Showing posts with label Huawei S2700. Show all posts
Showing posts with label Huawei S2700. Show all posts

Tuesday, August 29, 2017

How to Powering on Huawei S2700&S3700&S5700&S6700 Switch for the First Time?

When you get a new Huawei S2700&S3700&S5700&S6700, do you know how to power it on in the correct way?

 Tools and Accessories

  • ESD wrist strap or ESD gloves
  • Multimeter
  • Console cable

Procedure
Step 1 Perform the following checks before powering on a switch:
1. Use a multimeter to check that there is no short-circuit condition between the phase wire
(live wire), earth wire, and neutral wire in each power outlet.
2. Use the multimeter to check that the input voltage provided by the external power supply
system is within the operating voltage range for the switch. For the operating voltage
range.
3. Check that the power switches of the external power supply system and the switch or the
power module are both turned off.
4. Check that the power cables are correctly connected.
Step 2 Wear an ESD wrist strap or ESD gloves. When wearing an ESD wrist strap, ensure that it is in
close contact with your wrist and grounded properly.
Step 3 Connect the DB-9 connector of the console cable to the 9-pin serial port on a maintenance
terminal. Then, connect the RJ45 connector of the console cable to the console port on the
switch.

Console cable connection
NOTE
After connecting both ends of the console cable, power on the switch. During the startup sequence of the switch, you can choose whether to enter the BootROM menu. The BootROM menu and the
procedure to enter it vary depending on software versions. For details, see the upgrade guide for the
switch and software version in use.
If a switch has a mini USB port, you can also use a mini USB cable to connect the switch to a
maintenance terminal
Step 4 Turn on the external power supply system connected to the switch.
Step 5 Turn on the power switch on the switch or power module.
Step 6 After the switch completes its startup sequence, check the indicators on the switch and power
modules.
Follow-up Procedure
To power off Huawei Switch like S5720-50X-EI-46S-AC, perform the following steps:
1. Turn off the power switch on the switch or power module.
2. Turn off the external power supply system connected to the switch.
3. Check that the switch and all its modules are powered off. (All indicators are off.)
Posted by at No comments:
Labels: , , , , , ,

Monday, August 7, 2017

What is the Characteristics of Huawei S2700 Switch?

Easy Operation and Maintenance

Huawei S2700 supports Easy-Operation, which implements easy installation, configuration,
monitoring, and troubleshooting. This technology greatly reduces installation and
configuration costs and engineering costs, and improves upgrade efficiency. The S2700
provides the CLI and web platform, supports alarm management and visualized configuration,
and replacement of faulty devices.
The S2700 uses the ASIC chip and fanless design, which reduces mechanical faults and
protects the equipment against damages caused by condensed water and dusts.

 Flexible Service Control
The S2700 supports various ACLs. ACL rules can be applied to VLANs to flexibly control
traffic on interfaces and schedule resources in VLANs.
The S2700 supports VLAN assignment based on interfaces, MAC addresses, protocols, and
IP subnets. It applies to networks where users move frequently and networks demanding high
security.
The S2700 supports GVRP, which dynamically distributes, registers, and propagates VLAN
attributes to reduce the manual configuration workloads of network administrators and ensure
correct VLAN configuration. In addition, Huawei S2700 supports SSHv2, HWTACACS, RMON,
interface-based traffic statistics, and NQA to help in network planning and upgrading.

Various Security Measures
The S2700 supports DHCP snooping, which generates user binding entries based on MAC
addresses, IP addresses, IP address leases, VLAN IDs, and interface numbers of users. The
DHCP snooping function protects networks against common attacks such as bogus IP packet
attacks, man-in-the-middle attacks, and bogus DHCP server attacks.
The S2700 can limit the number of MAC addresses learned on an interface to prevent packet
flooding that occurs when an attacker frequently changes source MAC addresses. The S2700
supports strict ARP learning. This feature prevents ARP spoofing attackers from exhausting
ARP entries so that users can connect to the Internet normally. It provides IP source check to
prevent DoS attacks caused by IP address spoofing.
The S2700 supports centralized MAC address authentication and 802.1x authentication. It
authenticates users based on static or dynamic user binding information such as the user
name, IP address, MAC address, VLAN ID, and interface number. VLANs and ACLs can be
applied to users dynamically.

