protocol Quidway S3000-EI Series Ethernet Switches Configuration Operation Command Set a service type for the service-type { ftp [ ftp-directory directory ] | specified user lan-access | { ssh | telnet }* [ level level ] }...
  • Page 236 Operation Manual - Security Chapter 2 AAA and RADIUS Protocol Quidway S3000-EI Series Ethernet Switches Configuration String ID: The switch compares the string ID delivered from the server with the VLAN names existing on the switch. If a matching entry is found, the switch adds the port into the corresponding VLAN.

  • Page 237: Configuring Radius Protocol

    Operation Manual - Security Chapter 2 AAA and RADIUS Protocol Quidway S3000-EI Series Ethernet Switches Configuration 2.3 Configuring RADIUS Protocol For the Quidway Series Switches, the RADIUS protocol is configured on the per RADIUS scheme basis. In real networking environment, a RADIUS scheme can be an independent RADIUS server or a set of primary/second RADIUS servers with the same configuration but two different IP addresses.

  • Page 238: Setting Ip Address And Port Number Of Radius Server

    Operation Manual - Security Chapter 2 AAA and RADIUS Protocol Quidway S3000-EI Series Ethernet Switches Configuration Table 2-11 Creating/Deleting a RADIUS scheme Operation Command Create a RADIUS scheme and radius scheme radius-scheme-name enter its view Delete a RADIUS scheme undo radius scheme radius-scheme-name Several ISP domains can use a RADIUS scheme at the same time.

  • Page 239: Setting Radius Packet Encryption Key

    Operation Manual - Security Chapter 2 AAA and RADIUS Protocol Quidway S3000-EI Series Ethernet Switches Configuration Operation Command Set IP address and port number of second secondary accounting RADIUS accounting server. ip-address [ port-number ] Restore IP address and port number of...

  • Page 240: Setting Response Timeout Timer Of Radius Server

    Operation Manual - Security Chapter 2 AAA and RADIUS Protocol Quidway S3000-EI Series Ethernet Switches Configuration Table 2-13 Setting RADIUS packet encryption key Operation Command Set RADIUS authentication/authorization packet key authentication string encryption key Restore default RADIUS undo key authentication authentication/authorization packet encryption key.

  • Page 241: Enabling The Selection Of Radius Accounting Option

    Operation Manual - Security Chapter 2 AAA and RADIUS Protocol Quidway S3000-EI Series Ethernet Switches Configuration Table 2-15 Setting retransmission times of RADIUS request packet Operation Command Set retransmission times of RADIUS request packet retry retry-times Restore the default value of retransmission times undo retry By default, RADIUS request packet will be retransmitted up to three times.

  • Page 242: Setting Maximum Times Of Real-Time Accounting Request Failing To Be Responded

    Operation Manual - Security Chapter 2 AAA and RADIUS Protocol Quidway S3000-EI Series Ethernet Switches Configuration The parameter minutes specifies the real-time accounting interval in minutes. The value shall be a multiple of 3. The value of minutes is related to the performance of NAS and RADIUS server. The smaller the value is, the higher the performances of NAS and RADIUS are required.

  • Page 243: Enabling/Disabling Stopping Accounting Request Buffer

    Operation Manual - Security Chapter 2 AAA and RADIUS Protocol Quidway S3000-EI Series Ethernet Switches Configuration How to calculate the value of retry-times? Suppose that RADIUS server connection will timeout in T and the real-time accounting interval of NAS is t, then the integer part of the result from dividing T by t is the value of count.

  • Page 244: Setting The Supported Type Of Radius Server

    Table 2-22 Setting the supported type of RADIUS server Operation Command Setting Supported Type server-type { huawei | iphotel | portal | RADIUS Server standard } Restore the Supported Type of undo server-type RADIUS Server to the default setting By default, the newly created RADIUS scheme supports the server of standard type, while the "system"...

  • Page 245: Setting Username Format Transmitted To Radius Server

    Operation Manual - Security Chapter 2 AAA and RADIUS Protocol Quidway S3000-EI Series Ethernet Switches Configuration Perform the following configurations in RADIUS scheme view. Table 2-23 Setting RADIUS server state Operation Command Set the state of primary RADIUS state primary...

  • Page 246: Setting The Unit Of Data Flow That Transmitted To Radius Server

    Operation Manual - Security Chapter 2 AAA and RADIUS Protocol Quidway S3000-EI Series Ethernet Switches Configuration 2.3.14 Setting the Unit of Data Flow that Transmitted to RADIUS Server The following command defines the unit of the data flow sent to RADIUS server.

  • Page 247: Displaying And Debugging Aaa And Radius Protocol

    Operation Manual - Security Chapter 2 AAA and RADIUS Protocol Quidway S3000-EI Series Ethernet Switches Configuration 2.4 Displaying and Debugging AAA and RADIUS Protocol After the above configuration, execute display command in any view to display the running of the AAA and RADIUS configuration, and to verify the effect of the configuration.

  • Page 248: Aaa And Radius Protocol Configuration Examples

    Operation Manual - Security Chapter 2 AAA and RADIUS Protocol Quidway S3000-EI Series Ethernet Switches Configuration Operation Command Disable debugging of local undo debugging local-server { all | error | RADIUS authentication server event packet } 2.5 AAA and RADIUS Protocol Configuration Examples For the hybrid configuration example of AAA/RADIUS protocol and 802.1x protocol,...

  • Page 249: Configuring Ftp/Telnet User Authentication At Local Radius Server

    2.5.2 Configuring FTP/Telnet User Authentication at Local RADIUS Server Local RADIUS authentication of Telnet/FTP users is similar to remote RADIUS authentication. But you should modify the server IP address to 127.0.0.1, authentication password to Huawei, the UDP port number of the authentication server to 1645. Note: For details about local RADIUS authentication of Telnet/FTP users, refer to “2.3.15...

  • Page 250: Configuring Dynamic Vlan With Radius Server

    Operation Manual - Security Chapter 2 AAA and RADIUS Protocol Quidway S3000-EI Series Ethernet Switches Configuration 2.5.3 Configuring Dynamic VLAN with RADIUS Server I. Networking Requirements The RADIUS server (taking Windows IAS as example) delivers sting VLAN ID “test”, which corresponds to the name of VLAN 100 on the switch. The switch can add the port to VLAN 100 when the server delivers "test".
  • Page 251 Operation Manual - Security Chapter 2 AAA and RADIUS Protocol Quidway S3000-EI Series Ethernet Switches Configuration The username may not be in the userid@isp-name format or NAS has not been configured with a default ISP domain. Please use the username in proper format and configure the default ISP domain on NAS.

  • Page 252: Chapter 3 Habp Configuration

    For those ports where 802.1x authentication is skipped, packets will be filtered by 802.1x attribute, so the management over them is also impossible. HABP(Huawei Authentication Bypass Protocol) attribute can be used to solve this problem. HABP packets contain the MAC address and other information of the member switches.

