Tuesday, April 5, 2016

How to Set a User Level for Huawei Switches

How to set a user level for Huawei switches?  Maybe that’s easy for a practised hand, but it’s a little hard for a beginner, if you don’t know the command.
Methods for Set a User Level for Huawei Switches, you can also apply for S9300 switch,S9700 switch.
When password authentication or none authentication is used, use the following method to set a user level. Take the VTY user interface as an example.
<HUAWEI> system-view
[HUAWEI] user-interface vty 0
[HUAWEI-ui-vty0] user privilege level 15  //Set the user level to 15 for the VTY 0 user interface.

When AAA authentication is used, use the following methods (in descending order of priorities) to set a user level. Take the VTY user interface as an example.
Set a user level for a single user.
<HUAWEI> system-view
[HUAWEI] aaa
[HUAWEI-aaa] local-user user1 privilege level 15  //Set the user level of user1 to 15.

Set a user level for all users in a domain.
<HUAWEI> system-view
[HUAWEI] aaa
[HUAWEI-aaa] service-scheme sch1
[HUAWEI-aaa-service-sch1] admin-user privilege level 15  //Set the user level to 15.
[HUAWEI-aaa-service-sch1] quit
[HUAWEI-aaa] domain domain1
[HUAWEI-aaa-domain-domain1] service-scheme sch1  //Bind the service scheme sch1 to domain1.

Set a user level for all users that log in through a specified user interface.
<HUAWEI> system-view
[HUAWEI] user-interface maximum-vty 15  //Set the maximum number of VTY user interfaces to 15.
[HUAWEI] user-interface vty 0 14  //Enter the VTY user interfaces VTY 0 to VTY 14.
[HUAWEI-ui-vty0-14] user privilege level 15  //Set the user level to 15 for the VTY user interfaces VTY 0 to VTY 14.
Telephone: 852-30623083
           Supports@Thunder-link.com            
Posted by at No comments:
Labels: , , , , , ,

The Characteristics of Huawei S3700

The S3700 switch (S3700 for short) is an enterprise networks access device that provides access and data transport functions. The S3700 is developed by Huawei to meet the requirements for reliable access, aggregation, and high-quality transmission of multiple services on an enterprise networks. The S3700 functions as the access device of the enterprise networks. The S3700 provides large capacity, high port density, and cost-effective packet forwarding capabilities. The S3700 also provides multi-service access capabilities, excellent extensibility, quality of service (QoS) guarantee, powerful multicast replication, and carrier-class security, and can be used to build high-reliability ring topologies.

Huawei S3700 Characteristics

Energy-Saving Design
The S3700 saves energy in the following ways:
l Some models adopt natural heat dissipation, so fans are not required.Natural heat
dissipation has the following advantages:
– Product reliability is high.
– There is no noise pollution.
– Fans do not need to be maintained periodically, which saves the maintenance cost.
– The system does not have additional power consumption generated by fans, which
improves the power efficiency.
–        Boards are prevented from being eroded.
NOTE
Currently, the S3700-28TP-EI-MC-ACS3700-28TP-SI-ACS3700-28TP-SI-DC, S3700-28TP-EI-AC, and S3700-28TP-EI-DC adopt natural heat dissipation.
l The interface chip switches to the power saving mode when an interface is idle, which
means that no peer device is connected to the interface.
l It uses advanced highly-integrated and energy-saving chips. With the help of the intelligent device management system, the chips improve system performance and also reduce system power consumption.

Advanced Surge Protection Technique
The S3700 uses the Huawei patented built-in surge protection technique. This technique protects devices against lightning in terrible weather and increases device security.
Convenient PoE Power Supply
The S3700 PoE model has the Power over Ethernet (PoE) function. It provides centralized power supply for IP phones, wireless access points (APs), portable device chargers, POS machines, cameras, and data collectors by using twisted pairs.
Complying with IEEE 802.3af and IEEE 802.3at, the S3700 PoE model is able to remotely
provide power for the devices of different vendors. IEEE 802.3at delivers a maximum of 30 W power. This allows IEEE 802.3at to support IP video phones, dualband WiFi APs, IP cameras, multi-function STBs, and RFIDs, and simplifies the network.
The S3700 PoE model has the ability to control power supply based on time range, which
effectively manages network devices, reduces power consumption, and lowers the OPEX.
Note:
The S3700 series Ethernet switches are class A products. Customers should take preventative measures as the operating devices may cause radio interference.
Telephone: 852-30623083
           Supports@Thunder-link.com            
Posted by at No comments:
Labels: , , , , , , , ,

