Huawei Quidway S3000-EI Series Operation Manual
  1. Manuals
  2. Brands
  3. Huawei Manuals
  4. Network Router
  5. Quidway S3000-EI Series
  6. Operation manual
Huawei Quidway S3000-EI Series Operation Manual

Huawei Quidway S3000-EI Series Operation Manual

Hide thumbs Also See for Quidway S3000-EI Series:
Table of Contents

Advertisement

Quick Links

See also: Operating Manual , Installation Manual
HUAWEI
Quidway S3000-EI Series Ethernet Switches
Operation Manual
VRP3.10
1. Getting Started
2. Port
3. VLAN
4. Multicast
5. QoS/ACL
6. Integrated Management
7. STP
8. Security
9. Network Protocol
10. System Management
11. Remote Power-feeding
12. Appendix
Huawei Technologies Proprietary

Advertisement

Table of Contents
loading

Related Manuals for Huawei Quidway S3000-EI Series

Summary of Contents for Huawei Quidway S3000-EI Series

  • Page 1 1. Getting Started 2. Port 3. VLAN 4. Multicast 5. QoS/ACL 6. Integrated Management 7. STP 8. Security 9. Network Protocol 10. System Management 11. Remote Power-feeding 12. Appendix Quidway S3000-EI Series Ethernet Switches Operation Manual VRP3.10 Huawei Technologies Proprietary...
  • Page 2 31161091 Huawei Technologies Co., Ltd. provides customers with comprehensive technical support and service. If you purchase the products from the sales agent of Huawei Technologies Co., Ltd., please contact our sales agent. If you purchase the products from Huawei Technologies Co., Ltd. directly, Please feel free to contact our local office, customer care center or company headquarters.
  • Page 3 Copyright © 2005 Huawei Technologies Co., Ltd. All Rights Reserved No part of this manual may be reproduced or transmitted in any form or by any means without prior written consent of Huawei Technologies Co., Ltd. Trademarks , HUAWEI, C&C08, EAST8000, HONET,...

  • Page 4: About This Manual

    About This Manual Release Notes The product version that corresponds to the manual is VRP3.10. Related Manuals The following manuals provide more information about the Quidway S3000-EI Series Ethernet Switches. Manual Content Quidway S3026C-PWR Introduces the system installation, booting, Ethernet Switch Installation...
  • Page 5 Customers who are familiar with network fundamentals Conventions The manual uses the following conventions: I. General conventions Convention Description Arial Normal paragraphs are in Arial. Boldface Headings are in Boldface. Terminal Display is in Courier New. Courier New Huawei Technologies Proprietary...
  • Page 6 <Enter>, <Tab>, <Backspace>, or <A>. Press the keys concurrently. For example, <Ctrl+Alt+A> <Key1+Key2> means the three keys should be pressed concurrently. Press the keys in turn. For example, <Alt, A> means the <Key1, Key2> two keys should be pressed in turn. Huawei Technologies Proprietary...
  • Page 7 Eye-catching symbols are also used in the manual to highlight the points worthy of special attention during the operation. They are defined as follows: Caution, Warning: Means reader be extremely careful during the operation. Note: Means a complementary description. Huawei Technologies Proprietary...

  • Page 8: Table Of Contents

    Operation Manual - Getting Started Quidway S3000-EI Series Ethernet Switches Table of Contents Table of Contents Chapter 1 Product Overview ......................1-1 1.1 Product Overview....................... 1-1 1.2 Function Features ......................1-2 Chapter 2 Logging in Switch......................2-1 2.1 Setting up Configuration Environment via the Console Port ..........2-1 2.2 Setting up Configuration Environment through Telnet............
  • Page 9 Operation Manual - Getting Started Quidway S3000-EI Series Ethernet Switches Table of Contents 5.2.3 Setting/Deleting the Management VLAN Interface Description Character String... 5-5 5.2.4 Enabling/Disabling a Management VLAN Interface..........5-6 5.2.5 Configuring the Hostname and Host IP Address ............ 5-6 5.2.6 Configuring a Static Route ..................

  • Page 10: Chapter 1 Product Overview

    Chapter 1 Product Overview 1.1 Product Overview Quidway S3000-EI Series Ethernet Switches, the L2 Ethernet Switches independently developed by Huawei, provide wire-speed L2 switching function. The series include the following main types of switches: S3026G Ethernet Switch S3026C Ethernet Switch...

  • Page 11: Function Features

    Operation Manual - Getting Started Quidway S3000-EI Series Ethernet Switches Chapter 1 Product Overview 1.2 Fun ction Features Table 1-1 Function featu Features Implementation Supports VLAN compliant with IEEE 802.1Q Standard VLAN Supports po rt-based VLAN Supports GARP VLAN R...
  • Page 12 Management Supports system log Maintenance Supports level alarms Supports Huawei Group Management Protocol (HGMP) V2 Supports output of the debugging information Supports PING and Tracert Supports the remote maintenance via Telnet or Modem or SSH Supports to load and upgrade software via XModem protocol...

  • Page 13: Chapter 2 Logging In Switch

    Operation Manual - Getting Started Quidway S3000-EI Series Ethernet Switches Chapter 2 Logging in Switch Chapter 2 Logging in Switch 2.1 Setting up Configuration Environment via the Console Port Step 1: As shown in the figure below, to set up the local configuration environment, connect the serial port of a PC (or a terminal) to the Console port of the switch with the Console cable.
  • Page 14 Operation Manual - Getting Started Quidway S3000-EI Series Ethernet Switches Chapter 2 Logging in Switch Figure 2-3 Configuring the port for co nnection Figure 2-4 Setting communication parameters Step 3: The switch is powered on. Display self-test information of the switch and prompt you to press Enter to show the command line prompt such as <Quidway>.

  • Page 15: Setting Up Configuration Environment Through Telnet

    Operation Manual - Getting Started Quidway S3000-EI Series Ethernet Switches Chapter 2 Logging in Switch 2.2 Setting up Configuration Environment through Telnet 2.2.1 Connecting a PC to the Switch through Telnet After you have correctly configured IP address of a...

  • Page 16: Telneting A Switch Through Another Switch

    Operation Manual - Getting Started Quidway S3000-EI Series Ethernet Switches Chapter 2 Logging in Switch Figure 2-6 Running Telnet Step 4: The terminal displays “Login authentication” and prompts the user to input the logon password. After you input the correct password, it displays the command line prompt (such as <Quidway>).

  • Page 17: Setting Up Configuration Environment Through A Dial-Up The Modem

    Operation Manual - Getting Started Quidway S3000-EI Series Ethernet Switches Chapter 2 Logging in Switch Telnet Server Telnet Client Figure 2-7 Providing Telnet Client service tep 1: Authenticate the Telnet user via the Console port on the Telnet Server (switch)
  • Page 18 Operation Manual - Getting Started Quidway S3000-EI Series Ethernet Switches Chapter 2 Logging in Switch Note: By default, the password is required for authenticating the Modem user to log in the switch. If a user logs in via the Modem without password, he will see an error prompt.
  • Page 19 Operation Manual - Getting Started Quidway S3000-EI Series Ethernet Switches Chapter 2 Logging in Switch Modem serial port line Modem Telephone line PSTN Modem Console port Remote tel: 82882285 ure 2-8 Setting up remote configuration environment Step 4: Dial for connection to the switch, using the terminal emulat or and Modem on the mote end.
  • Page 20 Operation Manual - Getting Started Quidway S3000-EI Series Ethernet Switches Chapter 2 Logging in Switch Figure 2-10 Dialing on the remote PC Step 5: Enter the preset login password on the remote terminal emulator and wait for the prompt such as <Quidway>. The n you can configure and manage the switch.

  • Page 21: Chapter 3 Command Line Interface

    Operation Manual - Getting Started Quidway S3000-EI Series Ethernet Switches Chapter 3 Command Line Interface Chapter 3 Command Line Interface 3.1 Command Line Interface Quidway series switches provide a series of configuration commands and command line interfaces for configuring and managing the switch. The command line interface has the following characteristics: Local configuration via the Console port.
  • Page 22 Operation Manual - Getting Started Quidway S3000-EI Series Ethernet Switches Chapter 3 Command Line Interface System level: Service configuration commands, including routing command and commands on each network layer, are used to provide direct network service to the user. Management level: They are commands that influence basis operatio n of the system and system support module, which plays a support role on service.
  • Page 23 Operation Manual - Getting Started Quidway S3000-EI Series Ethernet Switches Chapter 3 Command Line Interface Layer-2 ACL view User-defined ACL view RADIUS s erver group view ISP domain view following table describes the function features of different views and the ways to ente r or quit.
  • Page 24 Operation Manual - Getting Started Quidway S3000-EI Series Ethernet Switches Chapter 3 Command Line Interface Command Command to Function Prompt Command to exit view enter FTP Clien Configure Key in ftp in user quit returns [ftp] view lient parameters view...

  • Page 25: Featuresfeature And Functions Of Command Line

    Operation Manual - Getting Started Quidway S3000-EI Series Ethernet Switches Chapter 3 Command Line Interface Command Command to Function Prompt Command to exit view enter quit returns system view WRED Configure WRED [Quidway-wred Key in wred 0 in index view...

  • Page 26: Displaying Characteristics Of Command Line

    Operation Manual - Getting Started Quidway S3000-EI Series Ethernet Switches Chapter 3 Command Line Interface Input a command with a “?” separated by a space. If this position is for parameters, all the parameters and their brief descriptions will be listed.

  • Page 27: History Command Of Command Line

    Operation Manual - Getting Started Quidway S3000-EI Series Ethernet Switches Chapter 3 Command Line Interface 3.3.3 Hist ory Command of Command Line Command line interface provides the function similar to that of Dos Key. The commands entered by use rs can be automatically saved by the command line interface and you can invoke and execute them at any time later.

  • Page 28: Editing Characteristics Of Command Line

    Operation Manual - Getting Started Quidway S3000-EI Series Ethernet Switches Chapter 3 Command Line Interface Ambiguous command e parameters entered are not specific. 3.3.5 Editing Characteristics of Command Line ommand line interface provides the bas ic command e diting function and supports to dit multiple lines.

  • Page 29: Chapter 4 User Interface Configuration

    Operation Manual - Getting Started Quidway S3000-EI Series Ethernet Switches Chapter 4 User Interface Configuration hapter 4 User Interface Configuration 4.1 User Interface Overview User in terface configuratio n is another way provided by the s witch to configure and manage the port data.

  • Page 30: User Interface Configuration

    Operation Manual - Getting Started Quidway S3000-EI Series Ethernet Switches Chapter 4 User Interface Configuration 4.2 User Interface Confi guration User interface configuratio n includes: Ente ring user interfac e view Configuring the user interface-supported protocol Configuring the attrib utes of AUX (Console) port...

  • Page 31: Configuring The Attributes Of Aux (Console) Port

    Operation Manual - Getting Started Quidway S3000-EI Series Ethernet Switches Chapter 4 User Interface Configuration Caution: If Telnet protocol is specified, to ensure a successful login via the Telnet, you must configure the password by default. If SSH protocol is specified, to ensure a successful login, you must configure the...

  • Page 32: Configuring The Terminal Attributes

    Operation Manual - Getting Started Quidway S3000-EI Series Ethernet Switches Chapter 4 User Interface Configuration . Configuring parity on the AUX (Console) port Table 4-5 Configuring parity on the AUX (Console) port Operation Command Configure parity mode on the AUX (Console)
  • Page 33 Operation Manual - Getting Started Quidway S3000-EI Series Ethernet Switches Chapter 4 User Interface Configuration ut, he cannot log in again. In this case, a user can log in to the switch through the user interfa ce only when the terminal service is enabled again.

  • Page 34: Managing Users

    Operation Manual - Getting Started Quidway S3000-EI Series Ethernet Switches Chapter 4 User Interface Configuration a command displays more than one screen of information, you can use the following command to set how many lines to be displayed in a screen, so that the information can be separated in different screens and you can view it more conveniently.
  • Page 35 Operation Manual - Getting Started Quidway S3000-EI Series Ethernet Switches Chapter 4 User Interface Configuration By default, terminal authentication is not required for users log in via the Console port, whereas the password is required for authenticating the Modem and Telnet users when they log in.

  • Page 36: User Privilege Level

    Operation Manual - Getting Started Quidway S3000-EI Series Ethernet Switches Chapter 4 User Interface Configuration Note: By default, the password is required for authenticating the Modem and Telnet users when they log in. If the password has not been set, when a user logs in, he will see the prompt “Login password has not been set !”.

  • Page 37: Configure Redirection

    Operation Manual - Getting Started Quidway S3000-EI Series Ethernet Switches Chapter 4 User Interface Configuration By default, a use r can access the commands at Level 3 after logging in through the AUX user interface, and the commands at Level 0 after logging in through the VTY user interface.

  • Page 38: Displaying And Debugging User Interface

    Operation Manual - Getting Started Quidway S3000-EI Series Ethernet Switches Chapter 4 User Interface Configuration Perform the following configuration in user view. Table 4-18 Configuring to send messages between different user interfaces. Operation Command Configuring to send messages between different send { all | number | type user interfaces.
  • Page 39 Operation Manual - Getting Started Quidway S3000-EI Series Ethernet Switches Chapter 4 User Interface Configuration Table 4-20 Displaying and debugg ng user interface Operation Command free user-interface [ type ] Clear a specified user interface number Display the user application information of the...

  • Page 40: Chapter 5 System Ip Configuration

    Operation Manual - Getting Started Quidway S3000-EI Series Ethernet Switches Chapter 5 System IP Configuration Chapter 5 System IP Configuration 5.1 System IP Overview 5.1.1 Man agement VLAN Before performi ng remote m anagement such as Telnet an d web mana gement, the IP address of the switch has to be configured first.
  • Page 41 Operation Manual - Getting Started Quidway S3000-EI Series Ethernet Switches Chapter 5 System IP Configuration When using IP addresses, it should also be noted that some of them are reserved for special uses, and are seldom used. The IP addresses you can use are li sted in the following table.
  • Page 42 Operation Manual - Getting Started Quidway S3000-EI Series Ethernet Switches Chapter 5 System IP Configuration Network Address IP network Note class range range ther 255.255.2 255.255.255.2 255.255.255.255 is used as LAN resses 55.255 broadcast address. II. Subnet and mask Nowadays, with rapid devel opment of the Internet, IP addresses are depleting very fast.

  • Page 43: Static Route

    Huawei Layer 2 Series Ethernet Switches ca n be configured with static route, used for login to the switch through the network. 5.2 System IP Configuration...

  • Page 44: Creating/Deleting A Management Vlan Interface

    Operation Manual - Getting Started Quidway S3000-EI Series Ethernet Switches Chapter 5 System IP Configuration Table 5-2 Creating/deleting a management VLAN interface Operation Command Create a ma nagement VLAN interface terface vlan-interface vlan-id d enter its view Delete a ma...

  • Page 45: Enabling/Disabling A Management Vlan Interface

    Operation Manual - Getting Started Quidway S3000-EI Series Ethernet Switches Chapter 5 System IP Configuration By default, the description character string is HUA WEI, Quidway Series, Vlan-interface1 Interface. Vlan-interface1 is the management VLAN interfa ce name. 5.2.4 Enabling/Disabling a Management VLAN Interface...

  • Page 46: Configuring A Static Route

    Operation Manual - Getting Started Quidway S3000-EI Series Ethernet Switches Chapter 5 System IP Configuration 5.2.6 Con figuring a Static Route You can use the following co mmand to configure a static ro ute for login to the switch via e network.
  • Page 47 Operation Manual - Getting Started Quidway S3000-EI Series Ethernet Switches Chapter 5 System IP Configuration Table 5-9 Displaying and debugging system IP Operation Command View all the hosts and their IP addresses display ip host on the network View related IP information of the...
  • Page 48 Operation Manual - Port Quidway S3000-EI Series Ethernet Switches Table of Contents Table of Contents Chapter 1 Ethernet Port Configuration ..................1-1 1.1 Ethernet Port Overview...................... 1-1 1.2 Ethernet Port Configuration ....................1-2 1.2.1 Enter Ethernet port view..................1-2 1.2.2 Enable/Disable Ethernet Port.................. 1-2 1.3 Set Description Character String for Ethernet Port............

  • Page 49: Chapter 1 Ethernet Port Configuration

    Operation Manual - Port Quidway S3000-EI Series Ethernet Switches Chapter 1 Ethernet Port Configuration Chapter 1 Ethernet Port Configuration 1.1 Ethernet Port Overview S3026G Ethernet Switch provides 24 10/100Base-T fixed Ethernet ports and two GBIC uplink ports. You can select the gigabit optical module.

