Huawei Quidway S3100 Series Operation Manual

Table of Contents

Quick Links

HUAWEI

Quidway S3100 Series Ethernet Switches

Operation Manual

VRP3.10

Huawei Technologies Proprietary

Table of Contents

Chapters

Table of Contents

Troubleshooting

Summary of Contents for Huawei Quidway S3100 Series

Page 1 HUAWEI Quidway S3100 Series Ethernet Switches Operation Manual VRP3.10 Huawei Technologies Proprietary...
Page 2 3116A00Y Huawei Technologies Co., Ltd. provides customers with comprehensive technical support and service. If you purchase the products from the sales agent of Huawei Technologies Co., Ltd., please contact our sales agent. If you purchase the products from Huawei Technologies Co., Ltd. directly, Please feel free to contact our local office, customer care center or company headquarters.
Page 3 Copyright © 2006 Huawei Technologies Co., Ltd. All Rights Reserved No part of this manual may be reproduced or transmitted in any form or by any means without prior written consent of Huawei Technologies Co., Ltd. Trademarks , HUAWEI, C&C08, EAST8000, HONET,...
Page 4 About This Manual Release Notes The product version that corresponds to the manual is VRP3.10. Related Manuals The following manuals provide more information about the Quidway S3100 Series Ethernet Switches. Manual Content Quidway S3100 Series Ethernet It provides information for the system Switches Installation Manual installation.
Page 5 Introduces IGMP snooping and the related configuration. Stack&Cluster Introduces the related configuration for cluster management by using HGMP V2. SNMP Introduces the configuration for network management through SNMP. RMON Introduces the configuration for remote network management through RMON. Huawei Technologies Proprietary...
Page 6 Customers who are familiar with network fundamentals Conventions The manual uses the following conventions: I. General conventions Convention Description Arial Normal paragraphs are in Arial. Boldface Headings are in Boldface. Terminal Display is in Courier New. Courier New Huawei Technologies Proprietary...
Page 7 <Enter>, <Tab>, <Backspace>, or <A>. Press the keys concurrently. For example, <Ctrl+Alt+A> <Key1+Key2> means the three keys should be pressed concurrently. Press the keys in turn. For example, <Alt, A> means the <Key1, Key2> two keys should be pressed in turn. Huawei Technologies Proprietary...
Page 8 Eye-catching symbols are also used in the manual to highlight the points worthy of special attention during the operation. They are defined as follows: Caution, Warning, Danger: Means reader be extremely careful during the operation. Note, Comment, Tip, Knowhow, Thought: Means a complementary description. Huawei Technologies Proprietary...
Page 9: Product Overview
HUAWEI Quidway S3100 Series Ethernet Switches Operation Manual Product Overview Huawei Technologies Proprietary...
Page 10: Table Of Contents
Operation Manual – Product Overview Quidway S3100 Series Ethernet Switches Table of Contents Table of Contents Chapter 1 Product Overview ......................1-1 1.1 Introduction ........................1-1 1.2 Technical Specifications ....................1-2 1.2.1 S3126T/S3116T/S3108T ..................1-2 1.2.2 S3126C/S3116C/S3108C ..................1-2 1.3 Service Features........................ 1-3 1.3.1 S3126T/S3116T/S3108T ..................
Page 11: Chapter 1 Product Overview
For the convenience of users, units of Mega bps/1000 Mega bps in the following chapters are simplified as M/G. 1.1 Introduction Huawei Technologies' Quidway S3100 Series Ethernet Switches (hereinafter referred to as S3100 series) are wire-speed Layer 2 Ethernet switching products. They are intelligent network manageable switches designed for the network environments that require high performance, high port density and easy installation.
Page 12: Technical Specifications
Operation Manual – Product Overview Quidway S3100 Series Ethernet Switches Chapter 1 Product Overview 1.2 Technical Specifications 1.2.1 S3126T/S3116T/S3108T Table 1-1 Technical specifications for S3126T/S3116T/S3108T Ethernet switches Item S3126T S3116T S3108T Physical 42 × 436 × 240 mm 42 × 436 × 200 mm 42 ×...
Page 13: Service Features
0°C to 45°C (32°F to 113°F) temperature Relative humidity 10% to 90% (noncondensing) 1.3 Service Features The software for S3100 series is developed based on Huawei Technologies' versatile routing platform (VRP). It has the following service features. Huawei Technologies Proprietary...
Page 14: S3126T/S3116T/S3108T
Operation Manual – Product Overview Quidway S3100 Series Ethernet Switches Chapter 1 Product Overview 1.3.1 S3126T/S3116T/S3108T Table 1-3 Service features for S3126T/S3116T/S3108T Ethernet switches Item S3126T S3116T S3108T All ports support All ports support All ports support wire-speed wire-speed wire-speed...
Page 15 Operation Manual – Product Overview Quidway S3100 Series Ethernet Switches Chapter 1 Product Overview Item S3126T S3116T S3108T Address self-learning IEEE 802.1D standard-compliant Up to 8 K MAC addresses MAC address table 1 K static MAC addresses Adding of dynamic/static unicast MAC address, multicast MAC address, and blackhole MAC address IEEE 802.3x flow control (full duplex)
Page 16: S3126C/S3116C/S3108C
Operation Manual – Product Overview Quidway S3100 Series Ethernet Switches Chapter 1 Product Overview Item S3126T S3116T S3108T Hierarchical user management and password protection Guest VLAN IEEE 802.1x authentication Security MAC address-based authentication Centralized MAC address authentication SSH2.0 DHCP Client...
Page 17 Operation Manual – Product Overview Quidway S3100 Series Ethernet Switches Chapter 1 Product Overview Item S3126C S3116C S3108C Many-to-one port mirroring (that is, multiple mirroring ports, and one monitor port) Port mirroring RSPAN Port isolation Supported Port self-loop detection Supported...
Page 18 Operation Manual – Product Overview Quidway S3100 Series Ethernet Switches Chapter 1 Product Overview Item S3126C S3116C S3108C Hierarchical user management and password protection Guest VLAN IEEE 802.1x authentication Security MAC address-based authentication Centralized MAC address authentication SSH2.0 DHCP Client...
Page 19: Chapter 2 Network Design
Operation Manual – Product Overview Quidway S3100 Series Ethernet Switches Chapter 2 Network Design Chapter 2 Network Design The S3100 series can be flexibly deployed in networks. They can be used in enterprise networks, or serve as broadband access points. The following examples are two typical networks using the S3100 series.
Page 20 Operation Manual – Product Overview Quidway S3100 Series Ethernet Switches Chapter 2 Network Design Figure 2-2 Network diagram for an education network using S3100 series Huawei Technologies Proprietary...
Page 21 HUAWEI Quidway S3100 Series Ethernet Switches Operation Manual Huawei Technologies Proprietary...
Page 22 Operation Manual – CLI Quidway S3100 Series Ethernet Switches Table of Contents Table of Contents Chapter 1 CLI Overview ........................ 1-1 1.1 Introduction to the CLI ....................... 1-1 1.2 Command Protection/Command View ................1-1 1.2.1 Switching between User Levels ................1-2 1.2.2 Configuring the Level of a Specific Command in a Specific View ......
Page 23: Chapter 1 Cli Overview
Operation Manual – CLI Quidway S3100 Series Ethernet Switches Chapter 1 CLI Overview Chapter 1 CLI Overview 1.1 Introduction to the CLI A Quidway series Ethernet switch provides a command line interface (CLI) and commands for you to configure and manage the Ethernet switch. The CLI is featured by the following: Commands are grouped by levels.
Page 24: Switching Between User Levels
Operation Manual – CLI Quidway S3100 Series Ethernet Switches Chapter 1 CLI Overview 1.2.1 Switching between User Levels A user can switch the user level from one to another by executing a related command after logging into a switch. The administrator can also set user level switching passwords so that users can switch their levels from lower ones to higher ones only when they input the correct passwords.
Page 25: Configuring The Level Of A Specific Command In A Specific View
Operation Manual – CLI Quidway S3100 Series Ethernet Switches Chapter 1 CLI Overview 1.2.2 Configuring the Level of a Specific Command in a Specific View You can configure the level of a specific command in a specific view. Commands fall into four command levels: visit, monitor, system, and manage, which are identified as 0, 1, 2, and 3 respectively.
Page 26 Operation Manual – CLI Quidway S3100 Series Ethernet Switches Chapter 1 CLI Overview ISP domain view Table 1-4 lists information about CLI views (including the operations you can performed in these views, how to enter these views, and so on).
Page 27 Operation Manual – CLI Quidway S3100 Series Ethernet Switches Chapter 1 CLI Overview Available Prompt View Enter method Quit method operation example Execute quit command return Execute LoopBac Configure system view. interface LoopBack [Quidway-Loo loopback Execute interface interface pBack0] command...
Page 28 Operation Manual – CLI Quidway S3100 Series Ethernet Switches Chapter 1 CLI Overview Available Prompt View Enter method Quit method operation example Execute quit command return Execute system view. Configure Cluster [Quidway-clus cluster cluster Execute view ter] command parameters return system view.
Page 29: Cli Features
Operation Manual – CLI Quidway S3100 Series Ethernet Switches Chapter 1 CLI Overview Available Prompt View Enter method Quit method operation example Execute quit command return Execute system view. Configure [Quidway-isp- domain domain parameters for huawei163.ne huawei163.net Execute view an ISP domain...
Page 30: Terminal Display
Operation Manual – CLI Quidway S3100 Series Ethernet Switches Chapter 1 CLI Overview Enter a command, a space, and a "?" character (instead of an argument available in this position of the command) on your terminal to display all the available arguments and their brief descriptions.
Page 31: Command History
Operation Manual – CLI Quidway S3100 Series Ethernet Switches Chapter 1 CLI Overview 1.3.3 Command History CLI can store the latest executed commands as history commands so that users can recall and execute them again. By default, CLI can store 10 history commands for each user.
Page 32: Command Edit
Operation Manual – CLI Quidway S3100 Series Ethernet Switches Chapter 1 CLI Overview 1.3.5 Command Edit The CLI provides basic command edit functions and supports multi-line editing. The maximum number of characters a command can contain is 256. Table 1-8 lists the CLI edit operations.
Page 33 HUAWEI Quidway S3100 Series Ethernet Switches Operation Manual Login Huawei Technologies Proprietary...
Page 34 Operation Manual – Login Quidway S3100 Series Ethernet Switches Table of Contents Table of Contents Chapter 1 Logging into an Ethernet Switch ................1-1 1.1 Logging into an Ethernet Switch ..................1-1 1.2 Introduction to the User Interface ..................1-1 1.2.1 Supported User Interfaces ..................
Page 35 Operation Manual – Login Quidway S3100 Series Ethernet Switches Table of Contents Chapter 4 Logging in Using Modem.................... 4-1 4.1 Introduction ........................4-1 4.2 Configuration on the Administrator Side................4-1 4.3 Configuration on the Switch Side..................4-1 4.3.1 Modem Configuration....................4-1 4.3.2 Switch Configuration ....................
Page 36: Chapter 1 Logging Into An Ethernet Switch
Operation Manual – Login Quidway S3100 Series Ethernet Switches Chapter 1 Logging into an Ethernet Switch Chapter 1 Logging into an Ethernet Switch 1.1 Logging into an Ethernet Switch You can log into an S3100 series Ethernet switch in one of the following ways:...
Page 37: Common User Interface Configuration
Operation Manual – Login Quidway S3100 Series Ethernet Switches Chapter 1 Logging into an Ethernet Switch VTY user interfaces: Numbered after AUX user interfaces and increases in the step of 1 A relative user interface index can be obtained by appending a number to the identifier of a user interface type.
Page 38 Operation Manual – Login Quidway S3100 Series Ethernet Switches Chapter 1 Logging into an Ethernet Switch Caution: The auto-execute command command may cause you unable to perform common configuration in the user interface, so use it with caution. Before executing the auto-execute command command and save your configuration, make sure you can log into the switch in other modes and cancel the configuration.
Page 39: Chapter 2 Logging In Through The Console Port
Operation Manual – Login Quidway S3100 Series Ethernet Switches Chapter 2 Logging in through the Console Port Chapter 2 Logging in through the Console Port 2.1 Introduction To log in through the Console port is the most common way to log into a switch. It is also the prerequisite to configure other login methods.
Page 40 Operation Manual – Login Quidway S3100 Series Ethernet Switches Chapter 2 Logging in through the Console Port created. Normally, the parameters of a terminal are configured as those listed in Table 2-1. And the type of the terminal is set to VT100.
Page 41: Console Port Login Configuration
Operation Manual – Login Quidway S3100 Series Ethernet Switches Chapter 2 Logging in through the Console Port Figure 2-4 Set port parameters Turn on the switch. The user will be prompted to press the Enter key if the switch successfully completes POST (power-on self test). The prompt (such as <Quidway>) appears after the user presses the Enter key.
Page 42: Console Port Login Configurations For Different Authentication Modes
Operation Manual – Login Quidway S3100 Series Ethernet Switches Chapter 2 Logging in through the Console Port Configuration Description Configure Optional command level user available By default, commands of level 3 are interface users logging into available to the users logging into the AUX...
Page 43 Operation Manual – Login Quidway S3100 Series Ethernet Switches Chapter 2 Logging in through the Console Port Authentication Console port login Description mode configuration Configure Configure the password Required password local authentication Password Optional Perform common Perform configuration for Refer section 2.3.1...
Page 44: Console Port Login Configuration With Authentication Mode Being None
Operation Manual – Login Quidway S3100 Series Ethernet Switches Chapter 2 Logging in through the Console Port 2.4 Console Port Login Configuration with Authentication Mode Being None 2.4.1 Configuration Procedure Table 2-4 Console port login configuration with the authentication mode being none...
Page 45: Configuration Example
Operation Manual – Login Quidway S3100 Series Ethernet Switches Chapter 2 Logging in through the Console Port Operation Command Description Optional The default history command Set the history command history-command buffer size is 10. That is, a buffer size max-size value...
Page 46 Operation Manual – Login Quidway S3100 Series Ethernet Switches Chapter 2 Logging in through the Console Port The history command buffer can contain up to 20 commands. The timeout time of the AUX user interface is 6 minutes. II. Network diagram...
Page 47: Console Port Login Configuration With Authentication Mode Being Password
Operation Manual – Login Quidway S3100 Series Ethernet Switches Chapter 2 Logging in through the Console Port 2.5 Console Port Login Configuration with Authentication Mode Being Password 2.5.1 Configuration Procedure Table 2-6 Console port login configuration with the authentication mode being...
Page 48 Operation Manual – Login Quidway S3100 Series Ethernet Switches Chapter 2 Logging in through the Console Port Operation Command Description Optional By default, the screen can maximum contain up to 24 lines. screen-length number of lines the screen-length screen can contain...
Page 49: Configuration Example
Operation Manual – Login Quidway S3100 Series Ethernet Switches Chapter 2 Logging in through the Console Port 2.5.2 Configuration Example I. Network requirements Assume that you are a level 3 VTY user and want to perform the following configuration for users logging in through the Console port: Authenticate users logging in through the Console port using the local password.
Page 50: Console Port Login Configuration With Authentication Mode Being Scheme
Operation Manual – Login Quidway S3100 Series Ethernet Switches Chapter 2 Logging in through the Console Port [Quidway-ui-aux0] set authentication password simple 123456 # Specify commands of level 2 are available to users logging into the AUX user interface. [Quidway-ui-aux0] user privilege level 2 # Set the baud rate of the Console port to 19,200 bps.
Page 51 Operation Manual – Login Quidway S3100 Series Ethernet Switches Chapter 2 Logging in through the Console Port Operation Command Description Required Create a local user local-user user-name (Enter local user view.) No local user exists by default. Set the authentication...
Page 52 Operation Manual – Login Quidway S3100 Series Ethernet Switches Chapter 2 Logging in through the Console Port Operation Command Description Optional By default, the screen can maximum contain up to 24 lines. screen-length number of lines the You can use the screen-length...
Page 53: Configuration Example
Operation Manual – Login Quidway S3100 Series Ethernet Switches Chapter 2 Logging in through the Console Port Table 2-9 Determine the command level Scenario Command Authentication level User type Command mode The user privilege level level command is not executed, and...
Page 54 Operation Manual – Login Quidway S3100 Series Ethernet Switches Chapter 2 Logging in through the Console Port The timeout time of the AUX user interface is 6 minutes. II. Network diagram Ethernet1/0/1 Ethernet1/0/1 Ethernet Ethernet User PC running Telnet User PC running Telnet...
Page 55 Operation Manual – Login Quidway S3100 Series Ethernet Switches Chapter 2 Logging in through the Console Port # Set the maximum number of lines the screen can contain to 30. [Quidway-ui-aux0] screen-length 30 # Set the maximum number of commands the history command buffer can store to 20.
Page 56: Chapter 3 Logging In Through Telnet
Operation Manual – Login Quidway S3100 Series Ethernet Switches Chapter 3 Logging in through Telnet Chapter 3 Logging in through Telnet 3.1 Introduction You can telnet to a remote switch to manage and maintain the switch. To achieve this, you need to configure both the switch and the Telnet terminal properly.
Page 57: Telnet Configurations For Different Authentication Modes
Operation Manual – Login Quidway S3100 Series Ethernet Switches Chapter 3 Logging in through Telnet Configuration Description Optional Make terminal By default, terminal services are available in services available all user interfaces Optional Set the maximum number of lines the...
Page 58: Telnet Configuration With Authentication Mode Being None
Operation Manual – Login Quidway S3100 Series Ethernet Switches Chapter 3 Logging in through Telnet Authentication Telnet configuration Description mode Optional AAA configuration Specify specifies whether Local authentication perform local to perform local performed by default. authentication authentication Refer RADIUS RADIUS AAA&RADIUS module for...
Page 59 Operation Manual – Login Quidway S3100 Series Ethernet Switches Chapter 3 Logging in through Telnet Operation Command Description Optional Configure command level By default, commands of level available to users user privilege level level 0 are available to users logging into VTY...
Page 60: Configuration Example
Operation Manual – Login Quidway S3100 Series Ethernet Switches Chapter 3 Logging in through Telnet Table 3-5 Determine the command level when users logging into switches are not authenticated Scenario Command level Authentication mode User type Command user privilege level level command...
Page 61: Telnet Configuration With Authentication Mode Being Password
Operation Manual – Login Quidway S3100 Series Ethernet Switches Chapter 3 Logging in through Telnet <Quidway> system-view # Enter VTY 0 user interface view. [Quidway] user-interface vty 0 # Configure not to authenticate Telnet users logging into VTY 0. [Quidway-ui-vty0] authentication-mode none # Specify commands of level 2 are available to users logging into VTY 0.
Page 62 Operation Manual – Login Quidway S3100 Series Ethernet Switches Chapter 3 Logging in through Telnet Operation Command Description Optional Configure command level By default, commands of level available to users user privilege level level 0 are available to users logging...
Page 63: Configuration Example
Operation Manual – Login Quidway S3100 Series Ethernet Switches Chapter 3 Logging in through Telnet Table 3-7 Determine the command level when users logging into switches are authenticated in the password mode Scenario Command level Authentication mode User type Command...
Page 64 Operation Manual – Login Quidway S3100 Series Ethernet Switches Chapter 3 Logging in through Telnet # Enter VTY 0 user interface view. [Quidway] user-interface vty 0 # Configure to authenticate users logging into VTY 0 using the local password. [Quidway-ui-vty0] authentication-mode password # Set the local password to 123456 (in plain text).
Page 65: Telnet Configuration With Authentication Mode Being Scheme
Operation Manual – Login Quidway S3100 Series Ethernet Switches Chapter 3 Logging in through Telnet 3.4 Telnet Configuration with Authentication Mode Being Scheme 3.4.1 Configuration Procedure Table 3-8 Telnet configuration with the authentication mode being scheme Operation Command Description Enter system view system-view —...
Page 66 Operation Manual – Login Quidway S3100 Series Ethernet Switches Chapter 3 Logging in through Telnet Operation Command Description Required The specified AAA scheme Configure determines whether authentication-mode authenticate users authenticate users locally or scheme locally or remotely remotely. Users authenticated locally by default.
Page 67 Operation Manual – Login Quidway S3100 Series Ethernet Switches Chapter 3 Logging in through Telnet Note that if you configure to authenticate the users in the scheme mode, the command level available to users logging into a switch depends on the authentication-mode...
