Restringindo o acesso ao gerenciamento no Huawei S2326TP-EI

Darei um exemplo de configuração de uma ACL para restringir o acesso a Telnet, SSH, SNMP nos switches da série Huawei S2300. Vamos criar uma ACL (Access Control List) na qual especificamos os endereços que terão acesso ao dispositivo via SNMP: 1234acl number 2000rule 5 permit source 10.0.0.1 0rule 10 permit source 192.168.5.5 0quit Vamos adicionar uma comunidade SNMP com uma ACL (se…

View On WordPress

How to Configure a DNS Test Instance on Huawei S2300/S3300 Series Switch

Networking Requirements for configuring a DNS Test Instance on a Huawei S2300/S3300 Series Switch As shown in the below picture, SwitchA functions as a DNS client to access the host 10.2.1.1/24, using a domain name server.com.

Configuration Roadmap for configuring a DNS Test Instance on a Huawei S2300/S3300 Series Switch The configuration roadmap is as follows: 1. Configure SwitchA as an NQA client. 2. Create and start a DNS test instance on the SwitchA to check whether SwitchA can set up a connection with the DNS server and to obtain the speed of responding to an address resolution request.

Procedure for configuring a DNS Test Instance on a Huawei S2300/S3300 Series Switch Step 1 Configure IP addresses for the interfaces on the SwitchA and ensure reachable routes between SwitchA and server.com, SwitchA and the DNS server. <Quidway> system-view [Quidway] sysname SwitchA [SwitchA] vlan 100 [SwitchA-vlan100] quit [SwitchA] interface ethernet 0/0/1 [SwitchA-Ethernet0/0/1] port hybrid pvid vlan 100 [SwitchA-Ethernet0/0/1] port hybrid untagged vlan 100 [SwitchA-Ethernet0/0/1] quit [SwitchA] interface Vlanif 100 [SwitchA-Vlanif100] ip address 10.1.1.1 24 [SwitchA-Vlanif100] quit [SwitchA] ospf [SwitchA-ospf-1] area 0 [SwitchA-ospf-1-area-0.0.0.0] network 10.1.1.0 0.0.0.255 [SwitchA-ospf-1-area-0.0.0.0] quit [SwitchA-ospf-1] quit Step 2 Configure an NQA DNS test instance. [SwitchA] dns resolve [SwitchA] dns server 10.3.1.1 [SwitchA] nqa test-instance admin dns [SwitchA-nqa-admin-dns] test-type dns [SwitchA-nqa-admin-dns] dns-server ipv4 10.3.1.1 [SwitchA-nqa-admin-dns] destination-address url server.com Step 3 Start the test instance. [SwitchA-nqa-admin-dns] start now Step 4 Verify the configuration. [SwitchA-nqa-admin-dns] display nqa results test-instance admin dns

NQA entry(admin, dns) :testflag is inactive ,testtype is dns 1 . Test 1 result The test is finished Send operation times: 1 Receive response times: 1 Completion:success RTD OverThresholds number: 0 Attempts number:1 Drop operation number:0 Disconnect operation number:0 Operation timeout number:0 System busy operation number:0 Connection fail number:0 Operation sequence errors number:0 RTT Status errors number:0 Destination ip address: 10.3.1.1 Min/Max/Average Completion Time: 1/1/1 Sum/Square-Sum Completion Time: 1/1 Last Good Probe Time: 2012-07-20 16:23:49.1 Lost packet ratio: 0 %

Configuration Files Configuration file of SwitchA # sysname SwitchA # vlan batch 100 # dns resolve dns server 10.3.1.1 # interface Vlanif100 ip address 10.1.1.1 255.255.255.0 # interface Ethernet0/0/1 port hybrid pvid vlan 100 port hybrid untagged vlan 100 # ospf 1 area 0.0.0.0 network 10.1.1.0 0.0.0.255 # nqa test-instance admin dns test-type dns destination-address url server.com dns-server ipv4 10.3.1.1 # return

More related:

Huawei S2326TP-PWR-EI

Huawei S3328TP-SI-DC

Huawei S3352P-EI-24S-DC

Huawei CloudEngine CE7800 Series Data Center Switches

Huawei CloudEngine CE7800 series (CE7800 for short) switches are next-generation 40G Ethernet switches designed for data centers and high-end campus networks, providing high-performance, high-density 40 GE ports, and low latency. The switch has a hardware architecture with 40 GE QSFP+ ports. Using the Huawei VRP8 software platform, CE7800 switches provide extensive data center service features and…

View On WordPress

How to Switch an Interface to Layer 3 Mode of Huawei Switch

# Change the working mode of GE1/0/1 from Layer 2 mode to Layer 3 mode. <Quidway> system-view [Quidway] interface gigabitethernet 1/0/1 [Quidway-GigabitEthernet1/0/1] undo portswitch [Quidway-GigabitEthernet1/0/1] ip address 10.10.10.10 255.255.255.0 To switch an interface to Layer 3 mode, run the undo port switch command in the interface view. By default, an Ethernet interface works in Layer 2 mode.

When you run this command on an interface, the mode switching configuration takes effect when only attribute configurations (such as shutdown and description configurations) exist on the interface. If service configurations (such as the port link-type trunk configuration) exist on the interface, you need to clear all service configurations before running this command. The switches and versions that support switching between Layer 2 and Layer 3 modes are as follows: S5300EI: V200R005C00&C01 (Huawei S5320-50X-EI-AC) S5300HI: V100R005C01, V100R006C00&C01, V200R001C00, V200R002C00, V200R003C00, V200R005C00&C01  S5310EI: V200R002C00, V200R003C00, V200R005C00&C01 S5320EI: V200R007C00, V200R008C00, V200R009C00, V200R010C00 (Huawei S5320-32P-EI-AC) S5320HI: V200R009C00, V200R010C00 S6300EI: V200R005C00&C01 S6320EI: V200R008C00, V200R009C00, V200R010C00 S9300&S9300E: V200R001C00&C01, V200R001C00, V200R002C00, V200R003C00, V200R005C00, V200R006C00, V200R007C00, V200R008C00, V200R009C00, V200R010C00 S9300X: V200R010C00 For switches in V200R005C00 and later versions, after running the undo portswitch command to switch an Ethernet interface to Layer 3 mode, you can assign an IP address to the interface.

More related:

Huawei S2352P-EI-AC

Huawei S2326TP-SI-AC

Huawei S3352P-EI-48S-AC

How to Configure the Duplex Mode of Huawei Switch

How to configure Link Aggregation and Security Policy?

How to modify a GPON UNI Port?

How to Configure the Duplex Mode of Huawei Switch

Configuring the Duplex Mode for an Interface in Auto-Negotiation Mode # Set the duplex mode to full-duplex for Ethernet electrical interface GE1/0/1 working in auto-negotiation mode. <Quidway> system-view [Quidway] interface gigabitethernet 1/0/1 [Quidway-GigabitEthernet1/0/1] negotiation auto [Quidway-GigabitEthernet1/0/1] auto duplex full Configuring the Duplex Mode for an Interface in Non-Auto-Negotiation Mode # Set the duplex mode to half-duplex for Ethernet electrical interface GE1/0/1 working in non-auto-negotiation mode. <Quidway> system-view [Quidway] interface gigabitethernet 1/0/1 [Quidway-GigabitEthernet1/0/1] undo negotiation auto [Quidway-GigabitEthernet1/0/1] duplex half NOTE Physical service interfaces of the S6300EI, S5320EI ( Huawei S5328C-EI-24S ), S5320HI, and S6320EI do not support the duplex mode configuration. Physical service interfaces on LE1D2S04SEC0, LE1D2X32SEC0, and LE1D2H02QEC0 cards, and X series cards do not support the duplex mode configuration. On other cards, only the GE electrical interface and FE electrical interface support the duplex mode configuration. When the working rate of a GE electrical interface is 1000 Mbit/s, the interface do not support the half duplex mode.