  • Page 50: Ethernet Port Configuration

    Operation Manual - Port Quidway S3000-EI Series Ethernet Switches Chapter 1 Ethernet Port Configuration (auto-negotiation) and its speed can be set to 100 (100Mbps) and auto (auto-negotiation). Gigabit Ethernet port operates in gigabit full-duplex mode. The operating mode can be set to full (fu ll-duplex) and auto (auto-negotiation) and its speed can be set to 1000 (1000Mbps) and auto (auto-negotiation).

  • Page 51: Set Description Character String For Ethernet Port

    Operation Manual - Port Quidway S3000-EI Series Ethernet Switches Chapter 1 Ethernet Port Configuration enable the port. If you do not want a port to forward data any more, use the command to disable it. Perform the following configuration in Ethernet port view.

  • Page 52: Set Speed On The Ethernet Port

    Operation Manual - Port Quidway S3000-EI Series Ethernet Switches Chapter 1 Ethernet Port Configuration Note that, 100M electrical Ethernet port can operate in full-duplex, half-duplex or auto-negotiation mode , which can be set as per the requirement he optical 100M/Gigabit Ethernet ports su...

  • Page 53: Enable/Disable Flow Control For Ethernet Port

    Operation Manual - Port Quidway S3000-EI Series Ethernet Switches Chapter 1 Ethernet Port Configuration Table 1-6 Set the type of the cable connected to the Ethernet port Operation Command Set the type of the cable connected to mdi { across | auto | normal } the Ethernet port.

  • Page 54: Set Link Type For Ethernet Port

    Operation Manual - Port Quidway S3000-EI Series Ethernet Switches Chapter 1 Ethernet Port Configuration Table 1-8 Set Ethernet port broadcast suppression ratio Operation Command Set Ethernet port broadcast suppression ratio broadcast-suppression ratio Restore the default Ethernet port broadcast undo broadcast-suppression...

  • Page 55: Set The Default Vlan Id For The Ethernet Port

    Operation Manual - Port Quidway S3000-EI Series Ethernet Switches Chapter 1 Ethernet Port Configuration erform the following configuration in Ethernet port view able 1-10 Add the Ethernet port to specified VLANs Operation Command Add the current access port to a...

  • Page 56: Set Loopback Detection For The Ethernet Port

    Operation Manual - Port Quidway S3000-EI Series Ethernet Switches Chapter 1 Ethernet Port Configuration Operation Command Restore the default VLAN ID of the hybrid undo port hybrid pvid port to the default value Restore the default VLAN ID of the trunk port...

  • Page 57: Set The Time Interval Of Calculating Port Statistics Information

    Operation Manual - Port Quidway S3000-EI Series Ethernet Switches Chapter 1 Ethernet Port Configuration Operation Command Configure that the system p erforms loopback loopback -detection p er-vlan detection to all VLANs on Trunk and Hybrid ports enable (Ethernet port view)
  • Page 58 Operation Manual - Port Quidway S3000-EI Series Ethernet Switches Chapter 1 Ethernet Port Configuration I. Port Traffic Threshold Configuration Task Table 1-14 Port traffic threshold configuration task Item Command Remarks Enter system view <Quidway> system-view – Enter Ethernet port [Quidway] interface { interface_type –...

  • Page 59: Display And Debug Ethernet Port

    Operation Manual - Port Quidway S3000-EI Series Ethernet Switches Chapter 1 Ethernet Port Configuration 1.4 Display and Debug Ethernet Port After the above configuration, execute display comm and in any view to display the running of the Ethernet port con figuration, and to verify the effect of the configuration.

  • Page 60: Ethernet Port Troubleshooting

    Operation Manual - Port Quidway S3000-EI Series Ethernet Switches Chapter 1 Ethernet Port Configuration II. Networking diagram Switch A Switch B Figure 1-1 Configure the default VLAN for a trunk port I. Configuratio n procedure The following configurati ons are used for Switch A. Please configure Switch B in the similar way.

  • Page 61: Chapter 2 Link Aggregation Configuration

    Operation Manual - Port Quidway S3000-EI Series Ethernet Switches Chapter 2 Link Aggregation Configuration Chapter 2 Link Aggregation Configuration 2.1 Link Aggregation Overview The link aggregation means aggregating several ports together to implement the outgoing/incoming payload balance among the member ports and enhance the connection reliability.

  • Page 62: Display And Debug Link Aggregation

    Operation Manual - Port Quidway S3000-EI Series Ethernet Switches Chapter 2 Link Aggregation Configuration Table 2-1 Aggregating Ethernet ports Operation Command link-aggregation port_num1 to port_num2 { both | Aggregate Ethernet ports ingress } Remove a configured link undo lin k-aggregation { master_port_num | all }...

  • Page 63: Ethernet Link Aggregation Troubleshooting

    Operation Manual - Port Quidway S3000-EI Series Ethernet Switches Chapter 2 Link Aggregation Configuration II. Networking diagram Switch B Link aggregation Switch A Switch C Figure 2-1 Configure link aggregation III. Configuration procedure The following configurations are used for Switch A, pl ease configure Switch B in the similar way to activate aggregation.
  • Page 64 Operation Manual - VLAN Quidway S3000-EI Series Ethernet Switches Table of Contents Table of Contents Chapter 1 VLAN Configuration ....................1-1 1.1 VLAN Overview........................1-1 1.2 Configure VLAN ......................... 1-1 1.2.1 Enable/Disable VLAN Feature ................1-1 1.2.2 Create/Delete a VLAN..................... 1-2 1.2.3 Add Ethernet Ports to a VLAN ................
  • Page 65 Operation Manual - VLAN Quidway S3000-EI Series Ethernet Switches Table of Contents 4.2.4 Enabling/Disabling Voice VLAN Security Mode............4-4 4.2.5 Enabling/Disabling Voice VLAN Auto Mode ............4-4 4.2.6 Setting the Aging Time of Voice VLAN ..............4-5 4.3 Displaying and Debugging of Voice VLAN ................ 4-5 4.4 Voice VLAN Configuration Example ..................

  • Page 66: Chapter 1 Vlan Configuration

    Operation Manual - VLAN Quidway S3000-EI Series Ethernet Switches Chapter 1 VLAN Configuration Chapter 1 VLAN Configuration 1.1 VLAN Overview Virtual Local Area Network (VLAN) groups the devices of a LAN logically but not physically into segments to implement the virtual workgroups. IEEE issued the IEEE 802.1Q in 1999, which was intended to standardize VLAN implementation solutions.

  • Page 67: Create/Delete A Vlan

    Operation Manual - VLAN Quidway S3000-EI Series Ethernet Switches Chapter 1 VLAN Configuration By default, VLAN feature is enabled on th e switch. Note that you will see error prompt when creating VLAN after VLAN fe ature is disabled. 1.2.2 Crea te/Delete a VLAN You can use the following command to create/delete a VLAN.

  • Page 68: Display And Debug Vlan

    Operation Manual - VLAN Quidway S3000-EI Series Ethernet Switches Chapter 1 VLAN Configuration Table 1-4 Set/Delete VLAN description character string Operation Command Set the description character string for VLAN description string Restore the default description of current VLAN undo description...
  • Page 69 Operation Manual - VLAN Quidway S3000-EI Series Ethernet Switches Chapter 1 VLAN Configuration [Quidway] vlan 2 # Add Ethernet 0/1 and Ethernet 0/2 to VLAN2. [Quidway-vlan2] port ethernet 0/1 to ethernet 0/2 # Create VLAN 3 and enters its view.

  • Page 70: Chapter 2 Isolate-User-Vlan Configuration

    Chapter 2 Isolate-User-Vlan Configuration 2.1 Isolate-user-vlan Overview Isolate-user-vlan is a new feature of the Ethernet Switches launched by Huawei Technologies Co., Ltd., through which can save the VLAN source. isolate-user-vlan adopts the Layer-2 VLAN architecture. (On an Ethernet Switch configure the isolate-user-vlan and Secondary VLAN.) An isolate-user-vlan corresponds to several...

  • Page 71: Configure Secondary Vlan

    Operation Manual - VLAN Quidway S3000-EI Series Ethernet Switches Chapter 2 Isolate-User-Vlan Configuration Add new ports to isolate-user-vlan port interface-list Ethernet switch can have sever al isolate-us er-vlans, each o f which can include ore than one port. isolate-user-vlan cannot be configured togethe r with the Trunk port.

  • Page 72: Configure Vlan Id Of Igmp Packets

    Operation Manual - VLAN Quidway S3000-EI Series Ethernet Switches Chapter 2 Isolate-User-Vlan Configuration After the mapping relationship is configured, the system does not allow you to add/remove any ports to/from the isolate-user-vlan or Secondary VLAN or remove a VLAN. You can perfo rm these operations after removing the mapping relationship.

  • Page 73: Isolate-User-Vlan Configuration Example

    Operation Manual - VLAN Quidway S3000-EI Series Ethernet Switches Chapter 2 Isolate-User-Vlan Configuration 2.4 isolate-user-vlan Configuration Example I. Networking requirements Switch A is connected to Switch B and Switch C in the downstream. The VLAN5 carried by Switch B is the isolate-user-vlan, including the Uplink Ethernet1/1 and two Secondary VLANs, VLAN2 and VLAN3.
  • Page 74 Operation Manual - VLAN Quidway S3000-EI Series Ethernet Switches Chapter 2 Isolate-User-Vlan Configuration Configure Switch C: # Configure isolate-user-vlan [Quidway] vlan 6 [Quidway-vlan6] isolate-us er-vlan enable [Quidway-vlan6] port ethernet1/1 # Configure Secondary VLAN [Quidway-vlan6] vlan 3 [Quidway-vlan3] port ethern et0/3...

  • Page 75: Chapter 3 Garp/Gvrp Configuration

    Operation Manual - VLAN Quidway S3000-EI Series Ethernet Switches Chapter 3 GARP/GVRP Configuration Chapter 3 GARP/GVRP Configuration 3.1 Configure GARP 3.1.1 GARP Overview Generic Attribute Registration Protocol (GARP) offers a mechanism that is used by the members in the same switching network to distribute, propagate and register such information as VLAN and multicast addresses.

  • Page 76: Set Garp Timer

    Operation Manual - VLAN Quidway S3000-EI Series Ethernet Switches Chapter 3 GARP/GVRP Configuration Note: he value of GARP timer will be used in all the GARP applications, including GVRP and GM RP, running in one switching network. In one switching network, the GARP timers on all the switching devices should be set to the same value.

  • Page 77: Configure Gvrp

    Operation Manual - VLAN Quidway S3000-EI Series Ethernet Switches Chapter 3 GARP/GVRP Configuration ote that, the value of Join timer should be n o less than the doubled value of Hold timer, nd the value of L eave timer should be grea...

  • Page 78: Enable/Disable Global Gvrp

    Operation Manual - VLAN Quidway S3000-EI Series Ethernet Switches Chapter 3 GARP/GVRP Configuration GVRP is described in details in the IEEE 802.1Q standard. Quidway Series Ethernet Switches fully support the GARP compliant with the IEEE standards. Main GVRP configuration includes:...

  • Page 79: Display And Debug Gvrp

    Operation Manual - VLAN Quidway S3000-EI Series Ethernet Switches Chapter 3 GARP/GVRP Configuration When an Ethernet port is set to be in Normal registration mode, the dynamic and manual creation, registration an d logout of VLAN are allowed on this port.
  • Page 80 Operation Manual - VLAN Quidway S3000-EI Series Ethernet Switches Chapter 3 GARP/GVRP Configuration 3.2.6 GVR P Configuration Example I. Networking requirements o dynamically register and update VLA N in formation among switches, GVRP needs to e enabled on the switches.

  • Page 81: Chapter 4 Voice Vlan Configuration

    Operation Manual - VLAN Quidway S3000-EI Series Ethernet Switches Chapter 4 Voice VLAN Configuration Chapter 4 Voice VLAN Configuration 4.1 Intro duction to Voice VLAN Voice VLAN is specially designed for u ser’s voice flow, and it distributes different port recedence in different cases.

  • Page 82: Voice Vlan Configuration

    Operation Manual - VLAN Quidway S3000-EI Series Ethernet Switches Chapter 4 Voice VLAN Configuration Table 4-1 The corresponding relation between port mode and IP Phone Voice Type of IP VLAN Port Mode Phone Mode Access: Do not support Trunk: Supp...

  • Page 83: Enabling/Disabling Voice Vlan Features

    Operation Manual - VLAN Quidway S3000-EI Series Ethernet Switches Chapter 4 Voice VLAN Configuration If you change the status of Voice VLAN security mode, you must first enable Voice VLAN features globally. 4.2.1 Enabling/Disabling Voice VLAN Features Enable/disable the Voice VLAN in system view.

  • Page 84: Enabling/Disabling Voice Vlan Security Mode

    Operation Manual - VLAN Quidway S3000-EI Series Ethernet Switches Chapter 4 Voice VLAN Configuration Table 4-4 Configuring the OUI address learned by Voice VLAN Operation command Set the OUI address learned by Voice voice v lan mac-address oui mask VLAN...

  • Page 85: Setting The Aging Time Of Voice Vlan

    Operation Manual - VLAN Quidway S3000-EI Series Ethernet Switches Chapter 4 Voice VLAN Configuration Table 4-7 Configuring the Voice VLAN auto mode Operation Command Enable the Voice VLAN auto mode voice vlan mode auto Disable the Voice VLAN auto mode (that...

  • Page 86: Voice Vlan Configuration Example

    Operation Manual - VLAN Quidway S3000-EI Series Ethernet Switches Chapter 4 Voice VLAN Configuration 4.4 Voic e VLAN Configuration Example I. Networking Requirements Create VLAN 2 as t he Voice VL AN in manual mode and enabl e its security mode.
  • Page 87 Operation Manual - Multicast Quidway S3000-EI Series Ethernet Switches Table of Contents Table of Contents Chapter 1 GMRP Configuration ....................1-1 1.1 GMRP Overview ........................ 1-1 1.2 Configure GMRP........................ 1-1 1.2.1 Enable/Disable GMRP Globally ................1-1 1.2.2 Enable/Disable GMRP on the Port................1-2 1.3 Display and debug GMRP ....................

  • Page 88: Chapter 1 Gmrp Configuration

    Operation Manual - Multicast Quidway S3000-EI Series Ethernet Switches Chapter 1 GMRP Configuration Chapter 1 GMRP Configuration 1.1 GMRP Overview GMRP (GARP Multicast Registration Protocol), based on GARP, is used for maintaining dynamic multicast registration information of the switch. All the switches supporting GMRP can receive multicast registration information from other switches and dynamically update local multicast registration information.

  • Page 89: Enable/Disable Gmrp On The Port

    Operation Manual - Multicast Quidway S3000-EI Series Ethernet Switches Chapter 1 GMRP Configuration y default, GMRP is disab led. 1.2.2 Enable/Disable GMRP on the Port Perform the following configura tion in Ethernet port view. Table 1-2 Enable/Disable GMRP on the...
  • Page 90 Operation Manual - Multicast Quidway S3000-EI Series Ethernet Switches Chapter 1 GMRP Configuration II. Networking diagram Switch_B Switch_B Switch_A Switch_A Figure 1-1 GMRP networking III. Configuration procedure Configure LS_A: # Enable GMRP globally. [Quidway] gmrp # Enable GMRP o n the port.

  • Page 91: Chapter 2 Igmp Snooping Configuration

    Operation Manual - Multicast Quidway S3000-EI Series Ethernet Switches Chapter 2 IGMP Snooping Configuration Chapter 2 IGMP Snooping Configuration 2.1 IGMP Snooping Overview 2.1.1 IGMP Snooping Principle IGMP Snooping (Internet Group Management Protocol Snooping) is a multicast control mechanism running on the Layer 2 Ethernet switch and it is used for multicast group management and control.

  • Page 92: Implement Igmp Snooping

    Operation Manual - Multicast Quidway S3000-EI Series Ethernet Switches Chapter 2 IGMP Snooping Configuration Video stream Internet / Intranet Multicast router Video stream VOD Server Layer 2 Ethernet Switch Video stream Video stream Video stream Multicast group member Non-multicast Non-multicast...
  • Page 93 Operation Manual - Multicast Quidway S3000-EI Series Ethernet Switches Chapter 2 IGMP Snooping Configuration II. Imp lement Layer 2 multicast with IGMP Snooping Ethernet switch runs IGM P Snooping to listen to the IGMP messages and map the host and its ports to the corresponding multicast group address. To implement IGMP...

  • Page 94: Enable/Disable Igmp Snooping

    Operation Manual - Multicast Quidway S3000-EI Series Ethernet Switches Chapter 2 IGMP Snooping Configuration multicast group exists but does not contains the port received the report message, the switch adds the port into the multicast group and starts the port aging timer.