Various Reliability Mechanisms
The S2700 supports iStack, which virtualizes multiple switches into one logical switch. iStack
improves the switching capacity and enhances reliability and scalability. The stacked switches
are managed using a single IP address, which greatly reduces system operation and
maintenance costs.
Besides STP, RSTP, and MSTP, the S2700 like S2700-28TP-EI also supports enhanced Ethernet reliability
technologies such as Smart Link and RRPP, which implement millisecond-level protection
switching and ensure network reliability.
The S2700 supports the Smart Ethernet Protection (SEP) protocol, which is a ring network
protocol applied to the link layer of an Ethernet network. SEP provides fast switchover within
several milliseconds without interrupting services. SEP features simplicity, high reliability,
high switchover performance, convenient maintenance, and flexible topology and enables
users to manage and plan networks conveniently.
The S2700 supports G.8032, also called Ethernet Ring Protection Switch (ERPS). ERPS is
based on traditional Ethernet MAC and bridging functions. It uses the mature Ethernet OAM
and Ring Automatic Protection Switching (Ring APS or R-APS) technologies to implement
fast protection switching on Ethernet. ERPS supports multiple services and provides flexible
networking, reducing the OPEX and CAPEX.
Posted by at No comments:
Labels: , , , , ,

Tuesday, June 27, 2017

Some FAQs about Huawei S2700 S3700 S5700 S6700 Switch

Many engineer always confused Huawei switch when configuration and management, below are FAQs about Huawei S2700 S3700 S5700 S6700 Switch,

 What Are the Functions of PIM Silent on a PIM Interface?

On the access layer, if the interface directly connected to a host is enabled with the PIM
protocol, PIM neighbors can be established on this interface to process various PIM protocol
packets. Such configuration, however, may bring security problems. For example, when
malicious hosts send a large number of pseudo PIM Hello packets, it may lead to the collapse
of the device.
To avoid the preceding problem, you can run the pim silent command on the interface to set
the interface to work in PIM silent state. After the interface enters the PIM silent state, it is
forbidden to receive or forward any PIM protocol packet. All PIM neighbors and the PIM
state machine on this interface are deleted and the interface automatically becomes a DR.
Meanwhile, the PIM silent function does not affect the IGMP function on the interface.
The PIM silent function is applicable only to the interface that is directly connected to the
network segment of user hosts, and only one PIM device can be connected to this network
segment.

When a Host Leaves a Group, How Does an IGMP Querier Judge Whether Any Other Members of the Group Exist on the Network Segment?

In IGMPv1, when a host leaves a multicast group, the host does not send any message. A
device considers that all multicast members have left a group when the timer of the group
expires.
In IGMPv2 and IGMPv3, a host sends a Leave message when leaving a group. After
receiving the Leave message, the querier sends a group-specific or source/group-specific
Query message to the network segment of the host. The destination address of the Query
message is the address of the multicast group and the group address in the message is also
filled in with the address of the multicast group.
If other members of the group exist on the network segment, they respond with Report
messages.
If no response is received when the timeout period ends, the querier considers that no
member of the group exists on the network segment and cancels forwarding multicast

data to the group.

Can the Hosts and Devices on the Same User Network Segment Run Different Versions of IGMP?

IGMP has three versions, namely IGMPv1, IGMPv2, and IGMPv3. Different IGMP versions
run on devices and hosts are compatible, but all the devices on the same network segment
must run IGMP of the same version. If the versions of IGMP run on the devices on the same
network segment are different, IGMP member relationships are chaotic.
Run the display igmp interface interface-type interface-number command on all the devices
on the same network segment to check the versions of IGMP run on the devices. If the
versions are not the same, modify the configuration.

Other questions about Huawei switch will be posted continually.
Posted by at No comments:
Labels: , , , , , , , ,

Thursday, April 7, 2016

The Function of Huawei S2700EI Series Switches

The Huawei S2700EI series switch is next-generation energy-saving 100M Ethernet intelligent switches - is deployed at the access layer of a campus network to provide high performance, multi-service, and highly reliable enterprise network.
 