More related:

Huawei S2318TP-EI-AC

Huawei S2326TP-EI-AC

Huawei S5320-52P-SI-AC

How to Configure a Local Telnet User of Huawei Switch

OLT Board Status Configuration guide

How to configure the VoD Service?

How to Configure a Local Telnet User of Huawei Switch

# Take AAA authentication as an example. Set the user name and password to admin123 and Huawei@123 respectively. Ensure that the Telnet function has been enabled before performing this operation. NOTE The following uses the command lines of the Huawei S5300 in V200R008C00 as an example. <Quidway> system-view [Quidway] user-interface vty 0 [Quidway-ui-vty0] protocol inbound telnet //By default, switches in V200R006 and earlier versions support Telnet, and switches in V200R007 and later versions support SSH. [Quidway-ui-vty0] authentication-mode aaa [Quidway-ui-vty0] quit [Quidway] aaa [Quidway-aaa] local-user admin123 password irreversible-cipher Huawei@123 [Quidway-aaa] local-user admin123 service-type telnet [Quidway-aaa] local-user admin123 privilege level 15 [Quidway-aaa] return <Quidway> save

More related:

Huawei S5320-28P-SI-AC

Huawei S5320-28X-SI-AC

Huawei S2318TP-SI-AC

How to Delet the Device Configuration

How to Configure Port Attributes

GPON Board common command guide

How to Configure an HTTP Test Instance of Huawei S2300/S3300 Series Switch

Networking Requirements for Configuring an HTTP Test Instance of a Huawei S2300/S3300 Series Switch As shown in the below picture, SwitchA is connected to the HTTP server over a WAN to test the speed of SwitchA accessing the HTTP server.

Configuration Roadmap for Configuring an HTTP Test Instance of a Huawei S2300/S3300 Series Switch The configuration roadmap is as follows: 1. Configure SwitchA as an NQA client. 2. Create and start an HTTP test instance on the SwitchA to check whether SwitchA can set up a connection with the HTTP server and to check the duration for transferring files between SwitchA and the HTTP server. Procedure for Configuring an HTTP Test Instance of a Huawei S2300/S3300 Series Switch Step 1 Configure IP addresses for the interfaces on the SwitchA and ensure reachable routes between SwitchA and the HTTP server. <Quidway> system-view [Quidway] sysname SwitchA [SwitchA] vlan 100 [SwitchA-vlan100] quit [SwitchA] interface ethernet 0/0/1 [SwitchA-Ethernet0/0/1] port hybrid pvid vlan 100 [SwitchA-Ethernet0/0/1] port hybrid untagged vlan 100 [SwitchA-Ethernet0/0/1] quit [SwitchA] interface Vlanif 100 [SwitchA-Vlanif100] ip address 10.1.1.1 24 [SwitchA-Vlanif100] quit [SwitchA] ospf [SwitchA-ospf-1] area 0 [SwitchA-ospf-1-area-0.0.0.0] network 10.1.1.0 0.0.0.255 [SwitchA-ospf-1-area-0.0.0.0] quit [SwitchA-ospf-1] quit Step 2 Enable the NQA client and create an NQA HTTP test instance. [SwitchA] nqa test-instance admin http [SwitchA-nqa-admin-http] test-type http [SwitchA-nqa-admin-http] destination-address ipv4 10.2.1.1 [SwitchA-nqa-admin-http] http-operation get [SwitchA-nqa-admin-http] http-url www.huawei.com Step 3 Start the test instance. [SwitchA-nqa-admin-http] start now Step 4 Check the configuration. [SwitchA-nqa-admin-http] display nqa results test-instance admin http NQA entry(admin, http) :testflag is inactive ,testtype is http 1 . Test 1 result The test is finished SendProbe:3 ResponseProbe:3 Completion:success RTD OverThresholdsnumber: 0 MessageBodyOctetsSum: 411 TargetAddress: 10.2.1.1 DNSQueryError number: 0 HTTPError number: 0 TcpConnError number : 0 System busy operation number:0 DNSRTT Sum/Min/Max:0/0/0 TCPConnectRTT Sum/Min/Max: 4/1/2 TransactionRTT Sum/Min/Max: 3/1/1 RTT Sum/Min/Max/Avg: 7/2/3/2 DNSServerTimeout:0 TCPConnectTimeout:0 TransactionTimeout: 0 Lost packet ratio:0% ----End Configuration Files for Configuring an HTTP Test Instance of a Huawei S2300/S3300 Series Switch Configuration file of SwitchA # sysname SwitchA # vlan batch 100 # interface Vlanif100 ip address 10.1.1.1 255.255.255.0 # interface Ethernet0/0/1 port hybrid pvid vlan 100 port hybrid untagged vlan 100 # ospf 1 area 0.0.0.0 network 10.1.1.0 0.0.0.255 # nqa test-instance admin http test-type http destination-address ipv4 10.2.1.1 http-url www.huawei.com http-operation get # return

