Page 1 S1700 Managed Series Ethernet Switches V100R007C00 Web User Manual Issue Date 2012-10-25 HUAWEI TECHNOLOGIES CO., LTD.
Page 2 Notice The purchased products, services and features are stipulated by the contract made between Huawei and the customer. All or part of the products, services and features described in this document may not be within the purchase scope or the usage scope. Unless otherwise specified in the contract, all statements, information, and recommendations in this document are provided "AS IS"...
Page 3: About This Document
Indicates a tip that may help you solve a problem or save time. Provides additional information to emphasize or supplement important points of the main text. Issue 05 (2012-10-25) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 4 Compare to Issue 02 (2012-04-26): Enter the contact person or organization of the management switch Issue 02（2012-04-26） Compare to Issue 01 (2012-03-05) 5.5.3 Figure 5-28 Issue 01（2012-03-05） Initial release. Issue 05 (2012-10-25) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 5: Table Of Contents
3.7.2 IPv4 ............................... 18 3.7.3 IPv6 ............................... 20 3.8 ARP ................................21 3.8.1 Static ARP ............................. 21 3.8.2 Dynamic ARP ............................22 3.9 IPv6 Neighbor ..............................22 Issue 05 (2012-10-25) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 6 5.5.4 MSTP Region ............................66 5.6 IGMP Snooping .............................. 68 5.6.1 Global ..............................68 5.6.2 VLAN Parameter ..........................70 5.6.3 Group Deny ............................73 5.6.4 Group Policy ............................74 Issue 05 (2012-10-25) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 7 8.2.1 IPv6 Route Table ..........................117 8.2.2 IPv6 Static/Default Route Configure ....................117 9 Security............................119 9.1 User Management ............................119 9.1.1 User Management ..........................119 9.1.2 Online User ............................122 Issue 05 (2012-10-25) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 8 9.10.2 Interface ............................159 9.11 MAC Attack ............................... 161 9.11.1 Illegal Packet Settings ........................161 9.12 Interface Isolation ............................162 9.12.1 Two-way Isolation ..........................162 9.12.2 One-way Isolation ..........................163 Issue 05 (2012-10-25) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 9 10.4 LLDP-MED..............................203 10.4.1 Global Configuration ........................203 10.4.2 Interface ............................204 10.4.3 Local ..............................205 10.4.4 Remote Interface Information ......................206 11 Device Management ....................... 207 Issue 05 (2012-10-25) Huawei Proprietary and Confidential viii Copyright © Huawei Technologies Co., Ltd.
Page 10 11.6 Interface Mirror ............................213 11.7 Tools ................................215 11.7.1 Ping Test ............................215 11.7.2 Tracert ............................... 216 11.7.3 One Key Information ........................217 12 Save Running-config ......................218 Issue 05 (2012-10-25) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 11: Client Setting
Step 2 Input address field with default URL (Universal Resource Locator) address of Web network management client: 192.168.1.253, then press Enter key after which logon dialog box appears on screen, configuration page being as follows: Issue 05 (2012-10-25) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 12: Know About Client Interface
1.2.1 Client Interface Components Layout of typical operating interface of Web network management client is described. The typical operating interface of Web network management is as shown in Fig.1-2 Issue 05 (2012-10-25) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 13: Navigation Tree
Upgrade firmware version of switch in HTTP or FTP mode. File System Upload, download and delete files of device Management FLASH. System Set device name and connection timeout duration. Configuration Issue 05 (2012-10-25) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 14 Effective Period Configure effective period of applying ACL rules. ACL Profile Create AC rules. ACL Application Apply rules to specified interface or VLAN. Issue 05 (2012-10-25) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 15 Perform DHCP Snooping configuration. IPSG Perform IP source protection configuration. Perform dynamic address detection configuration. MAC Attack Perform illegal message and MAC spoofing configurations. Interface Isolation Perform interface isolation configuration Issue 05 (2012-10-25) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 16: Common Buttons
View hardware information of device, used for Management Management confirming whether system is at normal state or not when the product of Huawei leaves factory, to guarantee the versions programmed by all products through strict inspection of Huawei are proper. Interface...
Page 17: Common Interface Elements
Web logon dialog box (as shown in Figure 1-1); if necessary, please logon again to continue. Issue 05 (2012-10-25) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 18: Configuration Saving
To ensure security of Web network management system, user should timely logout after configuration. Click button at the upper right of any webpage on Web Network Management Client to logout. Issue 05 (2012-10-25) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 19: Device Summary
Interface amount. Operating statuses of interfaces: including activated state and interface type. NOTE Place mouse on some interface to view number and connection rate of this interface. Issue 05 (2012-10-25) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 20: Device Information
It shows current CPU usage factor and temperature information of switch. Click Device Summary menu under navigation bar, and view the page of Device Status, configuration page is shown as follows. Figure 2-3 Device Status Page Issue 05 (2012-10-25) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 21: System Management
Clicking System Management > Reset Factory, user can reset device to factory default configuration through this webpage. The configuration page is shown as follows Figure 3-1 Reset Factory Issue 05 (2012-10-25) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 22: Reboot
It shows the system software and configuration files currently used by switch Next Startup File System Software: select firmware version of next startup. Configuration File:select configuration file of next startup. Issue 05 (2012-10-25) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 23: Software Upgrade
(/), the first character excluding point (.), and length of filename is not more than 64 characters (valid characters including: A-Z, a-z, 0-9, „.‟, „-„ and „_‟. Start Click this button to upgrade software. Issue 05 (2012-10-25) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 24: File System Management
Save as: filename to be saved after download. The length of filename is not more than 64 characters (illegal characters including: \, /, :, *, ?, ", <, >, | and space. Issue 05 (2012-10-25) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 25: System Configuration
Enter the device name of switch with a maximal length of 255 characters. HTTP Connection Enter the HTTP connection timeout duration of switch within Timeout Duration 1-35791 minutes, default is 3 minutes. Issue 05 (2012-10-25) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 26: Sntp
Query Interval: This is the interval between requests for updated SNTP information. (Range: 30-99999; Default: 720 seconds) Time Zone Set your local time zone. System Current Time Display current time of switch. Issue 05 (2012-10-25) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 27: Ip Management