  • Page 253: Configuring Habp Client

    Operation Manual - Security Quidway S3000-EI Series Ethernet Switches Chapter 3 HABP Configuration Table 3-1 Configuring HABP server Operation Command Enable HABP attribute habp enable Restore HABP attribute to the default value undo habp enable Configure the switch as HABP Server...
  • Page 254 Operation Manual - Security Quidway S3000-EI Series Ethernet Switches Chapter 3 HABP Configuration Operation Command Enable HABP debugging debugging habp Disable HABP debugging undo debugging habp Huawei Technologies Proprietary...

  • Page 255: Network Protocol

    HUAWEI Quidway S3000-EI Series Ethernet Switches Operation Manual Network Protocol Huawei Technologies Proprietary...
  • Page 256 Operation Manual - Network Protocol Quidway S3000-EI Series Ethernet Switches Table of Contents Table of Contents Chapter 1 ARP Configuration....................... 1-1 1.1 Introduction to ARP......................1-1 1.2 Configure ARP ........................1-2 1.2.1 Manually Add/Delete Static ARP Mapping Entries ..........1-2 1.2.2 Configure the Dynamic ARP Aging Timer...............
  • Page 257 Operation Manual - Network Protocol Quidway S3000-EI Series Ethernet Switches Table of Contents Chapter 6 IP Performance Configuration..................6-1 6.1 IP Performance Configuration ................... 6-1 6.1.1 Configure TCP Attributes ..................6-1 6.2 Display and debug IP Performance ................... 6-2 6.3 Troubleshoot IP Performance.................... 6-2...

  • Page 258: Introduction To Arp

    Operation Manual - Network Protocol Quidway S3000-EI Series Ethernet Switches Chapter 1 ARP Configuration Chapter 1 ARP Configuration 1.1 Introduction to ARP I. Necessity of ARP An IP address cannot be directly used for communication between network devices because network devices can only identify MAC addresses. An IP address is only an address of a host in the network layer.

  • Page 259: Configure Arp

    Operation Manual - Network Protocol Quidway S3000-EI Series Ethernet Switches Chapter 1 ARP Configuration Normally, dynamic ARP executes and automatically searches for the resolution from the IP address to the Ethernet MAC address without the administrator. 1.2 Configure ARP The ARP mapping table can be maintained dynamically or manually. Usually, the manually configured mapping from the IP addresses to the MAC addresses is known as static ARP.

  • Page 260: Enabling/Disabling Arp The Checking Function Of Arp Entry

    Operation Manual - Network Protocol Quidway S3000-EI Series Ethernet Switches Chapter 1 ARP Configuration Table 1-2 Configure the dynamic ARP aging timer Operation Command Configure the dynamic ARP aging timer arp timer aging aging-time restore the default dynamic ARP aging time undo arp timer aging By default, the aging time of dynamic ARP aging timer is 20 minutes.

  • Page 261: Configuration Tasks

    Operation Manual - Network Protocol Quidway S3000-EI Series Ethernet Switches Chapter 1 ARP Configuration network, so all hosts on the network must do this every time the ARP request is sent. Characteristics of gratuitous ARP packets: The source and destination IP addresses are all native addresses, and the source MAC address of the packet is native MAC address.
  • Page 262 Operation Manual - Network Protocol Quidway S3000-EI Series Ethernet Switches Chapter 1 ARP Configuration Table 1-5 Display and debug ARP Operation Command Display ARP mapping table display arp [ static | dynamic | ip-address ] Display the current setting of the...

  • Page 263: Chapter 2 Dhcp-Snooping Configuration

    Operation Manual - Network Protocol Quidway S3000-EI Series Ethernet Switches Chapter 2 DHCP-Snooping Configuration Chapter 2 DHCP-Snooping Configuration 2.1 DHCP-Snooping Overview For security, the IP addresses used by online users may be recorded to confirm the association between the users’ IP addresses and their MAC addresses. The Layer 3...

  • Page 264: Setting The Port As Trusted Port

    Operation Manual - Network Protocol Quidway S3000-EI Series Ethernet Switches Chapter 2 DHCP-Snooping Configuration Table 2-1 Enable/Disable the DHCP-Snooping function of the switch Operation Command Enable the DHCP-Snooping function of the switch dhcp-snooping Disable the DHCP-Snooping function of the switch undo dhcp-snooping By default, the switch does not enable DHCP-Snooping function.

  • Page 265: Chapter 3 Dhcp Client Configuration

    Operation Manual - Network Protocol Quidway S3000-EI Series Ethernet Switches Chapter 3 DHCP Client Configuration Chapter 3 DHCP Client Configuration 3.1 Overview of DHCP Client With expansion of network size and complication of network structure, network configuration becomes more and more complex. It is often the case that computers change physical positions frequently (portable computers and wireless networks for example) and that computers exceed the IP addresses available.

  • Page 266: Dhcp Client Configuration

    Operation Manual - Network Protocol Quidway S3000-EI Series Ethernet Switches Chapter 3 DHCP Client Configuration received one and then broadcasts DHCP_Request messages respectively to those DHCP servers. The message contains the information of IP address request from the selected DHCP server.

  • Page 267: Displaying And Debugging Dhcp Client Configuration

    Operation Manual - Network Protocol Quidway S3000-EI Series Ethernet Switches Chapter 3 DHCP Client Configuration Table 3-1 Configuring a VLAN interface to obtain IP address using DHCP Operation Command Configure VLAN interface to obtain IP ip address dhcp-alloc address using DHCP...

  • Page 268: Chapter 4 Bootp Client Configuration

    Operation Manual - Network Protocol Quidway S3000-EI Series Ethernet Switches Chapter 4 BOOTP Client Configuration Chapter 4 BOOTP Client Configuration 4.1 Overview of BOOTP Client BOOTP client can request the server to allocate an IP address to it using BOOTP (bootstrap protocol).

  • Page 269: Displaying And Debugging Bootp Client

    Operation Manual - Network Protocol Quidway S3000-EI Series Ethernet Switches Chapter 4 BOOTP Client Configuration 4.3 Displaying and Debugging BOOTP Client After the above configuration, execute display command in any view to display the running of the BOOTP client configuration, and to verify the effect of the configuration.

  • Page 270: Chapter 5 Access Management Configuration

    Operation Manual - Network Protocol Quidway S3000-EI Series Ethernet Switches Chapter 5 Access Management Configuration Chapter 5 Access Management Configuration 5.1 Access Management Overview One of the typical Ethernet access networking scenario is that the users access external network through the Ethernet switches. In this case, the external network is connected to the Ethernet switch.

  • Page 271: Enable Access Management Function

    Operation Manual - Network Protocol Quidway S3000-EI Series Ethernet Switches Chapter 5 Access Management Configuration Configure port, IP address and MAC address binding 5.2.1 Enable Access Management Function You can use the following command to enable access management function. Only after the access management function is enabled will the access management features (IP and port binding and Layer 2 port isolation) take effect.