The way to mange the traffic on S3700-52P-SI-AC

Question:
How to manage internet traffic on Huawei S3700-52P-SI-AC
company want to limit the Internet speed so as to avoid movie and music download during working hour, switch is Huawei S3700-52P-SI-AC
First Input:
<Quidway>system-view
[Quidway]inter gigabitethernet 0/0/1
[Quidway -inter gigabitethernet 0/0/1]qos lr outbound cir 200 cbs 25000
[Quidway -inter gigabitethernet 0/0/1]qos lr inbound cir 100 cbs 12500
[Quidway -inter gigabitethernet 0/0/1]quit
# I paln to limit gigabitethernet 0/0/1 download speed 200kbps,upload speed 100kbps,then computer even can not communicate with outside。
then I changed to:
qos lr outbound cir 2000 cbs 20000
qos lr inbound cir 2000 cbs 20000
everything back to track, my question is if I want to limit the port speed, what speed will be the suitable one?
Answer:
Better use IP to limit the speed, configure it on the gateway router so it will only affect the Internet traffic not the working traffic
CIR 2000 means 2Mbps
Telephone: 852-30623083
           Supports@Thunder-link.com            
Posted by at No comments:
Labels: , , , , ,

Huawei switch got the ICT global debut Green Mark certificate

Recently, Huawei S7700 series, 3 switches won the TUV Germany Rhine global ICT products debut Green Mark certificate. As ICT industry ,Huawei was the first company gain the Rhine Green of Mark certification, set a benchmark for the industry, also reflects Huawei attentions to green the world subject.
TUV Rhine Green Mark certification covers the content of environmental protection, recycling, energy saving, safety, EMC, carbon footprint, social responsibility and other aspects, obtain certification is very difficult, the authority is also renowned in the industry.The certified Huawei S7700 series switch products using environmental monitoring chip, fan speed, rotating duct design partitions the green environmental protection and energy saving technology, in line with the TUV in Rhine for Green Mark standard.
Huawei got first global ICT industry third party Green Mark certificate,was in the affirmative of the Huawei products “green” and “green” concept.It also means Huawei S7700 series switch products in environmental protection, recycling, energy-saving, safety, EMC, carbon footprint in many aspects such as performance in the first level of the world.
Telephone: 852-30623083
           Supports@Thunder-link.com            
Posted by at No comments:
Labels: , , ,

Huawei S3700: DHCP Feature and Stacking Rules

DHCP Feature of Huawei S3700:
DHCP Client and DHCP Server
DHCP adopts the client/server mode, that is, the DHCP client sends request messages to the DHCP server. Then, the DHCP server returns the reply messages according to the address pool policy.
The DHCP server assigns an IP address to the client by using an address pool. When the client sends a DHCP request to the server, the DHCP server selects a proper address pool, finds an idle IP address from the pool, and delivers the IP address along with other related parameters, such as the gateway address, the DNS address and the address lease, to the client.
To dynamically allocate IP addresses to clients, you need to first configure the address pool range on the DHCP server. Currently, an address pool can be configured with only one address range and the address range is determined by the mask length.
DHCP Snooping
The S3700 can be deployed between the DHCP server and the DHCP client and it monitors the DHCP messages between the DHCP server and the DHCP client. The S3700 creates the IP +MAC+PORT+VLAN binding table according to the monitoring result to filter out invalid packets.
The S3700 also supports Option 82.
l After receiving a Request message from the DHCP client, the S3700 appends the Option
82 field to the Request message. The DHCP server enforces the IP address allocation policy according to the Option 82 field.
l The DHCP server appends the Option 82 field to a Response message. The S3700 analyzes the Option 82 field, determines a forwarding interface, removes the Option 82 field, and then forwards the message to a user.
Option 82 can be implemented in two modes on the S3700, Option 82 insert and Option 82 rebuild.
The Option 82 field contains the user circuit IDs. The user circuit IDs include user device name, outer VLAN ID, inner VLAN ID and port number etc. This can effectively prevent attackers from modifying the DHCP messages.

DHCP Relay
The DHCP client and the DHCP server send broadcast packets during the allocation of IP
addresses. Therefore, DHCP can be applied only when the DHCP client and DHCP server are in the same subnet. It is a waste of resource to deploy a DHCP server in each network segment.
The DHCP relay is introduced to solve this problem. Through DHCP relay, a DHCP client in a subnet can communicate with the DHCP server in another subnet and finally obtains an IP address. In this manner, the DHCP clients on different network segments can use the same DHCP server. This reduces costs and achieves centralized management.