----End 3.7 IP Management S1700 series switch has only two VLAN corresponding interface anytime to configure IP address, and this VLAN is management VLAN. If management for the switch is needed, an IP address for VLAN interface of the switch must be configured.
Page 28: Ipv4
IP management addresses. Subnet Mask Subnet mask of IP address. Secondary The secondary IP address of the switch. CAUTION Default management VLAN of switch is Default, for example 192.168.1.253. Issue 05 (2012-10-25) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 29 (Default: 255.255.255.0). Secondary The secondary IP address of the switch. Step 3 Specified management mode is DHCP. Step 4 Click Apply to apply all the changes made. ----End Issue 05 (2012-10-25) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 30: Ipv6
Fig.3-10. Step 2 Click New to add an IPv6 address for switch management VLAN, to bounce the configuration page shown as follows. Figure 3-11 IPv6 Address Settings Issue 05 (2012-10-25) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 31: Arp
Click System Management > ARP > Static ARP page to display static entries in the ARP table, the configuration page is shown as the figure below. Figure 3-12 Static ARP Issue 05 (2012-10-25) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 32: Dynamic Arp
Click System Management > IPv6 Neighbor > Static Neighbor page to display and add IPv6 static neighborhood information, the configuration page is shown as the figure below. Issue 05 (2012-10-25) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 33: Dynamic Neighbor
Click System Management > IPv6 Neighbor > Dynamic Neighbor page to display the IPv6 dynamic neighbor information detected by switch, the configuration page is shown as the figure below. Issue 05 (2012-10-25) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 34: Router Advertise
RA Hoplimit Display the hoplimit value of the router advertisement. RA MTU Display the MTU value of the router advertisement. Router Advertise Choose to enable/disable Router Advertise. Issue 05 (2012-10-25) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 35 Step 1 Click System Management > IPv6 Neighbor > Router Advertise. Step 2 Select Enable in the pull-down menu of RA Halt. Step 3 Click Apply to halt router advertisement. ----End Issue 05 (2012-10-25) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 36: Interface Management
Item Description Query Search the basic attributes of the designated interface. Interface Name Display the number of interface. Status The operating status (up or down) on interface. Issue 05 (2012-10-25) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 37 Configure button to manually configure status for the designated interface, including negotiation, interface speed, duplex mode and flow control, the configuration page is shown as the figure below. Figure 4-2 Basic Attributes Configuration Issue 05 (2012-10-25) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 38: Statistics On Interface
Click Interface Management > Ethernet Interface > Statistics on Interface page to view statistics information for each interface; statistics on interface is accounted after device startup completed, the refresh frequency is 1/SEC. Issue 05 (2012-10-25) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 39 Broadcast Packets Total broadcast packets transmitted on this interface. Multicast Packets Total multicast packets transmitted on this interface. Delayed Frames Total delayed frames transmitted on this interface. Issue 05 (2012-10-25) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 40: Eth-Trunk
LACP interface of a device and that of another device. User is allowed to configure any member with an interface number of LACP as long as these numbers are not configured as Issue 05 (2012-10-25) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 41: System Priority Configuration
Figure 4-5 System Priority Configuration Table 4-4 Parameters of System Priority Configuration Item Description Priority Set LACP priority level of switch (Range: 0-65535; Default: 32768). Issue 05 (2012-10-25) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 42: Trunk Configuration
The backup port with higher priority replaces the active port with lower priority after a designated time. It will only relevant when LACP Preempt is enabled. Select interface The interface number set as Trunk member. Issue 05 (2012-10-25) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 43 Step 2 Click Edit icon in the right-hand column of Trunk to be configured. Step 3 Configure the required Trunk parameters. Step 4 Click Apply to apply all the changes made. ----End Issue 05 (2012-10-25) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 44 Step 3 Click the check box in the left-hand column of the interface to be modified on attributes from Trunk Member list, click Configure button of the list, and edit attributes of the designated interface. Figure 4-11 Edit Member Attributes Issue 05 (2012-10-25) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 45 Specify LACP priority of interface (Range: 0–65535; LACP Priority Default: 32768) Step 4 Configure the parameters needed. Step 5 Click Apply button to apply all the changes made. ----End Issue 05 (2012-10-25) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 46: Service Management
5.1.1 VLAN Click Service Management > VLAN > VLAN page to view the configured VLAN on the switch, the configuration page is shown as the figure below. Issue 05 (2012-10-25) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 47 Figure 5-2 Add VLAN Step 3 Enter VLAN ID and VLAN names, parameters are as shown in Fig.5-1 Step 4 Click Apply to apply all the changes made. ----End Issue 05 (2012-10-25) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 48: Interface
Step 3 After modification, click Apply to apply all the changes made. ----End 5.1.2 Interface Click Service Management > VLAN > Interface page to view/edit VLAN members' attribute, as shown in Fig.5-3 Figure 5-3 Interface VLAN Attributes Issue 05 (2012-10-25) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 49 If the link type is Hybrid, the Tagged VLAN ID or list is allowed to pass through the interface. This can only be used when the link type is Hybrid. Issue 05 (2012-10-25) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 50: Mac Vlan
If the match succeeds, the message will be tagged with specified VLAN ID in table. If the match fails, the message will be matched according to other principles. Issue 05 (2012-10-25) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 51: Mac Vlan
Step 1 Click Service Management > MAC VLAN > MAC VLAN, the configuration page is as shown in Fig.5-5 Step 2 Click New button to add MAC VLAN, the configuration page is shown as the figure below. Issue 05 (2012-10-25) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 52: Interface
Click Service Management > MAC VLAN > Interface page to open the configuration page as shown below, which displays all function status information of MAC VLAN on all interfaces Figure 5-7 Attribute of MAC VLAN Interface Issue 05 (2012-10-25) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 53: Voice Vlan
Voice VLAN traffic. Voice VLAN traffic can detect the VoIP device connected to network through the source MAC address of packets. When Voice VLAN traffic is detected on an Issue 05 (2012-10-25) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 54: Global Parameter Configuration
Step 1 Click Service Management > Voice VLAN > Global. Step 2 Choose Enable under Global State to enable Voice VLAN. Step 3 Specified ID of VLAN ID is 2. Issue 05 (2012-10-25) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 55: Interface
The switch will recognize its friendly device based on the message sent by the receiving device. Configure Voice VLAN based on Interface or Interface Range Step 1 Click Service Management > Voice VLAN > Interface. Issue 05 (2012-10-25) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 56: Voice Vlan Oui