  • Page 272: Display And Debug Access Management

    Operation Manual - Network Protocol Quidway S3000-EI Series Ethernet Switches Chapter 5 Access Management Configuration Port+MAC binding: binding the packet’s receiving port and its source MAC address. The specified port will only allow the packet with specified MAC address to pass; meanwhile the packet with specified MAC address can only pass through the specified port.

  • Page 273: Access Management Configuration Example

    Operation Manual - Network Protocol Quidway S3000-EI Series Ethernet Switches Chapter 5 Access Management Configuration Table 5-4 Display current configuration of access management Operation Command Display current configuration of display am [ interface-list ] access management display user-bind interface Display Port, IP address and...

  • Page 274: Ip Performance Configuration

    Operation Manual - Network Protocol Quidway S3000-EI Series Ethernet Switches Chapter 6 IP Performance Configuration Chapter 6 IP Performance Configuration 6.1 IP Performance Configuration IP performance configuration includes: Configure TCP attributes 6.1.1 Configure TCP Attributes TCP attributes that can be configured include: synwait timer: When sending the syn packets, TCP starts the synwait timer.

  • Page 275: Display And Debug Ip Performance

    Operation Manual - Network Protocol Quidway S3000-EI Series Ethernet Switches Chapter 6 IP Performance Configuration 6.2 Display and debug IP Performance After the above configuration, execute display command in any view to display the running of the IP Performance configuration, and to verify the effect of the configuration.
  • Page 276 Operation Manual - Network Protocol Quidway S3000-EI Series Ethernet Switches Chapter 6 IP Performance Configuration <Quidway> debugging tcp packet Then the TCP packets received or sent can be checked in real time. Specific packet formats include: TCP output packet: Source IP address:202.38.160.1 Source port:1024 Destination IP Address 202.38.160.1...

  • Page 277: System Management

    HUAWEI Quidway S3000-EI Series Ethernet Switches Operation Manual System Management Huawei Technologies Proprietary...
  • Page 278 Operation Manual - System Management Quidway S3000-EI Series Ethernet Switches Table of Contents Table of Contents Chapter 1 File System Management.................... 1-1 1.1 File System ........................1-1 1.1.1 File System Overview ..................... 1-1 1.1.2 Directory Operation ....................1-1 1.1.3 File Operation......................1-1 1.1.4 Storage Device Operation..................
  • Page 279 Operation Manual - System Management Quidway S3000-EI Series Ethernet Switches Table of Contents 3.2 Device Management Configuration ................... 3-1 3.2.1 Reboot Ethernet Switch ..................3-1 3.2.2 Designate the APP Adopted When Booting the Ethernet Switch Next Time..3-1 3.2.3 Upgrade BootROM....................3-2 3.3 Display and Debug Device Management Configuration............
  • Page 280 Operation Manual - System Management Quidway S3000-EI Series Ethernet Switches Table of Contents 5.3.9 Set/Delete an SNMP Group ..................5-6 5.3.10 Set the Source Address of Trap................5-6 5.3.11 Add/Delete a User to/from an SNMP Group ............5-7 5.3.12 Create/Update View Information or Deleting a View..........5-7 5.3.13 Set the Size of SNMP Packet Sent/Received by an Agent ........

  • Page 281: File System Overview

    Operation Manual - System Management Quidway S3000-EI Series Ethernet Switches Chapter 1 File System Management Chapter 1 File System Management 1.1 File System 1.1.1 File System Overview The Ethernet switch provides a file system module for user’s efficient management over the storage devices such as flash memory. The file system offers file access and directory management, mainly including creating the file system, creating, deleting, modifying and renaming a file or a directory and opening a file.

  • Page 282: Storage Device Operation

    Operation Manual - System Management Quidway S3000-EI Series Ethernet Switches Chapter 1 File System Management the information about a specified file. You can use the following commands to perform file operations. Perform the following configuration in user view. Table 1-2 File operation...

  • Page 283: Configure File Management

    Operation Manual - System Management Quidway S3000-EI Series Ethernet Switches Chapter 1 File System Management 1.2 Configure File Management 1.2.1 Configure File Management Overview The management module of configuration file provides a user-friendly operation interface. It saves the configuration of the Ethernet switch in the text format of command line to record the whole configuration process.

  • Page 284: Save The Current-Configuration

    Operation Manual - System Management Quidway S3000-EI Series Ethernet Switches Chapter 1 File System Management Table 1-5 Display the configurations of the Ethernet switch Operation Command Display saved-configuration display saved-configuration information of the Ethernet switch display current-configuration [ controller |...

  • Page 285: Ftp

    Operation Manual - System Management Quidway S3000-EI Series Ethernet Switches Chapter 1 File System Management The configuration files in flash are damaged. (A common case is that a wrong configuration file has been downloaded.) 1.3 FTP 1.3.1 FTP Overview FTP is a common way to transmit files on the Internet and IP network. Before the World Wide Web (WWW), files were transmitted in the command line mode and FTP was the most popular application.

  • Page 286: Enable/Disable Ftp Server

    Operation Manual - System Management Quidway S3000-EI Series Ethernet Switches Chapter 1 File System Management Table 1-9 Configuration of the switch as FTP server Device Configuration Default Description You can view the configuration FTP server Start FTP server. information of FTP server with is disabled.

  • Page 287: Configure The Running Parameters Of Ftp Server

    Operation Manual - System Management Quidway S3000-EI Series Ethernet Switches Chapter 1 File System Management Table 1-11 Configure the FTP Server Authentication and Authorization Operation Command Create new local user and enter local local-user username user view(system view) undo local-user [ username | all...

  • Page 288: Introduction To Ftp Client

    Operation Manual - System Management Quidway S3000-EI Series Ethernet Switches Chapter 1 File System Management Table 1-13 Display and debug FTP Server Operation Command Display FTP server display ftp-server Display the connected FTP users. display ftp-user The display ftp-server command can be used for displaying the configuration information about the current FTP server, including the maximum amount of users supported by FTP server and the FTP connection timeout.
  • Page 289 Operation Manual - System Management Quidway S3000-EI Series Ethernet Switches Chapter 1 File System Management III. Configuration procedure Configure FTP server parameters on the PC: a user named as switch, password hello, read & write authority over the Switch directory on the PC.

  • Page 290: Ftp Server Configuration Example

    Operation Manual - System Management Quidway S3000-EI Series Ethernet Switches Chapter 1 File System Management <Quidway> boot boot-loader switch.app <Quidway> reboot 1.3.8 FTP server configuration example I. Networking requirement Switch serves as FTP server and the remote PC as FTP client. The configuration on FTP server: Configure a FTP user named as switch, with password hello and with read &...

  • Page 291: Tftp

    Operation Manual - System Management Quidway S3000-EI Series Ethernet Switches Chapter 1 File System Management Caution: If the flash memory of the switch is not enough, you need to first delete the existing programs in the flash memory and then upload the new ones.