Page 68 Operation Manual – Login Quidway S3100 Series Ethernet Switches Chapter 3 Logging in through Telnet Scenario Command level Authentication mode User type Command user privilege level level command is executed, service-type command does not specify the Determined available command by the user level.
Page 69: Configuration Example
Operation Manual – Login Quidway S3100 Series Ethernet Switches Chapter 3 Logging in through Telnet 3.4.2 Configuration Example I. Network requirements Assume that you are a level 3 AUX user and want to perform the following configuration for Telnet users logging into VTY 0: Configure the name of the local user to be “guest”.
Page 70: Telnet Connection Establishment
Operation Manual – Login Quidway S3100 Series Ethernet Switches Chapter 3 Logging in through Telnet # Configure to authenticate users logging into VTY 0 in the scheme mode. [Quidway-ui-vty0] authentication-mode scheme # Specify commands of level 2 are available to users logging into VTY 0.
Page 71 Operation Manual – Login Quidway S3100 Series Ethernet Switches Chapter 3 Logging in through Telnet Workstation Workstation Ethernet port Ethernet port Ethernet Ethernet PC w ith PC w ith Telnet Telnet Server Server Workstation Workstation runni runni ng on it...
Page 72: Telneting To Another Switch From The Current Switch
Operation Manual – Login Quidway S3100 Series Ethernet Switches Chapter 3 Logging in through Telnet Note: A Telnet connection will be terminated if you delete or modify the IP address of the VLAN interface in the Telnet session. By default, commands of level 0 are available to Telnet users authenticated by password.
Page 73 Operation Manual – Login Quidway S3100 Series Ethernet Switches Chapter 3 Logging in through Telnet Step 5: After successfully Telneting to the switch, you can configure the switch or display the information about the switch by executing corresponding commands. You can also type ? at any time for help.
Page 74: Chapter 4 Logging In Using Modem
Operation Manual – Login Quidway S3100 Series Ethernet Switches Chapter 4 Logging in Using Modem Chapter 4 Logging in Using Modem 4.1 Introduction The administrator can log into the Console port of a remote switch using a modem through PSTN (public switched telephone network) if the remote switch is connected to the PSTN through a modem to configure and maintain the switch remotely.
Page 75: Switch Configuration
Operation Manual – Login Quidway S3100 Series Ethernet Switches Chapter 4 Logging in Using Modem ATS0=1 ----------------------- Configure to answer automatically after the first ring AT&D ----------------------- Ignore DTR signal AT&K0 ----------------------- Disable flow control AT&R1 ----------------------- Ignore RTS signal AT&S0 ----------------------- Set DSR to high level by force...
Page 76: Modem Connection Establishment
Operation Manual – Login Quidway S3100 Series Ethernet Switches Chapter 4 Logging in Using Modem II. Configuration on switch when the authentication mode is password Refer to section 2.5 “Console Port Login Configuration with Authentication Mode Being Password”. III. Configuration on switch when the authentication mode is scheme Refer to section 2.6 “Console Port Login Configuration with Authentication Mode Being...
Page 77 Operation Manual – Login Quidway S3100 Series Ethernet Switches Chapter 4 Logging in Using Modem erial cable erial cable Mode Mode Telephone line Telephone line PSTN PSTN Modem Modem Console port Console port Telephone number: Telephone number: 82882285 82882285 Figure 4-1 Establish the connection by using modem Step 4: Launch a terminal emulation utility on the PC and set the telephone number to call the modem directly connected to the switch, as shown in Figure 4-2 and Figure 4-3.
Page 78 Operation Manual – Login Quidway S3100 Series Ethernet Switches Chapter 4 Logging in Using Modem Figure 4-3 Call the modem Step 5: Provide the password when prompted. If the password is correct, the prompt (such as <Quidway>) appears. You can then configure or manage the switch. You can also enter the character ? at anytime for help.
Page 79: Http Connection Establishment
Operation Manual – Login Chapter 5 Logging in through Web-based Network Quidway S3100 Series Ethernet Switches Management System Chapter 5 Logging in through Web-based Network Management System 5.1 Introduction An S3100 series switch has a Web server built in. You can log into an S3100 series switch through a Web browser and manage and maintain the switch intuitively by interacting with the built-in Web server.
Page 80 Operation Manual – Login Chapter 5 Logging in through Web-based Network Quidway S3100 Series Ethernet Switches Management System （1）（1）（2）（2）（3）（3） (1) RS-232 port (2) Console port (3) Configuration cable Figure 5-1 Connect to the Console port Launch a terminal emulation utility (such as Terminal in Windows 3.X or...
Page 81: Chapter 5 Logging In Through Web-Based Network Management System
Operation Manual – Login Chapter 5 Logging in through Web-based Network Quidway S3100 Series Ethernet Switches Management System # Configure the IP address of the management VLAN interface to be 10.153.17.82. [Quidway-VLAN-interface1] ip address 10.153.17.82 255.255.255.0 Step 2: Configure the user name and the password for the Web-based network management system.
Page 82 Operation Manual – Login Chapter 5 Logging in through Web-based Network Quidway S3100 Series Ethernet Switches Management System Step 5: When the login interface (shown in Figure 5-4) appears, enter the user name and the password configured in step 2 and click <Login> to bring up the main page of the Web-based network management system.
Page 83: Introduction
Operation Manual – Login Quidway S3100 Series Ethernet Switches Chapter 6 Logging in through NMS Chapter 6 Logging in through NMS 6.1 Introduction You can also log into a switch through an NMS (network management station), and then configure and manage the switch through the agent module on the switch.
Page 84: Connection Establishment Using Nms
Operation Manual – Login Quidway S3100 Series Ethernet Switches Chapter 6 Logging in through NMS 6.2 Connection Establishment Using NMS S3100 S3100 S3100 series switch S3100 series switch Network Network Netw ork Netw ork Figure 6-1 Network diagram for logging in through an NMS...
Page 85: Chapter 7 Controlling Login Users
Operation Manual – Login Quidway S3100 Series Ethernet Switches Chapter 7 Controlling Login Users Chapter 7 Controlling Login Users 7.1 Introduction A switch provides ways to control different types of login users, as listed in Table 7-1. Table 7-1 Ways to control different types of login users...
Page 86: Controlling Telnet Users By Source And Destination Ip Addresses
Operation Manual – Login Quidway S3100 Series Ethernet Switches Chapter 7 Controlling Login Users Table 7-2 Control Telnet users by source IP addresses Operation Command Description — Enter system view system-view number Create basic number acl-number command, config ACL or enter basic...
Page 87: Configuration Example
Operation Manual – Login Quidway S3100 Series Ethernet Switches Chapter 7 Controlling Login Users Operation Command Description Quit system — quit view Enter user user-interface type — interface view first-number [ last-number ] Required inbound keyword Apply the ACL to...
Page 88: Controlling Network Management Users By Source Ip Addresses
Operation Manual – Login Quidway S3100 Series Ethernet Switches Chapter 7 Controlling Login Users [Quidway] acl number 2000 match-order config [Quidway-acl-basic-2000] rule 1 permit source 10.110.100.52 0 [Quidway-acl-basic-2000] rule 2 permit source 10.110.100.46 0 [Quidway-acl-basic-2000] rule 3 deny source any [Quidway-acl-basic-2000] quit # Apply the ACL.
Page 89 Operation Manual – Login Quidway S3100 Series Ethernet Switches Chapter 7 Controlling Login Users Operation Command Description Apply snmp-agent community { read while configuring write community-name Optional SNMP [ [ mib-view view-name ] | [ acl community name acl-number ] ]*...
Page 90: Configuration Example
# Apply the ACL to only permit SNMP users sourced from the IP addresses of 10.110.100.52 and 10.110.100.46 to access the switch. [Quidway] snmp-agent community read huawei acl 2000 [Quidway] snmp-agent group v2c huaweigroup acl 2000 [Quidway] snmp-agent usm-user v2c huaweiuser huaweigroup acl 2000 7.4 Controlling Web Users by Source IP Address...
Page 91: Prerequisites
Operation Manual – Login Quidway S3100 Series Ethernet Switches Chapter 7 Controlling Login Users 7.4.1 Prerequisites The controlling policy against Web users is determined, including the source IP addresses to be controlled and the controlling actions (permitting or denying). 7.4.2 Controlling Web Users by Source IP Addresses Controlling Web users by source IP addresses is achieved by applying basic ACLs, which are numbered from 2000 to 2999.
Page 92 Operation Manual – Login Quidway S3100 Series Ethernet Switches Chapter 7 Controlling Login Users II. Network diagram Internet Internet Sw itch Sw itch Figure 7-3 Network diagram for controlling Web users using ACL III. Configuration procedure # Define a basic ACL.
Page 93 HUAWEI Quidway S3100 Series Ethernet Switches Operation Manual VLAN Huawei Technologies Proprietary...
Page 94 Operation Manual – VLAN Quidway S3100 Series Ethernet Switches Table of Contents Table of Contents Chapter 1 VLAN Configuration ....................1-1 1.1 VLAN Overview........................1-1 1.1.1 Introduction to VLAN ....................1-1 1.1.2 VLAN Classification....................1-2 1.2 VLAN Configuration ......................1-2 1.2.1 Basic VLAN Configuration..................
Page 95: Chapter 1 Vlan Configuration
Operation Manual – VLAN Quidway S3100 Series Ethernet Switches Chapter 1 VLAN Configuration Chapter 1 VLAN Configuration 1.1 VLAN Overview 1.1.1 Introduction to VLAN The virtual local area network (VLAN) technology is developed for switches to control broadcast operations in LANs.
Page 96: Vlan Classification
Operation Manual – VLAN Quidway S3100 Series Ethernet Switches Chapter 1 VLAN Configuration Configuration workload is reduced. VLAN can be used to group specific hosts. When the physical position of a host changes, no additional network configuration is required if the host still belongs to the same VLAN.
Page 97: Creating Vlans In Batches
VLAN, you can use the port trunk permit vlan and port hybrid vlan commands in Ethernet port view. Refer to the Port Operation section in Quidway S3100 Series Ethernet Switch Operation Manual for more. 1.3 Displaying a VLAN After the above configuration, you can execute the display command in any view to view the running of the VLAN configuration, and to verify the effect of the configuration.
Page 98: Vlan Configuration Example
Operation Manual – VLAN Quidway S3100 Series Ethernet Switches Chapter 1 VLAN Configuration Table 1-4 Display the information about specified VLANs Operation Command Display the information display vlan [ vlan-id1 [ to vlan-id2 ] | all | static | about specified VLANs dynamic ] 1.4 VLAN Configuration Example...
Page 99 Operation Manual – VLAN Quidway S3100 Series Ethernet Switches Chapter 1 VLAN Configuration [Quidway-vlan2] vlan 3 # Add Ethernet1/0/3 and Ethernet1/0/4 ports to VLAN 3. [Quidway-vlan3] port ethernet1/0/3 ethernet1/0/4 Huawei Technologies Proprietary...
Page 100 HUAWEI Quidway S3100 Series Ethernet Switches Operation Manual Management VLAN Huawei Technologies Proprietary...
Page 101 Operation Manual – Management VLAN Quidway S3100 Series Ethernet Switches Table of Contents Table of Contents Chapter 1 Management VLAN Configuration ................1-1 1.1 Introduction to Management VLAN..................1-1 1.1.1 Management VLAN ....................1-1 1.1.2 Static Route......................1-1 1.2 Management VLAN Configuration ..................1-2 1.2.1 Prerequisites ......................
Page 102: Chapter 1 Management Vlan Configuration
Operation Manual – Management VLAN Quidway S3100 Series Ethernet Switches Chapter 1 Management VLAN Configuration Chapter 1 Management VLAN Configuration 1.1 Introduction to Management VLAN 1.1.1 Management VLAN To manage an Ethernet switch remotely through Telnet or network management, the switch need to be assigned an IP address.
Page 103: Management Vlan Configuration
Operation Manual – Management VLAN Quidway S3100 Series Ethernet Switches Chapter 1 Management VLAN Configuration 1.2 Management VLAN Configuration 1.2.1 Prerequisites Before configuring the management VLAN, make sure the VLAN operating as the management VLAN exists. If VLAN 1 (the default VLAN) is the management VLAN, just go ahead.
Page 104: Configuration Example
Operation Manual – Management VLAN Quidway S3100 Series Ethernet Switches Chapter 1 Management VLAN Configuration Operation Command Remark Optional Shut down By default, a management management Shutdown VLAN interface is down if all VLAN interface the Ethernet ports in the management VLAN are down;...
Page 105 Operation Manual – Management VLAN Quidway S3100 Series Ethernet Switches Chapter 1 Management VLAN Configuration II. Configuration procedure # Enter system view. <QuidwayA> system-view # Create VLAN 10 and configure VLAN 10 to be the management VLAN. [QuidwayA] vlan 10...
Page 106: Displaying And Debugging Management Vlan
Operation Manual – Management VLAN Quidway S3100 Series Ethernet Switches Chapter 1 Management VLAN Configuration 1.3 Displaying and Debugging Management VLAN Table 1-2 Display and debug management VLAN Operation Command Description Display IP-related display interface information about a [ vlan-interface vlan-id ]...
Page 107: Chapter 2 Dhcp/Bootp Client Configuration
Operation Manual – Management VLAN Quidway S3100 Series Ethernet Switches Chapter 2 DHCP/BOOTP Client Configuration Chapter 2 DHCP/BOOTP Client Configuration 2.1 Introduction to DHCP Client As the network scale expands and the network complexity increases, the network configurations become more and more complex accordingly. It is usually the case that the computer locations change (such as the portable computers or wireless networks) or the number of the computers exceeds that of the available IP addresses.
Page 108 Operation Manual – Management VLAN Quidway S3100 Series Ethernet Switches Chapter 2 DHCP/BOOTP Client Configuration DHCP Client DHCP Client DHCP Client DHCP Server DHCP Server DHCP Server DHCP Client DHCP Client DHCP Client DHCP Server DHCP Server DHCP Server DHCP Client...
Page 109: Introduction To Bootp Client
Operation Manual – Management VLAN Quidway S3100 Series Ethernet Switches Chapter 2 DHCP/BOOTP Client Configuration Acknowledgement. Upon receiving the DHCP_Request packet, the DHCP server that owns the IP address the DHCP_Request packet carries sends a DHCP_ACK packet to the DHCP client. In this way, the DHCP client binds TCP/IP protocol components to its network adapter.
Page 110: Dhcp/Bootp Client Configuration
Operation Manual – Management VLAN Quidway S3100 Series Ethernet Switches Chapter 2 DHCP/BOOTP Client Configuration The BOOTP packets are based on user datagram protocol (UDP). To ensure reliable packet transmission, a timer is triggered when the BOOTP client sends a request packet to the server.
Page 111: Configuration Example
Operation Manual – Management VLAN Quidway S3100 Series Ethernet Switches Chapter 2 DHCP/BOOTP Client Configuration 2.3.3 Configuration Example I. Network requirements To manage the switch QuidwayA remotely, which operates as a DHCP client, through Telnet, The following are required: QuidwayA has an IP address that is obtained through DHCP...
Page 112 HUAWEI Quidway S3100 Series Ethernet Switches Operation Manual GVRP Huawei Technologies Proprietary...
Page 113 Operation Manual – GVRP Quidway S3100 Series Ethernet Switches Table of Contents Table of Contents Chapter 1 GVRP Configuration ....................1-1 1.1 Introduction to GVRP......................1-1 1.1.1 GVRP Mechanism....................1-1 1.1.2 GVRP Packet Format....................1-3 1.1.3 Protocol Specifications.................... 1-4 1.2 GVRP Configuration ......................1-4 1.2.1 Configuration Prerequisite..................
Page 114: Chapter 1 Gvrp Configuration
Operation Manual – GVRP Quidway S3100 Series Ethernet Switches Chapter 1 GVRP Configuration Chapter 1 GVRP Configuration 1.1 Introduction to GVRP GVRP (GARP VLAN registration protocol) is an application of GARP (generic attribute registration protocol). GVRP is based on the mechanism of GARP; it maintains dynamic VLAN registration information and propagates the information to other switches.
Page 115 Operation Manual – GVRP Quidway S3100 Series Ethernet Switches Chapter 1 GVRP Configuration attribute information to be registered can be propagated to all the switches in the same switching network. GARP has the following timers: Hold: When a GARP entity receives a piece of registration information, it does not send out a Join message immediately.
Page 116: Gvrp Packet Format
Operation Manual – GVRP Quidway S3100 Series Ethernet Switches Chapter 1 GVRP Configuration them by their destination MAC addresses and delivers them to different GARP application (for example, GVRP) for further processing. 1.1.2 GVRP Packet Format The GVRP packets are in the following format: Figure 1-1 Format of GVRP packets The following table describes the packet fields in the above figure.
Page 117: Protocol Specifications
Operation Manual – GVRP Quidway S3100 Series Ethernet Switches Chapter 1 GVRP Configuration Field Description Value 0: LeaveAll Event 1: JoinEmpty 2: JoinIn The event described by the Attribute Event attribute 3: LeaveEmpty 4: LeaveIn 5: Empty The attribute value of GVRP...
Page 118 Operation Manual – GVRP Quidway S3100 Series Ethernet Switches Chapter 1 GVRP Configuration Operation Command Description Exit and return to quit — system view Required Enable GVRP gvrp By default, GVRP is disabled globally globally. Enter Ethernet interface interface-type —...
Page 119: Displaying Gvrp
Operation Manual – GVRP Quidway S3100 Series Ethernet Switches Chapter 1 GVRP Configuration Timer Lower threshold Upper threshold This lower threshold greater than the timeout time of the Leave timer. You can LeaveAll 32,765 centiseconds change threshold changing the timeout time of the Leave timer.
Page 120 Operation Manual – GVRP Quidway S3100 Series Ethernet Switches Chapter 1 GVRP Configuration III. Configuration procedure Configure switch A: # Enable GVRP globally. <Quidway> system-view [Quidway] gvrp # Set the port Ethernet1/0/1 to a Trunk port, and allow all VLAN packets to pass through the port.
Page 121 HUAWEI Quidway S3100 Series Ethernet Switches Operation Manual Port Huawei Technologies Proprietary...
Page 122 Operation Manual – Port Quidway S3100 Series Ethernet Switches Table of Contents Table of Contents Chapter 1 Basic Port Configuration .................... 1-1 1.1 Ethernet Port Overview...................... 1-1 1.1.1 Types and Numbers of Ethernet Ports..............1-1 1.1.2 Link Types of Ethernet Ports................... 1-1 1.1.3 Configuring the Default VLAN ID for an Ethernet Port..........
Page 123: Chapter 1 Basic Port Configuration
Operation Manual – Port Quidway S3100 Series Ethernet Switches Chapter 1 Basic Port Configuration Chapter 1 Basic Port Configuration 1.1 Ethernet Port Overview 1.1.1 Types and Numbers of Ethernet Ports Table 1-1 lists the types and numbers of the Ethernet ports and the numbers of the expansion slots available on the S3100 series Ethernet switches.
Page 124: Configuring The Default Vlan Id For An Ethernet Port
Operation Manual – Port Quidway S3100 Series Ethernet Switches Chapter 1 Basic Port Configuration Trunk: A trunk port can belong to more than one VLAN. It can receive/send packets from/to multiple VLANs, and is generally used to connect another switch.
Page 125 Operation Manual – Port Quidway S3100 Series Ethernet Switches Chapter 1 Basic Port Configuration Table 1-2 Processing of incoming/outgoing packets Processing of an incoming packet If the Port Processing of an packet If the packet carries a type outgoing packet...
Page 126: Adding An Ethernet Port To Specified Vlans
Operation Manual – Port Quidway S3100 Series Ethernet Switches Chapter 1 Basic Port Configuration 1.1.4 Adding an Ethernet Port to Specified VLANs You can add the specified Ethernet port to a specified VLAN. After that, the Ethernet port can forward the packets of the specified VLAN, so that the VLAN on this switch can intercommunicate with the same VLAN on the peer switch.
Page 127: Setting The Ethernet Port Broadcast Suppression Ratio
Operation Manual – Port Quidway S3100 Series Ethernet Switches Chapter 1 Basic Port Configuration 1.2.2 Setting the Ethernet Port Broadcast Suppression Ratio You can use the broadcast-suppression commands to restrict the broadcast traffic allowed to pass through a port. After that, if the broadcast traffic on the port exceeds the...
Page 128: Configuring Access Port Attribute
Operation Manual – Port Quidway S3100 Series Ethernet Switches Chapter 1 Basic Port Configuration Operation Command Remarks default, flow Enable flow control on the flow-control control is not enabled Ethernet port on the port. 1.2.4 Configuring Access Port Attribute Table 1-6 Configure access port attribute...
Page 129: Configuring Trunk Port Attribute
Operation Manual – Port Quidway S3100 Series Ethernet Switches Chapter 1 Basic Port Configuration 1.2.6 Configuring Trunk Port Attribute Table 1-8 Configure trunk port attribute Operation Command Remarks — Enter system view System-view interface interface-type — Enter Ethernet port view...
Page 130: Setting Loopback Detection For An Ethernet Port
Operation Manual – Port Quidway S3100 Series Ethernet Switches Chapter 1 Basic Port Configuration Note: If you specify the source aggregation group ID, the system uses the port with the smallest port number in the aggregation group as the source.
Page 131: Configuring The Ethernet Port To Run Loopback Test
Operation Manual – Port Quidway S3100 Series Ethernet Switches Chapter 1 Basic Port Configuration Operation Command Remarks Optional Configure the system loopback By default, the system runs loopback-detection detection loopback detection only on per-vlan enable VLANs for the trunk the default VLAN for the and hybrid ports trunk and hybrid ports.
Page 132: Enabling The System To Test Connected Cable