VoIP. Click Service Management > Voice VLAN > Voice VLAN OUI page to set Voice VLAN OUT for switch. Figure 5-12 Voice VLAN OUI Issue 05 (2012-10-25) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 57: Voice Vlan Device
Click Service Management > Voice VLAN > Voice VLAN Device page to view Voice VLAN device connected to switch, the configuration page is shown as the figure below. Issue 05 (2012-10-25) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 58: Lldp-Med Voice Device
Interface ID Interface ID of LLDP-MED device. The start time when LLDP-MED device joins the Create Time switch. Remain Time The remaining time that LLDP-MED exists on switch. Issue 05 (2012-10-25) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 59: Legacy Device
Click Service Management > MAC > MAC Address Table page to open the page as shown in following figure, which displays the address list information of switch. Issue 05 (2012-10-25) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 60: Mac Aging Time
If exceeds this time, the switch will discard the MAC address forwarding records. Click Service Management > MAC > MAC Aging Time page to view the configuration of MAC Aging Time. Issue 05 (2012-10-25) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 61: Static Mac Table
Search the matched entry based on Interface Name, MAC Address or VLAN ID. MAC Address MAC address in address table. VLAN ID VLAN ID that corresponds to the above MAC address Issue 05 (2012-10-25) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 62: Blackhole Mac Table
Click Service Management > MAC > Blackhole MAC Table page to open the page as shown in following figure, which displays the information of Blackhole address table on switch. Issue 05 (2012-10-25) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 63 Figure 5-22 Add Blackhole MAC Step 2 Enter the Blackhole MAC address information to be added in configuration page. Step 3 Click Apply to apply all the changes made. ----End Issue 05 (2012-10-25) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 64: Mac Filter
Step 3 Click Apply button to apply all the changes made. ----End 5.4.6 Migrate MAC Table Migrate MAC Table lists the changed information of the same MAC address among the switch interfaces. Issue 05 (2012-10-25) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 65: Stp
5.5.1 STP Information Click Service Management > STP > STP Information page to view the STP instance information on the switch, as shown in the following figure Issue 05 (2012-10-25) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 66 Instance Number. Path Cost Cost value of device path. Priority Device priority. STP Brief Instance Instance number. Interface Interface number for instance operation. Port Role Interface status. Issue 05 (2012-10-25) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 67: Stp Global
Click Service Management > STP > STP Global page to configure the STP global parameters for the switch, the configuration page is shown as the figure below. Issue 05 (2012-10-25) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 68 MAC address will then become the root device (note that lower numeric values indicate higher priority) .Default value: 32768; Range: 0~61440; Step Length: 4096. Advanced Configuration Issue 05 (2012-10-25) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 69 Interval for root bridge's broadcast “hello” message. Hello Time “hello” message is used to detect whether the network topology is normal or not. Issue 05 (2012-10-25) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 70: Stp Interface
Figure 5-28 STP Interface Table 5-17 Parameters of STP Interface Item Description Interface Interface number. MSTP Enable/disable STP on this interface. Instance The instance numbers that runs on interface. Issue 05 (2012-10-25) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 71 The associated cost for interface that forwards the packet to the designated interface list. Parameters of Editing STP Interface “GigabitEthernet 0/0/1 Step 1 Click Service Management>STP> STP Interface. Issue 05 (2012-10-25) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 72 The default value is 128; range is 0~240; field is 16. Internal Path The root cost when switch reaching to CIST region. Cost Issue 05 (2012-10-25) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 73 “force-false”. This parameter default is set as “auto”. Path Cost Cost of this interface to CIST root path. Issue 05 (2012-10-25) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 74 Whether to enable STP protocol on interface. Interface‟s STP status. Port State This interface‟s priority. Port Priority This interface‟s internal path cost. Port Path Cost Bridge Port Bridge ID number/interface priority. Issue 05 (2012-10-25) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 75 “force-false”. This parameter default is set as “auto”. Issue 05 (2012-10-25) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 76: Mstp Region
If removed from Eth-Trunk,the STP attribute of original interface will recover. 5.5.4 MSTP Region Click Service Management>STP>MSTP Region to view switch's domain information; the configuration page is shown as the figure below. Issue 05 (2012-10-25) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 77 Figure 5-32 Add CIST Step 3 Select the instance number needed to add in Instance bar. Step 4 Click Apply button to apply all the changes made. ----End Issue 05 (2012-10-25) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 78: Igmp Snooping
Ethernet port‟s IGMP Snooping configuration will take effect. 5.6.1 Global Click Service Management>IGMP Snooping>Global to check switch‟s IGMP Snooping global configuration information; the configuration page is shown as the figure below. Issue 05 (2012-10-25) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 79 The number of multicast group learned in VLAN. IGMP Query The number of received/sent IGMP query message IGMP Report The number of received/sent report message of IGMP member Issue 05 (2012-10-25) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 80: Vlan Parameter
VLAN. After enabling it, the switch receives an IGMP Leave Packet, this function will allow multicast members to leave the group immediately (the switch does not need to send IGMP specific group query). Issue 05 (2012-10-25) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 81 Step 2 Click the Edit icon on the right of VLAN entry of the parameter needed to modify, opening the configuration page shown as below. Figure 5-36 Edit IGMP Snooping VLAN Issue 05 (2012-10-25) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 82 Router Alert ( IGMPv1 message excluded), otherwise drop this message. Send Router Alert Router-Alert option includes whether to send router alert in IGMP message header. Issue 05 (2012-10-25) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 83: Group Deny
Create IGMP Snooping Group Deny Step 1 Click Service Management>IGMP Snooping> Group Deny. Step 2 Click New button to open the configuration page shown as the figure below. Issue 05 (2012-10-25) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 84: Group Policy
Figure 5-39 IGMP Group Policy Table 5-26 Parameters of IGMP Group Policy Item Description Interface Name/ VLAN Interface name / VLAN ID. Issue 05 (2012-10-25) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 85 ACL rule can be configured. Step 3 Configure the needed parameter. Step 4 Click Apply button to apply all the changes below. ----End Issue 05 (2012-10-25) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 86: Static Groups
Table 5-29 Parameters of IGMP Snooping Static Groups Item Description VLAN Specifiy VLAN for transmitting multicast service. Group Address The IP address for the newly created static multicast group. Issue 05 (2012-10-25) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 87 Eth-Trunk List Select Trunk for receiving this static multicast group data. Step 3 Configure the needed parameter. Step 4 Click Apply button to apply all the changes made. Issue 05 (2012-10-25) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 88: Groups