  • Page 292: Configure The File Transmission Mode

    Operation Manual - System Management Quidway S3000-EI Series Ethernet Switches Chapter 1 File System Management Table 1-14 Configuration of the switch as TFTP client Device Configuration Default Description TFTP is right for the case where no complicated interactions Configure IP address for...

  • Page 293: Upload Files By Means Of Tftp

    Operation Manual - System Management Quidway S3000-EI Series Ethernet Switches Chapter 1 File System Management 1.4.4 Upload Files by means of TFTP To upload a file, the client sends a request to the TFTP server and then transmits data to it and receives the acknowledgement from it. You can use the following commands to upload files.
  • Page 294 Operation Manual - System Management Quidway S3000-EI Series Ethernet Switches Chapter 1 File System Management Caution: If the flash memory of the switch is not enough, you need to first delete the existing programs in the flash memory and then upload the new ones.

  • Page 295: Chapter 2 Mac Address Table Management

    Operation Manual - System Management Quidway S3000-EI Series Ethernet Switches Chapter 2 MAC Address Table Management Chapter 2 MAC Address Table Management 2.1 MAC Address Table Management Overview An Ethernet Switch maintains a MAC address table for fast forwarding packets. A table entry includes the MAC address of a device and the port ID of the Ethernet switch connected to it.

  • Page 296: Mac Address Table Configuration

    Operation Manual - System Management Quidway S3000-EI Series Ethernet Switches Chapter 2 MAC Address Table Management The Ethernet switch also provides the function of MAC address aging. If the switch receives no packet for a period of time, it will delete the related entry from the MAC address table.

  • Page 297: Set The Max Count Of Mac Address Learned By A Port

    Operation Manual - System Management Quidway S3000-EI Series Ethernet Switches Chapter 2 MAC Address Table Management If aging time is set too short, the Ethernet switch may delete valid MAC address table. You can use the following commands to set the MAC address aging time for the system.

  • Page 298: Display And Debug Mac Address Table

    Operation Manual - System Management Quidway S3000-EI Series Ethernet Switches Chapter 2 MAC Address Table Management 2.3 Display and Debug MAC Address Table After the above configuration, execute display command in any view to display the running of the MAC address table configuration, and to verify the effect of the configuration.
  • Page 299 Operation Manual - System Management Quidway S3000-EI Series Ethernet Switches Chapter 2 MAC Address Table Management <Quidway> system-view # Add a MAC address (specify the native VLAN, port and state). [Quidway] mac-address static 00e0-fc35-dc71 interface ethernet 0/2 vlan 1 # Set the address aging time to 500s.

  • Page 300: Chapter 3 Device Management

    Operation Manual - System Management Quidway S3000-EI Series Ethernet Switches Chapter 3 Device management Chapter 3 Device management 3.1 Device Management Overview With the device management function, the Ethernet Switch can display the current running state and event debugging information about the slots, thereby implementing the maintenance and management of the state and communication of the physical devices.

  • Page 301: Display And Debug Device Management Configuration

    Operation Manual - System Management Quidway S3000-EI Series Ethernet Switches Chapter 3 Device management 3.2.3 Upgrade BootROM You can use this command to upgrade the BootROM with the BootROM program in the Flash Memory. This configuration task facilitates the remote upgrade. You can upload the BootROM program file from a remote end to the switch via FTP and then use this command to upgrade the BootROM.

  • Page 302: Basic System Configuration

    Operation Manual - System Management Quidway S3000-EI Series Ethernet Switches Chapter 4 System Maintenance and Debugging Chapter 4 System Maintenance and Debugging 4.1 Basic System Configuration 4.1.1 Set Name for Switch Perform the operation of sysname command in the system view.

  • Page 303: Set The Summer Time

    Operation Manual - System Management Quidway S3000-EI Series Ethernet Switches Chapter 4 System Maintenance and Debugging 4.1.4 Set the Summer Time You can set the name, starting and ending time of the summer time. Perform the following operations in the user view.

  • Page 304: System Debugging

    Operation Manual - System Management Quidway S3000-EI Series Ethernet Switches Chapter 4 System Maintenance and Debugging 4.3 System Debugging 4.3.1 Enable/Disable the Terminal Debugging The Ethernet switch provides various ways for debugging most of the supported protocols and functions, which can help you diagnose and address the errors.

  • Page 305: Display Diagnostic Information

    Operation Manual - System Management Quidway S3000-EI Series Ethernet Switches Chapter 4 System Maintenance and Debugging For more about the usage and format of the debugging commands, refer to the relevant chapters. Note: Since the debugging output will affect the system operating efficiency, do not enable the debugging without necessity, especially use the debugging all command with caution.

  • Page 306: Logging Function

    Operation Manual - System Management Quidway S3000-EI Series Ethernet Switches Chapter 4 System Maintenance and Debugging packet sequence number, TTL, and the round-trip time of the response packet will be displayed. The final statistics, including the number of the packets the switch sent out and received, the packet loss ratio, the round-trip time in its minimum value, mean value and maximum value.
  • Page 307 Operation Manual - System Management Quidway S3000-EI Series Ethernet Switches Chapter 4 System Maintenance and Debugging When the log information is output to info-center, the first part will be “<Priority>”. For example: <187>Jun 7 05:22:03 2003 Quidway IFNET/6/UPDOWN:Line protocol on interface...
  • Page 308 Operation Manual - System Management Quidway S3000-EI Series Ethernet Switches Chapter 4 System Maintenance and Debugging Notice: There is a blank between sysname and module name. Module name The module name is the name of module which create this logging information, the...

  • Page 309: Info-Center Configuration

    Operation Manual - System Management Quidway S3000-EI Series Ethernet Switches Chapter 4 System Maintenance and Debugging Severity Description debugging Debugging information Notice: There is a slash between severity and digest. Digest The digest is abbreviation, it represent the abstract of contents.
  • Page 310 Operation Manual - System Management Quidway S3000-EI Series Ethernet Switches Chapter 4 System Maintenance and Debugging Sending the configuration information to loghost. Table 4-13 Sending the configuration information to loghost Device Configuration Default value Configuration description default, Other configurations are valid...
  • Page 311 Operation Manual - System Management Quidway S3000-EI Series Ethernet Switches Chapter 4 System Maintenance and Debugging Sending the configuration information to monitor terminal Table 4-15 Sending the configuration information to monitor terminal Device Configuration Default value Configuration description default, Other configurations are valid...
  • Page 312 Operation Manual - System Management Quidway S3000-EI Series Ethernet Switches Chapter 4 System Maintenance and Debugging Table 4-17 Sending the configuration information to trap buffer Device Configuration Default value Configuration description default, Other configurations are valid Enable info-center info-center is only if the info-center is enabled.