Operation Manual – Port Quidway S3100 Series Ethernet Switches Chapter 1 Basic Port Configuration 1.2.10 Enabling the System to Test Connected Cable You can enable the system to test the cable connected to a specific port. The test result will be returned in five minutes. The system can test these attributes of the cable: Receive and transmit directions (RX and TX), short circuit/open circuit or not, the length of the faulty cable.
Page 133: Ethernet Port Configuration Example
Operation Manual – Port Quidway S3100 Series Ethernet Switches Chapter 1 Basic Port Configuration 1.3 Ethernet Port Configuration Example I. Network requirements Switch A is connected to Switch B through trunk port Ethernet1/0/1. Configure the default VLAN ID for the trunk port as 100.
Page 134: Link Aggregation
HUAWEI Quidway S3100 Series Ethernet Switches Operation Manual Link Aggregation Huawei Technologies Proprietary...
Page 135 Operation Manual – Link Aggregation Quidway S3100 Series Ethernet Switches Table of Contents Table of Contents Chapter 1 Link Aggregation Configuration ................1-1 1.1 Overview ..........................1-1 1.1.1 Introduction to Link Aggregation ................1-1 1.1.2 Manual Aggregation ....................1-2 1.1.3 Aggregation Group Categories ................1-2 1.2 Link Aggregation Configuration ..................
Page 136: Chapter 1 Link Aggregation Configuration
Operation Manual – Link Aggregation Quidway S3100 Series Ethernet Switches Chapter 1 Link Aggregation Configuration Chapter 1 Link Aggregation Configuration 1.1 Overview 1.1.1 Introduction to Link Aggregation Link aggregation means aggregating several ports together to implement the outgoing/incoming load sharing among the member ports and to enhance the connection reliability.
Page 137: Aggregation Group Categories
Operation Manual – Link Aggregation Quidway S3100 Series Ethernet Switches Chapter 1 Link Aggregation Configuration Caution: An FE port and a GE port cannot be put into the same aggregation group. Each FE aggregation group can have up to eight FE ports in selected state, and each GE aggregation group can have up to two GE ports in selected state.
Page 138: Link Aggregation Configuration
Operation Manual – Link Aggregation Quidway S3100 Series Ethernet Switches Chapter 1 Link Aggregation Configuration The system always allocates hardware aggregation resources to the aggregation groups with higher priorities. When load-sharing aggregation resources are used up for existing aggregation groups,...
Page 139: Displaying And Debugging Link Aggregation
Operation Manual – Link Aggregation Quidway S3100 Series Ethernet Switches Chapter 1 Link Aggregation Configuration Operation Command Description Enter Ethernet port view interface interface-type interface-num — Add the Ethernet port to port link-aggregation group agg-id Required the aggregation group When adding an Ethernet port to an aggregation group, note that:...
Page 140 Operation Manual – Link Aggregation Quidway S3100 Series Ethernet Switches Chapter 1 Link Aggregation Configuration II. Network diagram Figure 1-1 Network diagram for link aggregation configuration III. Configuration procedure Note: The following only lists the configuration for Switch A; configure Switch B in the similar way.
Page 141: Port Isolation
HUAWEI Quidway S3100 Series Ethernet Switches Operation Manual Port Isolation Huawei Technologies Proprietary...
Page 142 Operation Manual – Port Isolation Quidway S3100 Series Ethernet Switches Table of Contents Table of Contents Chapter 1 Port Isolation Configuration ..................1-1 1.1 Port Isolation Overview...................... 1-1 1.1.1 Introduction to Port Isolation ................... 1-1 1.1.2 Port Isolation and Port Aggregation ................ 1-1 1.2 Port Isolation Configuration ....................
Page 143: Port Isolation Overview
Operation Manual – Port Isolation Quidway S3100 Series Ethernet Switches Chapter 1 Port Isolation Configuration Chapter 1 Port Isolation Configuration 1.1 Port Isolation Overview 1.1.1 Introduction to Port Isolation The port isolation function enables you to isolate the ports to be controlled on Layer 2 by adding the ports to an isolation group, through which you can improving network security and network in a more flexible way.
Page 144: Port Isolation Configuration Example
Operation Manual – Port Isolation Quidway S3100 Series Ethernet Switches Chapter 1 Port Isolation Configuration 1.3 Displaying Port Isolation After the above configuration, you can execute the display command in any view to display the information about the Ethernet ports added to the isolation group.
Page 145 Operation Manual – Port Isolation Quidway S3100 Series Ethernet Switches Chapter 1 Port Isolation Configuration [Quidway] interface ethernet1/0/2 [Quidway-Ethernet1/0/2] port isolate [Quidway-Ethernet1/0/2] quit [Quidway] interface ethernet1/0/3 [Quidway-Ethernet1/0/3] port isolate [Quidway-Ethernet1/0/3] quit [Quidway] interface ethernet1/0/4 [Quidway-Ethernet1/0/4] port isolate [Quidway-Ethernet1/0/4] quit [Quidway] # Display the information about the ports in the isolation group.
Page 146: Mac Address Forwarding Table
HUAWEI Quidway S3100 Series Ethernet Switches Operation Manual MAC Address Forwarding Table Huawei Technologies Proprietary...
Page 147 Forwarding Table Operation Manual – Address Quidway S3100 Series Ethernet Switches Table of Contents Table of Contents Chapter 1 MAC Address Table Management................1-1 1.1 Overview ..........................1-1 1.1.1 Introduction to MAC Address Table ................ 1-1 1.1.2 Entries in a MAC Address Table ................1-1 1.1.3 MAC Address Learning Mechanism ...............
Page 148: Chapter 1 Mac Address Table Management
Note: This chapter describes the management of static, dynamic, and blackhole MAC address entries. For information about the management of multicast MAC address entries, refer to the IGMP Snooping-related section in Quidway S3100 Series Ethernet Switches Operation Manual. 1.1 Overview 1.1.1 Introduction to MAC Address Table...
Page 149: Mac Address Learning Mechanism
Forwarding Table Operation Manual – Address Quidway S3100 Series Ethernet Switches Chapter 1 MAC Address Table Management Table 1-1 lists the different types of MAC address entries and their characteristics. Table 1-1 Characteristics of different types of MAC address entries...
Page 150: Aging Time Of Mac Address Entries
Forwarding Table Operation Manual – Address Quidway S3100 Series Ethernet Switches Chapter 1 MAC Address Table Management Note: Among the two types of packets (unicast packets and broadcast packets), the MAC address learning mechanism enables a switch to learn MAC addresses from only unicast packets.
Page 151: Mac Address Table Management
Forwarding Table Operation Manual – Address Quidway S3100 Series Ethernet Switches Chapter 1 MAC Address Table Management Note: The total number of static MAC addresses and blackhole MAC addresses that can be configured for a switch is 1,024. The number of static MAC addresses and blackhole MAC addresses depends on the maximum number of MAC address entries configured for a switch.
Page 152: Displaying And Maintaining A Mac Address Table
Forwarding Table Operation Manual – Address Quidway S3100 Series Ethernet Switches Chapter 1 MAC Address Table Management can limit the number of MAC address entries a switch maintains. A port stops learning MAC addresses if the number of MAC addresses it has learnt reaches the set value.
Page 153 Forwarding Table Operation Manual – Address Quidway S3100 Series Ethernet Switches Chapter 1 MAC Address Table Management II. Network diagram Internet Internet ternet ternet Network Network port port Console port Console port Switch Switch Switch Switch Figure 1-1 Network diagram for MAC address table configuration III.
Page 154 HUAWEI Quidway S3100 Series Ethernet Switches Operation Manual MSTP Huawei Technologies Proprietary...
Page 155 Operation Manual – MSTP Quidway S3100 Series Ethernet Switches Table of Contents Table of Contents Chapter 1 MSTP Configuration ....................1-1 1.1 MSTP Overview ......................... 1-1 1.1.1 MSTP Protocol Data Unit ..................1-1 1.1.2 Basic MSTP Terminologies..................1-2 1.1.3 Implementation of MSTP..................1-5 1.1.4 MSTP Implementation on Switches ................
Page 156 Operation Manual – MSTP Quidway S3100 Series Ethernet Switches Table of Contents 1.5.3 BPDU Protection Configuration................1-33 1.5.4 Root Protection Configuration ................1-34 1.5.5 Loop Prevention Configuration................1-35 1.5.6 TC-BPDU Attack Prevention Configuration ............1-36 1.6 Digest Snooping Configuration ..................1-36 1.6.1 Introduction......................
Page 157: Chapter 1 Mstp Configuration
Operation Manual – MSTP Quidway S3100 Series Ethernet Switches Chapter 1 MSTP Configuration Chapter 1 MSTP Configuration 1.1 MSTP Overview Spanning tree protocol (STP) cannot enable Ethernet ports to transit their states rapidly. It costs two times of the forward delay for a port to transit to the forwarding state even if the port is on a point-to-point link or the port is an edge port.
Page 158: Basic Mstp Terminologies
Operation Manual – MSTP Quidway S3100 Series Ethernet Switches Chapter 1 MSTP Configuration 1.1.2 Basic MSTP Terminologies Figure 1-1 illustrates basic MSTP terms (assuming that MSTP is enabled on each switch in this figure). Region A0 CIST: Common and Internal...
Page 159 Operation Manual – MSTP Quidway S3100 Series Ethernet Switches Chapter 1 MSTP Configuration III. VLAN mapping table A VLAN mapping table is a property of an MST region. It contains information about how VLANs are mapped to MSTIs. For example, in Figure 1-1, the information contained in the VLAN mapping table of region A0 is: VLAN 1 is mapped to MSTI 1;...
Page 160 Operation Manual – MSTP Quidway S3100 Series Ethernet Switches Chapter 1 MSTP Configuration A master port connects a MST region to the common root. The path from the master port to the common root is the shortest path between the MST region and the common root.
Page 161: Implementation Of Mstp
Operation Manual – MSTP Quidway S3100 Series Ethernet Switches Chapter 1 MSTP Configuration Forwarding state: Ports in this state can forward user packets and receive/send BPDU packets. Learning state: Ports in this state can receive/send BPDU packets. Discarding state: Ports in this state can only receive BPDU packets.
Page 162 Operation Manual – MSTP Quidway S3100 Series Ethernet Switches Chapter 1 MSTP Configuration If the priority of the configuration BPDU is lower than that of the configuration BPDU of the port itself, the switch discards the BPDU and does not change the configuration BPDU of the port.
Page 163: Mstp Implementation On Switches
Operation Manual – MSTP Quidway S3100 Series Ethernet Switches Chapter 1 MSTP Configuration 1.1.4 MSTP Implementation on Switches MSTP is compatible with both STP and RSTP. That is, switches with MSTP employed can recognize the protocol packets of STP and RSTP and use them to generate spanning trees.
Page 164: Prerequisites
Operation Manual – MSTP Quidway S3100 Series Ethernet Switches Chapter 1 MSTP Configuration Operation Description Related section Optional Network diameter Section 1.2.7 “Network configuration Diameter Configuration” The default is recommended. Optional Section 1.2.8 “MSTP MSTP time-related Time-related defaults configuration Configuration”...
Page 165 Operation Manual – MSTP Quidway S3100 Series Ethernet Switches Chapter 1 MSTP Configuration Operation Command Description Required Configure a name The default MST region name region-name name for the MST region of a switch is its MAC address. Required instance instance-id vlan...
Page 166: Root Bridge/Secondary Root Bridge Configuration
Operation Manual – MSTP Quidway S3100 Series Ethernet Switches Chapter 1 MSTP Configuration II. Configuration example # Configure an MST region, with the name being “info”, the MSTP revision level being level 1, VLAN 2 through VLAN 10 being mapped to spanning tree instance 1, and VLAN 20 through VLAN 30 being mapped to spanning tree 2.
Page 167 Operation Manual – MSTP Quidway S3100 Series Ethernet Switches Chapter 1 MSTP Configuration II. Secondary root bridge configuration Table 1-5 Specify the current switch as the secondary root bridge of a specified spanning tree Operation Command Description Enter system view —...
Page 168: Bridge Priority Configuration
Operation Manual – MSTP Quidway S3100 Series Ethernet Switches Chapter 1 MSTP Configuration Note: You can configure a switch as the root bridges of multiple spanning tree instances. But you cannot configure two or more root bridges for one spanning tree instance.
Page 169: Mstp Operation Mode Configuration
Operation Manual – MSTP Quidway S3100 Series Ethernet Switches Chapter 1 MSTP Configuration Caution: Once you specify a switch as the root bridge or a secondary root bridge by using the stp root primary or stp root secondary command, the bridge priority of the switch is not configurable.
Page 170: Mst Region Maximum Hops Configuration
Operation Manual – MSTP Quidway S3100 Series Ethernet Switches Chapter 1 MSTP Configuration II. Configuration example # Configure the current switch to operate in the STP-compliant mode. <Quidway> system-view System View: return to User View with Ctrl+Z. [Quidway] stp mode stp 1.2.6 MST Region Maximum Hops Configuration...
Page 171: Network Diameter Configuration
Operation Manual – MSTP Quidway S3100 Series Ethernet Switches Chapter 1 MSTP Configuration 1.2.7 Network Diameter Configuration In a switched network, any two switches can communicate with each other through a path, on which there may be some other switches. The network diameter of a network is measured by the number of switches;...
Page 172 Operation Manual – MSTP Quidway S3100 Series Ethernet Switches Chapter 1 MSTP Configuration Forward delay parameter) for them to turn to the forwarding state. The period ensures that the newly generated configuration BPDUs to propagate across the entire network. The Hello time parameter is for link testing.
Page 173 Operation Manual – MSTP Quidway S3100 Series Ethernet Switches Chapter 1 MSTP Configuration Caution: The Forward delay parameter and the network diameter are correlated. Normally, a large network diameter corresponds to a large Forward delay. A too small Forward delay parameter may result in temporary redundant paths. And a too large Forward delay parameter may cause a network unable to resume the normal state in time after changes occurred to the network.
Page 174: Timeout Time Factor Configuration
Operation Manual – MSTP Quidway S3100 Series Ethernet Switches Chapter 1 MSTP Configuration 1.2.9 Timeout Time Factor Configuration A switch regularly sends protocol packets to its neighboring devices at the interval specified by the Hello time parameter to test the links. Normally, a switch regards its...
Page 175 Operation Manual – MSTP Quidway S3100 Series Ethernet Switches Chapter 1 MSTP Configuration I. Configuration procedure (in system view) Table 1-12 Configure the maximum transmitting speed for specified ports in system view Operation Command Description Enter system view — system-view...
Page 176: Edge Port Configuration
Operation Manual – MSTP Quidway S3100 Series Ethernet Switches Chapter 1 MSTP Configuration 1.2.11 Edge Port Configuration Edge ports are ports that neither directly connects to other switches nor indirectly connects to other switches through network segments. After a port is configured as an edge port, rapid transition is applicable to the port.
Page 177: Point-To-Point Link-Related Configuration
Operation Manual – MSTP Quidway S3100 Series Ethernet Switches Chapter 1 MSTP Configuration III. Configuration example # Configure Ethernet1/0/1 port as an edge port. Configure in system view. <Quidway> system-view System View: return to User View with Ctrl+Z. [Quidway] stp interface ethernet1/0/1 edged-port enable Configure in Ethernet port view.
Page 178 Operation Manual – MSTP Quidway S3100 Series Ethernet Switches Chapter 1 MSTP Configuration II. Configuration procedure (in Ethernet port view) Table 1-17 Specify whether or not the link connected to a specific port is a point-to-point link (in Ethernet port view)
Page 179 Operation Manual – MSTP Quidway S3100 Series Ethernet Switches Chapter 1 MSTP Configuration Configure in Ethernet port view. <Quidway> system-view System View: return to User View with Ctrl+Z. [Quidway] interface ethernet1/0/1 [Quidway-Ethernet1/0/1] stp point-to-point force-true 1.2.13 MSTP Configuration I. Configuration procedure...
Page 180: Mstp Configuration
Operation Manual – MSTP Quidway S3100 Series Ethernet Switches Chapter 1 MSTP Configuration Operation Command Description Optional By default, MSTP is enabled on all ports after you enable MSTP in system view. To enable a switch to operate Disable MSTP on...
Page 181: Prerequisites
Operation Manual – MSTP Quidway S3100 Series Ethernet Switches Chapter 1 MSTP Configuration Operation Description Related section MSTP operation Section 1.2.5 “MSTP mode Optional Operation Mode configuration Configuration” Timeout time Section 1.2.9 “Timeout Time factor Optional Factor Configuration” configuration Maximum Section 1.2.10...
Page 182: Timeout Time Factor Configuration
Adopts the IEEE 802.1t standard to calculate the default path costs of ports. legacy: Adopts the standard defined by Huawei-3Com to calculate the default path costs of ports. Table 1-21 Specify the standard for calculating path costs...
Page 183 Operation Manual – MSTP Quidway S3100 Series Ethernet Switches Chapter 1 MSTP Configuration Table 1-22 Transmission speeds and the corresponding path costs Transm Standard Operation mode ission 802.1D-1998 IEEE 802.1t defined by (half-/full-duplex) speed Huawei-3Com — 65,535 200,000,000 200,000 Half-duplex...
Page 184 Operation Manual – MSTP Quidway S3100 Series Ethernet Switches Chapter 1 MSTP Configuration Operation Command Description Required Configure the path stp interface interface-list A MSTP-enabled switch can cost for specified [ instance instance-id ] cost calculate path costs for all its...
Page 185: Port Priority Configuration
Operation Manual – MSTP Quidway S3100 Series Ethernet Switches Chapter 1 MSTP Configuration Configure in Ethernet port view. <Quidway> system-view System View: return to User View with Ctrl+Z. [Quidway] interface ethernet1/0/1 [Quidway-Ethernet1/0/1] undo stp instance 1 cost [Quidway-Ethernet1/0/1] quit [Quidway] stp pathcost-standard dot1d-1998 1.3.8 Port Priority Configuration...
Page 186: Point-To-Point Link-Related Configuration
Operation Manual – MSTP Quidway S3100 Series Ethernet Switches Chapter 1 MSTP Configuration A lower port priority value indicates a higher port priority. If all the ports of a switch have the same port priority value, the port priorities are determined by the port indexes.
Page 187: Configuration Example
Operation Manual – MSTP Quidway S3100 Series Ethernet Switches Chapter 1 MSTP Configuration I. Performing the mCheck operation in system view Table 1-27 Perform the mCheck operation in system view Operation Command Description Enter system view — system-view Perform stp [ interface interface-list ]...
Page 188: Protection Function Configuration
Operation Manual – MSTP Quidway S3100 Series Ethernet Switches Chapter 1 MSTP Configuration 1.5 Protection Function Configuration 1.5.1 Introduction The following protection functions are provided on MSTP-enabled switches: BPDU protection, root protection, loop prevention, and TC-BPDU attack prevention. I. BPDU protection Normally, the access ports of the devices operating on the access layer directly connect to terminals (such as PCs) or file servers.
Page 189: Bpdu Protection Configuration
Operation Manual – MSTP Quidway S3100 Series Ethernet Switches Chapter 1 MSTP Configuration The loop prevention function suppresses loops. With this function enabled, a root port does not gives up its position and blocked ports remain in discarding state (do not forward packets), and thereby loops can be prevented.
Page 190: Root Protection Configuration
Operation Manual – MSTP Quidway S3100 Series Ethernet Switches Chapter 1 MSTP Configuration System View: return to User View with Ctrl+Z. [Quidway] stp bpdu-protection Caution: The BPDU protection function does not take effect on the Gigabit ports that cannot be shut down.
Page 191: Loop Prevention Configuration
Operation Manual – MSTP Quidway S3100 Series Ethernet Switches Chapter 1 MSTP Configuration System View: return to User View with Ctrl+Z. [Quidway] interface ethernet1/0/1 [Quidway-Ethernet1/0/1] stp root-protection 1.5.5 Loop Prevention Configuration You can configure the loop prevention function in the following two ways.
Page 192: Tc-Bpdu Attack Prevention Configuration
Operation Manual – MSTP Quidway S3100 Series Ethernet Switches Chapter 1 MSTP Configuration 1.5.6 TC-BPDU Attack Prevention Configuration I. Configuration procedure Table 1-34 Enable the TC-BPDU attack prevention function Operation Command Description Enter system view — system-view Required Enable TC-BPDU...
Page 193: Digest Snooping Configuration
Operation Manual – MSTP Quidway S3100 Series Ethernet Switches Chapter 1 MSTP Configuration 1.6.2 Digest Snooping Configuration Configure the digest snooping feature on a switch to enable it to interwork with other switches that adopt proprietary protocols to calculate configuration digests in the same MST region through MSTIs.
Page 194: Rapid Transition Configuration
Operation Manual – MSTP Quidway S3100 Series Ethernet Switches Chapter 1 MSTP Configuration Note: The digest snooping feature is needed only when your S3100 series switch is connected to partner's proprietary protocol-adopted switches. To enable the digest snooping feature successfully, you must first enable it on all the ports of your S3100 series switch that are connected to partner's proprietary protocol-adopted switches and then enable it globally.
Page 195 Operation Manual – MSTP Quidway S3100 Series Ethernet Switches Chapter 1 MSTP Configuration Upstream sw itch Upstream sw itch Upstream sw itch Upstream sw itch Dow nstream switch Dow nstream switch Dow nstream switch Dow nstream switch Sends proposal packets to...
Page 196: Rapid Transition Configuration