5.6.7 Querier Click Service Management> IGMP Snooping> Querier to check querier information on switch; the configuration page is shown as the figure below. Figure 5-45 IGMP Snooping Querier Issue 05 (2012-10-25) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 89: Mrouter
Add IGMP Snooping Route Interface Step 1 Click Service Management> IGMP Snooping> Mrouter. Step 2 Click New button, opening the configuration page shown as the figure below. Issue 05 (2012-10-25) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 90: Forwarding Table
Figure 5-48 IGMP Snooping Forwarding Table Table 5-35 Parameters of IGMP Snooping Forwarding Table Item Description Specify the VLAN which used to transmite multicast VLAN service. Issue 05 (2012-10-25) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 91 Interface Name The downlink interfaces or interface aggregation of the specified multicast group that receives data stream, which includes multicast router interface with dynamic or static configuration. Issue 05 (2012-10-25) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 92: Acl Configuration
Period, the configuration page is shown as the figure below. Figure 6-1 Configure Effective Period Table 6-1 Parameters of Configuring Effective Period Item Description Time Range Name Period name. Issue 05 (2012-10-25) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 93 Step 4 Click Apply button to apply all the changes made. The newly created effective period will be displayed in list of effective period. CAUTION If the created effective period has been already existed, it cannot be recreated. Issue 05 (2012-10-25) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 94: Acl Profile
Step The starting number and distribution interval when the step automatically assigns rule number. ACL Description Display functional description of ACL entry. Issue 05 (2012-10-25) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 95 Table 6-4 Parameters of Editing ACL Profile Item Description Select the matching types for ACL entry: Standard IP, Extended ACL Type IP, Extended IPv6, Extended MAC or User-defined. Issue 05 (2012-10-25) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 96 Step 2 Click a created standard IP rule in ACL list, and click New in the list box of ACL Rule to add a new rule, opening the configuration page shown as the figure below. Figure 6-5 Create Standard IP Rule Issue 05 (2012-10-25) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 97 Step 2 Click a created extending IP rule in the ACL list box, and click New button in list box of ACL Rule to add a new rule, opening the configuration page shown as the figure below. Figure 6-6 Create Extended IP Rule Issue 05 (2012-10-25) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 98 Step 2 Click a created extending IPv6 rule in ACL list, and click New button in the list box of ACL Rule, opening the configuration page shown as the figure below. Issue 05 (2012-10-25) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 99 Specify the ICMP field including ICMP type and Message Code for data to be matched. Use checkbox to specify whether to match packet fragmentation for Fragments this kind of protocol. Issue 05 (2012-10-25) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 100 Enter rule number, and the value ranges from 1 to 65535. If not Rule ID specified, the system will assign automatically. Action Specify switch to permit or deny data stream that matches to the rule. Issue 05 (2012-10-25) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 101 Step 4 Then click New button in the ACL Rule list box to add a new rule, opening the configuration page shown as the figure below. Figure 6-9 Create aUser-Defined Rule Issue 05 (2012-10-25) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 102 If ACL doesn‟t select this segment, it can not be set. Time Range Name Click Please Select button to specify effective time for the rule. Issue 05 (2012-10-25) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 103: Acl Application
6.3.1 Interface Application Click ACL>ACL Application> Interface Application to apply rules to specified interface; the configuration page is shown as the figure below. Figure 6-11 Interface Application Issue 05 (2012-10-25) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 104: Vlan Application
Step 4 Click Apply button to apply all the changes below. ----End 6.3.2 VLAN Application Click ACL>ACL Application>VLAN Application to apply rules to specified VLAN; the configuration page is shown as the figure below. Issue 05 (2012-10-25) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 105 Specify VLAN ID number for the applied rule. NOTE A VLAN ID can only be applied to one VLAN entry application. Step 3 Click Application button to apply all the changes made. Issue 05 (2012-10-25) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 106: Http Acl
6.4 HTTP ACL Click ACL>HTTP ACL to apply rules to HTTP protocol data accessing switch; the configuration page is shown as the figure below. Figure 6-16 HTTP ACL Configuration Issue 05 (2012-10-25) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 107 ACL ID to HTTP protocol data and then click Apply button to implement configuration. HTTP ACL only supports standard IP ACL, not supporting other types of ACL. Issue 05 (2012-10-25) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 108: Qos Configuration
7.1 QoS Interface Click QoS >QoS Interface to view each interface‟s default interface priority and trust mode on the switch; the configuration page is shown as the figure below. Issue 05 (2012-10-25) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 109 Step 2 Click checkbox on the left of the interface to be edited and then click Configuration button, opening the configuration page shown as the figure below. Issue 05 (2012-10-25) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 110: Cos Mapping
Select service level mapped by this CoS. 7.3 DSCP Mapping Click QoS>DSCP Mapping to configure the mapping relationship between DSCP and service level; the configuration page is shown as the figure below. Issue 05 (2012-10-25) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 111: Ip Precedence Mapping
Figure 7-5 IP Precedence Mapping Table 7-4 Parameters of IP Precedence Mapping Item Description Service Level Select the service level mapped by this IP Precedence. Issue 05 (2012-10-25) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 112: Service Level Mapping
7.6 QoS Scheduler Click QoS>QoS Scheduler to configure the scheduler mode of hardware queue on switch; the configuration page is shown as the figure below. Figure 7-7 QoS Scheduler Issue 05 (2012-10-25) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 113: Simple Random Early Detection
Create a SRED Profile Step 1 Click QoS > SRED, and then click SRED Profile in Tab. Step 2 Click New button to open the following page. Issue 05 (2012-10-25) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 114 When drop mode is Drop Green reaching this threshold, it will begin to drop Green message. When drop mode is Not Drop Green, it drops Yellow message. Issue 05 (2012-10-25) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 115: Sred Information
Step 1 Click QoS > SRED, and then click SRED Information in Tab. Step 2 Click the SRED information needed and click Config button to open the following page. Issue 05 (2012-10-25) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 116: Sred Drop Counter
7.7.3 SRED Drop Counter Click QoS >SRED >SRED Drop Counter to view SRED drop statistics; the configuration page is shown as the figure below. Figure 7-12 7-9 SRED Drop Counter Issue 05 (2012-10-25) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 117: Traffic Management