  • Page 313: Sending The Configuration Information To Loghost

    Operation Manual - System Management Quidway S3000-EI Series Ethernet Switches Chapter 4 System Maintenance and Debugging Table 4-19 Turn on/off the information synchronization switch in Fabric Device Configuration Default value Configuration description Other configurations Enable By default, info-center is valid only if the info-center info-center enabled.
  • Page 314 Operation Manual - System Management Quidway S3000-EI Series Ethernet Switches Chapter 4 System Maintenance and Debugging Operation Command Cancel the configuration of undo info-center loghost host-ip-addr outputting information to loghost Note: Ensure to enter the correct IP address using the info-center loghost command to configure loghost IP address.

  • Page 315: Sending The Configuration Information To Console Terminal

    Operation Manual - System Management Quidway S3000-EI Series Ethernet Switches Chapter 4 System Maintenance and Debugging Note: If you want to view the debugging information of some modules on the switch, you must select debugging as the information type when configuring information source, meantime using the debugging command to turn on the debugging switch of those modules.
  • Page 316 Operation Manual - System Management Quidway S3000-EI Series Ethernet Switches Chapter 4 System Maintenance and Debugging Configuring to output information to console terminal Perform the following operation in system view. Table 4-25 Configuring to output information to console terminal Operation...
  • Page 317 Operation Manual - System Management Quidway S3000-EI Series Ethernet Switches Chapter 4 System Maintenance and Debugging Note: If you want to view the debugging information of some modules on the switch, you must select debugging as the information type when configuring information source, meantime using the debugging command to turn on the debugging switch of those modules.

  • Page 318: Sending The Configuration Information To Telnet Terminal Or Dumb Terminal

    Operation Manual - System Management Quidway S3000-EI Series Ethernet Switches Chapter 4 System Maintenance and Debugging 4.5.5 Sending the Configuration Information to Telnet Terminal or Dumb Terminal To send configuration information to Telnet terminal or dumb terminal, follow the steps...
  • Page 319 Operation Manual - System Management Quidway S3000-EI Series Ethernet Switches Chapter 4 System Maintenance and Debugging Table 4-31 Defining information source Operation Command info-center source { modu-name | default } channel Define information source { channel-number | channel-name } [ { log | trap |...

  • Page 320: Sending The Configuration Information To Log Buffer

    Operation Manual - System Management Quidway S3000-EI Series Ethernet Switches Chapter 4 System Maintenance and Debugging Table 4-32 Configuring the output format of time-stamp Operation Command Configure the output format of info-center timestamp { trap the time-stamp debugging } { boot | date | none }...
  • Page 321 Operation Manual - System Management Quidway S3000-EI Series Ethernet Switches Chapter 4 System Maintenance and Debugging Table 4-34 Enabling/disabling info-center Operation Command Enable info-center info-center enable Disable info-center undo info-center enable Note: Info-center is enabled by default. After info-center is enabled, system performances are affected when the system processes much information because of information classification and outputting.

  • Page 322: Sending The Configuration Information To Trap Buffer

    Operation Manual - System Management Quidway S3000-EI Series Ethernet Switches Chapter 4 System Maintenance and Debugging information with the level below it will not be output. channel-number specifies the channel number and channel-name specifies the channel name. When defining the information sent to log buffer, channel-number or channel-name must be set to the channel that corresponds to Console direction.
  • Page 323 Operation Manual - System Management Quidway S3000-EI Series Ethernet Switches Chapter 4 System Maintenance and Debugging Note: Info-center is enabled by default. After info-center is enabled, system performances are affected when the system processes much information because of information classification and outputting.

  • Page 324: Sending The Configuration Information To Snmp Network Management

    Operation Manual - System Management Quidway S3000-EI Series Ethernet Switches Chapter 4 System Maintenance and Debugging may have different default settings of log, trap and debugging. When there is no specific configuration record for a module in the channel, use the default one.
  • Page 325 Operation Manual - System Management Quidway S3000-EI Series Ethernet Switches Chapter 4 System Maintenance and Debugging Configuring to output information to SNMP NM Perform the following operation in system view. Table 4-43 Configuring to output information to SNMP NM Operation...

  • Page 326: Turn On/Off The Information Synchronization Switch In Fabric

    Operation Manual - System Management Quidway S3000-EI Series Ethernet Switches Chapter 4 System Maintenance and Debugging Note: If you want to view the debugging information of some modules on the switch, you must select debugging as the information type when configuring information source, meantime using the debugging command to turn on the debugging switch of those modules.

  • Page 327: Displaying And Debugging Info-Center

    Operation Manual - System Management Quidway S3000-EI Series Ethernet Switches Chapter 4 System Maintenance and Debugging Table 4-46 Enable/disable info-center Operation Command Enable info-center info-center enable Disable info-center undo info-center enable Turn on the information synchronization switch Perform the following operation in system view.

  • Page 328: Configuration Examples Of Sending Log To Unix Loghost

    Operation Manual - System Management Quidway S3000-EI Series Ethernet Switches Chapter 4 System Maintenance and Debugging 4.5.11 Configuration examples of sending log to Unix loghost I. Networking Requirement The networking requirement are as follows: Sending the log information of the switch to Unix loghost The IP address of the loghost is 202.38.1.10...

  • Page 329: Configuration Examples Of Sending Log To Linux Loghost

    Operation Manual - System Management Quidway S3000-EI Series Ethernet Switches Chapter 4 System Maintenance and Debugging Step 2: Edit file /etc/syslog.conf as the super user (root), add the following selector/actor pairs. # Quidway configuration messages local4.info /var/log/Quidway/information Note: Note the following points when editing /etc/syslog.conf: The note must occupy a line and start with the character #.
  • Page 330 Operation Manual - System Management Quidway S3000-EI Series Ethernet Switches Chapter 4 System Maintenance and Debugging All modules are allowed to output information II. Networking diagram Network Network Switch Switch Switch Figure 4-3 Schematic diagram of configuration III. Configuration steps...

  • Page 331: Configuration Examples Of Sending Log To Console Terminal

    Operation Manual - System Management Quidway S3000-EI Series Ethernet Switches Chapter 4 System Maintenance and Debugging Note: Note the following points when editing /etc/syslog.conf: The note must occupy a line and start with the character #. There must be a tab other than a space as the separator in selector/actor pairs.
  • Page 332 Operation Manual - System Management Quidway S3000-EI Series Ethernet Switches Chapter 4 System Maintenance and Debugging The output language is English The modules that allowed to output information are ARP and IP II. Networking diagram console console console console Switch...

  • Page 333: Chapter 5 Snmp Configuration

    Operation Manual - System Management Quidway S3000-EI Series Ethernet Switches Chapter 5 SNMP Configuration Chapter 5 SNMP Configuration 5.1 SNMP Overview By far, the Simple Network Management Protocol (SNMP) has gained the most extensive application in the computer networks. SNMP has been put into use and widely accepted as an industry standard in practice.
  • Page 334 Operation Manual - System Management Quidway S3000-EI Series Ethernet Switches Chapter 5 SNMP Configuration Figure 5-1 Architecture of the MIB tree The MIB (Management Information Base) is used to describe the hierarchical architecture of the tree and it is the set defined by the standard variables of the monitored network device.