  • Page 95: Configure Router Port Aging Time

    Operation Manual - Multicast Quidway S3000-EI Series Ethernet Switches Chapter 2 IGMP Snooping Configuration IGMP Snoop ing and GM RP cannot run at the same tim e. You can che ck if GMRP is unning, using the display gmrp s...
  • Page 96 Operation Manual - Multicast Quidway S3000-EI Series Ethernet Switches Chapter 2 IGMP Snooping Configuration will transmit the specific query message to that port and starts a maximum response timer. Perform the following configuration in system view. Table 2-4 Configure aging time of the multicast member...

  • Page 97: Setting The Maximum Number Of Multicast Groups Permited On A Port

    Operation Manual - Multicast Quidway S3000-EI Series Ethernet Switches Chapter 2 IGMP Snooping Configuration Note: this function takes effect on condition that the client supports IGMP V2. After configuring this command, when there are multiple users at one port, the...

  • Page 98: Multicast Source Port Suppression Configuration

    Operation Manual - Multicast Quidway S3000-EI Series Ethernet Switches Chapter 2 IGMP Snooping Configuration By default, no filtering configured on the switch. Note: Each VLAN of each port can only be configured with o ne ACL rule. If no ACL rule is configured or the c onfigured port doesn’t belong to the specified...

  • Page 99: Display And Debug Igmp Snooping

    Operation Manual - Multicast Quidway S3000-EI Series Ethernet Switches Chapter 2 IGMP Snooping Configuration Table 2-9 Display and debug multicast source port suppression Operation Command display multicast-source-deny play statistics about mu lticast source interface interface_type port suppression [ interface_number ] | interface_name } ]...

  • Page 100: Troubleshoot Igmp Snooping

    Operation Manual - Multicast Quidway S3000-EI Series Ethernet Switches Chapter 2 IGMP Snooping Configuration II. Networking diagram Internet Router Multicast Switch Figure 2-4 IGMP Snooping configuration networkin III. Configuration procedure # Display the status of GMRP. <Quidway> display gmrp status # Display the current status of IGMP Snooping whe n GMRP is disabled.
  • Page 101 Operation Manual - Multicast Quidway S3000-EI Series Ethernet Switches Chapter 2 IGMP Snooping Configuration Enable IGMP Snooping group in user view and then input the command display igmp-snooping group to check if MAC multicast forwarding table in the bottom layer and that created by IGMP Snooping is consistent. Y...

  • Page 102: Chapter 3 Unknown Multicast Dropping Configuration

    Operation Manual - Multicast Chapter 3 Unknown Multicast Dropping Quidway S3000-EI Series Ethernet Switches Configuration Chapter 3 Unknown Multicast Dropping Configuration 3.1 Introduction to Unknown Multicast Dropping Normally, if the multicast address of multicast data packet received by the switch is not registered on this switch, this packet will be broadcasted within this VLAN.

  • Page 103: Chapter 4 Adding Multicast Mac Address Configuration

    Operation Manual - Multicast Chapter 4 Adding Multicast MAC Address Quidway S3000-EI Series Ethernet Switches Configuration Chapter 4 Adding Multicast MAC Address Configuration 4.1 Introduction In Layer 2 multicast, you can not only dynamically create multicast forwarding entries using the Layer 2 multicast protocol, but also set manually the multicast MAC address and bind multicast entries to ports.
  • Page 104 Operation Manual - Multicast Chapter 4 Adding Multicast MAC Address Quidway S3000-EI Series Ethernet Switches Configuration To add a port to the multicast MAC address entry which is manually added, you need first delete the entry and create it again, and then add the specified port as the forwarding port of the entry.

  • Page 105: Chapter 5 Multicast Vlan Configuration

    Operation Manual - Multicast Quidway S3000-EI Series Ethernet Switches Chapter 5 Multicast VLAN Configuration Chapter 5 Multicast VLAN Configuration 5.1 Introduction to Multicast VLAN Generally, when users in different virtual LANs (VLANs) order a multicast stream, each of these VLANs copies the same multicast stream to itself. In this method, a great deal of bandwidth is wasted.
  • Page 106 Operation Manual - Multicast Quidway S3000-EI Series Ethernet Switches Chapter 5 Multicast VLAN Configuration Item Command Description port hybrid vlan vlan_id_list { tagged | Setting the default VLAN untagg Required ID of the Ethernet port port trunk pvid vlan vlan_id...

  • Page 107: Multicast Vlan Configuration Example

    Operation Manual - Multicast Quidway S3000-EI Series Ethernet Switches Chapter 5 Multicast VLAN Configuration Note: The isolate vlan cannot be set to a multicast VLAN. Only on e multicast VLAN can be specified for a port. The type of the ports connected with user terminals ca n only be hybrid.
  • Page 108 Operation Manual - Multicast Quidway S3000-EI Series Ethernet Switches Chapter 5 Multicast VLAN Configuration II. Network diagram Switch A Switch A Workstation Workstation Workstation Switch B Switch B PC 1 PC 1 PC 1 PC 1 PC 1 PC 1...
  • Page 109 Operation Manual - Multicast Quidway S3000-EI Series Ethernet Switches Chapter 5 Multicast VLAN Configuration [Switch A] multicast routing-enable [Switch A] interface Vlan-interface 1 [Switch A-Vlan-interface10] pim dm [Switch A-Vlan-interface10] igmp enab Configure switch B as follows: # Enable IGMP Snooping <Switch B>...
  • Page 110 Operation Manual - QoS/ACL Quidway S3000-EI Series Ethernet Switches Table of Contents Table of Contents Chapter 1 ACL Configuration....................... 1-1 1.1 Brief Introduction to ACL....................1-1 1.1.1 ACL Overview ......................1-1 1.1.2 ACL Supported by the Ethernet Switch ..............1-2 1.2 Configuring ACL.........................
  • Page 111 Operation Manual - QoS/ACL Quidway S3000-EI Series Ethernet Switches Table of Contents 2.2.11 QoS Configuration Example................2-11 Chapter 3 Logon User ACL Control Configuration..............3-1 3.1 Overview ..........................3-1 3.2 Configuring ACL Control over the TELNET Users ............3-1 3.2.1 Defining ACL ......................3-1 3.2.2 Calling ACL to Control TELNET Users ..............

  • Page 112: Chapter 1 Acl Configuration

    Operation Manual - QoS/ACL Quidway S3000-EI Series Ethernet Switches Chapter 1 ACL Configuration Chapter 1 ACL Configuration 1.1 Brief Introduction to ACL 1.1.1 ACL Overview A series of matching rules are required for the network devices to identify the packets to be filtered.
  • Page 113 Operation Manual - QoS/ACL Quidway S3000-EI Series Ethernet Switches Chapter 1 ACL Configuration the rule) and auto (according to the system sorting automatically when matching the rule, i.e. in depth-first order). Once the user specifies the match-order of an access control rule, he cannot modify it later, unless he deletes all the content and specifies the match-order again.

  • Page 114: Configuring Acl

    Operation Manual - QoS/ACL Quidway S3000-EI Series Ethernet Switches Chapter 1 ACL Configuration Table 1-2 Quantitative limita tion to ACL Item Value range Numbered basic ACL. 2000 to 2999 Numbered advanced ACL. 3000 to 3999 Numbered Layer-2 ACL. 4000 to 4999...

  • Page 115: Defining Acl

    The end time shall be later than the start time. 1.2.2 Defi ning ACL Huawei Switches support several kinds of ACLs. Here we will introduce how to define these ACLs. Defining ACL by following the steps below:...
  • Page 116 Operation Manual - QoS/ACL Quidway S3000-EI Series Ethernet Switches Chapter 1 ACL Configuration Table 1-4 Defining the basi c ACL Operation Command Enter basic w(from acl { number acl-number | name acl-name system view) basic } [ match-order { config | auto } ]...
  • Page 117 Operation Manual - QoS/ACL Quidway S3000-EI Series Ethernet Switches Chapter 1 ACL Configuration e mnemonic symbols as sho rtcut. For example, “bgp” can represent the TCP numbe 79 used by BGP. III. Defining the Layer-2 ACL The rules of Layer-2 ACL are defined on the basis of the Layer-2 information such as...
  • Page 118 Operation Manual - QoS/ACL Quidway S3000-EI Series Ethernet Switches Chapter 1 ACL Configuration Figure 1-1 The first 64 bytes of data frame The table below lists the meaning and offset of each letter. Table 1-7 Letters and their meanings Offs...

  • Page 119: Activating Acl

    Operation Manual - QoS/ACL Quidway S3000-EI Series Ethernet Switches Chapter 1 ACL Configuration the TCP pa ckets, you c an define the rule as “06”, the rule mask as “FF” and th e of fset as 35. In this case, the rule mask coordinates with the offset and picks up the TCP...

  • Page 120: Displaying And Debugging Acl

    Operation Manual - QoS/ACL Quidway S3000-EI Series Ethernet Switches Chapter 1 ACL Configuration Table 1-9 Activ ating ACL Operation Command packet-filter { user-group { acl-number | acl-name } [ rule rule ] | Activate { ip-group { acl-number | acl-name } [ rule rule ] | link-group...

  • Page 121: Acl Configuration Example

    Operation Manual - QoS/ACL Quidway S3000-EI Series Ethernet Switches Chapter 1 ACL Configuration 1.3 ACL Configuration Example 1.3.1 Advanced ACL Configuration Example Networking requirements The interconnection between different departments on a company network is implemented through the 100M ports of the Ethernet Switch. The p ayment query server of the Financial Dept.

  • Page 122: Networking Diagram

    Define the time range # Define time range from 8:00 to 18:00. [Quidway] time-range huawei 8:00 to 18:00 daily Define the ACL for packet which source IP is 10.1.1.1. # Enter the named basic ACL, named as traffic-of-host. [Quidway] acl name traffic- of-host basic # Define the rules for packet which source IP is 10.1.1.1.

  • Page 123: Link Acl Configuration Example

    In the following configurations, only the commands related to ACL configurations are listed. Define the time range # Define time range from 8:00 to 18:00. [Quidway] time-range huawei 8:00 to 18:00 daily Define the ACL for packet which sour ce MAC address is 00e0-fc01-0101 and destination MAC address is 00e0-fc01-0303.

  • Page 124: User-Defined Acl Configuration Example

    # Enter the named user-defined ACL, named a s traffic-of-tcp. [Quidway] acl name traffic-of-tcp user # Define the rules for TCP packet. [Quidway-acl-user-traffic-of-tcp] rule 1 deny 06 ff 35 time-range huawei Activate ACL. # Activate the ACL traffic-of-tcp . [Quidway] packet-filter use...

  • Page 125: Chapter 2 Qos Configuration

    Operation Manual - QoS/ACL Quidway S3000-EI Series Ethernet Switches Chapter 2 QoS Configuration Chapter 2 QoS Configuration 2.1 QoS Overview In the traditional IP network, all the p ackets are treated equally without priority difference. Every switch/router handles the packets fo llowing the First In First Out (FIFO) policy.

  • Page 126: Packet Filter

    Operation Manual - QoS/ACL Quidway S3000-EI Series Ethernet Switches Chapter 2 QoS Configuration standards are encapsulated in the header of the packets. The packet content is seldom used as the classification standard. 2.1.3 Packet Filter Packet filter is to filter traf fic.
  • Page 127 Operation Manual - QoS/ACL Quidway S3000-EI Series Ethernet Switches Chapter 2 QoS Configuration high queue Packets sent via this Packets sent interface middle queue normal queue Classify Sending queue Dequeue bottom queue Figure 2-1 SP The SP is specially designed for the key service application. A significant feature of the...

  • Page 128: Traffic Mirroring

    Operation Manual - QoS/ACL Quidway S3000-EI Series Ethernet Switches Chapter 2 QoS Configuration Comparing to the co mmon WRR, the Delay bounded WRR also guarantee the packets in the highest-priority queue to leave the queue before the configured delay. 2.1.9 Traf...

  • Page 129: Configuring Trust Packet Priority

    Operation Manual - QoS/ACL Quidway S3000-EI Series Ethernet Switches Chapter 2 QoS Configuration The port of Ethernet Switch supports 8 priority levels. You can configure the port priority at your requirements. priority-level ranges from 0 to 7. By default, the port priority is 0 and switch replaces the priority carried by a packet with the port priority.

  • Page 130: Port Traffic Limit

    Operation Manual - QoS/ACL Quidway S3000-EI Series Ethernet Switches Chapter 2 QoS Configuration The purpose of this configuration task is to implement the traffic policing over the data flow matching the ACL. The traffic beyond the limit will be dealt with in some ot her way, such as discarding.

  • Page 131: Configuring Priority Marking

    Operation Manual - QoS/ACL Quidway S3000-EI Series Ethernet Switches Chapter 2 QoS Configuration Note: The con figuration of redirection only takes effects o n the rules w ith action permit. For details about the comma nd, refer to the Command Manual.
  • Page 132 Operation Manual - QoS/ACL Quidway S3000-EI Series Ethernet Switches Chapter 2 QoS Configuration Table 2-7 Default “CoS → Local-precedence” mapping table CoS Value Local Precedence Table 2-8 Relationship between 802.1p priority and output queue 802.1p priority Queue ID Table 2-9 Relationship between local-precedence and output queue...
  • Page 133 Operation Manual - QoS/ACL Quidway S3000-EI Series Ethernet Switches Chapter 2 QoS Configuration CoS Value Local Precedence Using the following commands, you can configure the maps. Perform the following configuration in system view. Table 2-11 Map configuration Operation Command cos-local-precedence-map...

  • Page 134: Configuring Traffic Mirroring

    Operation Manual - QoS/ACL Quidway S3000-EI Series Ethernet Switches Chapter 2 QoS Configuration or details about the command, refer to the Command Manual. 2.2.8 Con figuring Traffic Mirroring The functio n of Traffic mirrorin g is to copy the traffic...

  • Page 135: Displaying And Debugging Qos

    Operation Manual - QoS/ACL Quidway S3000-EI Series Ethernet Switches Chapter 2 QoS Configuration 2.2.10 Displaying and Debugging QoS After the above configuration, execute display command in all views to display the running of the QoS configuration, and to verify the effect of the configuration. Execute reset command in user view to clear th e statistics of QoS module.
  • Page 136 Operation Manual - QoS/ACL Quidway S3000-EI Series Ethernet Switches Chapter 2 QoS Configuration references of those not match the rules to 4. And It is required to limit the traffic from other department to the server to no more than 20M.

  • Page 137: Chapter 3 Logon User Acl Control Configuration

    Operation Manual - QoS/ACL Quidway S3000-EI Series Ethernet Switches Chapter 3 Logon User ACL Control Configuration Chapte r 3 Logon User ACL Control Config uration 3.1 Overview As the Ethernet switches launched by Hua wei Technologies are used more and mor...

  • Page 138: Calling Acl To Control Telnet Users

    Operation Manual - QoS/ACL Quidway S3000-EI Series Ethernet Switches Chapter 3 Logon User ACL Control Configuration Table 3-1 Defining the ba sic ACL Operation Command Enter basic view(from { number acl-number | name acl-name system view) basic } [ match-order { config | auto } ]...

  • Page 139: Configuring Acl Control Over The Snmp Users

    [Quidway-user-interface-vty0-4] ac l 2020 inbound 3.3 Configuring ACL Control over the SNMP Users Huawei Quidway Ethernet switch series support the remote management with the network management software. The network management users can access the switch wit h SNMP. Controlling such users with ACL can help filter the illegal NM users and prevent them from accessing the local switch.

  • Page 140: Calling Acl To Control Snmp Users

    Operation Manual - QoS/ACL Quidway S3000-EI Series Ethernet Switches Chapter 3 Logon User ACL Control Configuration 3.3.2 Calling ACL to Control SNMP Users To control the NM users with ACL, call the defined ACL when configuring SNMP ommunity name, username, and group name.

  • Page 141: Configuration Example

    [Quidway-acl-basic-2020] rule 2 pe rmit source 10.110.100.46 0 [Quidway-acl-basic-2020] quit # Call the basic ACLs. [Quidway] snmp-agent community read huawei acl 2020 [Quidway] snmp-agent group v2c huaweigroup acl 2020 [Quidway] snmp-agent usm-user v2c huaweiuser huaweigroup acl 2020 3.4 Con figuring ACL Control over the HTTP Users Quidway Ethernet switch series support the remote managem ent through WEB.