Rule Type Types of traffic classifier rules Rule Value Rule value of classifier. Issue 05 (2012-10-25) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 118 Figure 7-15 Add Rules for Traffic Classifier Table 7-11 Parameters of Adding Traffic Classifier Rules Item Description Traffic Classifier Name Classifier profile name. Match All Packets Match all packets. Issue 05 (2012-10-25) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 119: Traffic Behavior
Add a Traffic Behavior Step 1 Click QoS>Traffic Management> Traffic Behavior. Step 2 Click New button to add a traffic behavior, opening the configuration page shown as the figure below. Issue 05 (2012-10-25) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 120 Configure Redirection Redirect the matched message to specified interface. Step 3 Configure the needed parameter Step 4 Click Apply button to apply all the changes made. ----End Issue 05 (2012-10-25) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 121: Traffic Policy
Step 5 In pull down menu of Traffic Classifier and Traffic Behavior, select respectively the traffic classifier profile and traffic behavior profile to be bound. Step 6 Click Apply button to apply all the changes made. ----End Issue 05 (2012-10-25) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 122: Apply Traffic Policy
Step 1 Click QoS>Traffic Management >Apply Traffic Policy. Step 2 Click New button to add a traffic policy application, opening the configuration shown as below. Figure 7-21 Configure Traffic Policy Issue 05 (2012-10-25) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 123: Traffic Shaping
Kbps for FE port and 64~1000000 Kbps for GE port. Maximum Rate The maximum speed of hardware queue. The range is 128~100000 Kbps for FE port and 128~1000000 Kbps for GE port. Issue 05 (2012-10-25) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 124 Step 3 Cancel checkbox of Unlimited on the right of queue, and enter the speed rate range of queue in Minimum Rate/Maximum Rate bar. Step 4 Click Apply button to apply all the changes made. ----End Issue 05 (2012-10-25) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 125: Ip Routing
Search IPv4 Route Table according to IP address. IP Address/Mask The IP address/mask of destination network segment of routing Gateway Gateway IP address (The address of next hop) Issue 05 (2012-10-25) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 126: Ipv4 Static/Default Route Configure
Step 1 Click IP Routing>IPv4 Route > IPv4 Static/Default Route Configure. Step 2 Click New button, opening the configuration page shown as the figure below. Figure 8-3 New IPv4 Routing Issue 05 (2012-10-25) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 127: Ipv6 Route
VLAN number of static routing entry 8.2.2 IPv6 Static/Default Route Configure Click IP Routing>IPv6 Route >IPv6 Static/Default Route Configure; the configuration is shown as the figure below. Figure 8-5 IPv6 Routing Issue 05 (2012-10-25) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 128 Step 2 Click New button, opening the configuration page shown as the figure below. Figure 8-6 New IPv6 Routing Step 3 Configure the needed parameter. Step 4 Click Apply button to apply all the changes made. Issue 05 (2012-10-25) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 129: Security
Click Security>User Management page and then click User Management in Tab to configure the user name and password configured by switch locally; the configuration page is shown as the figure below. Issue 05 (2012-10-25) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 130 Step 1 Click Security>User Management. Step 2 Click New button to add a user account, opening the configuration page shown as the figure below. Figure 9-2 Add User Issue 05 (2012-10-25) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 131 Modify User Account Step 1 Click Security>User Management. Step 2 Click Edit tag on the right of account entry to be modified, opening configuration page of modifying account. Issue 05 (2012-10-25) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 132: Online User
Display the online user ID. User Name Display the online user name. IPv4/ IPv6 Address Display the IP Address of online user. MAC Address Display the MAC address of online user. Issue 05 (2012-10-25) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 133: 123
Online users bind the ACL number with RADIUS standard attribute Filter-ID (11). The details can be found in ACL > ACL Profile. Authorized Online users bind the ACL rules with Huawei private RADIUS Data-Filter attribute Data-Filter (82). Click the Query button to expand the details of ACL rules.
Page 134: Global
Step 1 Click Security>802.1X. Step 2 Click Global Settings in tab bar. Step 3 Enable "802.1X State”. Step 4 Click Apply to apply all the changes made. ----End Issue 05 (2012-10-25) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 135: Mode
Configure button, opening the configuration page shown as the figure below. Figure 9-7 Configure Interface Authentication Mode Step 4 Select authentication mode in pull down menu of Interface Control. Issue 05 (2012-10-25) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 136: Interface
EAP packet (Range: 1 - 120; Default: 30 seconds) Quiet Period Period that the failed authentication between switch and client, and then begin to authenticate. (Range: 10-3600; Default: 60 seconds) Issue 05 (2012-10-25) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 137 Step 2 Click Interface Configuration in tab. Step 3 Click checkbox on the left of interface to be configured to 802.1X, and click Configure button, opening configuration page of interface 802.1X. Issue 05 (2012-10-25) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 138: Authorized Status
3, 802.1X Authentication can not be enabled on link aggregation port. 9.2.4 Authorized Status Click Security>802.1X> Authorized Status to display 802.1X Authorized Status of interface on switch. Figure 9-10 Authorized Status Issue 05 (2012-10-25) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 139: Statistics
Step 3 Select the port to be checked in Interface Name, and click Query button to check the 802.1X authorized status on interface. ----End 9.2.5 Statistics Click Security>802.1X> Statistics, the configuration page is as follows.. Figure 9-11 Statistics Issue 05 (2012-10-25) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 140: Session
The source MAC address of EAPOL frame which has been received by Authenticator recently. 9.2.6 Session Click Security>802.1X> Session, the configuration page is as follows. Figure 9-12 Session Issue 05 (2012-10-25) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 141: Diagnostics
Item Description Search session statistics information of interface Query specified in Interface Name. Interface Name Interface Number Times 802.1X status machine entering EntersConnecting “CONNECTING” from other status Issue 05 (2012-10-25) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 142 Request/Response except EAP-NAK. Times of 802.1X backend status machine failing to BackendAuthFails authenticate BackenAuthSuccesses Times of 802.1X backend status machine successfully authenticating Issue 05 (2012-10-25) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 143: Guest Vlan
Interface Name Interface Name Create Guest VLAN for Interface Step 1 Click Security> Guest VLAN. Step 2 Click New button to open configuration page of interface VLAN. Issue 05 (2012-10-25) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 144: Storm Suppression
These packets statistics are the key factor to decide when the inbound packet exceeds the threshold value. (Range: 1-300 seconds, Default: 5 seconds). Interface Name Display the Interface Number. Issue 05 (2012-10-25) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 145 Figure 9-17 Configure Interface Storm Control Step 4 Select storm type to be controlled from drop down menu of Type. Step 5 Enable or disable storm control in Status field. Issue 05 (2012-10-25) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 146: Storm Suppression