  • Page 335: Configure Snmp

    Operation Manual - System Management Quidway S3000-EI Series Ethernet Switches Chapter 5 SNMP Configuration 5.3 Configure SNMP The main configuration of SNMP includes: Set community name Set the Method of Identifying and Contacting the Administrator Enable/Disable snmp Agent to Send Trap...

  • Page 336: Enable/Disable Snmp Agent To Send Trap

    Operation Manual - System Management Quidway S3000-EI Series Ethernet Switches Chapter 5 SNMP Configuration Perform the following configuration in system view. Table 5-3 Set the method of identifying and contacting the administrator Operation Command Set the method of identifying and contacting the...

  • Page 337: Set Lifetime Of Trap Message

    Operation Manual - System Management Quidway S3000-EI Series Ethernet Switches Chapter 5 SNMP Configuration 5.3.5 Set Lifetime of Trap Message You can use the following command to set lifetime of Trap message. Trap message that exists longer than the set lifetime will be dropped.

  • Page 338: Set The Engine Id Of A Local Or Remote Device

    Operation Manual - System Management Quidway S3000-EI Series Ethernet Switches Chapter 5 SNMP Configuration 5.3.8 Set the Engine ID of a Local or Remote Device You can use the following commands to set the engine ID of a local or remote device.

  • Page 339: Add/Delete A User To/From An Snmp Group

    Operation Manual - System Management Quidway S3000-EI Series Ethernet Switches Chapter 5 SNMP Configuration 5.3.11 Add/Delete a User to/from an SNMP Group You can use the following commands to add or delete a user to/from an SNMP group. Perform the following configuration in system view.

  • Page 340: Disable Snmp Agent

    Operation Manual - System Management Quidway S3000-EI Series Ethernet Switches Chapter 5 SNMP Configuration The agent can receive/send the SNMP packets of the sizes ranging from 484 to 17940, measured in bytes. By default, the size of SNMP packet is 1500 bytes.

  • Page 341: Snmp Configuration Example

    Operation Manual - System Management Quidway S3000-EI Series Ethernet Switches Chapter 5 SNMP Configuration 5.5 SNMP Configuration Example I. Networking requirements Network Management Station and the Ethernet switch are connected via the Ethernet. The IP address of Network Management Station is 129.102.149.23 and that of the VLAN interface on the switch is 129.102.0.1.
  • Page 342 5000 params securityname public IV. Configure Network Management System The Ethernet Switch supports Huawei’s iManager Quidview NMS. Users can query and configure the Ethernet switch through the network management system. For more about it, refer to the manuals of Huawei’s NM products.

  • Page 343: Chapter 6 Rmon Configuration

    Operation Manual - System Management Quidway S3000-EI Series Ethernet Switches Chapter 6 RMON Configuration Chapter 6 RMON Configuration 6.1 RMON Overview Remote Network Monitoring (RMON) is a type of IETF-defined MIB. It is the most important enhancement to the MIB II standard. It mainly used for monitoring the data traffic on a segment and even on a whole network.

  • Page 344: Configure Rmon

    Operation Manual - System Management Quidway S3000-EI Series Ethernet Switches Chapter 6 RMON Configuration 6.2 Configure RMON RMON configuration includes: Add/Delete an Entry to/from the Alarm Table Add/Delete an Entry to/from the Event Table Add/Delete an Entry to/from the History Control Table...

  • Page 345: Add/Delete An Entry To/From The History Control Table

    Operation Manual - System Management Quidway S3000-EI Series Ethernet Switches Chapter 6 RMON Configuration Table 6-2 Add/Delete an entry to/from the event table Operation Command rmon event event-entry [ description string ] { log | trap Add an entry to the trap-community | log-trap log-trapcommunity | none } event table.

  • Page 346: Add/Delete An Entry To/From The Statistics Table

    Operation Manual - System Management Quidway S3000-EI Series Ethernet Switches Chapter 6 RMON Configuration 6.2.5 Add/Delete an Entry to/from the Statistics Table The RMON statistics management concerns the port usage monitoring and error statistics when using the ports. The statistics include collision, CRC and queuing, undersize packets or oversize packets, timeout transmission, fragments, broadcast, multicast and unicast messages and the usage ratio of bandwidth.
  • Page 347 # Configure RMON. [Quidway-Ethernet2/1] rmon statistics 1 owner huawei-rmon # View the configurations in user view. <Quidway> display rmon statistics Ethernet 2/1 Statistics entry 1 owned by huawei-rmon is VALID. Gathers statistics of interface Ethernet2/1. Received: octets : 270149, packets...

  • Page 348: Chapter 7 Ntp Configuration

    Operation Manual - System Management Quidway S3000-EI Series Ethernet Switches Chapter 7 NTP Configuration Chapter 7 NTP Configuration 7.1 Brief Introduction to NTP 7.1.1 NTP Functions As the network topology gets more and more complex, it becomes important to synchronize the clocks of the equipment on the whole network. NTP (Network Time Protocol) is an application layer protocol of TCP/IP and used for advertising the accurate time throughout the network.

  • Page 349: Ntp Configuration

    Operation Manual - System Management Quidway S3000-EI Series Ethernet Switches Chapter 7 NTP Configuration NTP Packet NTP Packet NTP Packet NTP Packet 10:00:00 am 10:00:00 am 10:00:00am 10:00:00am Network Network Network Network LS_A LS_A LS_A LS_A LS_B LS_B LS_B LS_B...

  • Page 350: Configure Ntp Operating Mode

    Operation Manual - System Management Quidway S3000-EI Series Ethernet Switches Chapter 7 NTP Configuration The delay for a round trip of an NTP packet traveling between the Switch A and B: Delay= (T ) - (T Offset of Ethernet Switch A clock relative to Ethernet Switch B clock: offset=...
  • Page 351 Operation Manual - System Management Quidway S3000-EI Series Ethernet Switches Chapter 7 NTP Configuration Configure NTP multicast server mode Configure NTP multicast client mode I. Configure NTP Server Mode Set a remote server whose ip address is ip-address as the local time server. ip-address specifies a host address other than a broadcast, multicast or reference clock IP address.
  • Page 352 Operation Manual - System Management Quidway S3000-EI Series Ethernet Switches Chapter 7 NTP Configuration NTP version number number ranges from 1 to 3 and defaults to 3; the authentication key ID keyid ranges from 0 to 4294967295; interface-name or interface-type interface-number specifies the IP address of an interface, from which the source IP address of the NTP packets sent from the local Ethernet Switch to the peer will be taken;...
  • Page 353 Operation Manual - System Management Quidway S3000-EI Series Ethernet Switches Chapter 7 NTP Configuration V. Configure NTP Multicast Server Mode Designate an interface on the local Ethernet Switch to transmit NTP multicast packets. In this case, the local equipment operates in multicast mode and serves as a multicast server to multicast messages to its clients regularly.