  • Page 142: Defining Acl

    Operation Manual - QoS/ACL Quidway S3000-EI Series Ethernet Switches Chapter 3 Logon User ACL Control Configuration Calling A CL to control HTTP users The follow section introduces the configuration procedures. 3.4.1 Defi ning ACL So far, you can only call the numbered basic ACL, ranging from 2000 to 2999, to implement ACL control function.
  • Page 143 Operation Manual - QoS/ACL Quidway S3000-EI Series Ethernet Switches Chapter 3 Logon User ACL Control Configuration . Networkin g diagram Internet Switch Figure 3-3 Control WEB NM user with ACL I. Configuration procedure # Define the basic ACL. [Quidway] acl number 20 30 match-order config [Quidway-acl-basic-2030] rule 1 permit source 10.110.100.46 0...
  • Page 144 Operation Manual - Integrated Management Quidway S3000-EI Series Ethernet Switches Table of Contents Table of Contents Chapter 1 Stack Function Configuration ..................1-1 1.1 Stack Function Overview ....................1-1 1.2 Configure Stack Function ....................1-1 1.2.1 Configure IP Address Pool for the Stack ..............1-1 1.2.2 Enable/Disable a Stack ...................
  • Page 145 Operation Manual - Integrated Management Quidway S3000-EI Series Ethernet Switches Table of Contents 2.4.7 Set up a Cluster Automatically................2-14 2.4.8 Set Cluster Holdtime ..................... 2-15 2.4.9 Set Cluster Timer to Specify the Handshaking Message Interval......2-15 2.4.10 Configure Remote Control over the Member device........... 2-16 2.4.11 Configure the Cluster Server and Network Management and Log Hosts...

  • Page 146: Chapter 1 Stack Function Configuration

    Operation Manual - Integrated Management Quidway S3000-EI Series Ethernet Switches Chapter 1 Stack Function Configuration Chapter 1 Stack Function Configuration 1.1 Stack Function Overview A stack is a management domain including several Ethernet switches (one main switch and some slave switches) connected through stack ports. These Ethernet switches stacked together can act as one set of equipment and the user can manage them through the main switch.

  • Page 147: Enable/Disable A Stack

    Operation Manual - Integrated Management Quidway S3000-EI Series Ethernet Switches Chapter 1 Stack Function Configuration Table 1-1 Configure IP address pool for the stack Operation Command stacking ip-pool from-ip-address Configure IP address range for a stack ip-address-number [ ip-mask ]...

  • Page 148: Display And Debug Stack Function

    Operation Manual - Integrated Management Quidway S3000-EI Series Ethernet Switches Chapter 1 Stack Function Configuration 1.3 Disp lay and Debug Stack Function After the above configuration, execute display command in any view to display the running of the stack configuration, and to verify the effect of the configuration.
  • Page 149 Operation Manual - Integrated Management Quidway S3000-EI Series Ethernet Switches Chapter 1 Stack Function Configuration III. Configuration proced # Configure IP address pool for the st ack on Switch A. [Quidway] stacking ip-pool 129.10.1.1 5 # Enable a stack on Switch A.
  • Page 150 Operation Manual - Integrated Management Quidway S3000-EI Series Ethernet Switches Chapter 1 Stack Function Configuration # Switch to the slave switch, Swi tch C, to perform the configuration. <stack_0.Quidway> s tacking 2 <stack_2.Quidway> # Switch back to the main switch, Switch A to perform the configuration.

  • Page 151: Chapter 2 Hgmp V2 Configuration

    Operation Manual - Integrated Management Quidway S3000-EI Series Ethernet Switches Chapter 2 HGMP V2 Configuration Chapter 2 HGMP V2 Configuration 2.1 HGMP V2 Overview 2.1.1 Overview By HGMP V2 function, the network administrator can manage multiple switches at a managing switch with a public IP address. The managing switch is called administrator device and the managed switches are called member devices.
  • Page 152 Operation Manual - Integrated Management Quidway S3000-EI Series Ethernet Switches Chapter 2 HGMP V2 Configuration Administrator device: Configured with a public network IP address and providing agement interface for all the switches in the cluster. The administrator device manages the member device through command redirection, that is, administrator device receives and processes the management commands from the network.

  • Page 153: Functions

    Operation Manual - Integrated Management Quidway S3000-EI Series Ethernet Switches Chapter 2 HGMP V2 Configuration Note: To configure the cluster function, perform the following operations on the administrator device: Enable system NDP and port NDP Configure NDP parameter Enable system NTDP and port NTDP...

  • Page 154: Configure Ndp

    Operation Manual - Integrated Management Quidway S3000-EI Series Ethernet Switches Chapter 2 HGMP V2 Configuration Network topology collection is implemented by NTDP. It is used for collecting the information concerning device connection and the Candida te device. It can also be used for setting hops for topology discovery.

  • Page 155: Enable/Disable System Ndp

    Operation Manual - Integrated Management Quidway S3000-EI Series Ethernet Switches Chapter 2 HGMP V2 Configuration Note: On an administrator device, you need to enable system NDP and port NDP, meanwhile configure the NDP parameters as well. However, you only have to enable NDP on a device and the corresponding ports on member device.

  • Page 156: Set Ndp Holdtime

    Operation Manual - Integrated Management Quidway S3000-EI Series Ethernet Switches Chapter 2 HGMP V2 Configuration 2.2.4 Set NDP Holdtime The NDP holdtime specifies how long the adjacent node can keep the local node information. The adj acent device knows the holdtime from the received NDP packet and will discard the packet when it expires.

  • Page 157: Configure Ntdp

    Operation Manual - Integrated Management Quidway S3000-EI Series Ethernet Switches Chapter 2 HGMP V2 Configuration Table 2-5 Display and Debug NDP Operation Command Display global NDP configuration information display ndp (including NDP timer and holdtime). Display the information about the port enabled...

  • Page 158: Enable/Disable System Ntdp

    Operation Manual - Integrated Management Quidway S3000-EI Series Ethernet Switches Chapter 2 HGMP V2 Configuration N ote: On an administrator device, you need to enable system NTDP and port NTDP, meanwhile configure the NTDP parameters as well. However, you only have to enable system NTDP and the corresponding port NTDP on member device.

  • Page 159: Set Hop Number For Topology Collection

    Operation Manual - Integrated Management Quidway S3000-EI Series Ethernet Switches Chapter 2 HGMP V2 Configuration By default, port NTDP is enabled on th e ports supporting NDP. If you enable NTDP on a port not support ing NDP, NT DP cannot be run.

  • Page 160: Set Topology Collection Interval

    Operation Manual - Integrated Management Quidway S3000-EI Series Ethernet Switches Chapter 2 HGMP V2 Configuration Table 2-9 Set delay for collected device to forward topology collection request. Operation Command Set delay for collected device to forward ntdp timer hop-delay time topology collection request.

  • Page 161: Display And Debug Ntdp

    Operation Manual - Integrated Management Quidway S3000-EI Series Ethernet Switches Chapter 2 HGMP V2 Configuration able 2-11 Start topology information collection Operation Command Start topology information collection ntdp explore 2.3.8 Display and Debug NTDP After the above configuration, execute display command in any view to display the running of the NTDP configuration, and to verify the effect of th e configuration.

  • Page 162: Enable/Disable Cluster Function

    Operation Manual - Integrated Management Quidway S3000-EI Series Ethernet Switches Chapter 2 HGMP V2 Configuration Cluster configuration inc ludes: Enable/Disable cluster function Enter cluster view Configure clu ster IP address pool Name the administrator device and cluster. Add/delete a cluster member device Setup a cluster automatically.

  • Page 163: Configure Cluster Ip Address Pool

    Operation Manual - Integrated Management Quidway S3000-EI Series Ethernet Switches Chapter 2 HGMP V2 Configuration Table 2-14 enter cluster view Operation Command enter cluster view. cluster 2.4.4 Configure Clus ter IP Address Pool efore setting up a cluster , you are su pposed to config ure a private IP address pool.

  • Page 164: Add/Delete A Cluster Member Device

    Operation Manual - Integrated Management Quidway S3000-EI Series Ethernet Switches Chapter 2 HGMP V2 Configuration By default, the switch is not an administrator device and no cluster name has been specified. 2.4.6 Add/Delete a Cluster Member device ou can use the following command to ad...

  • Page 165: Set Cluster Holdtime

    Operation Manual - Integrated Management Quidway S3000-EI Series Ethernet Switches Chapter 2 HGMP V2 Configuration 2.4.8 Set Cluster Holdtime After a clust er is set up , some communication fault maybe occur s due to network roblem or switch reset. If the...

  • Page 166: Set Cluster Timer To Specify The Handshaking Message Interval

    Operation Manual - Integrated Management Quidway S3000-EI Series Ethernet Switches Chapter 2 HGMP V2 Configuration Table 2-20 Set cluster timer to specify the handshaking message interval. Operation Command cluster timer specify timer in terval handshaking message interval. Restore default handshaking undo timer message interval.

  • Page 167: Configure The Cluster Server And Network Management And Log Hosts

    Operation Manual - Integrated Management Quidway S3000-EI Series Ethernet Switches Chapter 2 HGMP V2 Configuration hen using the reboot member command, you can decide to delete the configuration file or not with the eraseflash parameter. 2.4.11 Co nfigure the Cluster Server and Network Managem...

  • Page 168: Display And Debug Cluster

    Operation Manual - Integrated Management Quidway S3000-EI Series Ethernet Switches Chapter 2 HGMP V2 Configuration the user password of the member device is different from the administrator device , you cannot configure the member device. The user level will be inherited from the administrator device when you configure the member device on the administrator device.
  • Page 169 Operation Manual - Integrated Management Quidway S3000-EI Series Ethernet Switches Chapter 2 HGMP V2 Configuration Ethernet1/1 carrying VLAN2 at 163.172.55.1. The entire cluster uses the same FTP server and TFTP server at 63.172.55.1 and the NM station and log host at 69.172.55.4.
  • Page 170 Operation Manual - Integrated Management Quidway S3000-EI Series Ethernet Switches Chapter 2 HGMP V2 Configuration # Configure that the collected device delays for 150 milliseconds before forwarding a topology collection request. [Quidway] ntdp timer h op-delay 150 # Configure that the port on the collected device delays for 15 milliseconds before forwarding a topology collection request.
  • Page 171 Operation Manual - Integrated Management Quidway S3000-EI Series Ethernet Switches Chapter 2 HGMP V2 Configuration [Quidway-Ethernet1/1] ntdp enable # Run the cluster function. [Quidway] cluster enable Note: Upon the completion of the above configurations, you can use the cluster switch-to...

  • Page 172: Chapter 3 Cluster Multicast Mac Address Configuration

    Operation Manual - Integrated Management Chapter 3 Cluster Multicast MAC Address Quidway S3000-EI Series Ethernet Switches Configuration Chapter 3 Cluster Multicast MAC Address Configuration 3.1 Con figuring Cluster Multicast MAC Address 3.1.1 Con figuring Cluster Multic ast MAC Address After the establishment of the clu...
  • Page 173 Operation Manual - STP Quidway S3000-EI Series Ethernet Switches Table of Contents Table of Contents Chapter 1 MSTP Region-configuration ..................1-1 1.1 MSTP Overview ......................... 1-1 1.1.1 MSTP Concepts ...................... 1-1 1.1.2 MSTP Principles...................... 1-4 1.2 Configure MSTP ......................1-10 1.2.1 Configure the MST Region for a Switch..............

  • Page 174: Chapter 1 Mstp Region-Configuration

    Operation Manual - STP Quidway S3000-EI Series Ethernet Switches Chapter 1 MSTP Region-configuration Chapter 1 MSTP Region-configuration 1.1 MSTP Overview MSTP stands for Multiple Spanning Tree Protocol, which is compatible with STP and RSTP. STP cannot transit fast. Even on the point-to-point link or the edge port, it has to take an interval as long as twice forward delay before the network converges.
  • Page 175 Operation Manual - STP Quidway S3000-EI Series Ethernet Switches Chapter 1 MSTP Region-configuration I. MST region Multiple Spanning Tree Regions: A multiple spanning tree region contains several physically and directly connected MSTP switches sharing the same region name, VLAN-spanning tree mapping configuration, and MSTP revision level configuration, and the network segments between them.
  • Page 176 Operation Manual - STP Quidway S3000-EI Series Ethernet Switches Chapter 1 MSTP Region-configuration VIII. Common Ro ot Bridge The Common Root Bridge refers to the root bridge of CIST. There is only one common root bridge in the specified network.

  • Page 177: Mstp Principles

    Operation Manual - STP Quidway S3000-EI Series Ethernet Switches Chapter 1 MSTP Region-configuration 1.1.2 MS TP Principles MSTP divides the entire Layer 2 network into several MST regions and calculates and generates CST for them. Multiple spanning trees are generated in a region and each of them is called an MSTI.
  • Page 178 Operation Manual - STP Quidway S3000-EI Series Ethernet Switches Chapter 1 MSTP Region-configuration Switch A Switch C Swi h B Figure 1-3 Designated switch and designated p For a switch, the designated switch is a switch in charge of forwarding packets to the local switch via a port called the designated port a ccordingly.
  • Page 179 Operation Manual - STP Quidway S3000-EI Series Ethernet Switches Chapter 1 MSTP Region-configuration Switch A with priority 0 Switch B with priority 1 Switch C with priority 2 Figure 1-4 Ethernet switch networking To facilitate the descriptions, only the first four p arts of the configuration BPDU are described in the example.
  • Page 180 Operation Manual - STP Quidway S3000-EI Series Ethernet Switches Chapter 1 MSTP Region-configuration The configuration BPDU with a smaller root ID has a higher priority If the root IDs are the same, perform the comparison based on root path costs.
  • Page 181 Operation Manual - STP Quidway S3000-EI Series Ethernet Switches Chapter 1 MSTP Region-configuration By now the configuration BPDUs of each port are as follows: Configuration BPDU of BP1: {0, 0, 0, AP1}, Configuration BPDU of BP2: {1, 0, 1, BP2}.
  • Page 182 Operation Manual - STP Quidway S3000-EI Series Ethernet Switches Chapter 1 MSTP Region-configuration Switch A with priority 0 Switch B with priority 1 Switch C with priority 2 Figure 1-5 The final stabilized spanning tree To facilitate the descriptions, the description of the ex ample is simplified.

  • Page 183: Configure Mstp

    Operation Manual - STP Quidway S3000-EI Series Ethernet Switches Chapter 1 MSTP Region-configuration secondary root bridge, ROOT PROTECTION, BPDU PROTECTION, protocol hot swapping, master/slave switchover, and so on. 1.2 Con figure MSTP MSTP configuration includes: Configure the MST region f...

  • Page 184: Configure The Mst Region For A Switch

    Operation Manual - STP Quidway S3000-EI Series Ethernet Switches Chapter 1 MSTP Region-configuration CIST is span ning tree instance 0. 1.2.1 Con figure the MST Region for a Switch Which MST region a switch belongs to is determined with the configurations of the region name, VLAN mapping tabl e, and MSTP revision level.

  • Page 185: Specify The Switch As Primary Or Secondary Root Switch

    Operation Manual - STP Quidway S3000-EI Series Ethernet Switches Chapter 1 MSTP Region-configuration ame MST region name, STI-VLAN mapping tab les of an MST region, and th e MST regi on revision level. Configuring the related parameters, especially the VLAN mapping table, of the MST region, will lead to the recalculation of spanning tree and network topology flapping.
  • Page 186 Operation Manual - STP Quidway S3000-EI Series Ethernet Switches Chapter 1 MSTP Region-configuration stp [ instance instance-id ] root Specify current switch as the secondary secondary bridge-diameter root switch of the specified spanning bridgenum hello-time tree. centi-senconds ] Specify current switch n t to be the undo stp [ instance instance-id ] root primary or secondary root.

  • Page 187: Configure The Bridge Priority For A Switch

    Operation Manual - STP Quidway S3000-EI Series Ethernet Switches Chapter 1 MSTP Region-configuration 1.2.3 Con figure th e MSTP Running Mode MSTP and RSTP are compatible and they can recognize the packets of each other. wever, STP cannot recognize MSTP packets. To implement the compatibility, MSTP vides two operation modes, STP-compatible m ode and MSTP mode.

  • Page 188: Configure The Max Hops In An Mst Region

    Operation Manual - STP Quidway S3000-EI Series Ethernet Switches Chapter 1 MSTP Region-configuration Restore the default Bridge priority of the undo stp [ instance instance-id ] designated switch. bridge-priority When configuring the switch priority with the instance instance-id parameter as 0, you are configuring the CIST priority of the switch.

  • Page 189: Configure The Switching Network Diameter

    Operation Manual - STP Quidway S3000-EI Series Ethernet Switches Chapter 1 MSTP Region-configuration 1.2.6 Con figure the Switching Network Diameter Any two hosts on th e switching n etwork are connected with a s pecific path ca rried by a eries of switches.
  • Page 190 Operation Manual - STP Quidway S3000-EI Series Ethernet Switches Chapter 1 MSTP Region-configuration Perform the following configuration in system view. Table 1-9 Configure the time parameters of a switch Operation Command Configure Forward Delay on the switch. stp timer forward-delay centiseconds...