Enable or Disable traffic suppression. Drop The packet exceeding the specified threshold value will be dropped. Threshold can be based on message rate (kbps) and (%) percentage of bandwidth. Issue 05 (2012-10-25) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 147: Port Security
Use the interface port security feature to prevent the specific device from accessing the network, which enhance the security performance. After configuring the port security on the interface, the switch considers the following MAC is legal: Issue 05 (2012-10-25) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 148: Port Security Parameter Configuration
Step 2 Click Port Security Parameter Configurations in Tab. Step 3 Click the checkbox on the left side of port security interface to be configured, then click Configure button to open port security configuration page. Issue 05 (2012-10-25) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 149 Mac‟s re-learning after the device reboots, but also prevents the untrusted MAC host from communicating with the switch through the interface. Issue 05 (2012-10-25) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 150: Port Security Address Information
Click Security> Port Security> Port Security Address Information to view security address and create static security address, the configuration page is displayed as follows. Figure 9-22 Port Security Address Information Issue 05 (2012-10-25) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 151 Figure 9-23 New Security Address Information. Table 9-17 Parameters of New Security Address Information Item Description Interface Name Select the interface number which needs to be bound. Issue 05 (2012-10-25) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 152: Address Table Import And Export
Step 2 Click Address Table Import and Export in Tab. Step 3 Click Export button to save the security address table information on switch as cfg file format to local computer. ----End Issue 05 (2012-10-25) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 153: Mac-Based Access Control
MAC address authentication, you must create an account in Security> User Management. To complete the MAC address authentication, the user name and password should be the same as user name and password for MAC address authentication . Issue 05 (2012-10-25) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 154: Interface
0 to 300, and the default is 60 seconds. Max User The allowed maximum number of access user on the interface. The value ranges from 1 to 512, and the default is 256. Issue 05 (2012-10-25) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 155: Mac-Based Access Control Auth-Info
Click Security> MAC-based Aceess Control> MAC-based Access Control Auth-info to display MAC authentication information of switch interface, the configuration page is displayed as follows. Figure 9-28 MAC-based Access Control Auth-info Issue 05 (2012-10-25) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 156: Mac Format Configure
Specify whether there are separators in MAC address or not. Separator Number Specify the number of separator in MAC address. MAC address is HHHH-HHHH-HHHH. MAC address is HH-HH-HH-HH-HH-HH. Issue 05 (2012-10-25) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 157: Attack Prevent
Edit or delete the virus prevent option or clear the attacking statistics. The New Worm Prevent Step 1 Click Security> Attack Prevent. Step 2 Click Worm Prevent in Tab. Step 3 Click New to add new worm features. Issue 05 (2012-10-25) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 158: Dos Attack Prevent
MAC address information from the received DHCP Request or DHCP Ack message. The switch only processes the DHCP message of trusted DHCP Server and then generates a dynamic host binding entry. Issue 05 (2012-10-25) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 159: Global
Table 9-24 Parameters of Interface State Settings Item Description Query Search the state settings of specified interface in Interface Name. Interface Name Interface Number. Status DHCP Snooping status on interface. Issue 05 (2012-10-25) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 160: Interface Trust Settings
Interface Number. The trust status of Interface. The switch only processes the DHCP Status message from trusted DHCP Server interface and then generates a dynamic host binding entry. Issue 05 (2012-10-25) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 161: Interface Parameter Settings
Interface with IPSG enabled can not be set to DHCP Snooping trusted. 9.8.4 Interface Parameter Settings Click Security> DHCP Snooping> Interface Parameter Settings, the configuration page is displayed as follows. Figure 9-38 Interface Parameter Settings Issue 05 (2012-10-25) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 162 Step 3 Click the checkbox on the left side of DHCP Snooping parameter interface to be configured, and then click Configure button, the configuration page is displayed as follows. Figure 9-39 Configure Interface Parameter Step 4 Configure the needed Parameter. Issue 05 (2012-10-25) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 163: Binding Table Information
Step 3 Click the Browse button and select the file from local PC which contains the binding table information. Click the Import button to load the information to the switch. ----End Export binding table. Issue 05 (2012-10-25) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 164: Ipsg
DHCP Snooping binding table automatically. 9.9.1 IPSG Settings Click Security> IPSG> IPSG Settings to configure IPSG for interface, the configuration page is displayed as follows. Issue 05 (2012-10-25) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 165 Step 2 Click the checkbox on the left side of IPSG parameter interface to be configured, and then click Configure button, the configuration page is displayed as follows. Issue 05 (2012-10-25) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 166: Static Binding Table
Search the static binding table information on the specified interface in Interface Name Interface Name Interface belongs to host VLAN ID VLAN ID belongs to host MAC Address Host MAC address IP Address Host IP Address Issue 05 (2012-10-25) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 167: One Key Bind
IP Address Host IP address Bind State Whether to bind it as IPSG binding entry Bind Settings Click this button, bind/unbind the entry to IPSG binding table. Issue 05 (2012-10-25) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 168: Dai
3. The trusted interface will not be blocked and matched. 4. Limit the ARP packet rate for non-trusted interface. 9.10.1 Global Click Security> DAI> Global, the configuration page is displayed as follows. Figure 9-46 Global Settings Issue 05 (2012-10-25) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 169: Interface
Step 4 Enable DAI status of VLAN in Status field. Step 5 Click Apply button to apply the changes made. ----End 9.10.2 Interface Click Security> DAI> Interface, the configuration page is displayed as follows. Issue 05 (2012-10-25) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 170 Step 3 Click the checkbox on the left side of DAI parameter interface to be configured, and then click Configure, the configuration page is displayed as follows. Figure 9-49 Configure Interface DAI Issue 05 (2012-10-25) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 171: Mac Attack
By implementation of this command, you can remove the last alarm (including the dropped massage with illegal MAC address 0) to re-trigger a new alarm. Issue 05 (2012-10-25) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 172: Interface Isolation
Step 2 Click Two-way Isolation in Tab. Step 3 Click the check box of the two-way Isolation parameter on left side, and then click Configure button to display the following page: Issue 05 (2012-10-25) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 173: One-Way Isolation