  • Page 354: Configure Ntp Id Authentication

    Operation Manual - System Management Quidway S3000-EI Series Ethernet Switches Chapter 7 NTP Configuration 7.2.2 Configure NTP ID Authentication Enable NTP authentication, set MD5 authentication key, and specify the reliable key. A client will synchronize itself by a server only if the serve can provide a reliable key.

  • Page 355: Designate An Interface To Transmit Ntp Message

    Operation Manual - System Management Quidway S3000-EI Series Ethernet Switches Chapter 7 NTP Configuration 7.2.5 Designate an Interface to Transmit NTP Message If the local equipment is configured to transmit all the NTP messages, these packets will have the same source IP address, which is taken from the IP address of the designated interface.

  • Page 356: Set Authority To Access A Local Ethernet Switch

    Operation Manual - System Management Quidway S3000-EI Series Ethernet Switches Chapter 7 NTP Configuration Perform the following configurations in VLAN interface view. Table 7-12 Enable/Disable an interface to receive NTP message Operation Command Disable an interface to receive NTP ntp-service in-interface disable...

  • Page 357: Ntp Display And Debugging

    Operation Manual - System Management Quidway S3000-EI Series Ethernet Switches Chapter 7 NTP Configuration Table 7-14 Set the maximum local sessions Operation Command ntp-service max-dynamic-sessions Set the maximum local sessions number Resume the maximum number of local undo ntp-service sessions...
  • Page 358 Operation Manual - System Management Quidway S3000-EI Series Ethernet Switches Chapter 7 NTP Configuration V la n - in te r fa c e 2 : 3 .0 .1 .3 1 V la n - in te r fa c e 2 : Q u id w a y 3 1 .0 .1 .1 1...
  • Page 359 Operation Manual - System Management Quidway S3000-EI Series Ethernet Switches Chapter 7 NTP Configuration Clock stratum: 3 Reference clock ID: 1.0.1.11 Nominal frequency: 60.0002 Hz Actual frequency: 60.0002 Hz Clock precision: 2^17 Clock offset: -9.8258 ms Root delay: 27.10 ms Root dispersion: 49.29 ms...
  • Page 360 Operation Manual - System Management Quidway S3000-EI Series Ethernet Switches Chapter 7 NTP Configuration Configure Ethernet Switch Quidway5: (Quidway4 has been synchronized by Quidway3) # Enter system view. <Quidway5> system-view # Set the local clock as the NTP master clock at stratum 1.
  • Page 361 Operation Manual - System Management Quidway S3000-EI Series Ethernet Switches Chapter 7 NTP Configuration On Quidway3, set local clock as the NTP master clock at stratum 2 and configure to broadcast packets from Vlan-interface2. Configure Quidway4 and Quidway1 to listen to the broadcast from their Vlan-interface2 respectively.
  • Page 362 Operation Manual - System Management Quidway S3000-EI Series Ethernet Switches Chapter 7 NTP Configuration reference clock ID: LOCAL(0) nominal frequency: 100.0000 Hz actual frequency: 100.0000 Hz clock precision: 2^17 clock offset: 0.0000 ms root delay: 0.00 ms root dispersion: 10.94 ms peer dispersion: 10.00 ms...
  • Page 363 Operation Manual - System Management Quidway S3000-EI Series Ethernet Switches Chapter 7 NTP Configuration # Enter system view. <Quidway4> system-view # Enter Vlan-interface2 view. [Quidway4] interface vlan-interface 2 # Enable multicast client mode. [Quidway4-Vlan-Interface2] ntp-service multicast-client Configure Ethernet Switch Quidway1: # Enter system view.
  • Page 364 Operation Manual - System Management Quidway S3000-EI Series Ethernet Switches Chapter 7 NTP Configuration [Quidway2] ntp-service unicast-server 1.0.1.11 # Enable authentication. [Quidway2] ntp-service authentication enable # Set the key. [Quidway2] ntp-service authentication-keyid authentication-mode aNiceKey # Set the key as reliable.

  • Page 365: Chapter 8 Ssh Terminal Services

    Operation Manual - System Management Quidway S3000-EI Series Ethernet Switches Chapter 8 SSH Terminal Services Chapter 8 SSH Terminal Services 8.1 SSH Terminal Services 8.1.1 SSH Overview Secure Shell (SSH) can provide information security and powerful authentication to prevent such assaults as IP address spoofing, plain-text password interception when users log on to the switch remotely from an insecure network environment.

  • Page 366: Configuring Ssh Server

    Operation Manual - System Management Quidway S3000-EI Series Ethernet Switches Chapter 8 SSH Terminal Services Key negotiation stage: Both ends negotiate key algorithm and compute session key. The server randomly generates its RSA key and sends the public key to the client.
  • Page 367 Operation Manual - System Management Quidway S3000-EI Series Ethernet Switches Chapter 8 SSH Terminal Services Setting system protocol and link maximum Configuring and deleting local RSA key pair Configuring authentication type Defining update interval of server key Defining SSH authentication timeout value...
  • Page 368 Operation Manual - System Management Quidway S3000-EI Series Ethernet Switches Chapter 8 SSH Terminal Services Table 8-2 Configuring and canceling local RSA key pair Operation Command Configure local RSA key pair rsa local-key-pair create Cancel local RSA key pair rsa local-key-pair destroy Caution: For a successful SSH login, you must configure and generate the local RSA key pairs.
  • Page 369 Operation Manual - System Management Quidway S3000-EI Series Ethernet Switches Chapter 8 SSH Terminal Services By default, the system does not update server key. V. Defining SSH authentication timeout value Please perform the following configurations in system view. Table 8-5 Defining SSH authentication timeout value...

  • Page 370: Configuring Ssh Client

    Operation Manual - System Management Quidway S3000-EI Series Ethernet Switches Chapter 8 SSH Terminal Services Table 8-7 Configuring public key Operation Command Enter public key view rsa peer-public-key key-name Delete a designated public key undo rsa peer-public-key key-name When entering the public key edit view with the rsa peer-public-key command, you can begin editing the public key with the public-key-code begin command.
  • Page 371 Operation Manual - System Management Quidway S3000-EI Series Ethernet Switches Chapter 8 SSH Terminal Services Choosing SSH version. The switch currently supports SSH Server 1.5, so you have to choose 1.5 or earlier version. Specifying RSA private key file. If you specify RSA authentication for the SSH user, you must specify RSA private key file.
  • Page 372 Operation Manual - System Management Quidway S3000-EI Series Ethernet Switches Chapter 8 SSH Terminal Services Figure 8-3 SSH client configuration interface (2) You can select 1, as shown in the figure. IV. Specifying RSA private key file If you want to enable RSA authentication, you must specify RSA private key file, which is not required for password authentication.
  • Page 373 Operation Manual - System Management Quidway S3000-EI Series Ethernet Switches Chapter 8 SSH Terminal Services Figure 8-4 SSH client configuration interface (3) Click the <Browse> button to enter the File Select interface. Choose a desired file and click <OK>. V. Opening SSH connection Click the <Open >...