Operation Manual – MSTP Quidway S3100 Series Ethernet Switches Chapter 1 MSTP Configuration instead of waiting for agreement packets from the upstream switch. This enables designated ports of the upstream switch to change their states rapidly. 1.7.2 Rapid Transition Configuration I.
Page 197: Mstp Displaying And Debugging
Operation Manual – MSTP Quidway S3100 Series Ethernet Switches Chapter 1 MSTP Configuration Configure in Ethernet port view. Table 1-37 Configure the rapid transition feature in Ethernet port view Operation Command Description Enter system view — system-view Enter Ethernet port...
Page 198 Operation Manual – MSTP Quidway S3100 Series Ethernet Switches Chapter 1 MSTP Configuration In this network, Switch A and Switch B operate on the distribution layer; Switch C and Switch D operate on the access layer. VLAN 10 and VLAN 30 are limited in the distribution layer and VLAN 40 is limited in the access layer.
Page 199 Operation Manual – MSTP Quidway S3100 Series Ethernet Switches Chapter 1 MSTP Configuration # Specify Switch A as the root bridge of spanning tree instance 1. [Quidway] stp instance 1 root primary Configure Switch B. # Enter MST region view.
Page 200 Operation Manual – MSTP Quidway S3100 Series Ethernet Switches Chapter 1 MSTP Configuration # Configure the MST region. [Quidway-mst-region] region-name example [Quidway-mst-region] instance 1 vlan 10 [Quidway-mst-region] instance 3 vlan 30 [Quidway-mst-region] instance 4 vlan 40 [Quidway-mst-region] revision-level 0 # Activate the settings of the MST region.
Page 201 HUAWEI Quidway S3100 Series Ethernet Switches Operation Manual 802.1x Huawei Technologies Proprietary...
Page 202 Operation Manual – 802.1x Quidway S3100 Series Ethernet Switches Table of Contents Table of Contents Chapter 1 802.1x Configuration ....................1-1 1.1 Introduction to 802.1x ......................1-1 1.1.1 Architecture of 802.1x Authentication ..............1-1 1.1.2 The Mechanism of an 802.1x Authentication System..........1-3 1.1.3 Encapsulation of EAPoL Messages ................
Page 203: Chapter 1 802.1X Configuration
Operation Manual – 802.1x Quidway S3100 Series Ethernet Switches Chapter 1 802.1x Configuration Chapter 1 802.1x Configuration 1.1 Introduction to 802.1x The 802.1x protocol (802.1x for short) was developed by IEEE802 LAN/WAN committee to address security issues of wireless LANs. It was then used in Ethernet as a common access control mechanism for LAN ports to address mainly authentication and security problems.
Page 204 Operation Manual – 802.1x Quidway S3100 Series Ethernet Switches Chapter 1 802.1x Configuration The authenticator system authenticates the supplicant system. The authenticator system is usually an 802.1x-supported network device (such as a Quidway series switch). It provides the port (physical or logical) for the supplicant system to access the LAN.
Page 205: The Mechanism Of An 802.1X Authentication System
Operation Manual – 802.1x Quidway S3100 Series Ethernet Switches Chapter 1 802.1x Configuration Port-based authentication. When a port is controlled in this way, all the supplicant systems connected to the port can access the network without being authenticated after one supplicant system among them passes the authentication.
Page 206 Operation Manual – 802.1x Quidway S3100 Series Ethernet Switches Chapter 1 802.1x Configuration In an EAPoL packet: The PAE Ethernet type field holds the protocol identifier. The identifier for 802.1x is 888E. The Protocol version field holds the version of the protocol supported by the sender of the EAPoL packet.
Page 207 Operation Manual – 802.1x Quidway S3100 Series Ethernet Switches Chapter 1 802.1x Configuration The Data field differs with the Code field. A Success or Failure packet, whose format is shown in Figure 1-5, does not contain the Data field, so has the Length field of 4.
Page 208: Authentication Procedure
Quidway S3100 Series Ethernet Switches Chapter 1 802.1x Configuration 1.1.4 802.1x Authentication Procedure A Quidway S3100 series switch can authenticate supplicant systems in EAP terminating mode or EAP relay mode. I. EAP relay mode This mode is defined in 802.1x. In this mode, EAP-packets are encapsulated in higher level protocol (such as EAPoR) packets to allow them successfully reach the authentication server.
Page 209 Operation Manual – 802.1x Quidway S3100 Series Ethernet Switches Chapter 1 802.1x Configuration EAPoR EAPoR EAPoR EAPoL EAPoL EAPoL RADIUS server RADIUS server RADIUS server RADIUS server RADIUS server RADIUS server RADIUS server RADIUS server RADIUS server RADIUS server RADIUS server...
Page 210 Operation Manual – 802.1x Quidway S3100 Series Ethernet Switches Chapter 1 802.1x Configuration Upon receiving the key(encapsulated in an EAP-request/MD5 challenge packet) from the switch, the client program encrypts the password of the supplicant system with the key and sends the encrypted password (contained in an EAP-response/MD5 challenge packet) to the RADIUS server through the switch.
Page 211: Timer
Operation Manual – 802.1x Quidway S3100 Series Ethernet Switches Chapter 1 802.1x Configuration EAPOL EAPOL EAPOL RADIUS RADIUS RADIUS RADIUS ser ver RADIUS ser ver RADIUS ser ver Supplicant Supplicant Supplicant Switc h Switc h Switc h syst em syst em...
Page 212: Implementation On An S3100 Series Switch
Implementing the Guest VLAN function Note: CAMS server is a service management system developed by Huawei Technologies Co., Ltd. It can cooperate with network devices such as S3100 series switch to carry out functions such as AAA and permission management. It enables a network to operate in the desired way and enables you to manage a network in a easy way.
Page 213 Note: The client-checking function needs the support of Huawei’s 802.1x client program. The proxy detecting function should be enabled on both the 802.1x client program and CAMS. The client version detecting should be enabled on the switch (achieved via the dot1x version-check command).
Page 214: Configuration
Operation Manual – 802.1x Quidway S3100 Series Ethernet Switches Chapter 1 802.1x Configuration Note: The client-version-checking function needs the support of Huawei’s 802.1x client program. III. The Guest VLAN function The Guest VLAN function enables supplicant systems that do not pass the authentication to access a LAN in a restrained way.
Page 215: Basic 802.1X Configuration
Operation Manual – 802.1x Quidway S3100 Series Ethernet Switches Chapter 1 802.1x Configuration If you specify to use the RADIUS scheme, that is to say the supplicant systems are authenticated by a remote RADIUS server, you need to configure the related user names and passwords on the RADIUS server and perform RADIUS client-related configuration on the switches.
Page 216 Operation Manual – 802.1x Quidway S3100 Series Ethernet Switches Chapter 1 802.1x Configuration Operation Command Description Optional dot1x port-control port access authorized-force By default, an 802.1x-enabled control mode for unauthorized-force | auto } port operates in an auto specified ports [ interface interface-list ] mode.
Page 217: Timer And Maximum User Number Configuration
Operation Manual – 802.1x Quidway S3100 Series Ethernet Switches Chapter 1 802.1x Configuration Operation Command Description Optional The default RADIUS scheme Create a RADIUS is “system”. This command is scheme and enter radius scheme required if the name of the...
Page 218: Advanced 802.1X Configuration
Operation Manual – 802.1x Quidway S3100 Series Ethernet Switches Chapter 1 802.1x Configuration Operation Command Description Optional By default, the maximum retry Configure times to send a request maximum retry packet is 2. That is, the dot1x retry max-retry-value times...
Page 219: Prerequisites
[ interface interface-list ] Note: The proxy checking function needs the support of Huawei's 802.1x client program. The configuration listed in Table 1-3 takes effect only when it is performed on CAMS as well as on the switch and the client version checking function is enabled on the switch (by the dot1x version-check command).
Page 220: Configuring Client Version Checking
Operation Manual – 802.1x Quidway S3100 Series Ethernet Switches Chapter 1 802.1x Configuration 1.5.3 Configuring Client Version Checking Table 1-4 Configure client version checking Operation Command Description — Enter system view system-view Required Enable 802.1x dot1x version-check default, 802.1x client...
Page 221: Configuring Guest Vlan
Operation Manual – 802.1x Quidway S3100 Series Ethernet Switches Chapter 1 802.1x Configuration 1.5.5 Configuring Guest VLAN Table 1-6 Configure Guest VLAN Operation Command Description — Enter system view system-view Optional default port access Configure port dot1x port-method method access method { macbased | portbased } MAC-address-based.
Page 222: Configuration Example
Operation Manual – 802.1x Quidway S3100 Series Ethernet Switches Chapter 1 802.1x Configuration Table 1-7 Display and debug 802.1x Operation Command Display the configuration, session, and display dot1x [ sessions | statistics ] statistics information about 802.1x. [ interface interface-list ] Clear 802.1x-related...
Page 223 Operation Manual – 802.1x Quidway S3100 Series Ethernet Switches Chapter 1 802.1x Configuration secondary counting server, and the latter the secondary authentication and the primary counting server. Configure the interaction password between the switch and the authenticating RADIUS server to be “name”, and “money” for interaction between the switch and the counting RADIUS.
Page 224 Operation Manual – 802.1x Quidway S3100 Series Ethernet Switches Chapter 1 802.1x Configuration System View: return to User View with Ctrl+Z. [Quidway] dot1x # Enable 802.1x for Ethernet1/0/1 port. [Quidway] dot1x interface Ethernet 1/0/1 # Set the access control method to be MAC-address-based ( can be omitted as MAC-address-based is the default configuration).
Page 225 Operation Manual – 802.1x Quidway S3100 Series Ethernet Switches Chapter 1 802.1x Configuration # Specify to adopt the RADIUS scheme named “radius1” as the RADIUS scheme of the user domain. # Specify radius 1 as the RADIUS scheme. [Quidway-isp-aabbcc.net] scheme radius-scheme radius1 local # Specify the maximum number of users the user domain can accommodate to 30.
Page 226: Chapter 2 Habp Configuration
802.1x, their received packets will be filtered. This means that users can no longer manage the attached switches. To address this problem, Huawei authentication bypass protocol (HABP) has been developed. An HABP packet carries the MAC addresses of the attached switches with it. It can bypass the 802.1x authentications when traveling between HABP-enabled switches,...
Page 227: Habp Client Configuration
Operation Manual – 802.1x Quidway S3100 Series Ethernet Switches Chapter 2 HABP Configuration Operation Command Description Required By default, a switch operates as an HABP client after you enable Configure HABP on the switch, and if you current switch to...
Page 228: Chapter 3 System-Guard Configuration
Operation Manual – 802.1x Quidway S3100 Series Ethernet Switches Chapter 3 System-guard Configuration Chapter 3 System-guard Configuration 3.1 System-guard Overview The system-guard function checks system-guard-enabled ports regularly to determine if the ports are under attack. With this function enabled, if the number of the packets received by a system-guard-enabled port exceeds the set threshold, the port is regarded to be under attack.
Page 229: Displaying And Debugging The System-Guard Function
Operation Manual – 802.1x Quidway S3100 Series Ethernet Switches Chapter 3 System-guard Configuration Table 3-2 Configure system-guard related parameters Operation Command Description — Enter system view system-view Required default system-guard-related Configure system-guard mode parameters are as follows. system-guard-related rate-limit interval-time...
Page 230 Operation Manual – 802.1x Quidway S3100 Series Ethernet Switches Chapter 3 System-guard Configuration II. Network diagram S3100-1 S3100-1 S3100-1 S3100-1 E1/0/1 E1/0/1 E1/0/1 E1/0/1 Loopback plug Loopback Loopback plug Loopback E1/0/2 E1/0/2 E1/0/2 E1/0/2 GE1/1/1 GE1/1/1 GE1/1/1 GE1/1/1 GE1/1/1 GE1/1/1...
Page 231 HUAWEI Quidway S3100 Series Ethernet Switches Operation Manual AAA&RADIUS Huawei Technologies Proprietary...
Page 232 Operation Manual – AAA&RADIUS Quidway S3100 Series Ethernet Switches Table of Contents Table of Contents Chapter 1 AAA&RADIUS Configuration ..................1-1 1.1 Overview ..........................1-1 1.1.1 Introduction to AAA ....................1-1 1.1.2 Introduction to ISP Domain ..................1-2 1.1.3 Introduction to RADIUS................... 1-2 1.2 Configuration Tasks ......................
Page 233: Chapter 1 Aaa&Radius Configuration
Operation Manual – AAA&RADIUS Quidway S3100 Series Ethernet Switches Chapter 1 AAA&RADIUS Configuration Chapter 1 AAA&RADIUS Configuration 1.1 Overview 1.1.1 Introduction to AAA AAA is shortened from the three security functions: authentication, authorization and accounting. It provides a uniform framework for you to configure the three security functions to implement the network security management.
Page 234: Introduction To Isp Domain
Operation Manual – AAA&RADIUS Quidway S3100 Series Ethernet Switches Chapter 1 AAA&RADIUS Configuration III. Accounting AAA supports the following accounting methods: None accounting: No accounting is performed for users. Remote accounting: User accounting is performed on the remote RADIUS server.
Page 235 Operation Manual – AAA&RADIUS Quidway S3100 Series Ethernet Switches Chapter 1 AAA&RADIUS Configuration RADIUS is based on client/server model. Acting as a RADIUS client, the switch passes user information to a designated RADIUS server, and makes processing (such as connecting/disconnecting users) depending on the responses returned from the server.
Page 236 Operation Manual – AAA&RADIUS Quidway S3100 Series Ethernet Switches Chapter 1 AAA&RADIUS Configuration RADIUS RADIUS RADIUS RADIUS RADIUS RADIUS RADIUS RADIUS Server server Server server Client client Client client (1) The user inputs the user name and password (1) The user inputs the user name and password...
Page 237 Operation Manual – AAA&RADIUS Quidway S3100 Series Ethernet Switches Chapter 1 AAA&RADIUS Configuration III. RADIUS packet structure RADIUS uses UDP to transmit messages. It ensures the correct message exchange between RADIUS server and client through the following mechanisms: timer management, retransmission, and backup server. Figure 1-3 depicts the structure of the RADIUS packets.
Page 238 Operation Manual – AAA&RADIUS Quidway S3100 Series Ethernet Switches Chapter 1 AAA&RADIUS Configuration Code Packet type Packet description Direction: server->client. The server transmits this packet to the client to notify Accounting-Res the client that it has received the Accounting-Request ponse packet and has correctly recorded the accounting information.
Page 239 Operation Manual – AAA&RADIUS Quidway S3100 Series Ethernet Switches Chapter 1 AAA&RADIUS Configuration Value of Value of the Type the Type Attribute type Attribute type field field Framed-IP-Address Called-Station-Id Framed-IP-Netmask Calling-Station-Id Framed-Routing NAS-Identifier Filter-ID Proxy-State Framed-MTU Login-LAT-Service Framed-Compression Login-LAT-Node Login-IP-Host...
Page 240: Configuration Tasks
Operation Manual – AAA&RADIUS Quidway S3100 Series Ethernet Switches Chapter 1 AAA&RADIUS Configuration 1.2 Configuration Tasks Table 1-3 Configuration tasks Configuration task Description Related section Create an ISP domain Required Section 1.3.2 Configure the attributes of Optional Section 1.3.3 the ISP domain Section 1.3.4...
Page 241: Configuration Prerequisites
Operation Manual – AAA&RADIUS Quidway S3100 Series Ethernet Switches Chapter 1 AAA&RADIUS Configuration Configuration task Description Related section Create a RADIUS scheme Required Section 1.5.1 Configure RADIUS authentication/authorizatio Required Section 1.5.2 n servers Configure RADIUS Required Section 1.5.3 accounting servers...
Page 242: Creating An Isp Domain
Operation Manual – AAA&RADIUS Quidway S3100 Series Ethernet Switches Chapter 1 AAA&RADIUS Configuration 1.3.2 Creating an ISP Domain Table 1-4 Create an ISP domain Operation Command Description — Enter system view system-view Create an ISP domain and enter Required its view, enter the view of an...
Page 243: Configuring An Aaa Scheme For An Isp Domain
Note: Huawei's CAMS Server is a service management system used to manage networks and secure networks and user information. Cooperating with other network devices (such as switches) in a network, the CAMS Server accomplishes the AAA (authentication, authorization and accounting) services and rights management.
Page 244 Operation Manual – AAA&RADIUS Quidway S3100 Series Ethernet Switches Chapter 1 AAA&RADIUS Configuration implemented by the RADIUS server specified in the RADIUS scheme. In this way, you can specify only one scheme to implement all the three AAA functions and do not need to specify different schemes for authentication, authorization and accounting respectively.
Page 245 Operation Manual – AAA&RADIUS Quidway S3100 Series Ethernet Switches Chapter 1 AAA&RADIUS Configuration II. Configuring separate AAA schemes You can use the authentication, authorization, and accounting commands to specify a scheme for each of the three AAA functions (authentication, authorization and accounting) respectively.
Page 246: Dynamic Vlan Assignment Configuration
Operation Manual – AAA&RADIUS Quidway S3100 Series Ethernet Switches Chapter 1 AAA&RADIUS Configuration Note: If a bound AAA scheme is configured as well as the separate authentication, authorization and accounting schemes, the separate ones will be adopted in precedence. RADIUS scheme and local scheme do not support the separation of authentication and authorization.
Page 247: Configuring The Attributes Of A Local User
Operation Manual – AAA&RADIUS Quidway S3100 Series Ethernet Switches Chapter 1 AAA&RADIUS Configuration Operation Command Description VLAN vlan-assignment-mode default, VLAN assignment mode to assignment mode is integer. integer integer VLAN You can select between this vlan-assignment-mode assignment mode to operation...
Page 248 Operation Manual – AAA&RADIUS Quidway S3100 Series Ethernet Switches Chapter 1 AAA&RADIUS Configuration Operation Command Description Set a password for the password { simple | Optional specified user cipher } password Optional By default, the password local-user display mode of all access...
Page 249: Cutting Down User Connection Forcibly
Operation Manual – AAA&RADIUS Quidway S3100 Series Ethernet Switches Chapter 1 AAA&RADIUS Configuration Caution: After the local-user password-display-mode cipher-force command is executed, all passwords will be displayed in cipher mode even through you specify to display user passwords in plain text by using the password command.
Page 250: Creating A Radius Scheme
Operation Manual – AAA&RADIUS Quidway S3100 Series Ethernet Switches Chapter 1 AAA&RADIUS Configuration In an actual network environment, you can configure the above parameters as required. But you should configure at least one authentication/authorization server and one accounting server, and at the same time, you should keep the RADIUS service port settings on the switch consistent with those on the RADIUS servers.
Page 251: Configuring Radius Accounting Servers
Operation Manual – AAA&RADIUS Quidway S3100 Series Ethernet Switches Chapter 1 AAA&RADIUS Configuration Operation Command Description Required radius scheme default, RADIUS Create a RADIUS scheme radius-scheme-na scheme named "system" has and enter its view already been created in the system.
Page 252 Operation Manual – AAA&RADIUS Quidway S3100 Series Ethernet Switches Chapter 1 AAA&RADIUS Configuration Operation Command Description Required Set the IP address and port number of primary accounting By default, the IP address and primary ip-address UDP port number of the primary...
Page 253: Configuring Shared Keys For Radius Packets
Operation Manual – AAA&RADIUS Quidway S3100 Series Ethernet Switches Chapter 1 AAA&RADIUS Configuration Caution: In an actual network environment, you can either specify two RADIUS servers as the primary and secondary accounting servers respectively, or specify only one server as both the primary and secondary accounting servers. In addition, because...
Page 254: Configuring The Maximum Number Of Transmission Attempts Of Radius Requests
Operation Manual – AAA&RADIUS Quidway S3100 Series Ethernet Switches Chapter 1 AAA&RADIUS Configuration Operation Command Description Required Set a shared key By default, the shared key for the for the RADIUS authentication RADIUS authentication/aut string authentication/authorization horization packets packets is "huawei".
Page 255: Configuring The Supported Radius Server Type
Operation Manual – AAA&RADIUS Quidway S3100 Series Ethernet Switches Chapter 1 AAA&RADIUS Configuration 1.5.6 Configuring the Supported RADIUS Server Type Table 1-16 Configure the supported RADIUS server type Operation Command Description — Enter system view system-view Required Create a RADIUS...
Page 256: Configuring The Attributes For Data To Be Sent To Radius Servers
Operation Manual – AAA&RADIUS Quidway S3100 Series Ethernet Switches Chapter 1 AAA&RADIUS Configuration Operation Command Description Set the status of primary state primary authentication RADIUS { block | active } authentication/aut horization server Optional Set the status of By default, all the...
Page 257: Configuring A Local Radius Authentication Server
Operation Manual – AAA&RADIUS Quidway S3100 Series Ethernet Switches Chapter 1 AAA&RADIUS Configuration Operation Command Description RADIUS scheme view Optional Set the source address nas-ip ip-address By default, no source IP used address is specified; and the IP switch to send...
Page 258: Configuring The Timers Of Radius Servers
Operation Manual – AAA&RADIUS Quidway S3100 Series Ethernet Switches Chapter 1 AAA&RADIUS Configuration Caution: When you use the local RADIUS authentication server function, the UDP port number for the authentication/authorization service must be 1645, the UDP port number for the accounting service is 1646, and the IP addresses of the servers must be set to the addresses of the switch.
Page 259: Configuring Whether Or Not To Send Trap Message When Radius Server Is Down