  • Page 191: Configure The Max Transmission Speed On A Port

    Operation Manual - STP Quidway S3000-EI Series Ethernet Switches Chapter 1 MSTP Region-configuration 2 * (forward-delay - 1seconds) >= maximum-age imum-age > = 2 * (hello + 1.0 seconds) You are recommended to use the stp root primary command to specify the network meter and Hello Time of the switching network, thus MSTP will automatically culate and give the rather desirable values.

  • Page 192: Configure A Port As An Edge Port

    Operation Manual - STP Quidway S3000-EI Series Ethernet Switches Chapter 1 MSTP Region-configuration This parameter only takes a re lative value without units. If it is set too large, too many packets will be transmitted during every Hello Time and too many network resourced will be occupied.
  • Page 193 Operation Manual - STP Quidway S3000-EI Series Ethernet Switches Chapter 1 MSTP Region-configuration will be disabled. The configuration of this parameter takes effect o n all the STIs. In other words, if a port i s configured as an EdgedPort or Non- EdgedPort, it is configured the same on all the STIs.

  • Page 194: Configure The Path Cost Of A Port

    Operation Manual - STP Quidway S3000-EI Series Ethernet Switches Chapter 1 MSTP Region-configuration Table 1-15 Configure the Path Cost of a port Operation Command Configure the Path Cost of a port stp [ instance instance-id ] cost cost Restore the default path cost of a port.

  • Page 195: Configure The Port (Not) To Connect With The Point-To-Point Link

    Operation Manual - STP Quidway S3000-EI Series Ethernet Switches Chapter 1 MSTP Region-configuration You can configure the port priority with either of the above-mentioned measures . For more about the commands, refer to the Command Manual. Upon the change of port priority, MSTP will recalculate the port role and transit the state.

  • Page 196: Configure The Mcheck Variable Of A Port

    Operation Manual - STP Quidway S3000-EI Series Ethernet Switches Chapter 1 MSTP Region-configuration Configure the port not to connect with the point-to-point point-to-point link. force-false Configure MSTP to automatically detect if the port is stp point-to-point auto directly conne cted with the point-to-point link.

  • Page 197: Configure The Switch Security Function

    Operation Manual - STP Quidway S3000-EI Series Ethernet Switches Chapter 1 MSTP Region-configuration I. C onfigure in system view Perform the following configuration in system view. able 1-20 Configure the mCheck variable of a port Operation Command Perform mCheck operation on a port.
  • Page 198 Operation Manual - STP Quidway S3000-EI Series Ethernet Switches Chapter 1 MSTP Region-configuration high-speed link may be pulled to the low-speed link and congestion will occur on the network. Root p rotection fun ction is used against such pro blem.

  • Page 199: Enable Mstp On The Device

    Operation Manual - STP Quidway S3000-EI Series Ethernet Switches Chapter 1 MSTP Region-configuration Restore the disabled Root protection state as undo stp root-protection defaulted (from Ethernet port view) Configure switch loop protection function (from stp loop-protection Ethernet port view Restore the disabled loop protection state, as...

  • Page 200: Enable/Disable Mstp On A Port

    Operation Manual - STP Quidway S3000-EI Series Ethernet Switches Chapter 1 MSTP Region-configuration 1.2.16 Ena ble/Disable MSTP on a Port ou can use the following command to enable/disab le MSTP on a port. You may isable MSTP on some Ethernet ports of a switch to spare them from spanning tr alculation.
  • Page 201 Operation Manual - STP Quidway S3000-EI Series Ethernet Switches Chapter 1 MSTP Region-configuration able 1-26 Display and Debug MSTP Operation Command Show configuration display stp [ instance instance-id ] [ interface information about the current port interface-list | slot slot-num ] [ brief ] and the switch.
  • Page 202 Operation Manual - Security Quidway S3000-EI Series Ethernet Switches Table of Contents Table of Contents Chapter 1 802.1x Configuration ....................1-1 1.1 802.1x Overview ........................ 1-1 1.1.1 802.1x Standard Overview..................1-1 1.1.2 802.1x System Architecture ..................1-1 1.1.3 802.1x Authentication Process................1-2 1.1.4 Implementing 802.1x on the Ethernet Switch ............
  • Page 203 Operation Manual - Security Quidway S3000-EI Series Ethernet Switches Table of Contents 2.2.8 Configuring Dynamic VLAN with RADIUS Server........... 2-8 2.3 Configuring RADIUS Protocol..................2-10 2.3.1 Creating/Deleting a RADIUS scheme ..............2-10 2.3.2 Setting IP Address and Port Number of RADIUS Server........2-11 2.3.3 Setting RADIUS Packet Encryption Key ...............

  • Page 204: X Standard Overview

    The devices at the user side such as the computers need to be installed with the 802.1x client Supplicant software, for example, the 802.1x client provided by Huawei Technologies Co., Ltd. (or by Microsoft Windows XP). The 802.1x Authentication Server system normally stays in the carrier’s AAA center.

  • Page 205: Authentication Process

    Operation Manual - Security Quidway S3000-EI Series Ethernet Switches Chapter 1 802.1x Configuration exchange information through the EAPoL (Extensible Authentication Protocol over LANs) frame defined by IEEE 802.1x. Authentication data are encapsulated in the EAP frame, which is to be encapsulated in the packets of other AAA upper layer protocols (e.g.

  • Page 206: Implementing 802.1X On The Ethernet Switch

    Operation Manual - Security Quidway S3000-EI Series Ethernet Switches Chapter 1 802.1x Configuration EAPoL-Encapsulated-ASF-Alert is related to the network management information and terminated by the Authenticator. 802.1x provides an implementation solution of user ID authentication. However, 802.1x itself is not enough to implement the scheme. The administrator of the access device...

  • Page 207: Enabling/Disabling 802.1X

    Operation Manual - Security Quidway S3000-EI Series Ethernet Switches Chapter 1 802.1x Configuration Configuring 802.1x dynamic user binding Setting the maximum times of au thentication request message retransmission Configuring timers Enabling/disabling a quiet-period timer Among the above tasks, the first one is compulso ry, otherwise 802.1x will not take any...

  • Page 208: Setting The Port Access Control Method

    Operation Manual - Security Quidway S3000-EI Series Ethernet Switches Chapter 1 802.1x Configuration By default, the m ode of 802.1 x performing access control o n the port is a uto (automatic identification mode, which is also called prot ocol control mode). That is, the initial state f the port is unauthorized.
  • Page 209 Operation Manual - Security Quidway S3000-EI Series Ethernet Switches Chapter 1 802.1x Configuration globally enabling proxy user detection and control in system view, only if you enable this feature on a specific port ca n this configuration take ef fects on the p ort.
  • Page 210 Operation Manual - Security Quidway S3000-EI Series Ethernet Switches Chapter 1 802.1x Configuration must support PAP authentication), CHAP authentication (RA DIUS server must support CHAP authenticat ion), EAP relay authentication (switch send authentication information to RADIUS server in the form of EAP packets directly and RADIUS server ust support EAP authentication).

  • Page 211: Enabling/Disabling Guest Vlan

    Operation Manual - Security Quidway S3000-EI Series Ethernet Switches Chapter 1 802.1x Configuration able 1-8 Enabling/disabling Guest VLAN Operation Command Enabling Guest VLAN dot1x guest-vlan vlan-id [ interface interface-list ] Disabling Guest VLAN undo dot1x guest-vlan vlan-id [ interface interface-list ] Note the following: Guest VLAN is only supported in the port-based authentication mode.

  • Page 212: Setting 802.1X Client Version Authentication

    Operation Manual - Security Quidway S3000-EI Series Ethernet Switches Chapter 1 802.1x Configuration port view, the interface-list parameter c annot be specified, and you can use command only to enable the feature on the current interface. . Configuring 802.1x re...
  • Page 213 Operation Manual - Security Quidway S3000-EI Series Ethernet Switches Chapter 1 802.1x Configuration y default, 802.1x client version authentication is disabled on all ports. In system view, if the interface-list parameter is n ot specified, it means that to enable the 802.1x client version authentication feature on all interfaces;...

  • Page 214: Configuring 802.1X Dynamic User Binding

    If the users use static IP addresses, you must use 802.1x clients developed by Huawei Technologies and select the Upload user IP address option in the [802.1x Network Settings] dialog box when creating a new connection. . Configuration Prerequisites Enable 802.1x feature globally and on a port.
  • Page 215 Operation Manual - Security Quidway S3000-EI Series Ethernet Switches Chapter 1 802.1x Configuration III. Co nfiguration Procedure Tabl e 1-14 Configure 802.1x dynamic user binding Operation Command Remarks Enter system view system-view — dot1x Required. 802.1x Enable 802.1x dynamic dynamic-binding-user...

  • Page 216: Configuring Timers

    Operation Manual - Security Quidway S3000-EI Series Ethernet Switches Chapter 1 802.1x Configuration Table 1-15 Setting the ma ximum times of the authentication request message retransmission Operation Command Set the maximum times of the authentication dot1x retry max-retry-value request message retransmission...
  • Page 217 Operation Manual - Security Quidway S3000-EI Series Ethernet Switches Chapter 1 802.1x Configuration server-timeout: Specify the timeout timer of an Authentication Server. If an Authe ntication Se rver has not responded befo re the spec ified period expires, the Authenticator will resend the authentication reque...

  • Page 218: X Configuration Example

    Operation Manual - Security Quidway S3000-EI Series Ethernet Switches Chapter 1 802.1x Configuration Table 1-17 Enabling/disabling a quiet-period timer Operation Command Enable a quiet-period timer dot1x quiet-period Disable a quiet-period timer undo dot1x quiet-period By default, quiet-period timer is disabled.
  • Page 219 Operation Manual - Security Quidway S3000-EI Series Ethernet Switches Chapter 1 802.1x Configuration accessed, the domain name does not follow the user name. Normally, if the user’s traffic is less than 2kbps consistently over 20 minutes, he will be disconnected.
  • Page 220 Operation Manual - Security Quidway S3000-EI Series Ethernet Switches Chapter 1 802.1x Configuration # Enable the 802.1x performance on the specified port Ethernet 0/1. [Quidway] dot1x interface Ethernet 0/1 # Set the access control mode. (This command could not be configured, when it is configured as MAC-based by default.)
  • Page 221 Operation Manual - Security Quidway S3000-EI Series Ethernet Switches Chapter 1 802.1x Configuration # Set a limit of 30 users to the domain huawei163.net. [Quidway-isp-huawei163.net] access-limit enable 30 # Enable idle cut function for the user and set the idle cut parame ter in the domain huawei163.net.

  • Page 222: Chapter 2 Aaa And Radius Protocol Configuration

    Operation Manual - Security Chapter 2 AAA and RADIUS Protocol Quidway S3000-EI Series Ethernet Switches Configuration Chapter 2 AAA and RADIUS P rotocol figuration 2.1 AAA and RADIUS Protocol Overview 2.1.1 AAA Overview Authentication, Authorization and Accounting (AAA) provide a uniform framework used for configuring these three security functions to implement the network security management.
  • Page 223 Operation Manual - Security Chapter 2 AAA and RADIUS Protocol Quidway S3000-EI Series Ethernet Switches Configuration After RADIUS system is started, if the user wants to have right to access other network or consume some network resources through connection to NAS (dial-in access server...

  • Page 224: Aaa Configuration

    Operation Manual - Security Chapter 2 AAA and RADIUS Protocol Quidway S3000-EI Series Ethernet Switches Configuration Authentication Authentication PC user1 PC user1 Server Server PC user2 PC user2 Accounting Accounting Server1 Server1 S3000-EI series ISP1 ISP1 S2000-SI series Accounting Accounting...
  • Page 225 Operation Manual - Security Chapter 2 AAA and RADIUS Protocol Quidway S3000-EI Series Ethernet Switches Configuration ISP. Because the attributes of ISP users, such as username and pa ssword formats, etc, may be different, it is necessary to differentiate them through se tting ISP domain.

  • Page 226: Enabling/Disabling The Messenger Alert

    Operation Manual - Security Chapter 2 AAA and RADIUS Protocol Quidway S3000-EI Series Ethernet Switches Configuration Perform the following configurations in ISP domain view. Table 2-2 Configuring relevant attributes of ISP domain Operation Command Specify the adopted RADIUS scheme radius-scheme radius-scheme-name...

  • Page 227: Configuring Self-Service Server Url

    Operation Manual - Security Chapter 2 AAA and RADIUS Protocol Quidway S3000-EI Series Ethernet Switches Configuration Restore the messenger alert as the undo messenger time ault setting By d efault, messenger alert is disabled on the s witch. 2.2.4 Configuring Self-Service Server URL...

  • Page 228: Setting Attributes Of Local User

    Operation Manual - Security Chapter 2 AAA and RADIUS Protocol Quidway S3000-EI Series Ethernet Switches Configuration Table 2-5 Creating/Deleting a local user and relevant properties Operation Command Add local users local-user user-name Delete all the local users undo local-user all...

  • Page 229: Configuring Dynamic Vlan With Radius Server

    Operation Manual - Security Chapter 2 AAA and RADIUS Protocol Quidway S3000-EI Series Ethernet Switches Configuration Operation Command Set a service type for the service-type { ftp [ ftp-direc tory directory ] | specified user lan-access | { ssh | telnet }* [ level level ] }...
  • Page 230 Operation Manual - Security Chapter 2 AAA and RADIUS Protocol Quidway S3000-EI Series Ethernet Switches Configuration String ID: The switch compares the string ID delivered from the server with the VLAN names existing on the switch. If a matching entry is found, the switch adds the port into the corresponding VLAN.

  • Page 231: Configuring Radius Protocol

    Operation Manual - Security Chapter 2 AAA and RADIUS Protocol Quidway S3000-EI Series Ethernet Switches Configuration 2.3 Configuring RADIUS Protocol For the Quidway Series Switches, the RADIUS protocol is configured on the per RADIUS scheme basis. In real networking environment, a RADIUS scheme can be an independent RADIUS server or a set of primary/second RADIUS servers with the same configuration but two different IP addresses.

  • Page 232: Setting Ip Address And Port Number Of Radius Server

    Operation Manual - Security Chapter 2 AAA and RADIUS Protocol Quidway S3000-EI Series Ethernet Switches Configuration Table 2-11 Creating/Deleting a RADIUS sch Operation Command Create a RADIUS scheme and radius scheme radius-scheme-name enter its view Delete a RADIUS scheme undo radius scheme radius-scheme-name Several ISP domains can use a RADIUS scheme at the same time.

  • Page 233: Setting Radius Packet Encryption Key

    Operation Manual - Security Chapter 2 AAA and RADIUS Protocol Quidway S3000-EI Series Ethernet Switches Configuration Operation Command Set IP address and port number of second secondar accounting RADIUS accounting server. ip-address [ port-number ] R store IP address and port number of...

  • Page 234: Setting Retransmission Times Of Radius Request Packet

    Operation Manual - Security Chapter 2 AAA and RADIUS Protocol Quidway S3000-EI Series Ethernet Switches Configuration Table 2-13 Setting RADIUS packet encryption key Operation Command Set RADIUS authentication/authorization packet key authentication string encryption key Restore default RADIUS undo key authentication authentication/authorization packet encryption key.

  • Page 235: Enabling The Selection Of Radius Accounting Option

    Operation Manual - Security Chapter 2 AAA and RADIUS Protocol Quidway S3000-EI Series Ethernet Switches Configuration Table 2-15 Setting retransmission times of RADIUS request packet Operation Command Set retransmission times of RADIUS request packet retry retry-times Restore the default value of retransmission times undo retry By default, RADIUS request packet will be retransmitted up to three times.

  • Page 236: Setting Maximum Times Of Real-Time Accounting Request Failing To Be Responded

    Operation Manual - Security Chapter 2 AAA and RADIUS Protocol Quidway S3000-EI Series Ethernet Switches Configuration The parameter minutes specifies the real-time accounting int erval in minutes. The value shall be a multiple of 3. The value of minutes is related to the performance of NAS and RADIUS serve r.

  • Page 237: Enabling/Disabling Stopping Accounting Request Buffer

    Operation Manual - Security Chapter 2 AAA and RADIUS Protocol Quidway S3000-EI Series Ethernet Switches Configuration How to calculate the value of retry-times? Suppose that RADIUS s erver connection will timeout in T and the r eal-time acc ounting interval of NAS is t, the...

  • Page 238: Setting The Supported Type Of Radius Server

    Table 2-22 Setting the supported type of RADIUS server Operation Command Setting Supported Type server-type { huawei | iphotel | portal | RADIUS Server standard } Restore the Supported Type of undo server-type RADIUS Server to the default setting By default, the newly creat...