Stacking means that the switches located in the same place are connected through the stacking cable or high-speed uplink interfaces, and thus the switches form a reliable switch group. In as switch group, the S3700s are connected through the stack interfaces multiplexed with uplink GE interfaces. Through stacking, the user can manage and maintain the switches uniformly; therefore, the stacking reduces the maintenance cost of the user.The stacked switches must be of the same type.
The stacked switches have three roles:
Master switch
A stack has only one master switch. The master switch manages the entire stack system by assigning stack IDs to member switches, collecting information about the stack topology, and notifying all the member switches of the information.
Backup switch
As the backup of the master switch, the backup switch becomes the master if the master
switch is faulty and takes over the work of the master switch.
Slave switch
A slave switch only processes service traffic on the network and is managed by the master switch.
Telephone: 852-30623083
           Supports@Thunder-link.com            

Posted by at No comments:
Labels: , , , , ,

Friday, April 1, 2016

How to Troubleshoot for SDH Clock

OptiX OSN 7500 II/OSN 7500/OSN 3500/OSN 1500 TroubleshootingHow to Troubleshoot for Huawei SDH Clock
When the network operates normally, the clock synchronization path is interrupted and the clock protection switching fails. As a result, a large number of pointer justifications occur on the related Nes.
If the clock protection switching is failed may cause pointer justifications and service interruptions.
Possible Causes
lCause 1: The fibers connections on the board are incorrect.
Cause 2: The configuration of the clock tracing mode of the NE is incorrect.
Cause 3: The configuration of the clock protection switching protocol of the entire network
is incorrect.
Cause 4: The configuration of the external clock source of the NE is incorrect.
Cause 5: The hardware is faulty.
Cause 6: The extended synchronization status message (SSM) protocol is disabled or the
clock ID of the clock source is absent.
How to Troubleshoot for SDH Clock
Step 1 Cause 1: The fibers connections on the board are incorrect. As a result, the protection switching fails.
1. See the protection principles to check whether the fibers connections at the faulty point are correct.
If the fibers connections are incorrect, then re-connect the fibers. Check whether the
services are restored. If the services are not restored, check whether the fault is due to other causes.
If the fibers connections are correct, then check whether the fault is due to other
causes.
Step 2 Cause 2: The configuration of the clock tracing mode of the NE is incorrect. As a result, the protection switching fails.
See the protection principles to check whether the clock tracing mode of the NE is correct.
If the configuration of the clock tracing mode of the NE is incorrect, then change the tracing mode of the clocks on the entire network. Check whether the services are restored.
If The configuration of the clock tracing mode of the NE is correct, then check whether the fault is due to other causes.
Step 3 Cause 3: The configuration of the clock protection switching protocol of the entire network is incorrect. As a result, the protection switching fails.
1. Check whether the related NEs are added to the clock protection subnets.
If certain NEs have not been added to the clock protection subnets, then add these NEs to the corresponding clock protection subnets. Check whether the
services recover.  If the services do not recover, proceed to the next step.
If all NEs have been added to the clock protection subnets, then proceed to the next step.
2. Check whether the clock protection switching protocol of related NEs is enabled.
If the clock protection switching protocol of certain NEs has not been enabled, Then enable the clock protection switching protocol of related NEs. Check whether the
services are restored. If the services are not restored, check whether the fault is due to other causes.
If the clock protection switching protocol of the entire network has been enabled, then check whether the fault is due to other causes.
Step 4 Cause 4: The configuration of the external clock source of the NE is incorrect. As a result, the protection switching fails.
1.Check whether the external clock source outputs clock signals.
If tThe external clock source does not output clock signals, then change the external clock source to make sure that the output of the clock signals is normal. Check whether the services recover. If the services do not recover, proceed to the next step.
If the external clock source outputs clock signals, then proceed to the next step.
2. Check whether the external clock source carries the SSMB information.
If the external clock source does not carry the SSMB information set the SSMB information manually. Then check whether the services recover.If the services do not recover, proceed to the next step.
If the external clock source carries the SSMB information, then proceed to the next step.
3. Check whether the external clock source is configured with the s1 byte correctly.
If the external clock source is not configured with the s1 byte correctly, then re-configure the s1 byte. Check whether the services are restored. If the services are not restored, check whether the fault is due to other causes.
If the external clock source is configured with the s1 byte correctly, then check whether the fault is due to other causes.
Step 5 Cause 5: The hardware is faulty. As a result, the protection switching fails.
1. Check the working state of the board.
2. Replace the faulty board.
3. Check whether the services are restored. If the services are not restored, check whether the fault is due to other causes.
Step 6 Cause 6: The extended SSM protocol is disabled or the clock ID of the clock source is absent.
1.Check whether the extended SSM protocol is enabled.
If the extended SSM protocol is disabled or the clock ID of the clock source is absent, then enable the SSM protocol and set the clock ID of the clock source. Check whether the services are restored. If not, check whether the fault is due to other causes.
If the extended SSM protocol is enabled or the clock ID of the clock source is specified, then check whether the services are restored. If not, check whether the fault is due to other causes.
—-End
Related Information
In the case of Huawei OSN clock protection, the direction of each NE clock source must match the fibers connections. That is, the eastbound/westbound fibers must be connected correctly. When the clock protection fails, check whether the fiber connections of each NE on the entire network match the settings of the clock source.
Telephone: 852-30623083
           Supports@Thunder-link.com            
Posted by at No comments:
Labels: , , , , , , , , , , , , , ,
Subscribe to: Posts (Atom)