  • Page 374: Displaying And Debugging Ssh

    Operation Manual - System Management Quidway S3000-EI Series Ethernet Switches Chapter 8 SSH Terminal Services Figure 8-5 SSH client interface Key in correct username and password and log into SSH connection. Log out of SSH connection with the logout command.

  • Page 375: Ssh Configuration Example

    Select the default values for SSH authentication timeout value, retry value and update interval of server key. Then run SSH1.5 client program on the PC which is connected to the switch and access the switch using username “client001” and password “huawei”. For RSA authentication mode...
  • Page 376 Operation Manual - System Management Quidway S3000-EI Series Ethernet Switches Chapter 8 SSH Terminal Services [Quidway-ui-vty0-4] authentication-mode scheme # Select SSH protocol on the switch. [Quidway-ui-vty0-4] protocol inbound ssh # Specify RSA authentication on the switch. [Quidway] ssh user client002 authentication-type RSA # Configure RSA key pair on the switch.
  • Page 377 HUAWEI Quidway S3000-EI Series Ethernet Switches Operation Manual Remote Power-feeding Huawei Technologies Proprietary...
  • Page 378 Operation Manual - Remote Power-feeding Quidway S3000-EI Series Ethernet Switches Table of Contents Table of Contents Chapter 1 Remote Power-Feeding Configuration ..............1-1 1.1 Overview ..........................1-1 1.2 Configuring Remote Power-Feeding ................. 1-1 1.2.1 Enabling/Disabling Remote Power-Feeding on a Port ........... 1-3 1.2.2 Pressing the Mode Button to Detect Power-Feeding on a Port ......

  • Page 379: Chapter 1 Remote Power-Feeding Configuration

    Operation Manual - Remote Power-feeding Quidway S3000-EI Series Ethernet Switches Chapter 1 Remote Power-Feeding Configuration Chapter 1 Remote Power-Feeding Configuration 1.1 Overview S3026C-PWR Ethernet Switch provides Power over Ethernet (PoE) function, which performs remote power-feeding to connected powered devices (PD) such as IP phones, WLAN APs and Network cameras, by providing -48V DC power to the attached remote PDs through twisted-pairs.
  • Page 380 Operation Manual - Remote Power-feeding Quidway S3000-EI Series Ethernet Switches Chapter 1 Remote Power-Feeding Configuration Network Network Network Network S3026C - PWR S3026C - PWR E0/24 E0/24 E0/24 E0/24 E0/1 E0/1 E0/1 E0/1 E0/2 E0/2 E0/2 E0/2 S2016C S2016C S2016C...

  • Page 381: Enabling/Disabling Remote Power-Feeding On A Port

    Operation Manual - Remote Power-feeding Quidway S3000-EI Series Ethernet Switches Chapter 1 Remote Power-Feeding Configuration Device Configuration Default Description Correctly connect the PD with the electrical ports of S3026C-PWR 1.2.1 Enabling/Disabling Remote Power-Feeding on a Port You can enable or disable remote power-feeding on a port according to actual network requirements.

  • Page 382: Setting The Maximum Power On A Power-Feeding Port

    Operation Manual - Remote Power-feeding Quidway S3000-EI Series Ethernet Switches Chapter 1 Remote Power-Feeding Configuration Table 1-3 Selecting the power-feeding mode on a port Operation Command Feed power through signal lines poe mode signal Feed power through spare lines poe mode spare...

  • Page 383: Enabling/Disabling The Compatibility Detection Of Pds

    Operation Manual - Remote Power-feeding Quidway S3000-EI Series Ethernet Switches Chapter 1 Remote Power-Feeding Configuration manual: when power supply reaches full load, the switch only gives prompt and doesn’t supply power to the new one if a new PD is connected to the switch . For example, port A is configured with a priority of "critical"...

  • Page 384: Reset The Poe Configuration On The Switch

    Operation Manual - Remote Power-feeding Quidway S3000-EI Series Ethernet Switches Chapter 1 Remote Power-Feeding Configuration Table 1-7 Enabling/disabling the compatibility detection of PDs Operation Command Enable the compatibility detection of PDs undo poe legacy disable Disable the compatibility detection of PDs poe legacy disable By default, the compatibility detection of PDs is enabled.

  • Page 385: Displaying Remote Power-Feeding

    Operation Manual - Remote Power-feeding Quidway S3000-EI Series Ethernet Switches Chapter 1 Remote Power-Feeding Configuration 1.3 Displaying Remote Power-Feeding After the above configuration, execute the display commands in any view to display the running of the remote power-feeding configuration, and to verify the effect of the configuration.

  • Page 386: Upgrading Poe Daughter-Card Configuration Example

    Operation Manual - Remote Power-feeding Quidway S3000-EI Series Ethernet Switches Chapter 1 Remote Power-Feeding Configuration III. Configuration procedure # Enable remote power-feeding on Ethernet0/1, Ethernet0/2 and Ethernet0/24 (this is the default configuration and can be therefore omitted.) [Quidway-Ethernet0/1] undo poe disable...
  • Page 387 Operation Manual - Remote Power-feeding Quidway S3000-EI Series Ethernet Switches Chapter 1 Remote Power-Feeding Configuration II. Networking diagram Network Network Switch Switch Switch Figure 1-3 Networking for FTP configuration III. Configuration procedure Configure FTP server parameters on the PC: a user named as switch, password hello, read &...
  • Page 388 Operation Manual - Remote Power-feeding Quidway S3000-EI Series Ethernet Switches Chapter 1 Remote Power-Feeding Configuration # Use the get command to download the new.bin from the FTP server to the flash directory on the FTP server. [ftp] get new.bin # Use the quit command to release FTP connection and return to user view.
  • Page 389 HUAWEI Quidway S3000-EI Series Ethernet Switches Operation Manual Appendix Huawei Technologies Proprietary...
  • Page 390 Operation Manual - Appendix Quidway S3000-EI Series Ethernet Switches Table of Contents Table of Contents Appendix A Acronyms ........................A-1 Huawei Technologies Proprietary...
  • Page 391 Operation Manual - Appendix Quidway S3000-EI Series Ethernet Switches Appendix A Acronyms Appendix A Acronyms Authentication, Authorization and Accounting Access Control List Address Resolution Protocol Command Line Interface File Transfer Protocol GARP Generic Attribute Registration Protocol Gigabit Ethernet GVRP GARP VLAN Registration Protocol...
  • Page 392 Operation Manual - Appendix Quidway S3000-EI Series Ethernet Switches Appendix A Acronyms SNMP Simple Network Management Protocol Spanning Tree Protocol TCP/IP Transmission Control Protocol/ Internet Protocol TFTP Trivial File Transfer Protocol Time To Live User Datagram Protocol VLAN Virtual LAN...

Table of Contents