  • Page 239: Setting Username Format Transmitted To Radius Server

    Operation Manual - Security Chapter 2 AAA and RADIUS Protocol Quidway S3000-EI Series Ethernet Switches Configuration Perform the following configurations in RADIUS scheme view. Table 2-23 Setting RADIUS server state Operation Command Set the state of primary RADIUS state primary...

  • Page 240: Setting The Unit Of Data Flow That Transmitted To Radius Server

    Operation Manual - Security Chapter 2 AAA and RADIUS Protocol Quidway S3000-EI Series Ethernet Switches Configuration 2.3.14 Se tting the Unit of Data Flow that Transmitted to RADIUS Server The following command defines the unit of the data flow s ent to RADIUS server.
  • Page 241 Operation Manual - Security Chapter 2 AAA and RADIUS Protocol Quidway S3000-EI Series Ethernet Switches Configuration 2.4 Disp laying and Debugging AAA and RADIU Protocol fter the above configuration, execute display command in any view to display the running of the AAA and RADIUS configuration, and to verify the effect of the configuration.
  • Page 242 Operation Manual - Security Chapter 2 AAA and RADIUS Protocol Quidway S3000-EI Series Ethernet Switches Configuration Operation Command Disable debugging of local undo debugging local-serv er { all | error | RADIUS authentication server event packet } 2.5 AAA and RADIUS Protoc...
  • Page 243 Operation Manual - Security Chapter 2 AAA and RADIUS Protocol Quidway S3000-EI Series Ethernet Switches Configuration II. Networking Topology Authentication Servers ( IP address:10.110.91.164 ) Switch Internet Internet telnet user igure 2-2 Configuring remote RADIUS authentication for Telnet users III. Configurtion Schedule # Add a Telnet user.

  • Page 244: Configuring Local Radius Authentication Server

    2.5.2 Configuring FTP/Telnet User Authentication at Local RADIUS Server ocal RADIUS authentication o Telnet/FTP users is similar to remote RADIUS authentication. But you should modify the server IP address to 127.0.0.1, uthentication password to Huawei, the UDP port number of the authentication server to 1645. Note: For details about local RADIUS authentication of Telnet/FTP users, refer to “2.3.15...

  • Page 245: Aaa And Radius Protocol Fault Diagnosis And Troubleshooting

    Operation Manual - Security Chapter 2 AAA and RADIUS Protocol Quidway S3000-EI Series Ethernet Switches Configuration # Configure name of the d elivered VLAN. [Quidway-vlan100] name test Configure on the Windows IAS server the VLAN delivery mo de to string and the name of the delivered VLAN to “test”.
  • Page 246 Operation Manual - Security Chapter 2 AAA and RADIUS Protocol Quidway S3000-EI Series Ethernet Switches Configuration The accounting service an d authentication/authorization service are provided on different servers, but NAS requires the services to be provided on one server (by specifying the same IP address).

  • Page 247: Chapter 3 Habp Configuration

    2.1x authentication is skipped, packets will be filtered by 802.1x attribute, so the management over them is also imp ossible. HABP(Huawei Authentication Bypass Protocol) attribute can be used to solve this problem. HABP packets contain the MAC address and other information of the member switches.

  • Page 248: Configuring Habp Client

    Operation Manual - Security Quidway S3000-EI Series Ethernet Switches Chapter 3 HABP Configuration Table 3-1 Configuring HABP server Operation Command Enable HABP attribute habp enable R store HABP attribute to the default value undo habp enable Configure the switch as HABP Server...
  • Page 249 Operation Manual - Security Quidway S3000-EI Series Ethernet Switches Chapter 3 HABP Configuration Operation Command Enab le HABP debugging debugging habp Disa ble HABP debugging undo debu gging habp Huawei Technologies Proprietary...
  • Page 250 Operation Manual - Network Protocol Quidway S3000-EI Series Ethernet Switches Table of Contents Table of Contents Chapter 1 ARP Configuration....................... 1-1 1.1 Introduction to ARP......................1-1 1.2 Configure ARP ........................1-2 1.2.1 Manually Add/Delete Static ARP Mapping Entries ..........1-2 1.2.2 Configure the Dynamic ARP Aging Timer...............
  • Page 251 Operation Manual - Network Protocol Quidway S3000-EI Series Ethernet Switches Table of Contents Chapter 6 IP Performance Configuration..................6-1 6.1 IP Performance Configuration ................... 6-1 6.1.1 Configure TCP Attributes ..................6-1 6.2 Display and debug IP Performance ................... 6-2 6.3 Troubleshoot IP Performance.................... 6-2...

  • Page 252: Chapter 1 Arp Configuration

    Operation Manual - Network Protocol Quidway S3000-EI Series Ethernet Switches Chapter 1 ARP Configuration Chapter 1 ARP Configuration 1.1 Introduction to ARP I. Necessity of ARP An IP address cannot be directly used for communication between network devices because network devices can only identify MAC addresses. An IP address is only an address of a host in the network layer.

  • Page 253: Configure Arp

    Operation Manual - Network Protocol Quidway S3000-EI Series Ethernet Switches Chapter 1 ARP Configuration Normally, dynamic ARP executes and automatically searches for the resolution from the IP address to the Ethernet MAC address withou t the administrator. 1.2 Con figure ARP The ARP mapping table can be maintained dynamically or manually.

  • Page 254: Gratuitous Arp Configuration

    Operation Manual - Network Protocol Quidway S3000-EI Series Ethernet Switches Chapter 1 ARP Configuration Table 1-2 Configure the dynamic ARP aging time Operation Command Configure the dynamic ARP aging timer arp timer aging aging-time restore the default dynamic ARP aging time undo arp timer aging By default, the aging time of dynamic ARP aging timer is 20 minutes.

  • Page 255: Configuration Tasks

    Operation Manual - Network Protocol Quidway S3000-EI Series Ethernet Switches Chapter 1 ARP Configuration network, so all hosts on the network must do this every time the ARP request is sent. Characteristics of gratuitous ARP packets: The source and destination IP addresses are all native addresses, and the source MAC address of the packet is native MAC address.
  • Page 256 Operation Manual - Network Protocol Quidway S3000-EI Series Ethernet Switches Chapter 1 ARP Configuration Table 1-5 Display and debug ARP Operation Command Display ARP mapping table display arp [ static | dynamic | ip-address ] Display the current setting of the...

  • Page 257: Chapter 2 Dhcp-Snooping Configuration

    Operation Manual - Network Protocol Quidway S3000-EI Series Ethernet Switches Chapter 2 DHCP-Snooping Configuration Chapter 2 DHCP-Snooping Configuration 2.1 DHCP-Snooping Overview For security, the IP addresses used by online users may be recorded to confirm the association between the users’ IP addresses and their MAC addresses. The Layer 3...

  • Page 258: Setting The Port As Trusted Port

    Operation Manual - Network Protocol Quidway S3000-EI Series Ethernet Switches Chapter 2 DHCP-Snooping Configuration Table 2-1 Enable/Disable the DHCP-Snooping function of the switch Operation Command Enable the DHCP-Snooping function of the switch dhcp-snooping Disable the DHCP-Snooping function of the switch undo dhcp-snooping By default, the switch does not enable DHCP-Snooping function.

  • Page 259: Chapter 3 Dhcp Client Configuration

    Operation Manual - Network Protocol Quidway S3000-EI Series Ethernet Switches Chapter 3 DHCP Client Configuration Chapter 3 DHCP Client Configuration 3.1 Overview of DHCP Client With expansion of network size and complication of network structure, network configuration becomes more and more complex. It is often the case that computers change physical positions frequently (portable computers and wireless networks for example) and that computers exceed the IP addresses available.

  • Page 260: Dhcp Client Configuration

    Operation Manual - Network Protocol Quidway S3000-EI Series Ethernet Switches Chapter 3 DHCP Client Configuration Select stage, the stage when the client selects the IP address. If several DHCP servers send DHCP_Offer messages to the client, the client only accepts the firs received one and then broadcasts DHCP_Request messages respectively to those DHCP servers.

  • Page 261: Displaying And Debugging Dhcp Client Configuration

    Operation Manual - Network Protocol Quidway S3000-EI Series Ethernet Switches Chapter 3 DHCP Client Configuration 3.2.1 Con figuring a VLAN Interface to Obtain IP Address Us ing DHCP Perform the following configuration in VLAN interface view. Table 3-1 Configuring a VLAN interface to obtain IP address using DHCP...

  • Page 262: Chapter 4 Bootp Client Configuration

    Operation Manual - Network Protocol Quidway S3000-EI Series Ethernet Switches Chapter 4 BOOTP Client Configuration Chapter 4 BOOTP Client Configuration 4.1 Overview of BOOTP Client BOOTP client can request the server to allocate an IP address to it using BOOTP (bootstrap protocol).

  • Page 263: Displaying And Debugging Bootp Client

    Operation Manual - Network Protocol Quidway S3000-EI Series Ethernet Switches Chapter 4 BOOTP Client Configuration 4.3 Displaying and Debugging BOOTP Client After the above configuration, execute display command in any view to display the running of the BOOTP client configuration, and to verify the effect of the configuration.

  • Page 264: Chapter 5 Access Management Configuration

    Operation Manual - Network Protocol Quidway S3000-EI Series Ethernet Switches Chapter 5 Access Management Configuration Chapter 5 Access Management Configuration 5.1 Access Management Overview One of the typical Ethernet access networking scenario is that the users access external network through the Ethernet switches. In this case, the external network is connected to the Ethernet switch.

  • Page 265: Enable Access Management Function

    Operation Manual - Network Protocol Quidway S3000-EI Series Ethernet Switches Chapter 5 Access Management Configuration Enable access management function Configure Layer 2 isolation between ports Configure port, IP address and MAC add ress binding 5.2.1 Ena ble Access Management Function You can use the following command to enable access mana gement function.
  • Page 266 Operation Manual - Network Protocol Quidway S3000-EI Series Ethernet Switches Chapter 5 Access Management Configuration meanwhile the packet with specified IP address can only pass through the specified port. Port+MAC binding: binding the packet’s receiving port and its source MA address.
  • Page 267 Operation Manual - Network Protocol Quidway S3000-EI Series Ethernet Switches Chapter 5 Access Management Configuration 5.3 Disp y la and debug Access Management the above configuration, execute display command in any vie w to display the current configurations of access management on the ports, and to verify the ef fect of the configuration.

  • Page 268: Chapter 6 Ip Performance Configuration

    Operation Manual - Network Protocol Quidway S3000-EI Series Ethernet Switches Chapter 6 IP Performance Configuration Chapter 6 IP Performance Configuration 6.1 IP Performance Configuration IP performance configuration includes: Configure TCP attributes 6.1.1 Configure TCP Attributes TCP attributes that can be configured include: synwait timer: When sending the syn pac kets, TCP starts the synwait timer.

  • Page 269: Display And Debug Ip Performance

    Operation Manual - Network Protocol Quidway S3000-EI Series Ethernet Switches Chapter 6 IP Performance Configuration By default, the TCP finwait timer is 675 seconds, the synwait timer is 75 seconds, and the receiving/sending buffer size of connection-oriented Socket is 8K bytes.
  • Page 270 Operation Manual - Network Protocol Quidway S3000-EI Series Ethernet Switches Chapter 6 IP Performance Configuration Use the debugging tcp packet command to enable the TCP debugging to trace the TCP packets. Operations include: [Quidway] terminal debugging <Quidway> debugging tcp packet Then the TCP packets received or sent can be checked in real time.
  • Page 271 Operation Manual - System Management Quidway S3000-EI Series Ethernet Switches Table of Contents Table of Contents Chapter 1 File System Management.................... 1-1 1.1 File System ........................1-1 1.1.1 File System Overview ..................... 1-1 1.1.2 Directory Operation ....................1-1 1.1.3 File Operation......................1-2 1.1.4 Storage Device Operation..................
  • Page 272 Operation Manual - System Management Quidway S3000-EI Series Ethernet Switches Table of Contents 3.2 Device Management Configuration ................... 3-1 3.2.1 Reboot Ethernet Switch ..................3-1 3.2.2 Designate the APP Adopted When Booting the Ethernet Switch Next Time..3-1 3.2.3 Upgrade BootROM....................3-2 3.3 Display and Debug Device Management Configuration............
  • Page 273 Operation Manual - System Management Quidway S3000-EI Series Ethernet Switches Table of Contents 5.3.9 Set/Delete an SNMP Group ..................5-6 5.3.10 Set the Source Address of Trap................5-6 5.3.11 Add/Delete a User to/from an SNMP Group ............5-7 5.3.12 Create/Update View Information or Deleting a View..........5-7 5.3.13 Set the Size of SNMP Packet Sent/Received by an Agent ........

  • Page 274: Chapter 1 File System Management

    Operation Manual - System Management Quidway S3000-EI Series Ethernet Switches Chapter 1 File System Management Chapter 1 File System Management 1.1 File System 1.1.1 File System Overview The Ethernet switch provides a file system module for user’s efficient management over the storage devices such as flash memory. The file system offers file access and directory management, mainly including creating the file system, creating, deleting, modifying and renaming a file or a directory and opening a file.

  • Page 275: File Operation

    Operation Manual - System Management Quidway S3000-EI Series Ethernet Switches Chapter 1 File System Management 1.1.3 File Operation The file system can be used to delete or undelete a file and permanently delete a file. Also, it can be used to display file contents, rename, copy and move a file and display the information about a specified file.

  • Page 276: Configure File Management

    Operation Manual - System Management Quidway S3000-EI Series Ethernet Switches Chapter 1 File System Management Table 1-4 File system operation Operation Command Set the file system prompt mode. file prompt { alert | quiet } 1.2 Configure File Management 1.2.1 Configure File Management Overview The management module of configuration file provides a user-friendly operation interface.

  • Page 277: Save The Current-Configuration

    Operation Manual - System Management Quidway S3000-EI Series Ethernet Switches Chapter 1 File System Management Table 1-5 Display the configurations of the Ethernet switch Operation Command Display saved-configuration display saved-configuration information of the Ethernet switch display current-configuration [ controller |...

  • Page 278: Ftp

    Operation Manual - System Management Quidway S3000-EI Series Ethernet Switches Chapter 1 File System Management The configuration files in flash are damaged. (A common case is that a wrong configuration file has been downloaded.) 1.3 FTP 1.3.1 FTP Overview FTP is a common way to transmit files on the Internet and IP network. Before the World Wide Web (WWW), files were transmitted in the command line mode and FTP was the most popular application.

  • Page 279: Enable/Disable Ftp Server

    Operation Manual - System Management Quidway S3000-EI Series Ethernet Switches Chapter 1 File System Management Table 1-9 Configuration of the switch as FTP server Device Configuration Default Description You can view the configuration FTP server Start FTP server. information of FTP server with is disabled.

  • Page 280: Configure The Running Parameters Of Ftp Server

    Operation Manual - System Management Quidway S3000-EI Series Ethernet Switches Chapter 1 File System Management Table 1-11 Configure the FTP Server Authentication and Authorization Operation Command Create new local user and enter local local-user username user view(system view) undo local-user [ username | all...

  • Page 281: Introduction To Ftp Client

    Operation Manual - System Management Quidway S3000-EI Series Ethernet Switches Chapter 1 File System Management Table 1-13 Display and debug FTP Server Operation Command Display FTP server display ftp-server Display the connected FTP users. display ftp-user The display ftp-server command can be used for displaying the configuration information about the current FTP server, including the maximum amount of users supported by FTP server and the FTP connection timeout.
  • Page 282 Operation Manual - System Management Quidway S3000-EI Series Ethernet Switches Chapter 1 File System Management III. Configuration procedure Configure FTP server parameters on the PC: a user named as switch, password hello, read & write authority over the Switch directory on the PC.

  • Page 283: Ftp Server Configuration Example

    Operation Manual - System Management Quidway S3000-EI Series Ethernet Switches Chapter 1 File System Management <Quidway> reboot 1.3.8 FTP server configuration example I. Networking requirement Switch serves as FTP server and the remote PC as FTP client. The configuration on FTP server: Configure a FTP user named as switch, with password hello and with read &...

  • Page 284: Tftp

    Operation Manual - System Management Quidway S3000-EI Series Ethernet Switches Chapter 1 File System Management Caution: If the flash memory of the switch is not enough, you need to first delete the existing programs in the flash memory and then upload the new ones.

  • Page 285: Configure The File Transmission Mode

    Operation Manual - System Management Quidway S3000-EI Series Ethernet Switches Chapter 1 File System Management Table 1-14 Configuration of the switch as TFTP client Device Configuration Default Description TFTP is right for the case where no complicated interactions Configure IP address for...