Step 2 Click One-way Isolation in Tab. Step 3 Click the check box of the One-way Isolation parameter on left side, and then click Configure button to display the following page: Issue 05 (2012-10-25) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 174: Aaa
RADIUS and server software. 9.13.1 AAA Global Settings Click Security > AAA > AAA Global Settings, the configuration page is displayed as follows. Issue 05 (2012-10-25) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 175: Authentication Settings
Authentication login, the configuration page is displayed as follows.  AAA Authentication Network – authorized users can access network.  AAA Authentication Login – authenticated users can access the switch. Issue 05 (2012-10-25) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 176 RADIUS. RADIUS: authenticated by RADIUS server. Issue 05 (2012-10-25) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 177: Accounting Settings
AAA Accounting Exec –account data generated from user (for the Web user) switch access. Figure 9-57 Accounting Settings Table 9-38 Parameters of Accounting Settings Item Description AAA Accounting Network Issue 05 (2012-10-25) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 178: Radius
Step 5 Click the check box of AAA Accounting Exec list on left side, and then click Active button. ----End 9.14 RADIUS 9.14.1 RADIUS Global Settings Click Security > RADIUS > RADIUS Global Settings, the configuration page is displayed as follows. Issue 05 (2012-10-25) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 179 Values range from 1 to 16 NAS-Port-ID format is extended attributes within Huawei NAS-Port-ID Format and is used among Huawei devices for interoperability and business cooperation. NAS-Port-ID has the new and old in two forms. Depending on different configuration format, there will be different forms of physical port where accessed user exists.
Page 180: Radius Server Settings
Step 3 Set the parameters in RADIUS-server Authentication Settings section. Step 4 Click Apply button to add RADIUS sever. The successful configured RADIUS sever will be displayed in sever list. ----End Issue 05 (2012-10-25) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 181: Radius Group Server Settings
Step 4 Click the check box of group sever list on left side, and then click Configure button. Step 5 Select the RADIUS group sever IP address to be added in drop-down menu. Issue 05 (2012-10-25) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 182: Radius-Server Authorization Settings
Enter the key of RADIUS authorization server. Values range from 1 to 16 characters. Re-enter the key of RADIUS authorization server. Values range Confirm the key from 1 to 16 characters. Issue 05 (2012-10-25) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 183: Radius Statistic
Web browser must support SSL encryption, and URL must begin with "https://" (for example https:/192.168.1.253). Click Security > SSL Settings to enable the SSL function on switch, the configuration page is displayed as follows. Figure 9-64 SSL Settings Issue 05 (2012-10-25) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 184 Step 5 Select Enable/ Disable SSL function in SSL Status field (under the circumstances of applying SSL function without certificate, a note will be prompted: There is no available certificate applied in switch.) ----End Issue 05 (2012-10-25) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 185: Network
The default community strings for the Switch used for SNMP v.1 and v.2c management access are:  public – Allow authorized management stations to read MIB objects.  private – Allow authorized management stations to read and write MIB objects. Issue 05 (2012-10-25) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 186: Snmp Global Settings
0 ~ 255 characters. Location Enter the physical location of the switch in order to identify the switch with different locations, and the length is 0 ~ 255 characters. Issue 05 (2012-10-25) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 187: View
SNMP manager. Included means the SNMP manager can access the object tree, while View Type Excluded means the SNMP manager cannot access this object tree. Issue 05 (2012-10-25) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 188: Snmp Community
Up to 32 characters, the community name is used to identify the SNMP community members. SNMP manager uses this string to access the associated MIB objects of switch. Issue 05 (2012-10-25) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 189: Snmp Host
SNMP host list is used to set the IP address of device that receives the SNMP Trap information. Only the host configured SNMP can receive Trap messages after Trap is configured. Click Network>SNMP>SNMP host, the configuration page is displayed as follows Issue 05 (2012-10-25) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 190 Create a SNMP Host Step 1 Click Network>SNMP. Step 2 Click SNMP Host in Tab, and click New to add a SNMP host, the configuration page is displayed as follows. Issue 05 (2012-10-25) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 191: Snmp Group
Click Network>SNMP>SNMP Group, the configuration page is displayed as follows. Figure 10-8 SNMP Group Table 10-5 Parameters of SNMP Group Item Description Group Name Up to 32 characters, used to identify the SNMP user group. Issue 05 (2012-10-25) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 192 Create a SNMP v3 Group named "public" Step 1 Click Network>SNMP. Step 2 Click SNMP Group in Tab, and click New to add a SNMP group, the configuration page is displayed as follows. Issue 05 (2012-10-25) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 193: Snmp User
Auth Protocol The authentication protocol for MD5 (using HMAC-MD5-96 Authentication Protocol) or SHA (HMAC-SHA authentication protocol to use). Issue 05 (2012-10-25) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 194 Specify the binding ACL ID. If not specified, which means it is not controlled by ACL. Step 3 Enter the user name to be created in User Name field, such as "user1". Issue 05 (2012-10-25) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 195: Snmp Trap Settings
SNMP Topology Change The system sends SNMP notification while detects STP Trap topology changing. SNMP DDM Trap The system sends SNMP notification while detects DDM plugging. Issue 05 (2012-10-25) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 196: Rmon
For example, switches and routers and other network devices that act as a network node on the network are able to monitor the current node location through the function of RMON. Issue 05 (2012-10-25) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 197: Statistic
Step 2 Click Statistic in tab, and click New to add a statistic group, the configuration page is displayed as follows. Figure 10-15 Create a Statistic Group Issue 05 (2012-10-25) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 198: History
The length of period can be configured via the command line. Use Network > RMON> History to view the information about ROMN history group configured on the switch, the configuration page is displayed as follows. Issue 05 (2012-10-25) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 199 Step 2 Click History in Tab, and click New to add a history group, the configuration page is displayed as follows. Figure 10-18 Create a History Group Step 3 Enter the number of statistic group in Entry field. Issue 05 (2012-10-25) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 200: Alarm
Click Network>RMON>Alarm, the configuration page is displayed as follows. Figure 10-20 Alarm Issue 05 (2012-10-25) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 201 Step 2 Click Alarm in Tab, and click New to add an alarm group, the configuration page is displayed as follows. Figure 10-21 Create an Alarm Group Step 3 Enter the related information about the alarm in the page. Issue 05 (2012-10-25) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 202: Event