Huawei S2700EI Series Switches Characteristics:
PoE
The S2700EI PWR provides improved PoE solutions. You can configure whether and when a PoE port supplies power. The S2700EI PWR can use PoE power supplies with different power levels to provide -48V DC power for powered devices (PDs), such as IP phones, WLAN APs, and Bluetooth APs. As the power sourcing equipment (PSE), the S2700EI PWR complies with IEEE 802.3af and 802.3at (PoE+) and can supply power to non-standard PDs. PoE ports can work in power-saving mode. Each 802.3at-enabled interface can provide 30 W power, so the S2700EI can connect to high-power terminals.
Various Reliability Mechanisms
The S2700EI supports iStack, which virtualizes multiple switches into one logical switch. iStack improves the switching capacity and enhances reliability and scalability. The stacked switches are managed using a single IP address, which greatly reduces system operation and maintenance costs.
Besides STP, RSTP, and MSTP, the S2700EI also supports enhanced Ethernet reliability technologies such as Smart Link and RRPP, which implement millisecond-level protection switching and ensure network reliability.
The S2700EI supports the Smart Ethernet Protection (SEP) protocol, which is a ring network protocol applied to the link layer of an Ethernet network. SEP provides fast switchover within several milliseconds without interrupting services. SEP features simplicity, high reliability, high switchover performance, convenient maintenance, and flexible topology and enables users to manage and plan networks conveniently.
The S2700EI supports G.8032, also called Ethernet Ring Protection Switch (ERPS). ERPS is based on traditional Ethernet MAC and bridging functions. It uses the mature Ethernet OAM and Ring Automatic Protection Switching (Ring APS or R-APS) technologies to implement fast protection switching on Ethernet. ERPS supports multiple services and provides flexible networking, reducing the OPEX and CAPEX.
Flexible Service Control
The S2700EI supports various ACLs. ACL rules can be applied to VLANs to flexibly control traffic on interfaces and schedule resources in VLANs.
The S2700EI supports VLAN assignment based on interfaces, MAC addresses, protocols, and IP subnets. It applies to networks where users move frequently and networks demanding high security.
The S2700EI supports GVRP, which dynamically distributes, registers, and propagates VLAN attributes to reduce the manual configuration workloads of network administrators and ensure correct VLAN configuration. In addition, the S2700EI supports SSHv2, HWTACACS, RMON, interface-based traffic statistics, and NQA to help in network planning and upgrading.
Various Security Measures
The S2700EI supports DHCP snooping, which generates user binding entries based on MAC addresses, IP addresses, IP address leases, VLAN IDs, and interface numbers of users. The DHCP snooping function protects networks against common attacks such as bogus IP packet attacks, man-in-the-middle attacks, and bogus DHCP server attacks.
The S2700EI can limit the number of MAC addresses learned on an interface to prevent packet flooding that occurs when an attacker frequently changes source MAC addresses.
The S2700EI supports strict ARP learning. This feature prevents ARP spoofing attackers from exhausting ARP entries so that users can connect to the Internet normally. It provides IP source check to prevent DoS attacks caused by IP address spoofing.
The S2700EI supports centralized MAC address authentication and 802.1x authentication. It authenticates users based on static or dynamic user binding information such as the user name, IP address, MAC address, VLAN ID, and interface number. VLANs and ACLs can be applied to users dynamically.
Comprehensive QoS Policies
The S2700EI supports complex traffic classification based on VLAN IDs, MAC addresses, IP protocols, source addresses, destination addresses, priorities, or TCP or UDP port numbers of packets. By limiting the traffic rate based on flows, the S2700EI implements line-speed forwarding on each interface to ensure high quality of the voice, video, and data services. Each interface supports eight queues and multiple queue scheduling algorithms such as WRR, SP, and WRR+SP.
Powerful Surge Protection Capability
The S2700 adopts a Huawei patented surge protection technique to prevent lightning induced overvoltage. All interfaces of the S2700 have a surge protection capability of 6 kV. The Huawei patented surge protection technique greatly reduces the possibility of lightning damages on the equipment even in atrocious environments or in scenarios where grounding cannot be implemented.
The most popular Huawei S2700EI switch as below:

LS-S2700-9TP-SI-AC


Posted by at No comments:
Labels: , , , , , , , , , ,

Tuesday, March 29, 2016

Terminal Does Not Display Anything Or Displays Garbled Characters

Fault Description

After a terminal connecting to the switch S5700S-28P-LI-AC starts, it cannot display anything or displays garbled characters.