Operation Manual – AAA&RADIUS Quidway S3100 Series Ethernet Switches Chapter 1 AAA&RADIUS Configuration Table 1-20 Set the timers of RADIUS server Operation Command Description Enter system — system-view view Required Create RADIUS radius scheme By default, a RADIUS scheme scheme radius-scheme-name named "system"...
Page 260: Configuring The User Re-Authentication Upon Device Restart Function
Operation Manual – AAA&RADIUS Quidway S3100 Series Ethernet Switches Chapter 1 AAA&RADIUS Configuration 1.5.12 Configuring the User Re-Authentication Upon Device Restart Function Note: The function applies to the environment where the RADIUS authentication/accounting server is CAMS. In an environment with a CAMS server, if the switch reboots after an exclusive user (a...
Page 261: Displaying Aaa&Radius Information
Operation Manual – AAA&RADIUS Quidway S3100 Series Ethernet Switches Chapter 1 AAA&RADIUS Configuration Note: The switch can automatically generate the main attributes (NAS-ID, NAS-IP address and session ID) in the Accounting-On packets. However, you can also manually configure the NAS-IP address with the nas-ip command. If you choose to manually configure the attribute, be sure to configure an appropriate and legal IP address.
Page 262: Aaa&Radius Configuration Example
Operation Manual – AAA&RADIUS Quidway S3100 Series Ethernet Switches Chapter 1 AAA&RADIUS Configuration Operation Command display local-user [ domain isp-name | idle-cut { disable | enable } | vlan vlan-id | Display the information about service-type { ftp | lan-access | ssh | telnet |...
Page 263 RADIUS server to "expert". You can use a CAMS server as the RADIUS server. If you use a third-party RADIUS server, you can select standard or huawei as the server type in the RADIUS scheme. On the RADIUS server: Set the shared key it uses to exchange packets with the switch to "expert".
Page 264: Local Authentication Of Ftp/Telnet Users
Operation Manual – AAA&RADIUS Quidway S3100 Series Ethernet Switches Chapter 1 AAA&RADIUS Configuration [Quidway-ui-vty0-4] authentication-mode scheme # Configure an ISP domain. [Quidway] domain cams [Quidway-isp-cams] access-limit enable 10 [Quidway-isp-cams] quit # Configure a RADIUS scheme. [Quidway] radius scheme cams [Quidway-radius-cams] accounting optional [Quidway-radius-cams] primary authentication 10.110.91.164 1812...
Page 265: Troubleshooting Aaa&Radius Configuration
You only need to change the server IP address, the authentication password, and the UDP port number for authentication service in configuration step "Configure a RADIUS scheme" in section 1.7.1 to 127.0.0.1, huawei, and 1645 respectively, and configure local users.
Page 266 Operation Manual – AAA&RADIUS Quidway S3100 Series Ethernet Switches Chapter 1 AAA&RADIUS Configuration The user input an incorrect password — Be sure to input the correct password. The switch and the RADIUS server have different shared keys — Compare the shared keys at the two ends, make sure they are identical.
Page 267: Centralized Mac Address Authentication
HUAWEI Quidway S3100 Series Ethernet Switches Operation Manual Centralized MAC Address Authentication Huawei Technologies Proprietary...
Page 268 Operation Manual – Centralized MAC Address Authentication Quidway S3100 Series Ethernet Switches Table of Contents Table of Contents Chapter 1 Centralized MAC Address Authentication Configuration........1-1 1.1 Centralized MAC Address Authentication Overview ............1-1 1.2 Centralized MAC Address Authentication Configuration ........... 1-2 1.2.1 Enabling Centralized MAC Address Authentication Globally and for a Port...
Page 269: Chapter 1 Centralized Mac Address Authentication Configuration
Operation Manual – Centralized MAC Address Authentication Chapter 1 Centralized MAC Address Quidway S3100 Series Ethernet Switches Authentication Configuration Chapter 1 Centralized MAC Address Authentication Configuration 1.1 Centralized MAC Address Authentication Overview Centralized MAC address authentication is port-/MAC address-based authentication used to control user permissions to access a network.
Page 270: Centralized Mac Address Authentication Configuration
Operation Manual – Centralized MAC Address Authentication Chapter 1 Centralized MAC Address Quidway S3100 Series Ethernet Switches Authentication Configuration 1.2 Centralized MAC Address Authentication Configuration The following sections describe centralized MAC address authentication configuration tasks: Enabling Centralized MAC Address Authentication Globally and for a Port...
Page 271: Configuring Centralized Mac Address Authentication Mode
Operation Manual – Centralized MAC Address Authentication Chapter 1 Centralized MAC Address Quidway S3100 Series Ethernet Switches Authentication Configuration 1.2.2 Configuring Centralized MAC Address Authentication Mode Table 1-2 Configure centralized MAC address authentication mode Operation Command Description Enter system view system-view —...
Page 272: Configuring The Timers Used In Centralized Mac Address Authentication
Operation Manual – Centralized MAC Address Authentication Chapter 1 Centralized MAC Address Quidway S3100 Series Ethernet Switches Authentication Configuration Table 1-4 Configure the ISP domain for MAC address authentication users Operation Command Description Enter system view system-view — Configure Required...
Page 273: Centralized Mac Address Authentication Configuration Example
Operation Manual – Centralized MAC Address Authentication Chapter 1 Centralized MAC Address Quidway S3100 Series Ethernet Switches Authentication Configuration to verify the effect of the configuration. Execute the reset command in user view to clear centralized MAC address authentication statistics.
Page 274 Operation Manual – Centralized MAC Address Authentication Chapter 1 Centralized MAC Address Quidway S3100 Series Ethernet Switches Authentication Configuration Set service type of the local user to lan-access. [Quidway-luser-00-e0-fc-01-01-01] service-type lan-access # Enable centralized MAC address authentication globally. [Quidway] mac-authentication # Configure the domain name for centralized MAC address authentication users as aabbcc163.net.
Page 275 HUAWEI Quidway S3100 Series Ethernet Switches Operation Manual Huawei Technologies Proprietary...
Page 276 Operation Manual – ARP Quidway S3100 Series Ethernet Switches Table of Contents Table of Contents Chapter 1 ARP Configuration....................... 1-1 1.1 Introduction to ARP......................1-1 1.1.1 Necessity of the Address Resolution ..............1-1 1.1.2 ARP Packet Structure ..................... 1-1 1.1.3 ARP Table ....................... 1-2 1.1.4 ARP Implementation Procedure................
Page 277: Chapter 1 Arp Configuration
Operation Manual – ARP Quidway S3100 Series Ethernet Switches Chapter 1 ARP Configuration Chapter 1 ARP Configuration 1.1 Introduction to ARP Address resolution protocol (ARP) is used to resolve IP addresses into MAC addresses. 1.1.1 Necessity of the Address Resolution IP address is used on the network layer and cannot be used directly for communication, because network devices can only identify MAC addresses.
Page 278: Arp Table
Operation Manual – ARP Quidway S3100 Series Ethernet Switches Chapter 1 ARP Configuration Table 1-1 Description on the fields of an ARP packet Field Description Identifies the type of the hardware interface. Hardware Type Refer to Table 1-2 for the information about the field values.
Page 279: Arp Implementation Procedure
Operation Manual – ARP Quidway S3100 Series Ethernet Switches Chapter 1 ARP Configuration address-to-MAC address mapping table known as ARP mapping table, as illustrated in Figure 1-2. An entry of an ARP mapping table contains the IP address and the MAC address of a host recently communicating with the local host.
Page 280: Introduction To Gratuitous Arp
Operation Manual – ARP Quidway S3100 Series Ethernet Switches Chapter 1 ARP Configuration Suppose there are two hosts on the same network segment: Host A and Host B. The IP address of Host A is IP_A and that of Host B is IP_B. To send a packet to Host B, Host A checks its own ARP mapping table first to see if the ARP entry corresponding to IP_B exists.
Page 281: Arp Configuration
Operation Manual – ARP Quidway S3100 Series Ethernet Switches Chapter 1 ARP Configuration using the hardware address of the sender carried in the gratuitous ARP packet. A switch operates like this whenever it receives a gratuitous ARP packet. 1.2 ARP Configuration ARP entries in an S3100 series Ethernet switch are classified into static entries and dynamic entries, as described in Table 1-4.
Page 282: Configuring The Arp Aging Timer For Dynamic Arp Entries
Operation Manual – ARP Quidway S3100 Series Ethernet Switches Chapter 1 ARP Configuration 1.2.2 Configuring the ARP Aging Timer for Dynamic ARP Entries The ARP aging timer applies to all dynamic ARP mapping entries. Table 1-6 Configure the ARP aging timer for dynamic ARP entries...
Page 283: Displaying And Debugging Arp
Operation Manual – ARP Quidway S3100 Series Ethernet Switches Chapter 1 ARP Configuration Table 1-8 Configure the gratuitous ARP packet learning function Operation Command Description — Enter system view system-view Required Enable gratuitous gratuitous-arp-learning By default, the gratuitous ARP packet...
Page 284 HUAWEI Quidway S3100 Series Ethernet Switches Operation Manual DHCP-Snooping Huawei Technologies Proprietary...
Page 285 Operation Manual – DHCP-Snooping Quidway S3100 Series Ethernet Switches Table of Contents Table of Contents Chapter 1 DHCP-Snooping Configuration .................. 1-1 1.1 DHCP-Snooping Overview ....................1-1 1.1.1 Implementation of the DHCP-Snooping Function ........... 1-1 1.1.2 DHCP-Snooping Entry Updating................1-2 1.2 DHCP-Snooping Configuration..................1-3 1.2.1 Enabling the DHCP-Snooping Function..............
Page 286: Chapter 1 Dhcp-Snooping Configuration
Operation Manual – DHCP-Snooping Quidway S3100 Series Ethernet Switches Chapter 1 DHCP-Snooping Configuration Chapter 1 DHCP-Snooping Configuration 1.1 DHCP-Snooping Overview 1.1.1 Implementation of the DHCP-Snooping Function For security consideration, a network administrator may need to record the IP address which a user uses to access the network. This helps to check the correspondence between the IP address obtained from the DHCP server and user host’s MAC address.
Page 287: Dhcp-Snooping Entry Updating
Operation Manual – DHCP-Snooping Quidway S3100 Series Ethernet Switches Chapter 1 DHCP-Snooping Configuration DHCP Client DHCP Client DHCP Client DHCP Server DHCP Server DHCP Server DHCP Client DHCP Client DHCP Client DHCP Server DHCP Server DHCP Server DHCP Client DHCP Client...
Page 288: Dhcp-Snooping Configuration
Operation Manual – DHCP-Snooping Quidway S3100 Series Ethernet Switches Chapter 1 DHCP-Snooping Configuration II. DHCP-Snooping Entry Updating As DHCP-Snooping entries do not age, the size of a DHCP-Snooping table increases with number of the IP addresses listened. And a DHCP-Snooping entry remains in a DHCP-Snooping table even if the IP address contained in it is released by the DHCP client.
Page 289 HUAWEI Quidway S3100 Series Ethernet Switches Operation Manual Huawei Technologies Proprietary...
Page 290 Operation Manual – ACL Quidway S3100 Series Ethernet Switches Table of Contents Table of Contents Chapter 1 ACL Configuration....................... 1-1 1.1 Introduction to ACL ......................1-1 1.1.1 ACL Implementation Mode on Switch..............1-1 1.2 Time Range-based ACL ....................1-2 1.2.1 Introduction to Time Range..................1-2 1.2.2 Implementation of Time Range-based ACL............
Page 291: Chapter 1 Acl Configuration
Operation Manual – ACL Quidway S3100 Series Ethernet Switches Chapter 1 ACL Configuration Chapter 1 ACL Configuration 1.1 Introduction to ACL Access control list (ACL) is used mainly to identify traffic. A series of matching rules are required for a network device to identify the packets to be filtered. Packets are identified first before they are permitted or denied according to previously defined policy.
Page 292: Time Range-Based Acl
Operation Manual – ACL Quidway S3100 Series Ethernet Switches Chapter 1 ACL Configuration 1.2 Time Range-based ACL 1.2.1 Introduction to Time Range A time range can be either a periodic time range or an absolute time range. A period time range is defined in terms of the days of a week.
Page 293: Configuration Procedure
Operation Manual – ACL Quidway S3100 Series Ethernet Switches Chapter 1 ACL Configuration 1.4.1 Configuration Procedure Table 1-2 Configure time range Operation Command Description — Enter system view system-view time-range time-name Configure a time { start-time to end-time days Required...
Page 294: Acl Configuration
Operation Manual – ACL Quidway S3100 Series Ethernet Switches Chapter 1 ACL Configuration 1.5 ACL Configuration 1.5.1 Prerequisites To configure a time range-based ACL rule, you need to define the corresponding time range first. Note the following when you define an ACL rule with the rule number specified: If the specified rule number identifies an existing ACL rule, the existing ACL rule is edited.
Page 295 Operation Manual – ACL Quidway S3100 Series Ethernet Switches Chapter 1 ACL Configuration Advanced ACL enables packets to be processed according to three kinds of packet priorities: ToS (type of service), IP and DSCP (differentiated services codepoint priority). With advanced ACL, you can define rules which are more accurate, redundant, and flexible than that of the basic ACL.
Page 296 Operation Manual – ACL Quidway S3100 Series Ethernet Switches Chapter 1 ACL Configuration Parameter Type Function Description sour-addr sour-wildcard specifies source source Specifies Source address, in dotted decimal sour-addr source address address notation. sour-wildcard information for information any } the ACL rule.
Page 297 Operation Manual – ACL Quidway S3100 Series Ethernet Switches Chapter 1 ACL Configuration Table 1-6 TCP/UDP-related rule information Parameter Type Function Description Specifies The operator argument can source port be lt (less than), gt (greater source-port operator port1 Source port...
Page 298: Configuration Example
Operation Manual – ACL Quidway S3100 Series Ethernet Switches Chapter 1 ACL Configuration Table 1-8 ICMP message types Name ICMP TYPE ICMP CODE echo Type=8 Code=0 echo-reply Type=0 Code=0 fragmentneed-DFset Type=3 Code=4 host-redirect Type=5 Code=1 host-tos-redirect Type=5 Code=3 host-unreachable Type=3...
Page 299 Operation Manual – ACL Quidway S3100 Series Ethernet Switches Chapter 1 ACL Configuration Basic ACL 2000, 1 rule Acl's step is 1 rule 0 deny source 1.1.1.1 0 (0 times matched) # Configure ACL 3000 to deny the packets with their source addresses being 1.1.1.1 and destination addresses being 2.2.2.2.
Page 300 HUAWEI Quidway S3100 Series Ethernet Switches Operation Manual Huawei Technologies Proprietary...
Page 301 Operation Manual – QoS Quidway S3100 Series Ethernet Switches Table of Contents Table of Contents Chapter 1 QoS Configuration....................... 1-1 1.1 QoS Overview........................1-1 1.2 QoS Functions and Related Commands ................1-3 1.3 Configuring Port Priority..................... 1-4 1.3.1 Configuration Procedure ..................1-5 1.3.2 Configuration Example....................
Page 302 Operation Manual – QoS Quidway S3100 Series Ethernet Switches Table of Contents 1.11.1 Configuration Procedure ..................1-22 1.11.2 Configuration Example..................1-22 1.12 Displaying and Maintaining QoS..................1-22 Huawei Technologies Proprietary...
Page 303: Chapter 1 Qos Configuration
Operation Manual – QoS Quidway S3100 Series Ethernet Switches Chapter 1 QoS Configuration Chapter 1 QoS Configuration 1.1 QoS Overview This part explains some of the terminologies and concepts common to QoS. I. Stream Stream refers to traffic, including all packets that pass through a switch.
Page 304 Operation Manual – QoS Quidway S3100 Series Ethernet Switches Chapter 1 QoS Configuration As shown in Figure 1-2, an 802.1Q-enabled host will include a 4-bit 802.1Q header next to the source address in its outbound Ethernet frames. The 4-bit header is comprised of a 2-bit Tag Protocol Identifier (TPID) with a value of 8100 and a 2-bit Tag Control Information (TCI).
Page 305: Qos Functions And Related Commands
Operation Manual – QoS Quidway S3100 Series Ethernet Switches Chapter 1 QoS Configuration IV. Local port monitoring Local port monitoring copies inbound packets of a given port to the local monitoring port for network detection and troubleshooting. V. RSPAN Remote switched port analyzer (RSPAN) breaks through the limitation that the monitored port and monitoring port have to be located on the same switch, and permits them to reside across multiple network devices.
Page 306: Configuring Port Priority
Operation Manual – QoS Quidway S3100 Series Ethernet Switches Chapter 1 QoS Configuration Related Specifications Related Command section One-to-multiple port monitoring, that is to say, one monitoring port multiple Configuring monitor-port Local port monitored ports. Local Port monitoring mirroring-port Monitoring...
Page 307: Configuration Procedure
Operation Manual – QoS Quidway S3100 Series Ethernet Switches Chapter 1 QoS Configuration 1.3.1 Configuration Procedure Table 1-2 Configure port priority Operation Command Description Enter system view system-view — Enter Ethernet port interface interface-type — view interface-number Required Configure port...
Page 308: Configuration Example
Operation Manual – QoS Quidway S3100 Series Ethernet Switches Chapter 1 QoS Configuration 1.4.2 Configuration Example I. Network requirements Configure the switch to trust 802.1p priority of inbound packets. II. Configuration procedure <Quidway> system-view System View: return to User View with Ctrl+Z.
Page 309: Configuring "Ip Precedence - Local Precedence Queue" Mapping Table
Operation Manual – QoS Quidway S3100 Series Ethernet Switches Chapter 1 QoS Configuration Table 1-5 Default “802.1p priority - local precedence queue” mapping table 802.1p priority Local precedence queue 1.5.3 Configuring “IP Precedence - Local Precedence Queue” Mapping Table Table 1-6 Configure the “IP precedence - local precedence queue” mapping table...
Page 310: Configuring "Dscp Precedence - Local Precedence Queue" Mapping Table
Operation Manual – QoS Quidway S3100 Series Ethernet Switches Chapter 1 QoS Configuration IP precedence Local precedence queue 1.5.4 Configuring “DSCP Precedence - Local Precedence Queue” Mapping Table Table 1-8 Configure the “DSCP precedence - local precedence queue” mapping table...
Page 311: Configuring Packet Priority
Operation Manual – QoS Quidway S3100 Series Ethernet Switches Chapter 1 QoS Configuration 802.1p priority Local precedence queue II. Configuration procedure <Quidway> system-view System View: return to User View with Ctrl+Z. [Quidway] qos cos-local-precedence-map 0 0 1 1 2 2 3 3...
Page 312: Configuration Example
Operation Manual – QoS Quidway S3100 Series Ethernet Switches Chapter 1 QoS Configuration Operation Command Description Display trusted display priority-trust Can be executed in any view. priority 1.6.3 Configuration Example I. Network requirements Users choose to trust 802.1p priority. Table 1-12 shows the mapping relationship.
Page 313: Configuring Queue Scheduling Algorithm
Operation Manual – QoS Quidway S3100 Series Ethernet Switches Chapter 1 QoS Configuration 1.7 Configuring Queue Scheduling Algorithm 1.7.1 Prerequisites Mapping relationships between the priority and local precedence queue have been established. Refer to 1.5 Configuring Priority - Local Precedence Queue Mapping.
Page 314: Configuring Local Port Monitoring
Operation Manual – QoS Quidway S3100 Series Ethernet Switches Chapter 1 QoS Configuration 802.1p priority Local precedence queue II. Configuration procedure <Quidway> system-view System View: return to User View with Ctrl+Z. [Quidway] qos cos-local-precedence-map 0 0 1 1 2 2 3 3...
Page 315: Configuration Example
Operation Manual – QoS Quidway S3100 Series Ethernet Switches Chapter 1 QoS Configuration Operation Command Description Enter Ethernet port interface interface-type view — interface-number monitoring port Set the port as monitor-port Required monitoring port Exit from — quit current view...
Page 316: Configuring Rspan
Operation Manual – QoS Quidway S3100 Series Ethernet Switches Chapter 1 QoS Configuration mirroring-group 1: type: local status: active mirroring port: Ethernet1/0/2 both monitor port: Ethernet1/0/1 1.9 Configuring RSPAN Remote switched port analyzer (RSPAN) breaks through the limitation that the monitored port and the monitoring port have to be on the same switch.
Page 317: Prerequisites
Operation Manual – QoS Quidway S3100 Series Ethernet Switches Chapter 1 QoS Configuration Table 1-16 Ports on the switches that are involved in monitoring Ports involved in Switch Function monitoring Monitored port. It copies user data to the specified reflector...
Page 318: Configuration Procedure On The Source Switch
Operation Manual – QoS Quidway S3100 Series Ethernet Switches Chapter 1 QoS Configuration 1.9.2 Configuration Procedure on the Source Switch Table 1-17 Configuration procedure on the source switch Operation Command Description Enter system view system-view — Create parameter vlan-id Remote-probe...
Page 319: Configuration Procedure On The Intermediate Switch
Operation Manual – QoS Quidway S3100 Series Ethernet Switches Chapter 1 QoS Configuration Operation Command Description Configure remote-probe mirroring-group group-id VLAN remote-probe vlan Required remote source remote-probe-vlan-id mirroring group Display the remote display mirroring-group source mirroring Can be executed in any view.
Page 320: Configuration Example
Operation Manual – QoS Quidway S3100 Series Ethernet Switches Chapter 1 QoS Configuration Operation Command Description Define the current VLAN remote-probe vlan enable Required Remote-probe VLAN Exit current quit — view Enter Ethernet port interface interface-type view of the Trunk —...
Page 321 Operation Manual – QoS Quidway S3100 Series Ethernet Switches Chapter 1 QoS Configuration Trunk port Ethernet1/0/1 of switch A is connected to Trunk port Ethernet 1/0/1 of switch B. Trunk port Ethernet1/0/2 of switch B is connected to Trunk port Ethernet 1/0/1 of switch C.