Create a RMON Event Group Step 1 Click Network>RMON. Step 2 Click Event in Tab, and click New to add an event, the configuration page is displayed as follows. Issue 05 (2012-10-25) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 203: Lldp
Click Network>LLDP>Global, the configuration page is displayed as follows. Figure 10-24 Global Settings Table 10-13 Parameters of Global Settings Item Description LLDP State Enable / Disable the global LLDP on switch. Issue 05 (2012-10-25) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 204: Port Settings
Default is 5 seconds. System Information Display the relative system information of switch. 10.3.2 Port Settings Click Network>LLDP>Port Settings, the configuration page is displayed as follows. Issue 05 (2012-10-25) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 205 Step 3 Select the check box at the left side of the parameter, and click Configure button, the configuration page is displayed as follows. Figure 10-26 Parameters of LLDP Interface Issue 05 (2012-10-25) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 206: Address Management
Click Network > LLDP > The Basis of TLVs to configure the information of the basis of TLVs of advertisement, the configuration page is displayed as follows. Figure 10-28 The Basis of TLVs Issue 05 (2012-10-25) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 207: Dot1 Tlvs
Step 5 Click Apply button to apply all the changes made. ----End 10.3.5 Dot1 TLVs Click Network > LLDP > Dot1 TLVs to configure IEEE802.1 information of advertisement TLV, the configuration page is displayed as follows. Issue 05 (2012-10-25) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 208 Step 3 Click the check box on the left side of the configuring Dot1 TLVs parameter interface, and then click Configure to open the following page. Figure 10-31 Configure Dot1 TLVs parameter Step 4 Enable to publish the relevant parameter. Issue 05 (2012-10-25) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 209: Dot3 Tlvs
MTU (Max Transmission Unit). Configure parameters of Dot3 TLVs for interface Step 1 Click Network > LLDP. Step 2 Click Dot3 TLVs in tab. Issue 05 (2012-10-25) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 210: System Statistics
Frame but dropped due to property loss or insufficient memory or other reasons. Receive Error Frame The received LLDP PDU frames contain one or more unknown error. Issue 05 (2012-10-25) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 211: Local
Interface number Port ID Subtype Interface Type Interface ID Interface ID Port Description It is the string describing the interface, such as the interface unit / interface number. Issue 05 (2012-10-25) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 212: Remote
LLDP information entry number of remote interface Chassis ID Subtype Device type of sending LLDP information Chassis ID Device ID sending LLDP information Port ID Subtype Interface type sending LLDP information. Issue 05 (2012-10-25) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 213: Lldp-Med
Software Revision Software version of the switch Serial Number Serial number of the switch Manufacturer Name Manufacturers of the switch Model Name Model name of the switch Issue 05 (2012-10-25) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 214: Interface
Step 3 Click the check box on the left side of the interface which is to configure basic parameters, and then click Configure to open the following page. Issue 05 (2012-10-25) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 215: Local
The LLDP-MED TLV type supported by switch. Network Policy The VLAN type, VLAN ID, and the priority that associated with L2 and L3 applications of the switch interface. Issue 05 (2012-10-25) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 216: Remote Interface Information
The ID of device that sends LLDP-MED information Port ID Subtype The type of interface that sends LLDP-MED information Interface ID The ID of interface that sends LLDP-MED information Issue 05 (2012-10-25) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 217: Device Management
Click Device Management> Device Management > Board Status to view the reason of rebooting device (command/switch), the configuration page is displayed as follows. Figure 11-1 Board Status Issue 05 (2012-10-25) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 218: E-Label
Start Diagnose button to diagnose, the configuration page is displayed as follows. Figure 11-3 Interface Loopback Test Issue 05 (2012-10-25) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 219: Vct Cable Diagnostics
4）The diagnosis results are not reliable if there is no cable connection on test port. 5）There may be an impact on cable diagnosis results when power saving feature enabled. Issue 05 (2012-10-25) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 220: Ddm
User can configure classification and management of switch system information in Parameter Settings page. Click Device Management> Information Center > Parameter Settings, the configuration page is displayed as follows. Figure 11-6 Parameter Settings Issue 05 (2012-10-25) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 221 System is unusuable alerts Action must be taken immediately critical Critical conditions errors Error conditions warnings Warning conditions notifications Normal but significant condition informational Informational messages debugging Debug-level messages Issue 05 (2012-10-25) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 222: Log Information
Clear log Buffer Delete log record in buffer. Save log Save the log. Log number. Time The time of log generated. Level Log information level. Data The log content. Issue 05 (2012-10-25) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 223: Power Saving Management
EEE cofiguration.option 11.6 Interface Mirror Click Device Management> Interface Mirror page to manage CPU mirror, flow mirror and interface mirror; the configuration page is displayed as follows. Issue 05 (2012-10-25) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 224 Step 5 Click Add or Apply button to apply all the changes made. After successful configuration, all the packets received by port 1 will be forwarded to port 2. ----End Issue 05 (2012-10-25) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 225: Tools
Step 3 Enter target IP address which is to be tested in Target IP Address, and the click Start button to do computer connectivity test. Step 4 The result will display in IPv4 Ping Result field. Issue 05 (2012-10-25) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 226: Tracert
Step 3 Enter target IP address to be tested in IP Address, and then click Start button to test route from source address to destination address. Step 4 The result will display in IPv4 Tracert Result field. ----End Issue 05 (2012-10-25) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 227: One Key Information
Download Config, Log and Error message of system in text file to local hard disk on One Key Information page. Click Device Management> Tools >One Key Information, the configuration page is displayed as follows. Figure 11-12 One Key Information Issue 05 (2012-10-25) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 228: Save Running-Config
S1700 Managed Series Ethernet Switches Web User Manual 12 Save Running-config Save Running-config Click Save Running-config menu to save the current configuration of switch in configuration file. Issue 05 (2012-10-25) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

This manual is also suitable for:

S1700S1700 seriesS1720 V100r007c00

Huawei S1700 Series Web User Manual

About this Document

1 Client Setting

2 Device Summary

3 System Management

4 Interface Management

5 Service Management

6 ACL Configuration

7 Qos Configuration

8 IP Routing

9 Security

10 Network

11 Device Management

12 Save Running-Config

Quick Links

Related Manuals for Huawei S1700 Series

Summary of Contents for Huawei S1700 Series