Possible Cause

  • The power module of the switch is faulty or the switch is not powered on.
  • The serial interface connecting to the switch is incorrectly configured.
  • The cable between the terminal and switch is faulty or not firmly connected to the serial interface.

Troubleshooting Procedure

  1. Check the power indicator on the switch’s front panel. If the RUN/ALM indicator is On, the power module is working properly. If the power indicator is Off, rectify the fault according to Power Module Failures.
  2. Check whether the parameters of the serial interface are correctly configured.
# Verify that the connection interfaces are configured correctly. Some PCs have multiple serial interfaces and each serial interface has a number. When configuring connection interfaces, you must select the correct connection interface number, as shown in Figure 1.

Figure 1 Setting a connection port
setting-a-connection-port

# Verify that the physical attributes of the serial interface on the PC are the same as those of the console interface on the device, as shown in Figure 2. When the attributes of the console interface on the device are not changed, the details are as follows:
  • Baud rate: 9600
  • Data bit: 8
  • Stop bit: 1
  • Parity check: None
  • Flow control: None

Figure 2 Setting the parameters of the serial interface on the PC
setting-the-parameters-of-the-serial-interface-on-the-pc

3. Ensure that the cable is firmly connected to the serial interface. You can replace it with a new cable to verify whether the cable is faulty.
Telephone: 852-30623083
           Supports@Thunder-link.com            

Posted by at No comments:
Labels: , , , , , , , , , , ,

Monday, March 28, 2016

The Difference Between Layer 2 & Layer 3 Switches

The layer 2 switching and layer 3 switching are the most commonly used switches. This article will tell you a detail of layer 2 switching and layer 3 switching.

The difference between layer 2 & layer 3 switches

A Layer 2 switch does switching only. This means that it uses MAC addresses to switch the packets from a port to the destination port (and only the destination port). It therefore maintains a MAC address table so that it can remember which ports have which MAC address associated.
A Layer 3 switch also does switching exactly like a L2 switch. The L3 means that it has an identity from the L3 layer. Practically this means that a L3 switch is capable of having IP addresses and doing routing. For intra-VLAN communication, it uses the MAC address table. For extra-VLAN communication, it uses the IP routing table.

Layer 2 Switching

A Layer 2 switch works at the second layer of the OSI model and forwards data packets based on media access control (MAC) addresses. Ports on a Layer 2 switch send and receive data independently and belong to different collision domains. Collision domains are isolated at the physical layer so that collisions will not occur between hosts (or networks) connected through this Layer 2 switch due to uneven traffic rates on these hosts (or networks).
This section describes how Layer 2 switching is implemented on an Ethernet network.
A layer 2 switch parses and learns source MAC addresses of Ethernet frames and maintains a mapping table of MAC addresses and ports. This table is called a MAC address table. When receiving an Ethernet frame, the switch searches for the destination MAC address of the frame in the MAC table to determine through which port to forward this frame.
  • When the Layer 2 switch receives an Ethernet frame, it records the source MAC address and the inbound port of the frame in the MAC address table to guide Layer 2 forwarding. If the same MAC address entry exists in the MAC address table, the switch resets the aging time of the entry. An aging mechanism is used to maintain entries in the MAC address table. Entries that are not updated within the aging time are deleted from the MAC address table.
  • The switch looks up the MAC address table based on the destination MAC address of the Ethernet frame. If no matching entry is found, the switch forwards the frame to all its ports except the port that receives the frame. If the destination MAC address of the frame is a broadcast address, the switch forwards the frame to all its ports except the port that receives the frame. If a matching entry is found in the MAC address table, the switch forwards the frame to the port specified in the entry.
According to the preceding forwarding process, a Layer 2 switch maintains a MAC address table and forwards Ethernet frames based on destination MAC addresses. This forwarding mechanism fully uses network bandwidth and improves network performance. The below figure shows an example of Layer 2 switching.
layer-2-switch

Although Layer 2 switches can isolate collision domains, they cannot isolate broadcast domains. As described in the Layer 2 forwarding process, broadcast packets and packets that do not match nay entry in the MAC address table are forwarded to all ports (except the receiving port). Packet broadcasting consumes much bandwidth on network links and brings security issues. Routers can isolate broadcast domains, but high costs and low forwarding performance of routers limit the application of routers in Layer 2 forwarding. The virtual local area network (VLAN) technology is introduced to solve this problem in Layer 2 switching.