Page 322: Setting Rate Limit On Ports
Operation Manual – QoS Quidway S3100 Series Ethernet Switches Chapter 1 QoS Configuration [Quidway] interface ethernet1/0/1 [Quidway-Ethernet1/0/1] port trunk permit vlan 10 [Quidway-Ethernet1/0/1] quit [Quidway] mirroring-group 1 remote-source [Quidway] mirroring-group 1 mirroring-port ethernet1/0/2 outbound [Quidway] mirroring-group 1 reflector-port ethernet1/0/5 [Quidway] mirroring-group 1 remote-probe vlan 10 [Quidway] display mirroring-group remote-source # Configurations on switch B.
Page 323: Configuration Example
Operation Manual – QoS Quidway S3100 Series Ethernet Switches Chapter 1 QoS Configuration Operation Command Description Enter Ethernet port interface interface-type — view interface-number Required. The granularity is 64kbps. inbound: Indicates that the Set rate limit for a line-rate inbound...
Page 324: Configuring Unknown Multicast Packet Discarding
Operation Manual – QoS Quidway S3100 Series Ethernet Switches Chapter 1 QoS Configuration 1.11 Configuring Unknown Multicast Packet Discarding 1.11.1 Configuration Procedure Table 1-21 Configure unknown multicast packet discarding Operation Command Description Enter system view system-view — Enable unknown multicast...
Page 325 Operation Manual – QoS Quidway S3100 Series Ethernet Switches Chapter 1 QoS Configuration Table 1-22 Display and maintain QoS Operation Command Description display cos-local-precedence-map Display the priority display - local precedence ip-precedence-local-prece queue mapping nce-map table display dscp-local-precedence-ma Display the trusted...
Page 326: Igmp Snooping
HUAWEI Quidway S3100 Series Ethernet Switches Operation Manual IGMP Snooping Huawei Technologies Proprietary...
Page 327 Operation Manual – IGMP Snooping Quidway S3100 Series Ethernet Switches Table of Contents Table of Contents Chapter 1 IGMP Snooping Configuration ................... 1-1 1.1 Overview of IGMP Snooping ..................... 1-1 1.1.1 IGMP Snooping Fundamentals ................1-1 1.1.2 IGMP Snooping Fundamentals ................1-2 1.2 IGMP Snooping Configuration ...................
Page 328: Chapter 1 Igmp Snooping Configuration
Operation Manual – IGMP Snooping Quidway S3100 Series Ethernet Switches Chapter 1 IGMP Snooping Configuration Chapter 1 IGMP Snooping Configuration 1.1 Overview of IGMP Snooping 1.1.1 IGMP Snooping Fundamentals IGMP Snooping (Internet Group Management Protocol Snooping) is a multicast control mechanism running on Layer 2 switch.
Page 329 Operation Manual – IGMP Snooping Quidway S3100 Series Ethernet Switches Chapter 1 IGMP Snooping Configuration Multicast packet transmission Multicast packet transmission Multicast packet transmission Multicast packet transmission Multicast packet transmission Multicast packet transmission Multicast packet transmission Multicast packet transmission Multicast packet trans...
Page 330 Operation Manual – IGMP Snooping Quidway S3100 Series Ethernet Switches Chapter 1 IGMP Snooping Configuration II. Layer 2 multicast with IGMP Snooping The switch runs IGMP Snooping to listen to IGMP messages and map the hosts and the ports that connect the hosts to the corresponding multicast group addresses.
Page 331 Operation Manual – IGMP Snooping Quidway S3100 Series Ethernet Switches Chapter 1 IGMP Snooping Configuration Recei Purpo Switch action sage If yes, reset the aging timer of the port. yes, yes, check if If not, add the port to the...
Page 332: Igmp Snooping Configuration
Operation Manual – IGMP Snooping Quidway S3100 Series Ethernet Switches Chapter 1 IGMP Snooping Configuration 1.2 IGMP Snooping Configuration The following sections describe the IGMP Snooping configuration tasks. Enabling IGMP Snooping Configuring Timers Enabling IGMP Fast Leave Processing Configuring IGMP Snooping Filtering ACL...
Page 333: Configuring Timers
Operation Manual – IGMP Snooping Quidway S3100 Series Ethernet Switches Chapter 1 IGMP Snooping Configuration 1.2.2 Configuring Timers This configuration task is to manually configure the aging time of the router port, the aging time of the multicast member ports, and the query response timeout time.
Page 334: Configuring Igmp Snooping Filtering Acl
Operation Manual – IGMP Snooping Quidway S3100 Series Ethernet Switches Chapter 1 IGMP Snooping Configuration Table 1-6 Enable the IGMP fast leave processing Operation Command Description Enter system view system-view — Enter Ethernet port interface interface-type — view interface-number Optional...
Page 335: Configuring Multicast Vlan
Operation Manual – IGMP Snooping Quidway S3100 Series Ethernet Switches Chapter 1 IGMP Snooping Configuration Operation Command Description Optional acl-number is the Configure an IGMP number of a basic igmp-snooping group-policy Snooping filtering ACL; vlan-id is a acl-number vlan vlan-id ACL on the port VLAN ID.
Page 336 Operation Manual – IGMP Snooping Quidway S3100 Series Ethernet Switches Chapter 1 IGMP Snooping Configuration Operation Command Description Required port hybrid vlan vlan-id-list Specify the VLANs { tagged | untagged } to be allowed to The multicast VLAN defined pass through the...
Page 337: Displaying Information About Igmp Snooping
Operation Manual – IGMP Snooping Quidway S3100 Series Ethernet Switches Chapter 1 IGMP Snooping Configuration Note: You cannot set the isolate VLAN as a multicast VLAN. One port can belong to only one multicast VLAN. The port connected to a user end can only be as set as a hybrid port.
Page 338: Example 2
Operation Manual – IGMP Snooping Quidway S3100 Series Ethernet Switches Chapter 1 IGMP Snooping Configuration II. Network diagram Internet Router Multicast Switch Figure 1-3 Network diagram for IGMP Snooping configuration III. Configuration procedure # Enable IGMP Snooping in system view.
Page 339 Operation Manual – IGMP Snooping Quidway S3100 Series Ethernet Switches Chapter 1 IGMP Snooping Configuration Device Description VLAN 2 contains the Ethernet1/0/1 port and VLAN 3 contains the Ethernet1/0/2 port. The two ports connected Switch B Layer 2 switch respectively.
Page 340 Operation Manual – IGMP Snooping Quidway S3100 Series Ethernet Switches Chapter 1 IGMP Snooping Configuration [Switch A-Vlan-interface20] ip address 168.10.1.1 255.255.255.0 [Switch A-Vlan-interface20] pim dm [Switch A-Vlan-interface20] quit # Configure VLAN 10. [Switch A] vlan 10 [Switch A-vlan10] quit # Define the Ethernet 1/0/10 port as a hybrid port, add the port to VLAN 2, VLAN 3 and VLAN 10, and configure the port to include VLAN tags in its outbound packets for VLAN 2, VLAN 3 and VLAN 10.
Page 341: Troubleshooting Igmp Snooping
Operation Manual – IGMP Snooping Quidway S3100 Series Ethernet Switches Chapter 1 IGMP Snooping Configuration [Switch B-Ethernet 1/0/1] port hybrid vlan 2 10 untagged [Switch B-Ethernet 1/0/1] port hybrid pvid vlan 2 [Switch B-Ethernet 1/0/1] quit # Define the Ethernet 1/0/2 port as a hybrid port, add the port to VLAN 3 and VLAN 10, and configure the port to exclude VLAN tags in its outbound packets for VLAN 3 and VLAN 10, and set VLAN 3 as the default VLAN of the port.
Page 342: Chapter 2 Routing Port Join To Multicast Group Configuration
Operation Manual – IGMP Snooping Chapter 2 Routing Port Join to Multicast Quidway S3100 Series Ethernet Switches Group Configuration Chapter 2 Routing Port Join to Multicast Group Configuration 2.1 Routing Port Join to Multicast Group Configuration 2.1.1 Introduction Normally, an IGMP host responds to IGMP query messages of the multicast router. In case of response failure, the multicast router may consider that there is no multicast member on this network segment and cancel the corresponding path.
Page 343: Configuring A Multicast Mac Address Entry
Operation Manual – IGMP Snooping Chapter 3 Multicast MAC Address Entry Quidway S3100 Series Ethernet Switches Configuration Chapter 3 Multicast MAC Address Entry Configuration 3.1 Introduction In Layer 2 multicast, the system can add multicast forwarding entries dynamically through Layer 2 multicast protocol. However, you can also statically bind a port to a multicast address entry by configuring a multicast MAC address manually.
Page 344: Displaying Multicast Mac Address Configuration
Operation Manual – IGMP Snooping Chapter 3 Multicast MAC Address Entry Quidway S3100 Series Ethernet Switches Configuration Note: If the multicast MAC address entry you are creating already exists, the system gives you a prompt. The switch will not learn a manually added multicast MAC address by IGMP Snooping.
Page 345 HUAWEI Quidway S3100 Series Ethernet Switches Operation Manual Stack&Cluster Huawei Technologies Proprietary...
Page 346 Operation Manual – Stack&Cluster Quidway S3100 Series Ethernet Switches Table of Contents Table of Contents Chapter 1 Stack ..........................1-1 1.1 Stack Function Overview ....................1-1 1.1.1 The Main Switch of a Stack..................1-1 1.1.2 The Slave Switches of a Stack................1-1 1.1.3 Creating a Stack......................
Page 347: Chapter 1 Stack
Operation Manual – Stack&Cluster Quidway S3100 Series Ethernet Switches Chapter 1 Stack Chapter 1 Stack Note: Among S3100 series switches, S3126T, S3126C and S3116C switches support stacks formed by 1000 Mbps stack boards. 1.1 Stack Function Overview A stack is a management domain formed by a group of Ethernet switches interconnected through their stack ports.
Page 348: Creating A Stack
The following are the phases undergone when a stack is created. Connect the intended main switch and slave switches through stack modules and dedicated stack cables. (Refer to Quidway S3100 Series Ethernet Switches Installation Manual for the information about stack modules and stack cables.) Configure the IP address pool for the stack and enable the stack function.
Page 349: Switching To Slave Switch View
Operation Manual – Stack&Cluster Quidway S3100 Series Ethernet Switches Chapter 1 Stack As for the stack-related configurations performed on a main switch, note that: After a stack is created, the main switch automatically adds the switches connected to its stack ports to the stack.
Page 350: Slave Switch Configuration
Operation Manual – Stack&Cluster Quidway S3100 Series Ethernet Switches Chapter 1 Stack Table 1-3 Quit slave switch view Operation Command Description You can quit slave switch view Quit slave switch quit only by executing this command view in user view of a slave switch.
Page 351: Stack Configuration Example
Operation Manual – Stack&Cluster Quidway S3100 Series Ethernet Switches Chapter 1 Stack 1.5 Stack Configuration Example I. Network requirements Connect Switch A, Switch B and Switch C with each other through their stack ports to form a stack, in which Switch A acts as the main switch, while Switches B and C act as slave switches.
Page 352 Operation Manual – Stack&Cluster Quidway S3100 Series Ethernet Switches Chapter 1 Stack Member status:Admin IP: 129.10.1.15 /16 Member number: 1 Name:stack_1.Quidway Device: S3100 MAC Address: 00e0-fc00-3130 Member status:Up IP: 129.10.1.16/16 Member number: 2 Name:stack_2.Quidway Device: S3100 MAC Address: 00e0-fc00-3135 Member status:Up IP: 129.10.1.17/16...
Page 353: Chapter 2 Cluster
Operation Manual – Stack&Cluster Quidway S3100 Series Ethernet Switches Chapter 2 Cluster Chapter 2 Cluster 2.1 Cluster Overview 2.1.1 Introduction to Cluster A cluster is implemented through HGMP V2. By employing HGMP V2, a network administrator can manage multiple switches using the public IP address of a switch known as a management device.
Page 354: Cluster Roles
Operation Manual – Stack&Cluster Quidway S3100 Series Ethernet Switches Chapter 2 Cluster Software upgrading and parameter configuring can be performed simultaneously on multiple switches. Free of topology and distance limitations Saving IP address resource HGMP V2 provides the following functions:...
Page 355: Introduction To Ndp
Operation Manual – Stack&Cluster Quidway S3100 Series Ethernet Switches Chapter 2 Cluster Role Configurations Functions Cluster member Normally, a member Neighbor discovery, being managed Member device is not configured by the management device, running device with public commands forwarded by proxies, address.
Page 356: Introduction To Ntdp
Operation Manual – Stack&Cluster Quidway S3100 Series Ethernet Switches Chapter 2 Cluster A device with NDP enabled maintains an NDP information table. Each entry in an NDP table ages with time. You can also clear the current NDP information manually to have adjacent information collected again.
Page 357: Management Device Configuration
Operation Manual – Stack&Cluster Quidway S3100 Series Ethernet Switches Chapter 2 Cluster You need to designate the management device first. The management device of a cluster is the portal of the cluster. That is, any operations performed in external networks and intended for the member devices of a cluster, such as accessing, configuring, managing, and monitoring, can only be implemented through the management device.
Page 358: Configuring Ndp-Related Parameters
Operation Manual – Stack&Cluster Quidway S3100 Series Ethernet Switches Chapter 2 Cluster Operation Command Description Enter Ethernet port interface interface-type — view interface-number Enable NDP for the ndp enable Required Ethernet port 2.2.2 Configuring NDP-related Parameters Table 2-3 Configure NDP-related parameters...
Page 359: Enabling The Cluster Function
Operation Manual – Stack&Cluster Quidway S3100 Series Ethernet Switches Chapter 2 Cluster Operation Command Description Configure Optional range topology The hop-value argument is information within ntdp hop hop-value the range measured in hop which count. collected Configure the hop Optional...
Page 360: Configuring Cluster Parameters
Operation Manual – Stack&Cluster Quidway S3100 Series Ethernet Switches Chapter 2 Cluster 2.2.6 Configuring Cluster Parameters I. Configuring cluster parameters manually Table 2-7 Configure cluster parameters manually Operation Command Description Enter system view system-view — Specify This specify management management-vlan vlan-id...
Page 361: Member Device Configuration
Operation Manual – Stack&Cluster Quidway S3100 Series Ethernet Switches Chapter 2 Cluster Operation Command Description Configure internal SNMP snmp-host ip-address Optional host for a cluster Quit cluster view Quit — Quit system view Quit — II. Configuring a cluster automatically...
Page 362: Intra-Cluster Configuration
Operation Manual – Stack&Cluster Quidway S3100 Series Ethernet Switches Chapter 2 Cluster 2.3.2 Enabling NTDP Globally and for Specific Ports Table 2-10 Enable NTDP globally and for specific ports Operation Command Description Enter system view system-view — Enable system ntdp enable...
Page 363: Displaying And Maintaining A Cluster
Operation Manual – Stack&Cluster Quidway S3100 Series Ethernet Switches Chapter 2 Cluster 2.5 Displaying and Maintaining a Cluster You can view the configuration of a cluster using the display commands, which can be executed in any view. Table 2-12 Display and maintain cluster configurations...
Page 364: Hgmp V2 Configuration Example
Operation Manual – Stack&Cluster Quidway S3100 Series Ethernet Switches Chapter 2 Cluster 2.6 HGMP V2 Configuration Example I. Network requirements Three switches form a cluster, in which: The management device is an S3100 series switch. The rest are member devices.
Page 365 Operation Manual – Stack&Cluster Quidway S3100 Series Ethernet Switches Chapter 2 Cluster [Quidway] ndp enable [Quidway] interface ethernet 1/0/2 [Quidway-Ethernet1/0/2] ndp enable [Quidway-Ethernet1/0/2] interface ethernet 1/0/3 [Quidway-Ethernet1/0/3] ndp enable # Configure the holdtime of NDP information to be 200 seconds.
Page 366 Operation Manual – Stack&Cluster Quidway S3100 Series Ethernet Switches Chapter 2 Cluster [huawei_0. Quidway-cluster] add-member 1 mac-address 00e0-fc01-0011 [huawei_0. Quidway-cluster] add-member 17 mac-address 00e0-fc01-0012 # Configure the holdtime of the member device information to be 100 seconds. [huawei_0. Quidway-cluster] holdtime 100 # Configure the interval to send handshake packets to be 10 seconds.
Page 367 HUAWEI Quidway S3100 Series Ethernet Switches Operation Manual SNMP Huawei Technologies Proprietary...
Page 368 Operation Manual – SNMP Quidway S3100 Series Ethernet Switches Table of Contents Table of Contents Chapter 1 SNMP Configuration....................1-1 1.1 SNMP Overview......................... 1-1 1.1.1 SNMP Operation Mechanism.................. 1-1 1.1.2 SNMP Versions ....................... 1-1 1.1.3 MIBs Supported by the Device................1-2 1.2 Configuring SNMP Basic Functions...................
Page 369: Chapter 1 Snmp Configuration
Operation Manual – SNMP Quidway S3100 Series Ethernet Switches Chapter 1 SNMP Configuration Chapter 1 SNMP Configuration 1.1 SNMP Overview By far, the simple network management protocol (SNMP) has gained the most extensive application in the computer networks. SNMP has been put into use and widely accepted as an industry standard in practice.
Page 370: Mibs Supported By The Device
Operation Manual – SNMP Quidway S3100 Series Ethernet Switches Chapter 1 SNMP Configuration name can limit access to SNMP Agent from SNMP NMS, functioning as a password. You can define the following features related to the community name. Define MIB view of subsets of all MIB objects which a community can access.
Page 371: Configuring Snmp Basic Functions
Operation Manual – SNMP Quidway S3100 Series Ethernet Switches Chapter 1 SNMP Configuration Table 1-1 Common MIBs MIB attribute MIB content References MIB II based on TCP/IP RFC1213 network device RFC1493 BRIDGE MIB RFC2675 RIP MIB RFC1724 Public MIB RMON MIB...
Page 372 Operation Manual – SNMP Quidway S3100 Series Ethernet Switches Chapter 1 SNMP Configuration Table 1-2 Configure SNMP basic functions for SNMP V1 and SNMP V2C Operation Command Description Enter system view system-view — Optional default, SNMP Agent is disabled. enable...
Page 373 Operation Manual – SNMP Quidway S3100 Series Ethernet Switches Chapter 1 SNMP Configuration Operation Command Description Optional By default, the device snmp-agent Set the device engine ID engine local-engineid engineid "Enterprise Number + device information". Optional snmp-agent mib-view Create or update the view...
Page 374: Configuring Trap
Operation Manual – SNMP Quidway S3100 Series Ethernet Switches Chapter 1 SNMP Configuration Operation Command Description Optional Set the size of SNMP packet snmp-agent packet that Agent By default, it is 1,500 max-size byte-count send/receive bytes. Optional By default, the device...
Page 375: Displaying Snmp
Operation Manual – SNMP Quidway S3100 Series Ethernet Switches Chapter 1 SNMP Configuration Operation Command Description snmp-agent target-host trap address udp-domain { ip-addr } Set Trap target host [ udp-port port-number ] params Required address securityname security-string [ v1 |...
Page 376: Snmp Configuration Example
Operation Manual – SNMP Quidway S3100 Series Ethernet Switches Chapter 1 SNMP Configuration 1.5 SNMP Configuration Example 1.5.1 SNMP Configuration Example I. Network requirements An NMS and an Ethernet switch are connected through the Ethernet. The IP address of the NMS is 10.10.10.1 and that of the VLAN interface on the switch is 10.10.10.2.
Page 377 5000 params securityname public IV. Configuring NMS The Ethernet Switch supports Huawei’s Quidview NMS. SNMP V3 adopts user name and password authentication. In [Quidview Authentication Parameter], you need to set a user name, choose security level, and set authorization mode, authorization password, encryption mode, encryption password respectively according to different security levels.
Page 378 HUAWEI Quidway S3100 Series Ethernet Switches Operation Manual RMON Huawei Technologies Proprietary...
Page 379 Operation Manual – RMON Quidway S3100 Series Ethernet Switches Table of Contents Table of Contents Chapter 1 RMON Configuration ....................1-1 1.1 Introduction to RMON ......................1-1 1.1.1 Working Mechanism of RMON................1-1 1.1.2 Commonly Used RMON Groups................1-2 1.2 RMON Configuration ......................1-3 1.2.1 Prerequisites ......................
Page 380: Chapter 1 Rmon Configuration
Operation Manual – RMON Quidway S3100 Series Ethernet Switches Chapter 1 RMON Configuration Chapter 1 RMON Configuration 1.1 Introduction to RMON Remote monitoring (RMON) is a kind of management information base (MIB) defined by Internet Engineering Task Force (IETF) and is a most important enhancement made to MIB II standards.
Page 381: Commonly Used Rmon Groups
Operation Manual – RMON Quidway S3100 Series Ethernet Switches Chapter 1 RMON Configuration network segments to which the ports of the managed network devices are connected. Thus, the NMS can further manage the networks. 1.1.2 Commonly Used RMON Groups I. Event group The event group is used to define the indexes of events and the processing methods of the events.
Page 382: Rmon Configuration
Operation Manual – RMON Quidway S3100 Series Ethernet Switches Chapter 1 RMON Configuration IV. History group History group contains the records of statistical network values collected periodically and is stored temporarily for later retrieval. A history group can provide the history data of the statistics on network segment traffic, error packets, broadcast packets, utilization and collision times.
Page 383: Displaying And Debugging Rmon
Operation Manual – RMON Quidway S3100 Series Ethernet Switches Chapter 1 RMON Configuration Operation Command Description rmon alarm entry-number alarm-variable Optional sampling-time delta Before adding an alarm entry, absolute } rising-threshold you need to use the rmon Add an alarm entry...
Page 384: Rmon Configuration Example
Operation Manual – RMON Quidway S3100 Series Ethernet Switches Chapter 1 RMON Configuration Table 1-2 Display and debug RMON Operation Command display rmon statistics [ interface-type Display RMON statistics interface-number | unit unit-number ] display rmon history [ interface-type Display RMON history information...
Page 385 Operation Manual – RMON Quidway S3100 Series Ethernet Switches Chapter 1 RMON Configuration [Quidway] interface Ethernet1/0/1 [Quidway-Ethernet1/0/1] rmon statistics 1 owner user1-rmon # Display RMON configuration. [Quidway-Ethernet1/0/1] display rmon statistics Ethernet1/0/1 Statistics entry 1 owned by user1-rmon is VALID. Interface : Ethernet1/0/1<ifIndex.4227817>...