  • Page 286: Upload Files By Means Of Tftp

    Operation Manual - System Management Quidway S3000-EI Series Ethernet Switches Chapter 1 File System Management 1.4.4 Upload Files by means of TFTP To upload a file, the client sends a request to the TFTP server and then transmits data to it and receives the acknowledgement from it. You can use the following commands to upload files.
  • Page 287 Operation Manual - System Management Quidway S3000-EI Series Ethernet Switches Chapter 1 File System Management Caution: If the flash memory of the switch is not enough, you need to first delete the existing programs in the flash memory and then upload the new ones.

  • Page 288: Chapter 2 Mac Address Table Management

    Operation Manual - System Management Quidway S3000-EI Series Ethernet Switches Chapter 2 MAC Address Table Management Chapter 2 MAC Address Table Management 2.1 MAC Address Table Management Overview An Ethernet Switch maintains a MAC address table for fast forwarding packets. A table entry includes the MAC address of a device and the port ID of the Ethernet switch connected to it.

  • Page 289: Mac Address Table Configuration

    Operation Manual - System Management Quidway S3000-EI Series Ethernet Switches Chapter 2 MAC Address Table Management The Ethernet switch also provides the function of MAC address aging. If the switch receives no packet for a period of time, it will delete the related entry from the MAC address table.

  • Page 290: Set The Max Count Of Mac Address Learned By A Port

    Operation Manual - System Management Quidway S3000-EI Series Ethernet Switches Chapter 2 MAC Address Table Management If aging time is set too long, the Ethernet switch will store a great number of out-of-date MAC address tables. This will consume MAC address table resources and the switch will not be able to update MAC address table according to the network change.

  • Page 291: Display And Debug Mac Address Table

    Operation Manual - System Management Quidway S3000-EI Series Ethernet Switches Chapter 2 MAC Address Table Management Restore the default Max Count of MAC Address undo mac-address Learned by a Port max-mac-count By default, there is no limit to the MAC addresses learned via the Ethernet port.
  • Page 292 Operation Manual - System Management Quidway S3000-EI Series Ethernet Switches Chapter 2 MAC Address Table Management II. Networking diagram Internet Network Port Console Port Switch Figure 2-2 Typical configuration of address table management III. Configuration procedure # Enter the system view of the switch.

  • Page 293: Chapter 3 Device Management

    Operation Manual - System Management Quidway S3000-EI Series Ethernet Switches Chapter 3 Device management Chapter 3 Device management 3.1 Device Management Overview With the device management function, the Ethernet Switch can display the current running state and event debugging information about the slots, thereby implementing the maintenance and management of the state and communication of the physical devices.

  • Page 294: Upgrade Bootrom

    Operation Manual - System Management Quidway S3000-EI Series Ethernet Switches Chapter 3 Device management Table 3-2 Designate the APP adopted when booting the Ethernet switch next time Operation Command Designate the APP adopted when boot boot-loader file-url booting the Ethernet switch next time 3.2.3 Upgrade BootROM...

  • Page 295: Chapter 4 System Maintenance And Debugging

    Operation Manual - System Management Quidway S3000-EI Series Ethernet Switches Chapter 4 System Maintenance and Debugging Chapter 4 System Maintenance and Debugging 4.1 Basic System Configuration 4.1.1 Set Name for Switch Perform the operation of sysname command in the system view.

  • Page 296: Set The Summer Time

    Operation Manual - System Management Quidway S3000-EI Series Ethernet Switches Chapter 4 System Maintenance and Debugging 4.1.4 Set the Summer Time You can set the name, starting and ending time of the summer time. Perform the following operations in the user view.

  • Page 297: System Debugging

    Operation Manual - System Management Quidway S3000-EI Series Ethernet Switches Chapter 4 System Maintenance and Debugging 4.3 System Debugging 4.3.1 Enable/Disable the Terminal Debugging The Ethernet switch provides various ways for debugging most of the supported protocols and functions, which can help you diagnose and address the errors.

  • Page 298: Display Diagnostic Information

    Operation Manual - System Management Quidway S3000-EI Series Ethernet Switches Chapter 4 System Maintenance and Debugging For more about the usage and format of the debugging commands, refer to the relevant chapters. Note: Since the debugging output will affect the system operating efficiency, do not enable the debugging without necessity, especially use the debugging all command with caution.

  • Page 299: Logging Function

    Operation Manual - System Management Quidway S3000-EI Series Ethernet Switches Chapter 4 System Maintenance and Debugging packet sequence number, TTL, and the round-trip time of the response packet will be displayed. The final statistics, including the number of the packets the switch sent out and received, the packet loss ratio, the round-trip time in its minimum value, mean value and maximum value.
  • Page 300 Operation Manual - System Management Quidway S3000-EI Series Ethernet Switches Chapter 4 System Maintenance and Debugging When the log information is output to info-center, the first part will be “<Priority>”. For example: <187>Jun 7 05:22:03 2003 Quidway IFNET/6/UPDOWN:Line protocol on interface...
  • Page 301 Operation Manual - System Management Quidway S3000-EI Series Ethernet Switches Chapter 4 System Maintenance and Debugging Notice: There is a blank between sysname and module name. Module name The module name is the name of module which create this logging information, the...

  • Page 302: Info-Center Configuration

    Operation Manual - System Management Quidway S3000-EI Series Ethernet Switches Chapter 4 System Maintenance and Debugging Severity Description debugging Debugging information Notice: There is a slash between severity and digest. Digest The digest is abbreviation, it represent the abstract of contents.
  • Page 303 Operation Manual - System Management Quidway S3000-EI Series Ethernet Switches Chapter 4 System Maintenance and Debugging Sending the configuration information to loghost. Table 4-13 Sending the configuration information to loghost Device Configuration Default value Configuration description default, Other configurations are valid...
  • Page 304 Operation Manual - System Management Quidway S3000-EI Series Ethernet Switches Chapter 4 System Maintenance and Debugging Sending the configuration information to monitor terminal Table 4-15 Sending the configuration information to monitor terminal Device Configuration Default value Configuration description default, Other configurations are valid...
  • Page 305 Operation Manual - System Management Quidway S3000-EI Series Ethernet Switches Chapter 4 System Maintenance and Debugging Table 4-17 Sending the configuration information to trap buffer Device Configuration Default value Configuration description default, Other configurations are valid Enable info-center info-center is only if the info-center is enabled.

  • Page 306: Sending The Configuration Information To Loghost

    Operation Manual - System Management Quidway S3000-EI Series Ethernet Switches Chapter 4 System Maintenance and Debugging Table 4-19 Turn on/off the information synchronization switch in Fabric Device Configuration Default value Configuration description Other configurations Enable By default, info-center is valid only if the info-center info-center enabled.
  • Page 307 Operation Manual - System Management Quidway S3000-EI Series Ethernet Switches Chapter 4 System Maintenance and Debugging Operation Command Cancel the configuration of undo info-center loghost host-ip-addr outputting information to loghost Note: Ensure to enter the correct IP address using the info-center loghost command to configure loghost IP address.

  • Page 308: Sending The Configuration Information To Console Terminal

    Operation Manual - System Management Quidway S3000-EI Series Ethernet Switches Chapter 4 System Maintenance and Debugging Note: If you want to view the debugging information of some modules on the switch, you must select debugging as the information type when configuring information source, meantime using the debugging command to turn on the debugging switch of those modules.
  • Page 309 Operation Manual - System Management Quidway S3000-EI Series Ethernet Switches Chapter 4 System Maintenance and Debugging Configuring to output information to console terminal Perform the following operation in system view. Table 4-25 Configuring to output information to console terminal Operation...
  • Page 310 Operation Manual - System Management Quidway S3000-EI Series Ethernet Switches Chapter 4 System Maintenance and Debugging Note: If you want to view the debugging information of some modules on the switch, you must select debugging as the information type when configuring information source, meantime using the debugging command to turn on the debugging switch of those modules.

  • Page 311: Sending The Configuration Information To Telnet Terminal Or Dumb Terminal

    Operation Manual - System Management Quidway S3000-EI Series Ethernet Switches Chapter 4 System Maintenance and Debugging 4.5.5 Sending the Configuration Information to Telnet Terminal or Dumb Terminal To send configuration information to Telnet terminal or dumb terminal, follow the steps...
  • Page 312 Operation Manual - System Management Quidway S3000-EI Series Ethernet Switches Chapter 4 System Maintenance and Debugging Table 4-31 Defining information source Operation Command info-center source { modu-name | default } channel Define information source { channel-number | channel-name } [ { log | trap |...

  • Page 313: Sending The Configuration Information To Log Buffer

    Operation Manual - System Management Quidway S3000-EI Series Ethernet Switches Chapter 4 System Maintenance and Debugging Table 4-32 Configuring the output format of time-stamp Operation Command Configure the output format of info-center timestamp { trap the time-stamp debugging } { boot | date | none }...
  • Page 314 Operation Manual - System Management Quidway S3000-EI Series Ethernet Switches Chapter 4 System Maintenance and Debugging Table 4-34 Enabling/disabling info-center Operation Command Enable info-center info-center enable Disable info-center undo info-center enable Note: Info-center is enabled by default. After info-center is enabled, system performances are affected when the system processes much information because of information classification and outputting.

  • Page 315: Sending The Configuration Information To Trap Buffer

    Operation Manual - System Management Quidway S3000-EI Series Ethernet Switches Chapter 4 System Maintenance and Debugging information with the level below it will not be output. channel-number specifies the channel number and channel-name specifies the channel name. When defining the information sent to log buffer, channel-number or channel-name must be set to the channel that corresponds to Console direction.
  • Page 316 Operation Manual - System Management Quidway S3000-EI Series Ethernet Switches Chapter 4 System Maintenance and Debugging Note: Info-center is enabled by default. After info-center is enabled, system performances are affected when the system processes much information because of information classification and outputting.

  • Page 317: Sending The Configuration Information To Snmp Network Management

    Operation Manual - System Management Quidway S3000-EI Series Ethernet Switches Chapter 4 System Maintenance and Debugging may have different default settings of log, trap and debugging. When there is no specific configuration record for a module in the channel, use the default one.
  • Page 318 Operation Manual - System Management Quidway S3000-EI Series Ethernet Switches Chapter 4 System Maintenance and Debugging Configuring to output information to SNMP NM Perform the following operation in system view. Table 4-43 Configuring to output information to SNMP NM Operation...

  • Page 319: Turn On/Off The Information Synchronization Switch In Fabric

    Operation Manual - System Management Quidway S3000-EI Series Ethernet Switches Chapter 4 System Maintenance and Debugging Note: If you want to view the debugging information of some modules on the switch, you must select debugging as the information type when configuring information source, meantime using the debugging command to turn on the debugging switch of those modules.

  • Page 320: Displaying And Debugging Info-Center

    Operation Manual - System Management Quidway S3000-EI Series Ethernet Switches Chapter 4 System Maintenance and Debugging Table 4-46 Enable/disable info-center Operation Command Enable info-center info-center enable Disable info-center undo info-center enable Turn on the information synchronization switch Perform the following operation in system view.

  • Page 321: Configuration Examples Of Sending Log To Unix Loghost

    Operation Manual - System Management Quidway S3000-EI Series Ethernet Switches Chapter 4 System Maintenance and Debugging 4.5.11 Configuration examples of sending log to Unix loghost I. Networking Requirement The networking requirement are as follows: Sending the log information of the switch to Unix loghost The IP address of the loghost is 202.38.1.10...

  • Page 322: Configuration Examples Of Sending Log To Linux Loghost

    Operation Manual - System Management Quidway S3000-EI Series Ethernet Switches Chapter 4 System Maintenance and Debugging Step 2: Edit file /etc/syslog.conf as the super user (root), add the following selector/actor pairs. # Quidway configuration messages local4.info /var/log/Quidway/information Note: Note the following points when editing /etc/syslog.conf: The note must occupy a line and start with the character #.
  • Page 323 Operation Manual - System Management Quidway S3000-EI Series Ethernet Switches Chapter 4 System Maintenance and Debugging All modules are allowed to output information II. Networking diagram Network Network Switch Switch Switch Figure 4-3 Schematic diagram of configuration III. Configuration steps...

  • Page 324: Configuration Examples Of Sending Log To Console Terminal

    Operation Manual - System Management Quidway S3000-EI Series Ethernet Switches Chapter 4 System Maintenance and Debugging Note: Note the following points when editing /etc/syslog.conf: The note must occupy a line and start with the character #. There must be a tab other than a space as the separator in selector/actor pairs.
  • Page 325 Operation Manual - System Management Quidway S3000-EI Series Ethernet Switches Chapter 4 System Maintenance and Debugging The information with the severity level above informational will be sent to the console terminal The output language is English The modules that allowed to output information are ARP and IP II.

  • Page 326: Chapter 5 Snmp Configuration

    Operation Manual - System Management Quidway S3000-EI Series Ethernet Switches Chapter 5 SNMP Configuration Chapter 5 SNMP Configuration 5.1 SNMP Overview By far, the Simple Network Management Protocol (SNMP) has gained the most extensive application in the computer networks. SNMP has been put into use and widely accepted as an industry standard in practice.
  • Page 327 Operation Manual - System Management Quidway S3000-EI Series Ethernet Switches Chapter 5 SNMP Configuration Figure 5-1 Architecture of the MIB tree The MIB (Management Information Base) is used to describe the hierarchical architecture of the tree and it is the set defined by the standard variables of the monitored network device.

  • Page 328: Configure Snmp

    Operation Manual - System Management Quidway S3000-EI Series Ethernet Switches Chapter 5 SNMP Configuration 5.3 Configure SNMP The main configuration of SNMP includes: Set community name Set the Method of Identifying and Contacting the Administrator Enable/Disable snmp Agent to Send Trap...

  • Page 329: Enable/Disable Snmp Agent To Send Trap

    Operation Manual - System Management Quidway S3000-EI Series Ethernet Switches Chapter 5 SNMP Configuration Perform the following configuration in system view. Table 5-3 Set the method of identifying and contacting the administrator Operation Command Set the method of identifying and contacting the...

  • Page 330: Set Lifetime Of Trap Message

    Operation Manual - System Management Quidway S3000-EI Series Ethernet Switches Chapter 5 SNMP Configuration 5.3.5 Set Lifetime of Trap Message You can use the following command to set lifetime of Trap message. Trap message that exists longer than the set lifetime will be dropped.

  • Page 331: Set The Engine Id Of A Local Or Remote Device

    Operation Manual - System Management Quidway S3000-EI Series Ethernet Switches Chapter 5 SNMP Configuration 5.3.8 Set the Engine ID of a Local or Remote Device You can use the following commands to set the engine ID of a local or remote device.

  • Page 332: Add/Delete A User To/From An Snmp Group

    Operation Manual - System Management Quidway S3000-EI Series Ethernet Switches Chapter 5 SNMP Configuration Remove the source address of trap undo snmp-agent trap source 5.3.11 Add/Delete a User to/from an SNMP Group You can use the following commands to add or delete a user to/from an SNMP group.

  • Page 333: Disable Snmp Agent

    Operation Manual - System Management Quidway S3000-EI Series Ethernet Switches Chapter 5 SNMP Configuration Table 5-14 Set the size of SNMP packet sent/received by an agent Operation Command Set the size of SNMP packet snmp-agent packet max-size byte-count sent/received by an agent...

  • Page 334: Snmp Configuration Example

    Operation Manual - System Management Quidway S3000-EI Series Ethernet Switches Chapter 5 SNMP Configuration display snmp-agent mib-view [ exclude | Display the current MIB view include | { viewname mib-view } ] Display the contact character string of display snmp-agent sys-info contact...
  • Page 335 5000 params securityname public IV. Configure Network Management System The Ethernet Switch supports Huawei’s iManager Quidview NMS. Users can query and configure the Ethernet switch through the network management system. For more about it, refer to the manuals of Huawei’s NM products.

  • Page 336: Chapter 6 Rmon Configuration

    Operation Manual - System Management Quidway S3000-EI Series Ethernet Switches Chapter 6 RMON Configuration Chapter 6 RMON Configuration 6.1 RMON Overview Remote Network Monitoring (RMON) is a type of IETF-defined MIB. It is the most important enhancement to the MIB II standard. It mainly used for monitoring the data traffic on a segment and even on a whole network.

  • Page 337: Configure Rmon

    Operation Manual - System Management Quidway S3000-EI Series Ethernet Switches Chapter 6 RMON Configuration 6.2 Configure RMON RMON configuration includes: Add/Delete an Entry to/from the Alarm Table Add/Delete an Entry to/from the Event Table Add/Delete an Entry to/from the History Control Table...