Layer 3 Switching

The layer 3 switches divide a Layer 2 network into multiple VLANs. They implement Layer 2 switching within the VLANs and Layer 3 IP connectivity between VLANs. Two hosts on different networks communicate with each other through the following process:
  • Before the source host starts communicating with the destination host, it compares its own IP address with the IP address of the destination host. If IP addresses of the two hosts have the same network ID (calculated by an AND operation between the IP addresses and masks), the hosts are located on the same network segment. In this case, the source host sends an Address Resolution Protocol (ARP) request to the destination host. After receiving an ARP reply from the destination host, the source host obtains the MAC address of the destination host and sends packets to this destination MAC address.
  • If the source and destination hosts are located on different network segments, the source host sends an ARP request to obtain the MAC address mapping the gateway IP address. After receiving an ARP reply from the gateway, the source host sends packets to the MAC address of the gateway. In these packets, the source IP address is the IP address of the source host, and destination IP address is still the IP address of the destination host.

The following is the detailed Layer 3 switching process.
As shown in the below figure, the source and destination hosts connect to the same Layer 3 switch but belong to different VLANs (network segments). Both the two hosts are located on the directly connected network segments of the Layer 3 switch, so the routes to the IP addresses of the hosts are direct routes.
Layer 3 forwarding
layer-3-switch

The above figure shows the MAC addresses, IP addresses, and gateway addresses of the hosts, MAC address of the Layer 3 switch, and IP addresses of Layer 3 interfaces configured in VLANs on the Layer 3 switch. The process of a ping from PC A to PC B is as follows (the Layer 3 switch has not created any MAC address entry):
1. PC A finds that the destination IP address 2.1.1.2 (PC B) is on a different network segment than its own IP address. Therefore, PC A sends an ARP request to request for the MACaddress mapping the gateway address 1.1.1.1.
2. L3 Switch receives the ARP request from PC A and finds that 1.1.1.1 is the IP address of its own Layer 3 interface. L3 switch then sends an ARP reply to PC A. The ARP reply carries the MAC address of its Layer 3 interface (MAC Switch). In addition, L3 switch adds the mapping between the IP address and MAC address of PC A (1.1.1.2 and MAC A) to its ARP table. The IP address and MAC address of PC A are carried in the ARP request sent from PC A.
3. After PC A receives the ARP reply from the gateway (L3 Switch), it sends an ICMP request packet. In the ICMP request packet, the destination MAC address (DMAC) is MAC Switch; the source MAC address (SMAC) is MAC A; the source IP address (SIP) is 1.1.1.2; the destination IP address (DIP) is 2.1.1.2.
4. When L3 Switch receives the ICMP request packet, it updates the matching MAC address entry according to the source MAC address and VLAN ID of the packet. Then L3 Switch looks up the MAC address table according to the destination MAC address and VLAN ID of the packet and finds the entry with the MAC address of its Layer 3 interface, the packet needs to be forwarded at Layer 3. Then L3 Switch looks up Layer 3 forwarding entries of the switching chip to guide Layer 3 forwarding.
5. The switching chip loops up Layer 3 forwarding entries according to the destination IP address of the packet. The entry lookup fails because no entry has been created. The switching chip then sends the packet to the CPU for software processing.
6. The CPU looks up the software routing table according to the destination IP address of the packet and finds a directly connected network segment, network segment of PC B. Then the CPU looks up its ARP table, and the lookup still fails. Therefore, L3 Switch sends an ARP request to all ports in VLAN 3 (network segment of PC B), to request the MAC address mapping IP address 2.1.1.2.
7. After PC B receives the ARP request from L3 Switch, it checks the ARP request and finds that 2.1.1.2 is its own IP address. PC B then sends an ARP reply carrying its MAC address (MAC B). Meanwhile, PC B records the mapping between the IP address and MAC address of L3 Switch (2.1.1.1 and MAC Switch) in its ARP table.
8. When L3 Switch receives the ARP reply from PC B, it records the mapping between the IP address and MAC address of PC B (2.1.1.2 and MAC B) in its ARP table. L3 Switch changes the destination MAC address in the ICMP request packet sent from PC A to MAC B and changes the source MAC address to its own MAC address (MAC Switch), and then sends the ICMP request to PC B. The Layer 3 forwarding entry containing the IP address and MAC address of PC B, outbound VLAN ID, and outbound port is also added to the Layer 3 forwarding of the switching chip. Subsequent packets sent from PC A to PC B are directly forwarded according to this hardware entry.
9. When PC B receives the ICMP request packet from L3 Switch, it sends an ICMP reply packet to PC A. The forwarding process for the ICMP reply packet is similar to that for the ICMP request packet except that the ICMP reply packet is directly forwarded to PC A by the switching chip according to the hardware entry. The reason is that L3 Switch has obtained the mapping between the IP address and MAC address of PC A and added matching Layer 3 forwarding entry to the L3 forwarding table of the switching chip.
10. Subsequent packets exchanged between PC A and PC B are forwarded following the same process: MAC address table lookup, Layer 3 forwarding table lookup, and hardware forwarding by the switching chip.
In a summary, a Layer 3 switch provides high-speed Layer 3 switching through one routing process (forwarding the first packet to the CPU and creating a hardware Layer 3 forwarding entry) and multiple switching processes (hardware forwarding of subsequent packets).