Page 386 HUAWEI Quidway S3100 Series Ethernet Switches Operation Manual Huawei Technologies Proprietary...
Page 387 Operation Manual – NTP Quidway S3100 Series Ethernet Switches Table of Contents Table of Contents Chapter 1 NTP Configuration ....................... 1-1 1.1 Introduction to NTP ......................1-1 1.1.1 Applications of NTP....................1-1 1.1.2 Working Principle of NTP ..................1-2 1.1.3 NTP Implementation Mode ..................1-3 1.2 NTP Implementation Mode Configuration .................
Page 388: Chapter 1 Ntp Configuration
Operation Manual – NTP Quidway S3100 Series Ethernet Switches Chapter 1 NTP Configuration Chapter 1 NTP Configuration 1.1 Introduction to NTP Network time protocol (NTP) is a time synchronization protocol defined by RFC1305. It is used for time synchronization among a set of distributed time servers and clients.
Page 389: Working Principle Of Ntp
Operation Manual – NTP Quidway S3100 Series Ethernet Switches Chapter 1 NTP Configuration Note: The accuracy of a clock is determined by its stratum, which ranges from 1 to 16. The stratum of the reference clock ranges from 1 to 15. The accuracy descends with the increasing of stratum number.
Page 390: Ntp Implementation Mode
Operation Manual – NTP Quidway S3100 Series Ethernet Switches Chapter 1 NTP Configuration The procedures of synchronizing system clocks are as follows: LS_A sends an NTP packet to LS_B, with the timestamp identifying the time when it is sent (that is, 10:00:00am, noted as T ) carried.
Page 391 Operation Manual – NTP Quidway S3100 Series Ethernet Switches Chapter 1 NTP Configuration II. Peer mode Active peer Active peer Active peer Active peer Active peer Active peer Active peer Active peer Active peer Active peer Active peer Active peer...
Page 392: Ntp Implementation Mode Configuration
Operation Manual – NTP Quidway S3100 Series Ethernet Switches Chapter 1 NTP Configuration Table 1-1 NTP implementation modes on an S3100 series switch NTP implementation mode Configuration on S3100 switches Configure the S3100 switch to operate in the NTP server mode. In this case, the remote server...
Page 393: Prerequisites
Operation Manual – NTP Quidway S3100 Series Ethernet Switches Chapter 1 NTP Configuration 1.2.1 Prerequisites When an S3100 switch operates in NTP server mode or NTP peer mode, you need to perform configuration on the client or the active peer only. When an S3100 switch operates in NTP broadcast mode or NTP multicast mode, you need to perform configurations on both the server side and the client side.
Page 394 Operation Manual – NTP Quidway S3100 Series Ethernet Switches Chapter 1 NTP Configuration Operation Command Description ntp-service Optional Configure multicast-server By default, the multicast IP operate ip-address address is 224.0.1.1 and the multicast server authentication-keyid ttl-number argument is set to...
Page 395: Access Control Permission Configuration
Operation Manual – NTP Quidway S3100 Series Ethernet Switches Chapter 1 NTP Configuration Note: The total number of the servers and peers configured for a switch can be up to 128. After the configuration, the S3100 series switch does not establish connections with the peer if it operates in NTP server mode.
Page 396: Configuring Ntp Authentication
Operation Manual – NTP Quidway S3100 Series Ethernet Switches Chapter 1 NTP Configuration If the NTP authentication is not enabled on a client, the client can be synchronized to a server regardless of the NTP authentication configuration performed on the server (assuming that the related configurations are performed).
Page 397 Operation Manual – NTP Quidway S3100 Series Ethernet Switches Chapter 1 NTP Configuration Note: NTP authentication requires that the authentication keys configured for the server and the client are the same. Besides, the authentication keys must be trusted keys. Otherwise, the client cannot be synchronized with the server.
Page 398: Configuration Of Optional Ntp Parameters
Operation Manual – NTP Quidway S3100 Series Ethernet Switches Chapter 1 NTP Configuration Note: The procedures for configuring NTP authentication on the server are the same as that on the client. Besides, the client and the server must be configured with the same authentication key.
Page 399: Displaying And Debugging Ntp
Operation Manual – NTP Quidway S3100 Series Ethernet Switches Chapter 1 NTP Configuration Caution: The source IP address in an NTP packet is the address of the sending interface specified by the ntp-service unicast-server command or the ntp-service unicast-peer command if you provide the address of the sending interface in these two commands.
Page 400 Operation Manual – NTP Quidway S3100 Series Ethernet Switches Chapter 1 NTP Configuration II. Network diagram 1.0.1.12/24 1.0.1.12/24 1.0.1.11/24 1.0.1.11/24 Quidway 1 Quidway 1 Quidway 1 Quidway 1 S3100 S3100 Figure 1-6 Network diagram for the NTP server mode configuration III.
Page 401: Ntp Peer Mode Configuration
Operation Manual – NTP Quidway S3100 Series Ethernet Switches Chapter 1 NTP Configuration The above output information indicates that the S3100 switch is synchronized to Quidway1, and the stratum of its clock is 3, one stratum higher than Quidway1. # Display the information about the NTP sessions of the S3100 switch. You can see that the S3100 series switch establishes a connection with Quidway1.
Page 402 Operation Manual – NTP Quidway S3100 Series Ethernet Switches Chapter 1 NTP Configuration III. Configuration procedures Configure the S3100 series switch. # Set Quidway2 to be the time server. <S3100> system-view System View: return to User View with Ctrl+Z. [S3100] ntp-service unicast-server 3.0.1.31 Configure Quidway3 (after the S3100 series switch is synchronized to Quidway2).
Page 403: Ntp Broadcast Mode Configuration
Operation Manual – NTP Quidway S3100 Series Ethernet Switches Chapter 1 NTP Configuration note: 1 source(master),2 source(peer),3 selected,4 candidate,5 configured 1.7.3 NTP Broadcast Mode Configuration I. Network requirements Quidway3 sets its local clock to be an NTP master clock, with the stratum being 2. NTP packets are broadcast through VLAN interface 2.
Page 404 Operation Manual – NTP Quidway S3100 Series Ethernet Switches Chapter 1 NTP Configuration [Quidway3-Vlan-Interface2] ntp-service broadcast-server Configure S3100-1. # Enter system view. <S3100-1> system-view System View: return to User View with Ctrl+Z. [S3100-1] # Enter VLAN -interface view. [S3100-1] interface Vlan-interface 2 [S3100-1-Vlan-Interface2] # Configure S3100-1 to be a broadcast client.
Page 405: Ntp Multicast Mode Configuration
Operation Manual – NTP Quidway S3100 Series Ethernet Switches Chapter 1 NTP Configuration Reference time: 17:03:32.022 UTC Thu Sep 6 2001 (BF422AE4.05AEA86C) The output information indicates that S3100-1 is synchronized to Quidway3, with the clock stratum of 3, one stratum higher than Quidway3.
Page 406 Operation Manual – NTP Quidway S3100 Series Ethernet Switches Chapter 1 NTP Configuration # Enter system view. <Quidway3> system-view System View: return to User View with Ctrl+Z. [Quidway3] # Enter VLAN interface view. [Quidway3] interface Vlan-interface 2 # Configure Quidway3 to be a multicast server.
Page 407: Ntp Server Mode With Authentication Configuration
Operation Manual – NTP Quidway S3100 Series Ethernet Switches Chapter 1 NTP Configuration Nominal frequency: 250.0000 Hz Actual frequency: 249.9992 Hz Clock precision: 2^19 Clock offset: 198.7425 ms Root delay: 27.47 ms Root dispersion: 208.39 ms Peer dispersion: 9.63 ms Reference time: 17:03:32.022 UTC Thu Sep 6 2001 (BF422AE4.05AEA86C)
Page 408 Operation Manual – NTP Quidway S3100 Series Ethernet Switches Chapter 1 NTP Configuration III. Configuration procedures Configure the S3100 series switch. # Enter system view. <S3100> system-view System View: return to User View with Ctrl+Z. [S3100] # Configure Quidway1 to be the time server.
Page 409 Operation Manual – NTP Quidway S3100 Series Ethernet Switches Chapter 1 NTP Configuration root dispersion: 208.39 ms peer dispersion: 9.63 ms reference time: 17:03:32.022 UTC Thu Sep 6 2001 (BF422AE4.05AEA86C) The output information indicates that S3100 is synchronized to Quidway1, with the clock stratum being 3, one stratum higher than Quidway1.
Page 410 HUAWEI Quidway S3100 Series Ethernet Switches Operation Manual SSH2.0 Huawei Technologies Proprietary...
Page 411 Operation Manual – SSH2.0 Quidway S3100 Series Ethernet Switches Table of Contents Table of Contents Chapter 1 SSH Terminal Services....................1-1 1.1 SSH Terminal Services...................... 1-1 1.1.1 Introduction to SSH ....................1-1 1.1.2 SSH Server Configuration..................1-3 1.1.3 SSH Client Configuration ..................1-7 1.1.4 Displaying SSH Configuration.................
Page 412: Chapter 1 Ssh Terminal Services
Operation Manual – SSH2.0 Quidway S3100 Series Ethernet Switches Chapter 1 SSH Terminal Services Chapter 1 SSH Terminal Services 1.1 SSH Terminal Services 1.1.1 Introduction to SSH Secure Shell (SSH) can provide information security and powerful authentication to prevent such assaults as IP address spoofing, plain-text password interception when users log on to the Switch remotely via an insecure network environment.
Page 413 Operation Manual – SSH2.0 Quidway S3100 Series Ethernet Switches Chapter 1 SSH Terminal Services Workstation Workstation Local Switch Local Switch Local Switch Local Ethernet Local Ethernet Local Ethernet Laptop Laptop Laptop Laptop Laptop Workstation Workstation Server Server Server SSH-Client SSH-Client...
Page 414: Ssh Server Configuration
Operation Manual – SSH2.0 Quidway S3100 Series Ethernet Switches Chapter 1 SSH Terminal Services The client sends its username information to the server. The server authenticates the username information from the client. If the user is configured as no authentication on the server, authentication stage is skipped and session request stage starts directly.
Page 415 Operation Manual – SSH2.0 Quidway S3100 Series Ethernet Switches Chapter 1 SSH Terminal Services Table 1-1 Configure SSH2.0 server Serial Operation Command Remarks Refer Configure supported “Configuring protocol inbound protocols supported protocols” Generate a local RSA local-key-pair Refer key pair create “Generating...
Page 416 Operation Manual – SSH2.0 Quidway S3100 Series Ethernet Switches Chapter 1 SSH Terminal Services Caution: When SSH protocol is specified, to ensure a successful login, you must configure the AAA authentication using the authentication-mode scheme command. protocol inbound configuration fails configured authentication-mode password and authentication-mode none.
Page 417 Operation Manual – SSH2.0 Quidway S3100 Series Ethernet Switches Chapter 1 SSH Terminal Services Table 1-4 Configure authentication type Operation Command Remarks — Enter system view system-view user username Configure authentication type authentication-type { password Required for SSH users | password-publickey | rsa| all }...
Page 418: Ssh Client Configuration
Operation Manual – SSH2.0 Quidway S3100 Series Ethernet Switches Chapter 1 SSH Terminal Services Table 1-6 Configure client public keys Operation Command Remarks — Enter system view system-view peer-public-key Enter public key view Required key-name — You can key in a blank...
Page 419: Displaying Ssh Configuration
Operation Manual – SSH2.0 Quidway S3100 Series Ethernet Switches Chapter 1 SSH Terminal Services Operation Command Remarks Required ssh2 host-ipaddr port this prefer_kex dh_group1 command to enable dh_exchange_group connection Enable prefer_ctos_cipher between SSH client connection aes128 } ] [ prefer_stoc_cipher...
Page 420: Ssh Server Configuration Example
Operation Manual – SSH2.0 Quidway S3100 Series Ethernet Switches Chapter 1 SSH Terminal Services Operation Command Display status display ssh server { status | session } session information Display SSH user information display ssh user-information [ username ] 1.1.5 SSH Server Configuration Example I.
Page 421 Operation Manual – SSH2.0 Quidway S3100 Series Ethernet Switches Chapter 1 SSH Terminal Services [Quidway-ui-vty0-4] protocol inbound ssh # Configure the login protocol for the clinet001 user as SSH and authentication type as password. [Quidway] local-user client001 [Quidway-luser-client001] password simple aabbcc...
Page 422: Ssh Client Configuration Example
Operation Manual – SSH2.0 Quidway S3100 Series Ethernet Switches Chapter 1 SSH Terminal Services 1.1.6 SSH Client Configuration Example I. Network Requirements As shown in Figure 1-4, Switch A serves as an SSH client with user name as client003. Switch B serves as an SSH server, with its IP address 10.165.87.136.
Page 423: Sftp Service
Operation Manual – SSH2.0 Quidway S3100 Series Ethernet Switches Chapter 1 SSH Terminal Services [Quidway] ssh2 10.165.87.136 username: client003 Trying 10.165.87.136 Press CTRL+K to abort Connected to 10.165.87.136... The Server is not autherncated.Do you continue access it?(Y/N):y Do you want to save the server's public key?(Y/N):y...
Page 424: Sftp Server Configuration
Operation Manual – SSH2.0 Quidway S3100 Series Ethernet Switches Chapter 1 SSH Terminal Services 1.2.2 SFTP Server Configuration The following sections describe SFTP server configuration tasks: Configuring service type for an SSH user Enabling the SFTP server Setting connection timeout time I.
Page 425: Sftp Client Configuration
Operation Manual – SSH2.0 Quidway S3100 Series Ethernet Switches Chapter 1 SSH Terminal Services 1.2.3 SFTP Client Configuration The following sections describe SFTP client configuration tasks: Table 1-12 Configuring SFTP client Serial Operation Command View Remarks Enable the SFTP client...
Page 426 Operation Manual – SSH2.0 Quidway S3100 Series Ethernet Switches Chapter 1 SSH Terminal Services I. Enabling the SFTP client You can enable the SFTP client, establish a connection to the remote SFTP server and enter STP client view. Table 1-13 Enable the SFTP client...
Page 427 Operation Manual – SSH2.0 Quidway S3100 Series Ethernet Switches Chapter 1 SSH Terminal Services Table 1-15 Operate with SFTP directories Operation Command Remarks Enter system view system-view sftp host-ip Enter SFTP client view host-name } Optional Change the current directory...
Page 428: Sftp Configuration Example
Operation Manual – SSH2.0 Quidway S3100 Series Ethernet Switches Chapter 1 SSH Terminal Services Operation Command Remarks Optional delete remote-file delete Delete a file from the remove commands SFTP server remove remote-file have same function. V. Displaying help information You can display help information about a command, such as syntax and parameters.
Page 429 Operation Manual – SSH2.0 Quidway S3100 Series Ethernet Switches Chapter 1 SSH Terminal Services II. Network diagram Switch B Switch B SFTP Server SFTP Server IP address ：10.111.27.91 IP address ：10.111.27.91 Switch A Switch A SFTP Client SFTP Client Figure 1-5 Network diagram for SFTP configuration III.
Page 430 Operation Manual – SSH2.0 Quidway S3100 Series Ethernet Switches Chapter 1 SSH Terminal Services sftp-client> dir -rwxrwxrwx 1 noone nogroup 1759 Aug 23 06:52 vrpcfg.cfg -rwxrwxrwx 1 noone nogroup 225 Aug 24 08:01 pubkey2 -rwxrwxrwx 1 noone nogroup 283 Aug 24 07:39 pubkey1...
Page 431 Operation Manual – SSH2.0 Quidway S3100 Series Ethernet Switches Chapter 1 SSH Terminal Services -rwxrwxrwx 1 noone nogroup 283 Sep 02 06:35 pub -rwxrwxrwx 1 noone nogroup 283 Sep 02 06:36 puk sftp-client> # Exit from SFTP. sftp-client> quit [Quidway]...
Page 432: File System Management
HUAWEI Quidway S3100 Series Ethernet Switches Operation Manual File System Management Huawei Technologies Proprietary...
Page 433 Operation Manual – File System Management Quidway S3100 Series Ethernet Switches Table of Contents Table of Contents Chapter 1 File System Management.................... 1-1 1.1 File Attribute Configuration ....................1-1 1.1.1 Introduction to File Attributes .................. 1-1 1.1.2 Configuring File Attributes..................1-2 1.2 File System Configuration....................
Page 434: Chapter 1 File System Management
Operation Manual – File System Management Quidway S3100 Series Ethernet Switches Chapter 1 File System Management Chapter 1 File System Management 1.1 File Attribute Configuration 1.1.1 Introduction to File Attributes An app file, a configuration file, or a Web file can be of one of these three attributes: main, backup and none, as described in Table 1-1.
Page 435: Configuring File Attributes
Operation Manual – File System Management Quidway S3100 Series Ethernet Switches Chapter 1 File System Management File operations and file attribute operations are independent of each other. For example, if you delete a file with the main attribute from the Flash, the main attribute is not deleted.
Page 436: File System Configuration
Operation Manual – File System Management Quidway S3100 Series Ethernet Switches Chapter 1 File System Management Operation Command Description Specify to prompt Optional for the customized startup bootrom-access By default, a user cannot password before enable access the BOOT menu with entering the BOOT a customized password.
Page 437: Introduction To Configuration File Management
Operation Manual – File System Management Quidway S3100 Series Ethernet Switches Chapter 1 File System Management Prompt mode configuration Note: File path and file name can be represented in one of the following ways: In URL (universal resource locator) format and starting with “unit[No.]>flash:/” ([No.] represents the unit ID of a switch).
Page 438: File Operations
Operation Manual – File System Management Quidway S3100 Series Ethernet Switches Chapter 1 File System Management Displaying the information about the files or the directories in the current work directory or a specified directory Table 1-3 describes the directory-related operations.
Page 439 Operation Manual – File System Management Quidway S3100 Series Ethernet Switches Chapter 1 File System Management Perform the following configuration in user view. Table 1-4 File operations Operation Command Description Optional A deleted file can be restored if you delete it by...
Page 440 Operation Manual – File System Management Quidway S3100 Series Ethernet Switches Chapter 1 File System Management Operation Command Description executed in any view. display current-configuration configuration [ configuration-type ] | interface Display the current interface-type configuration of a [ interface-number ] | vlan...
Page 441: Storage Device Operations
Operation Manual – File System Management Quidway S3100 Series Ethernet Switches Chapter 1 File System Management If you execute this command with the safely keyword specified, the system saves the current configuration in the safe mode. Although this mode takes more time than the fast mode, the configuration can be saved to the Flash even if the switch restarts or is powered off when the saving operation is being processed.
Page 442: Configuration Example
Operation Manual – File System Management Quidway S3100 Series Ethernet Switches Chapter 1 File System Management Operation Command Description Required Configure the prompt By default, the prompt file prompt { alert | quiet } mode of the file system mode of the file system is alert.
Page 443 Operation Manual – File System Management Quidway S3100 Series Ethernet Switches Chapter 1 File System Management 7239 KB total (3480 KB free) (*) -with main attribute (b) -with backup attribute (*b) -with both main and backup attribute Huawei Technologies Proprietary...
Page 444 HUAWEI Quidway S3100 Series Ethernet Switches Operation Manual FTP and TFTP Huawei Technologies Proprietary...
Page 445 Operation Manual – FTP and TFTP Quidway S3100 Series Ethernet Switches Table of Contents Table of Contents Chapter 1 FTP and TFTP Configuration ..................1-1 1.1 FTP Configuration......................1-1 1.1.1 Introduction to FTP....................1-1 1.1.2 FTP Configuration: A Switch Operating as an FTP Server........1-3 1.1.3 FTP Configuration: A Switch Operating as an FTP Client ........
Page 446: Chapter 1 Ftp And Tftp Configuration
Operation Manual – FTP and TFTP Quidway S3100 Series Ethernet Switches Chapter 1 FTP and TFTP Configuration Chapter 1 FTP and TFTP Configuration 1.1 FTP Configuration 1.1.1 Introduction to FTP FTP (File Transfer Protocol) is commonly used in IP-based networks to transmit files.
Page 447 Operation Manual – FTP and TFTP Quidway S3100 Series Ethernet Switches Chapter 1 FTP and TFTP Configuration Table 1-1 Configurations needed when a switch operates as an FTP client Device Configuration Default Description Run the ftp command To log into a remote FTP server, you...
Page 448: Ftp Configuration: A Switch Operating As An Ftp Server
Operation Manual – FTP and TFTP Quidway S3100 Series Ethernet Switches Chapter 1 FTP and TFTP Configuration 1.1.2 FTP Configuration: A Switch Operating as an FTP Server I. Prerequisites A switch operates as an FTP server. A remote PC operates as an FTP client. The network operates properly, as shown in Figure 1-1.
Page 449: Ftp Configuration: A Switch Operating As An Ftp Client
Operation Manual – FTP and TFTP Quidway S3100 Series Ethernet Switches Chapter 1 FTP and TFTP Configuration Note: Only one user can access an S3100 switch at a given time when the latter operates as an FTP server. FTP services are implemented in this way: An FTP client sends FTP requests to the FTP server.
Page 450 Operation Manual – FTP and TFTP Quidway S3100 Series Ethernet Switches Chapter 1 FTP and TFTP Configuration Table 1-5 FTP client operations Operation Command Description Enter FTP Client ip-address — view [ port-number ] ] Optional Specify to transfer default,...
Page 451: Configuration Example: A Switch Operating As An Ftp Client
Operation Manual – FTP and TFTP Quidway S3100 Series Ethernet Switches Chapter 1 FTP and TFTP Configuration Operation Command Description Rename a file on a rename remote-source Optional remote host. remote-dest Switch to another user username [ password ] Optional...