  • Page 338: Add/Delete An Entry To/From The History Control Table

    Operation Manual - System Management Quidway S3000-EI Series Ethernet Switches Chapter 6 RMON Configuration Table 6-2 Add/Delete an entry to/from the event table Operation Command rmon event event-entry [ description string ] { log | trap Add an entry to the trap-community | log-trap log-trapcommunity | none } event table.

  • Page 339: Add/Delete An Entry To/From The Statistics Table

    Operation Manual - System Management Quidway S3000-EI Series Ethernet Switches Chapter 6 RMON Configuration 6.2.5 Add/Delete an Entry to/from the Statistics Table The RMON statistics management concerns the port usage monitoring and error statistics when using the ports. The statistics include collision, CRC and queuing, undersize packets or oversize packets, timeout transmission, fragments, broadcast, multicast and unicast messages and the usage ratio of bandwidth.
  • Page 340 # Configure RMON. [Quidway-Ethernet2/1] rmon statistics 1 owner huawei-rmon # View the configurations in user view. <Quidway> display rmon statistics Ethernet 2/1 Statistics entry 1 owned by huawei-rmon is VALID. Gathers statistics of interface Ethernet2/1. Received: octets : 270149, packets...

  • Page 341: Chapter 7 Ntp Configuration

    Operation Manual - System Management Quidway S3000-EI Series Ethernet Switches Chapter 7 NTP Configuration Chapter 7 NTP Configuration 7.1 Brief Introduction to NTP 7.1.1 NTP Functions As the network topology gets more and more complex, it becomes important to synchronize the clocks of the equipment on the whole network. NTP (Network Time Protocol) is an application layer protocol of TCP/IP and used for advertising the accurate time throughout the network.

  • Page 342: Ntp Configuration

    Operation Manual - System Management Quidway S3000-EI Series Ethernet Switches Chapter 7 NTP Configuration NTP Packet NTP Packet NTP Packet NTP Packet 10:00:00 am 10:00:00 am 10:00:00am 10:00:00am Network Network Network Network LS_A LS_A LS_A LS_A LS_B LS_B LS_B LS_B...

  • Page 343: Configure Ntp Operating Mode

    Operation Manual - System Management Quidway S3000-EI Series Ethernet Switches Chapter 7 NTP Configuration The delay for a round trip of an NTP packet traveling between the Switch A and B: Delay= (T ) - (T Offset of Ethernet Switch A clock relative to Ethernet Switch B clock: offset=...
  • Page 344 Operation Manual - System Management Quidway S3000-EI Series Ethernet Switches Chapter 7 NTP Configuration Configure NTP multicast server mode Configure NTP multicast client mode I. Configure NTP Server Mode Set a remote server whose ip address is ip-address as the local time server. ip-address specifies a host address other than a broadcast, multicast or reference clock IP address.
  • Page 345 Operation Manual - System Management Quidway S3000-EI Series Ethernet Switches Chapter 7 NTP Configuration NTP version number number ranges from 1 to 3 and defaults to 3; the authentication key ID keyid ranges from 0 to 4294967295; interface-name or interface-type interface-number specifies the IP address of an interface, from which the source IP address of the NTP packets sent from the local Ethernet Switch to the peer will be taken;...
  • Page 346 Operation Manual - System Management Quidway S3000-EI Series Ethernet Switches Chapter 7 NTP Configuration V. Configure NTP Multicast Server Mode Designate an interface on the local Ethernet Switch to transmit NTP multicast packets. In this case, the local equipment operates in multicast mode and serves as a multicast server to multicast messages to its clients regularly.

  • Page 347: Configure Ntp Id Authentication

    Operation Manual - System Management Quidway S3000-EI Series Ethernet Switches Chapter 7 NTP Configuration 7.2.2 Configure NTP ID Authentication Enable NTP authentication, set MD5 authentication key, and specify the reliable key. A client will synchronize itself by a server only if the serve can provide a reliable key.

  • Page 348: Designate An Interface To Transmit Ntp Message

    Operation Manual - System Management Quidway S3000-EI Series Ethernet Switches Chapter 7 NTP Configuration 7.2.5 Designate an Interface to Transmit NTP Message If the local equipment is configured to transmit all the NTP messages, these packets will have the same source IP address, which is taken from the IP address of the designated interface.

  • Page 349: Set Authority To Access A Local Ethernet Switch

    Operation Manual - System Management Quidway S3000-EI Series Ethernet Switches Chapter 7 NTP Configuration Perform the following configurations in VLAN interface view. Table 7-12 Enable/Disable an interface to receive NTP message Operation Command Disable an interface to receive NTP ntp-service in-interface disable...

  • Page 350: Ntp Display And Debugging

    Operation Manual - System Management Quidway S3000-EI Series Ethernet Switches Chapter 7 NTP Configuration Table 7-14 Set the maximum local sessions Operation Command ntp-service max-dynamic-sessions Set the maximum local sessions number Resume the maximum number of local undo ntp-service sessions...
  • Page 351 Operation Manual - System Management Quidway S3000-EI Series Ethernet Switches Chapter 7 NTP Configuration V la n - in te r fa c e 2 : 3 .0 .1 .3 1 V la n - in te r fa c e 2 : Q u id w a y 3 1 .0 .1 .1 1...
  • Page 352 Operation Manual - System Management Quidway S3000-EI Series Ethernet Switches Chapter 7 NTP Configuration Clock stratum: 3 Reference clock ID: 1.0.1.11 Nominal frequency: 60.0002 Hz Actual frequency: 60.0002 Hz Clock precision: 2^17 Clock offset: -9.8258 ms Root delay: 27.10 ms Root dispersion: 49.29 ms...
  • Page 353 Operation Manual - System Management Quidway S3000-EI Series Ethernet Switches Chapter 7 NTP Configuration Configure Ethernet Switch Quidway5: (Quidway4 has been synchronized by Quidway3) # Enter system view. <Quidway5> system-view # Set the local clock as the NTP master clock at stratum 1.
  • Page 354 Operation Manual - System Management Quidway S3000-EI Series Ethernet Switches Chapter 7 NTP Configuration On Quidway3, set local clock as the NTP master clock at stratum 2 and configure to broadcast packets from Vlan-interface2. Configure Quidway4 and Quidway1 to listen to the broadcast from their Vlan-interface2 respectively.
  • Page 355 Operation Manual - System Management Quidway S3000-EI Series Ethernet Switches Chapter 7 NTP Configuration reference clock ID: LOCAL(0) nominal frequency: 100.0000 Hz actual frequency: 100.0000 Hz clock precision: 2^17 clock offset: 0.0000 ms root delay: 0.00 ms root dispersion: 10.94 ms peer dispersion: 10.00 ms...
  • Page 356 Operation Manual - System Management Quidway S3000-EI Series Ethernet Switches Chapter 7 NTP Configuration # Enter system view. <Quidway4> system-view # Enter Vlan-interface2 view. [Quidway4] interface vlan-interface 2 # Enable multicast client mode. [Quidway4-Vlan-Interface2] ntp-service multicast-client Configure Ethernet Switch Quidway1: # Enter system view.
  • Page 357 Operation Manual - System Management Quidway S3000-EI Series Ethernet Switches Chapter 7 NTP Configuration [Quidway2] ntp-service unicast-server 1.0.1.11 # Enable authentication. [Quidway2] ntp-service authentication enable # Set the key. [Quidway2] ntp-service authentication-keyid authentication-mode aNiceKey # Set the key as reliable.

  • Page 358: Chapter 8 Ssh Terminal Services

    Operation Manual - System Management Quidway S3000-EI Series Ethernet Switches Chapter 8 SSH Terminal Services Chapter 8 SSH Terminal Services 8.1 SSH Terminal Services 8.1.1 SSH Overview Secure Shell (SSH) can provide information security and powerful authentication to prevent such assaults as IP address spoofing, plain-text password interception when users log on to the switch remotely from an insecure network environment.
  • Page 359 Operation Manual - System Management Quidway S3000-EI Series Ethernet Switches Chapter 8 SSH Terminal Services version. If they can work together in harmony, they enter key algorithm negotiation stage. Otherwise the server clears the TCP connection. Key negotiation stage: Both ends negotiate key algorithm and compute session key.

  • Page 360: Configuring Ssh Server

    Operation Manual - System Management Quidway S3000-EI Series Ethernet Switches Chapter 8 SSH Terminal Services 8.1.2 Configuring SSH Server Basic configuration tasks refer to those required for successful connection from SSH client to SSH server, which advanced configuration tasks are those modifying SSH parameters.
  • Page 361 Operation Manual - System Management Quidway S3000-EI Series Ethernet Switches Chapter 8 SSH Terminal Services Please perform the following configurations in system view. Table 8-2 Configuring and canceling local RSA key pair Operation Command Configure local RSA key pair rsa local-key-pair create...
  • Page 362 Operation Manual - System Management Quidway S3000-EI Series Ethernet Switches Chapter 8 SSH Terminal Services Restore the default update interval undo ssh server rekey-interval By default, the system does not update server key. V. Defining SSH authentication timeout value Please perform the following configurations in system view.

  • Page 363: Configuring Ssh Client

    Operation Manual - System Management Quidway S3000-EI Series Ethernet Switches Chapter 8 SSH Terminal Services Table 8-7 Configuring public key Operation Command Enter public key view rsa peer-public-key key-name Delete a designated public key undo rsa peer-public-key key-name When entering the public key edit view with the rsa peer-public-key command, you can begin editing the public key with the public-key-code begin command.
  • Page 364 Operation Manual - System Management Quidway S3000-EI Series Ethernet Switches Chapter 8 SSH Terminal Services Choosing SSH version. The switch currently supports SSH Server 1.5, so you have to choose 1.5 or earlier version. Specifying RSA private key file. If you specify RSA authentication for the SSH user, you must specify RSA private key file.
  • Page 365 Operation Manual - System Management Quidway S3000-EI Series Ethernet Switches Chapter 8 SSH Terminal Services Figure 8-3 SSH client configuration interface (2) You can select 1, as shown in the figure. IV. Specifying RSA private key file If you want to enable RSA authentication, you must specify RSA private key file, which is not required for password authentication.
  • Page 366 Operation Manual - System Management Quidway S3000-EI Series Ethernet Switches Chapter 8 SSH Terminal Services Figure 8-4 SSH client configuration interface (3) Click the <Browse> button to enter the File Select interface. Choose a desired file and click <OK>. V. Opening SSH connection Click the <Open >...

  • Page 367: Displaying And Debugging Ssh

    Operation Manual - System Management Quidway S3000-EI Series Ethernet Switches Chapter 8 SSH Terminal Services Figure 8-5 SSH client interface Key in correct username and password and log into SSH connection. Log out of SSH connection with the logout command.

  • Page 368: Ssh Configuration Example

    Select the default values for SSH authentication timeout value, retry value and update interval of server key. Then run SSH1.5 client program on the PC which is connected to the switch and access the switch using username “client001” and password “huawei”. For RSA authentication mode...
  • Page 369 Operation Manual - System Management Quidway S3000-EI Series Ethernet Switches Chapter 8 SSH Terminal Services [Quidway-ui-vty0-4] authentication-mode scheme # Select SSH protocol on the switch. [Quidway-ui-vty0-4] protocol inbound ssh # Specify RSA authentication on the switch. [Quidway] ssh user client002 authentication-type RSA # Configure RSA key pair on the switch.
  • Page 370 Operation Manual - Remote Power-feeding Quidway S3000-EI Series Ethernet Switches Table of Contents Table of Contents Chapter 1 Remote Power-Feeding Configuration ..............1-1 1.1 Overview ..........................1-1 1.2 Configuring Remote Power-Feeding ................. 1-1 1.2.1 Enabling/Disabling Remote Power-Feeding on a Port ........... 1-3 1.2.2 Pressing the Mode Button to Detect Power-Feeding on a Port ......

  • Page 371: Chapter 1 Remote Power-Feeding Configuration

    Operation Manual - Remote Power-feeding Quidway S3000-EI Series Ethernet Switches Chapter 1 Remote Power-Feeding Configuration Chapter 1 Remote Power-Feeding Configuration 1.1 Overview S3026C-PWR Ethernet Switch provides Power over Ethernet (PoE) function, which performs remote power-feeding to connected powered devices (PD) such as IP phones, WLAN APs and Network cameras, by providing -48V DC power to the attached remote PDs through twisted-pairs.
  • Page 372 Operation Manual - Remote Power-feeding Quidway S3000-EI Series Ethernet Switches Chapter 1 Remote Power-Feeding Configuration Network Network Network Network S3026C - PWR S3026C - PWR E0/24 E0/24 E0/24 E0/24 E0/1 E0/1 E0/1 E0/1 E0/2 E0/2 E0/2 E0/2 S2016C S2016C S2016C...

  • Page 373: Selecting The Power-Feeding Mode On A Port

    Operation Manual - Remote Power-feeding Quidway S3000-EI Series Ethernet Switches Chapter 1 Remote Power-Feeding Configuration Device Configuration Default Description Correctly connect the PD with the electrical ports of S3026C-PWR 1.2.1 Enabling/Disabling Remo te Power-Feeding on a Port ou ca n ena...

  • Page 374: Setting Power Management Mode And Power-Feeding Priority On A Port

    Operation Manual - Remote Power-feeding Quidway S3000-EI Series Ethernet Switches Chapter 1 Remote Power-Feeding Configuration Perform the following configurations in Ethernet port v iew. Table 1-3 Selecting the power-feeding mode on a port Operation Command Feed power through signal lines...

  • Page 375: Enabling/Disabling The Compatibility Detection Of Pds

    Operation Manual - Remote Power-feeding Quidway S3000-EI Series Ethernet Switches Chapter 1 Remote Power-Feeding Configuration manual: when power supply reaches full load, the switch only gives prompt and doesn’t supply power to the new one if a new PD is connected to the switch . For example, port A is configured with a priority of "critical"...

  • Page 376: Reset The Poe Configuration On The Switch

    Operation Manual - Remote Power-feeding Quidway S3000-EI Series Ethernet Switches Chapter 1 Remote Power-Feeding Configuration Table 1-7 Enabling/disabling the compatibility dete ction of PDs Operation Command Enable the compatibility detection of PDs undo poe legacy disable Disable the compatibility detection of PDs...

  • Page 377: Configuration Example

    Operation Manual - Remote Power-feeding Quidway S3000-EI Series Ethernet Switches Chapter 1 Remote Power-Feeding Configuration 1.3 Displaying Remote Power-Fe eding After the above configuration, execute the display commands in any view to display the running of the remote power-feeding configuration, and to verify the effect of the configuration.
  • Page 378 Operation Manual - Remote Power-feeding Quidway S3000-EI Series Ethernet Switches Chapter 1 Remote Power-Feeding Configuration II. Networking diagram Network Network Network Network S3026C - PWR S3026C - PWR E0/24 E0/24 E0/24 E0/24 E0/1 E0/1 E0/1 E0/1 E0/2 E0/2 E0/2 E0/2...
  • Page 379 Operation Manual - Remote Power-feeding Quidway S3000-EI Series Ethernet Switches Chapter 1 Remote Power-Feeding Configuration VLAN interface on the switch is 1.1.1.1, and that of the PC is 2.2.2.2. The switch and PC are reachable. The PoE daughter-card application file new.bin is s tored on the PC.
  • Page 380 Operation Manual - Remote Power-feeding Quidway S3000-EI Series Ethernet Switches Chapter 1 Remote Power-Feeding Configuration assword:***** 230 Logged in successfully [ftp] # Type in the authorized directory of the FTP server. [ftp] cd switch # Use the get command to download the new.bin from the FTP server to the flash irectory on the FTP server.
  • Page 381 Operation Manual - Appendix Quidway S3000-EI Series Ethernet Switches Table of Contents Table of Contents Appendix A Acronyms ........................A-1 Huawei Technologies Proprietary...
  • Page 382 Operation Manual - Appendix Quidway S3000-EI Series Ethernet Switches Appendix A Acronyms Appendix A Acronyms Authentication, Authorization and Accounting Access Control List Address Resolution Protocol Command Line Interface File Transfer Protocol GARP Generic Attribute Registration Protocol Gigabit Ethernet GVRP GARP VLAN Registration Protocol...
  • Page 383 Operation Manual - Appendix Quidway S3000-EI Series Ethernet Switches Appendix A Acronyms SNMP Simple Network Management Protocol Spanning Tree Protocol TCP/IP Transmission Control Protocol/ Internet Protocol TFTP Trivial File Transfer Protocol Time To Live User Datagram Protocol VLAN Virtual LAN...

This manual is also suitable for:

Quidway s3026gQuidway s3026cQuidway s3026tQuidway s3026e fmQuidway s3026e fsQuidway s3026c-pwr

Table of Contents