Thunder-link,com – the Huawei product supplier wholesales the Huawei switches at 50% off, the layer 2 switches including the Huawei S1700 SOHO&SMB switch and Huawei S2700 series switch;  the layer 3 switches including the Huawei S3700 switches,  S5700 Gigabit Switches, and S6700 10G Switches.

Telephone: 852-30623083
           Supports@Thunder-link.com            
Posted by at No comments:
Labels: , , , , , , , , , ,

Wednesday, March 23, 2016

Basic Configuration on the Device at First Login for Huawei Switches

Huawei Switches Basic Configuration:  How to first login the device on console port or mini USB port.
Here, we will describe how to configure the time and date, device name, management IP address, and the user level and authentication mode for Telnet users at first login through the console port or mini USB port. This configuration apply to all the Huawei switches, such as the popular switch: Huawei S5700,S3700S2700

Procedure


1 Set the time and date on the device.

Run:
system-view
The system view is displayed.

Run:
clock timezone time-zone-name { add | minus } offset
The time zone is set.

By default, the system uses the Coordinated Universal Time (UTC) time zone.
add: adds the specified time zone offset to the UTC. That is, the sum of the default UTC time zone and offset equals the time zone specified by time-zone-name.
minus: subtracts the specified time zone offset from the UTC. That is, the remainder obtained by subtracting offset from the default UTC time zone equals the time zone specified by time-zone-name.

Run:
quit
Return to the system view.

Run:
clock datetime HH:MM:SS YYYY-MM-DD
The current time and date are set.
If the time zone is not set, the time set using this command is considered as the UTC time. Before setting the current time, you are advised to confirm the current zone and set the correct time zone offset.

Run:
system-view
The system view is displayed.

Run:
clock daylight-saving-time time-zone-name one-year start-time start-date end-time end-date offset
Or clock daylight-saving-time time-zone-name repeating start-time { { first | second | third | fourth | last } weekday month | start-date1 } end-time { { first | second | third | fourth | last } weekday month | end-date1 } offset [ start-year [ end-year ] ]
Daylight saving time (DST) is set.
By default, DST is not configured.

NOTE:
If you configure periodic DST, the combination of the DST start time and end time can be any of the following: date+date, day of the week+day of the week, date+day of the week, and day of the week+date.
When DST is used, you can run the clock timezone time-zone-name { add | minus } offset command to set the time zone. The time zone in the output of the display clock command is, however, the name of the DST time zone. When DST ends, the system displays the original time zone.

2, Set the device name and management IP address.

Run:
sysname host-name
The device name is set.
By default, the device name is HUAWEI.
When the network management tool needs to obtain the network element (NE) name of a device, you can run the sys-netid command to set an NE name for the device.

Run:
interface interface-type interface-number
The interface view is displayed.
In addition to the management interface on the device, you can also assign the management IP address to Layer 3 interfaces such as VLANIF interfaces on the device.