Page 452 Operation Manual – FTP and TFTP Quidway S3100 Series Ethernet Switches Chapter 1 FTP and TFTP Configuration Download the application named switch.bin from the PC to the switch and upload the configuration file named vrpcfg.cfg to the directory named Switch on the PC to backup the configuration file.
Page 453: Configuration Example: A Switch Operating As An Ftp Server
Operation Manual – FTP and TFTP Quidway S3100 Series Ethernet Switches Chapter 1 FTP and TFTP Configuration Password:***** 230 Logged in successfully [ftp] # Enter the authorized directory on the FTP server. [ftp] cd switch # Upload the configuration file named vrpcfg.cfg to the FTP server.
Page 454: Tftp Configuration
Operation Manual – FTP and TFTP Quidway S3100 Series Ethernet Switches Chapter 1 FTP and TFTP Configuration III. Configuration procedure Configure the switch. # Log into the switch. (You can log into a switch through the Console port or by Telneting to the switch.
Page 455 Operation Manual – FTP and TFTP Quidway S3100 Series Ethernet Switches Chapter 1 FTP and TFTP Configuration To download a file, a client sends read request packets to the TFTP server, receives data from the TFTP server, and then sends acknowledgement packets to the TFTP server.
Page 456: Tftp Configuration
Operation Manual – FTP and TFTP Quidway S3100 Series Ethernet Switches Chapter 1 FTP and TFTP Configuration Device Configuration Default Description The TFTP server is started and the TFTP work directory — — is configured. 1.2.2 TFTP Configuration I. Prerequisites A switch operates as a TFTP client.
Page 457 Operation Manual – FTP and TFTP Quidway S3100 Series Ethernet Switches Chapter 1 FTP and TFTP Configuration Download the application named switch.bin from the PC to the switch and upload the configuration file named vrpcfg.cfg to the directory named Switch on the PC to backup the configuration file.
Page 458 Operation Manual – FTP and TFTP Quidway S3100 Series Ethernet Switches Chapter 1 FTP and TFTP Configuration # Upload the configuration file named vrpcfg.cfg to the TFTP server. <Quidway> tftp 1.1.1.2 put vrpcfg.cfg vrpcfg.cfg # Specify the downloaded file (the file named switch.bin) to be the startup file used when the switch starts the next time and restart the switch.
Page 459: Information Center
HUAWEI Quidway S3100 Series Ethernet Switches Operation Manual Information Center Huawei Technologies Proprietary...
Page 460 Operation Manual – Information Center Quidway S3100 Series Ethernet Switches Table of Contents Table of Contents Chapter 1 Information Center....................... 1-1 1.1 Information Center Overview ..................... 1-1 1.2 Information Center Configuration..................1-4 1.2.1 Enabling Synchronous Terminal Output ..............1-5 1.2.2 Enabling Information Output to a Log Host............. 1-6 1.2.3 Enabling Information Output to the Console ............
Page 461: Information Center Overview
Operation Manual – Information Center Quidway S3100 Series Ethernet Switches Chapter 1 Information Center Chapter 1 Information Center 1.1 Information Center Overview Information center is an indispensable part of Ethernet switches and exists as an information hub of system software modules. The information center manages most information outputs;...
Page 462: Chapter 1 Information Center
Operation Manual – Information Center Quidway S3100 Series Ethernet Switches Chapter 1 Information Center Note that a space separates the host name and module name. Module name It indicates the module that generates the information. Table 1-1 lists the modules.
Page 463 Operation Manual – Information Center Quidway S3100 Series Ethernet Switches Chapter 1 Information Center Module name Module and description LAGG Link aggregation LQOS Lanswitch QoS LINE Terminal line module Local server MACAUTH Centralized MAC address authentication MAC address management Multicast port management...
Page 464: Information Center Configuration
Operation Manual – Information Center Quidway S3100 Series Ethernet Switches Chapter 1 Information Center Module name Module and description Xmodem default Default settings of all the modules Note that a slash (/) separates the module name and severity level. Level Switch information falls into three categories: log information, debug information and trap information.
Page 465: Enabling Synchronous Terminal Output
Operation Manual – Information Center Quidway S3100 Series Ethernet Switches Chapter 1 Information Center Table 1-3 Information channel names and numbers Output direction Channel number Default channel name Console console Monitor terminal monitor Log host loghost Trap buffer trapbuffer Log buffer...
Page 466: Enabling Information Output To A Log Host
Operation Manual – Information Center Quidway S3100 Series Ethernet Switches Chapter 1 Information Center Note: Running the info-center synchronous command during debug information collection may result in a command prompt echoed after each item of debug information. To avoid unnecessary output, it is recommended that you disable synchronous terminal output in such cases.
Page 467: Enabling Information Output To The Console
Operation Manual – Information Center Quidway S3100 Series Ethernet Switches Chapter 1 Information Center Note: To view the debug information of specific modules, you need to set the information type as debug in the info-center source command, and enable the debugging function on corresponding modules by using the debugging command.
Page 468: Enabling Information Output To A Monitor Terminal
Operation Manual – Information Center Quidway S3100 Series Ethernet Switches Chapter 1 Information Center Operation Command Description Optional Enable debug By default, debug terminal terminal debugging terminal display display is disabled for terminal users. Optional Enable log terminal default, terminal...
Page 469 Operation Manual – Information Center Quidway S3100 Series Ethernet Switches Chapter 1 Information Center Note: When there are multiple Telnet users or dumb terminal users, some configuration parameters (including module filter, language and severity level threshold settings) are shared between them. In this case, change to any such parameter made by one user will also be reflected on all other user terminals.
Page 470: Enabling Information Output To The Log Buffer
Operation Manual – Information Center Quidway S3100 Series Ethernet Switches Chapter 1 Information Center 1.2.5 Enabling Information Output to the Log Buffer Table 1-10 lists the related configurations on the switch. Table 1-10 Enable information output to the log buffer...
Page 471: Enabling Information Output To The Trap Buffer
Operation Manual – Information Center Quidway S3100 Series Ethernet Switches Chapter 1 Information Center 1.2.6 Enabling Information Output to the Trap Buffer Table 1-11 lists the related configurations on the switch. Table 1-11 Enable information output to the trap buffer...
Page 472: Enabling Information Output To The Snmp
Operation Manual – Information Center Quidway S3100 Series Ethernet Switches Chapter 1 Information Center 1.2.7 Enabling Information Output to the SNMP Table 1-12 lists the related configurations on the switch. Table 1-12 Enable information output to the SNMP Operation Command...
Page 473: Information Center Configuration Examples
Operation Manual – Information Center Quidway S3100 Series Ethernet Switches Chapter 1 Information Center Table 1-13 Display and debug information center Operation Command Display the settings of one or all display channel [ channel-number | information channels channel-name ] Display system log settings and...
Page 474 Operation Manual – Information Center Quidway S3100 Series Ethernet Switches Chapter 1 Information Center # Configure the host whose IP address is 202.38.1.10 as the log host. Set the severity level threshold to informational and language to English. Permit information output from the ARP and IP modules.
Page 475: Log Output To A Linux Log Host
Operation Manual – Information Center Quidway S3100 Series Ethernet Switches Chapter 1 Information Center Note: Through combined configuration of the device name (facility), information severity level threshold (severity), module name (filter) and file “syslog.conf”, you can sort information precisely for filtering.
Page 476 Operation Manual – Information Center Quidway S3100 Series Ethernet Switches Chapter 1 Information Center Step 2: Edit the file “/etc/syslog.conf” as the superuser (root user) to add the following selector/action pair. # Quidway configuration messages local7.info /var/log/Quidway/information Note: Note the following items when you edit file “/etc/syslog.conf”.
Page 477: Log Output To The Console
Operation Manual – Information Center Quidway S3100 Series Ethernet Switches Chapter 1 Information Center 1.4.3 Log Output to the Console I. Network requirements The switch sends the following information to the console: the log information of the two modules ARP and IP, with severity higher than “informational”.
Page 478: System Maintenance And Debugging
HUAWEI Quidway S3100 Series Ethernet Switches Operation Manual System Maintenance and Debugging Huawei Technologies Proprietary...
Page 479 Operation Manual – System Maintenance and Debugging Quidway S3100 Series Ethernet Switches Table of Contents Table of Contents Chapter 1 BootROM and Host Software Loading ..............1-1 1.1 Introduction to Loading Approaches .................. 1-1 1.2 Local Software Loading ..................... 1-1 1.2.1 Boot Menu .......................
Page 480 Operation Manual – System Maintenance and Debugging Quidway S3100 Series Ethernet Switches Table of Contents 5.2 Device Management Configuration ................... 5-1 5.2.1 Restarting the Ethernet Switch................5-1 5.2.2 Enabling the Timing Reboot Function ..............5-1 5.2.3 Specifying the APP Adopted When the Switch Starts Next Time......5-2 5.2.4 Updating the BootROM ...................
Page 481: Chapter 1 Bootrom And Host Software Loading
Operation Manual – System Maintenance and Debugging Quidway S3100 Series Ethernet Switches Chapter 1 BootROM and Host Software Loading Chapter 1 BootROM and Host Software Loading Traditionally, the loading of switch software is accomplished through a serial port. This approach is slow, inconvenient, and cannot be used for remote loading. To resolve these problems, the TFTP and FTP modules are introduced into the switch.
Page 482: Boot Menu
Operation Manual – System Maintenance and Debugging Quidway S3100 Series Ethernet Switches Chapter 1 BootROM and Host Software Loading Note: The loading process of the BootROM software is the same as that of the host software, except that during the former process, you should press <Ctrl+U> and <Enter> after entering the Boot Menu and the system gives different prompts.
Page 483: Loading Software Using Xmodem Through Console Port
Operation Manual – System Maintenance and Debugging Quidway S3100 Series Ethernet Switches Chapter 1 BootROM and Host Software Loading Input the correct BootROM password (no password is need by default). The system enters the Boot Menu: BOOT MENU 1. Download application file to flash 2.
Page 484 Operation Manual – System Maintenance and Debugging Quidway S3100 Series Ethernet Switches Chapter 1 BootROM and Host Software Loading 3. Set XMODEM protocol parameter 0. Return to boot menu Enter your choice(0-3): Step 2: Enter 3 in the above menu to load the BootROM software using XMODEM. The...
Page 485 Operation Manual – System Maintenance and Debugging Quidway S3100 Series Ethernet Switches Chapter 1 BootROM and Host Software Loading Figure 1-1 Properties dialog box Figure 1-2 Console port configuration dialog box Huawei Technologies Proprietary...
Page 486 Operation Manual – System Maintenance and Debugging Quidway S3100 Series Ethernet Switches Chapter 1 BootROM and Host Software Loading Step 5: Click the <Disconnect> button to disconnect the HyperTerminal from the switch and then click the <Connect> button to reconnect the HyperTerminal to the switch.
Page 487 Operation Manual – System Maintenance and Debugging Quidway S3100 Series Ethernet Switches Chapter 1 BootROM and Host Software Loading Figure 1-5 Sending file page After the download completes, the system displays the following information: Loading ...CCCCCCCCCC done! Note: You need not reset the HyperTerminal’s baud rate and can skip the last step if you have chosen 9600 bps.
Page 488: Loading Software Using Tftp Through Ethernet Port
Operation Manual – System Maintenance and Debugging Quidway S3100 Series Ethernet Switches Chapter 1 BootROM and Host Software Loading The subsequent steps are the same as those for loading the BootROM software, except that the system gives the prompt for host software loading instead of BootROM loading.
Page 489: Loading Software Using Ftp Through Ethernet Port
Operation Manual – System Maintenance and Debugging Quidway S3100 Series Ethernet Switches Chapter 1 BootROM and Host Software Loading 1. Set TFTP protocol parameter 2. Set FTP protocol parameter 3. Set XMODEM protocol parameter 0. Return to boot menu Enter your choice(0-3): Step 4: Enter 1 to in the above menu to download the BootROM software using TFTP.
Page 490 Operation Manual – System Maintenance and Debugging Quidway S3100 Series Ethernet Switches Chapter 1 BootROM and Host Software Loading II. Loading BootROM software Switch Switch Console port Console port Ethernet port Ethernet port FTP client FTP client FTP server FTP server...
Page 491: Remote Software Loading
Operation Manual – System Maintenance and Debugging Quidway S3100 Series Ethernet Switches Chapter 1 BootROM and Host Software Loading Step 6: Enter Y to start file downloading or N to return to the Bootrom update menu. If you enter Y, the system begins to download and update the program. Upon completion, the system displays the following information: Loading........done...
Page 492 Operation Manual – System Maintenance and Debugging Quidway S3100 Series Ethernet Switches Chapter 1 BootROM and Host Software Loading <Quidway> ftp 10.1.1.1 Trying ... Press CTRL+K to abort Connected. 220 WFTPD 2.0 service (by Texas Imperial Software) ready for new user...
Page 493: Remote Loading Using Tftp
Operation Manual – System Maintenance and Debugging Quidway S3100 Series Ethernet Switches Chapter 1 BootROM and Host Software Loading No power-down is permitted during software loading. 1.3.2 Remote Loading Using TFTP The remote loading using TFTP is similar to that using FTP. The only difference is that TFTP is used instead off FTP to load software to the switch, and the switch can only act as a TFTP client.
Page 494: Basic System Configuration
Operation Manual – System Maintenance and Debugging Chapter 2 Basic System Configuration Quidway S3100 Series Ethernet Switches & Debugging Chapter 2 Basic System Configuration & Debugging 2.1 Basic System Configuration The following sections describe the basic system configuration and management...
Page 495: Setting The Local Time Zone
Operation Manual – System Maintenance and Debugging Chapter 2 Basic System Configuration Quidway S3100 Series Ethernet Switches & Debugging 2.1.3 Setting the Local Time Zone This configuration task is to set the name of the local time zone and the difference between the local time zone and the standard UTC (universal time coordinated) time.
Page 496: Returning From Current View To User View
Operation Manual – System Maintenance and Debugging Chapter 2 Basic System Configuration Quidway S3100 Series Ethernet Switches & Debugging Table 2-6 Return from current view to lower level view Operation Command Description This operation will Return from current result in exiting the...
Page 497: System Debugging
Operation Manual – System Maintenance and Debugging Chapter 2 Basic System Configuration Quidway S3100 Series Ethernet Switches & Debugging Table 2-9 System display commands Operation Command Description Display the current date and time of the display clock Optional system Display the version...
Page 498 Operation Manual – System Maintenance and Debugging Chapter 2 Basic System Configuration Quidway S3100 Series Ethernet Switches & Debugging Debugging information Debugging information Protocol debugging switches Protocol debugging switches Terminal display switches Terminal display switches Figure 2-1 Debugging information outpu You can use the following commands to operate the two kinds of switches.
Page 499: Displaying Operating Information About Modules In System
Operation Manual – System Maintenance and Debugging Chapter 2 Basic System Configuration Quidway S3100 Series Ethernet Switches & Debugging 2.3.2 Displaying Operating Information about Modules in System When your Ethernet switch is in trouble, you may need to view a lot of operating information to locate the problem.
Page 500: Chapter 3 Ip Performance Configuration
Operation Manual – System Maintenance and Debugging Quidway S3100 Series Ethernet Switches Chapter 3 IP Performance Configuration Chapter 3 IP Performance Configuration 3.1 IP Performance Configuration 3.1.1 Introduction to TCP Attributes You can configure the following TCP attributes of the Ethernet switch: synwait timer: When a SYN packet is sent, TCP starts the synwait timer.
Page 501: Displaying And Debugging Ip Performance
Operation Manual – System Maintenance and Debugging Quidway S3100 Series Ethernet Switches Chapter 3 IP Performance Configuration 3.2 Displaying and Debugging IP Performance After the above IP performance configuration, you can execute the display commands in any view to display the system operating status and thus verify the IP performance configuration.
Page 502 Operation Manual – System Maintenance and Debugging Quidway S3100 Series Ethernet Switches Chapter 3 IP Performance Configuration Use the terminal debugging command to output the debugging information to the console. Use the debugging udp packet command to enable UDP debugging to track UDP data packets.
Page 503: Chapter 4 Network Connectivity Test
Operation Manual – System Maintenance and Debugging Quidway S3100 Series Ethernet Switches Chapter 4 Network Connectivity Test Chapter 4 Network Connectivity Test 4.1 Network Connectivity Test 4.1.1 ping You can use the ping command to check the network connectivity and the reachability of a host.
Page 504 Operation Manual – System Maintenance and Debugging Quidway S3100 Series Ethernet Switches Chapter 4 Network Connectivity Test Table 4-2 The tracert command Operation Command Description Trace the gateways packet passes tracert [ -a source-IP | -f first-ttl | -m You can execute the...
Page 505: Chapter 5 Device Management
Operation Manual – System Maintenance and Debugging Quidway S3100 Series Ethernet Switches Chapter 5 Device Management Chapter 5 Device Management 5.1 Introduction to Device Management The device management function of the Ethernet switch can report the current status and event-debugging information of the boards to you. Through this function, you can maintain and manage your physical device, and restart the system when some functions of the system are abnormal.
Page 506: Specifying The App Adopted When The Switch Starts Next Time
Operation Manual – System Maintenance and Debugging Quidway S3100 Series Ethernet Switches Chapter 5 Device Management Table 5-2 Enabling the Timing Reboot Function Operation Command Description Enable the timing reboot schedule reboot function of the switch, and — hh:mm [ mm/dd/yyyy |...
Page 507: Displaying The Device Management Configuration
Operation Manual – System Maintenance and Debugging Quidway S3100 Series Ethernet Switches Chapter 5 Device Management Table 5-4 Update the BootROM Operation Command Description Update — boot bootrom file-url BootROM 5.3 Displaying the Device Management Configuration After the above configurations, you can execute the display command in any view to display the operating status of the device management to verify the configuration effects.
Page 508 Operation Manual – System Maintenance and Debugging Quidway S3100 Series Ethernet Switches Chapter 5 Device Management II. Network diagram Network Network Network Network Switch Switch Figure 5-1 Network diagram of FTP configuration III. Configuration procedure Configure the following FTP server–related parameters on the PC: an FTP user with the username and password as switch and hello respectively, being authorized with the read-write right of the Switch directory on the PC.
Page 509 Operation Manual – System Maintenance and Debugging Quidway S3100 Series Ethernet Switches Chapter 5 Device Management [ftp] # Enter the authorized path on the FTP server. [ftp] cd switch # Execute the get command to download the switch.bin and boot.btm files on the FTP server to the Flash memory of the switch.
Page 510 HUAWEI Quidway S3100 Series Ethernet Switches Operation Manual Appendix Huawei Technologies Proprietary...
Page 511 Operation Manual – Appendix Quidway S3100 Series Ethernet Switches Table of Contents Table of Contents Appendix A Acronyms ........................A-1 Huawei Technologies Proprietary...
Page 512 Operation Manual – Appendix Quidway S3100 Series Ethernet Switches Appendix A Acronyms Appendix A Acronyms Authentication, Authorization and Accounting Area Border Router Access Control List Address Resolution Protocol Autonomous System ASBR Autonomous System Border Router Backup Designated Router Committed Access Rate...
Page 513 Operation Manual – Appendix Quidway S3100 Series Ethernet Switches Appendix A Acronyms Interior Gateway Protocol Internet Protocol Intelligent Resilient Framework Link State Advertisement LSDB Link State DataBase Medium Access Control Management Information Base NBMA Non Broadcast MultiAccess Network Information Center...
Page 514 Operation Manual – Appendix Quidway S3100 Series Ethernet Switches Appendix A Acronyms VLAN Virtual LAN Video On Demand Weighted Round Robin Huawei Technologies Proprietary...

Huawei Quidway S3100 Series Operation Manual

Section 1

Chapter 1 Product Overview

Chapter 2 Network Design

Section 2

Section 3

Chapter 3 Logging in through Telnet

Chapter 4 Logging in Using Modem

Chapter 5 Logging in through Web-Based Network Management System

Chapter 6 Logging in through NMS

Chapter 7 Controlling Login Users

Section 4

Section 5

Section 6

Section 7

Section 8

Section 9

Section 10

Section 11

Section 12

Section 13

Quick Links

Chapters

Troubleshooting

Related Manuals for Huawei Quidway S3100 Series

Summary of Contents for Huawei Quidway S3100 Series