Run:
ip address ip-address { mask | mask-length }
The management IP address is assigned.
NOTE:
The management IP address is used to maintain and manage the device. Configure the IP address and routes based on the network plan to ensure that the routes between the terminal and device are reachable.

3 Set the user level and authentication mode for Telnet users.

Run:
telnet [ ipv6 ] server enable
The Telnet server is enabled.
By default, the Telnet server is disabled.

Run:
user-interface vty first-ui-number [ last-ui-number ]
The VTY user interface view is displayed.

Run:
protocol inbound { all | telnet }
he VTY user interface is configured to support the Telnet protocol.
By default, a VTY user interface supports the SSH protocol.

Run:
user privilege level level
The Telnet user level is set.
By default, users who log in through the VTY user interface can access commands at level 0.

Run:
authentication-mode aaa
The authentication mode for Telnet users is set to AAA authentication.
By default, no authentication mode is configured for the VTY user interface.
NOTE:
The system provides three authentication modes: AAA authentication, password authentication, and non-authentication modes. AAA authentication requires both the user name and password, and is therefore more secure than password authentication. Non-authentication mode is not recommended because it cannot ensure system security. This section describes how to configure AAA authentication..

Run:
aaa
The AAA view is displayed.

Run:
local-user user-name password irreversible-cipher password
The user name and password for login through Telnet are configured.
The value of password can be a plain-text string of 8 to 128 characters or a cipher-text string of 68 characters.
A too simple password may cause a potential security risk. To enhance the security strength, the password entered in plain text must contain at least two of the following: uppercase letters, lowercase letters, digits, and special characters. In addition, the password cannot be the same as the user name or the mirror user name.

Run:
local-user user-name service-type telnet
The login mode is set to Telnet.

4, Save the configuration.

After basic configuration is complete, you are advised to save the configuration. If the configuration is lost, the connection and configuration for the first login must be performed again.

Run:
return
Return to the user view.

Run:
save
The configuration is saved.
Telephone: 852-30623083
           Supports@Thunder-link.com            

Posted by at No comments:
Labels: , , , , , , , , , ,

Monday, March 14, 2016

Configuring an SNMP Query Test Instance on Huawei Switch

How to Configure an SNMP Query Test Instance on Huawei Switch
Context
Before configuring an SNMP query test instance, configure an SNMP agent and ensue reachable routes between the NQA client and the SNMP agent.
You can obtain the statistics about communication between the NQA client and the SNMP agent.
Perform the following steps on the NQA client.
The configuration overview:
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
nqa test-instance admin-name test-name
An NQA test instance is created, and the NQA view is displayed.
Step 3 Run:
test-type snmp
The test type is set to SNMP.
Step 4 Run:
destination-address ipv4 ipv4-address
The destination IP address (IP address of the SNMP agent) is configured.
The SNMP function must be enabled on the destination host, otherwise, the NQA client cannot receive response packets.
Step 5 (Optional) Run the following commands as required to configure parameters for the SNMP test.
 Run:
description string
A description is configured for the test instance.
 Run:
frequency interval
The test period is set for the NQA test instance.
 Run:
timeout time
The timeout period of a probe is set for the NQA test instance.
 Run:
source-address ipv4 ipv4-address
The source IP address is configured.
 Run:
source-port port-number
The source port number is configured.
 Run:
ttl number
The TTL value in the NQA test packet is set.
 Run:
sendpacket passroute
The NQA test instance is configured to send packets without searching the routing table.
 Run:
probe-count number
The number of probes in a test is set.
 Run:
tos value
Type of Service (ToS) is set for the test packet.
 Run:
fail-percent percent
The failure percentage is set for the NQA test instance.
 Run:
interval seconds interval
The interval at which test packets are sent is configured.
 Run:
vpn-instance vpn-instance-name
The VPN instance name is configured.
 Run:
records history number
The maximum number of historical records is set for the NQA test instance.
 Run:
records result number
The maximum number of result records is set for the NQA test instance.
 Run:
agetime hh:mm:ss
The aging time is set for the NQA test instance.
—-End
Note: this configuration also works for the Huawei s2700Quidway S5700, s6700, Huawei S3700.
Telephone: 852-30623083
           Supports@Thunder-link.com            
Posted by at No comments:
Labels: , , , , , , , , , , , ,
Subscribe to: Posts (Atom)