More related:

How to Configure a DNS Test Instance of Huawei S2300/S3300 Series Switch

P2P Access: Configuring FTTH Service

How to Configuring a GPON ONT (Distributed Mode)

Huawei S2326TP-PWR-EI

Huawei S3328TP-SI-DC

Huawei S3352P-EI-24S-DC

How to Configure a DNS Test Instance of Huawei S2300/S3300 Series Switch

Networking Requirements for Configuring a DNS Test Instance of a Huawei S2300/S3300 Series Switch As shown in the below picture, SwitchA functions as a DNS client to access the host 10.2.1.1/24, using a domain name server.com.

Configuration Roadmap for Configuring a DNS Test Instance of a Huawei S2300/S3300 Series Switch The configuration roadmap is as follows: 1. Configure SwitchA as an NQA client. 2. Create and start a DNS test instance on the SwitchA to check whether SwitchA can set up a connection with the DNS server and to obtain the speed of responding to an address resolution request. Procedure for Configuring a DNS Test Instance of a Huawei S2300/S3300 Series Switch Step 1 Configure IP addresses for the interfaces on the SwitchA and ensure reachable routes between SwitchA and server.com, SwitchA and the DNS server. <Quidway> system-view [Quidway] sysname SwitchA [SwitchA] vlan 100 [SwitchA-vlan100] quit [SwitchA] interface ethernet 0/0/1 [SwitchA-Ethernet0/0/1] port hybrid pvid vlan 100 [SwitchA-Ethernet0/0/1] port hybrid untagged vlan 100 [SwitchA-Ethernet0/0/1] quit [SwitchA] interface Vlanif 100 [SwitchA-Vlanif100] ip address 10.1.1.1 24 [SwitchA-Vlanif100] quit [SwitchA] ospf [SwitchA-ospf-1] area 0 [SwitchA-ospf-1-area-0.0.0.0] network 10.1.1.0 0.0.0.255 [SwitchA-ospf-1-area-0.0.0.0] quit [SwitchA-ospf-1] quit Step 2 Configure an NQA DNS test instance. [SwitchA] dns resolve [SwitchA] dns server 10.3.1.1 [SwitchA] nqa test-instance admin dns [SwitchA-nqa-admin-dns] test-type dns [SwitchA-nqa-admin-dns] dns-server ipv4 10.3.1.1 [SwitchA-nqa-admin-dns] destination-address url server.com Step 3 Start the test instance. [SwitchA-nqa-admin-dns] start now Step 4 Verify the configuration. [SwitchA-nqa-admin-dns] display nqa results test-instance admin dns NQA entry(admin, dns) :testflag is inactive ,testtype is dns 1 . Test 1 result The test is finished Send operation times: 1 Receive response times: 1 Completion:success RTD OverThresholds number: 0 Attempts number:1 Drop operation number:0 Disconnect operation number:0 Operation timeout number:0 System busy operation number:0 Connection fail number:0 Operation sequence errors number:0 RTT Status errors number:0 Destination ip address: 10.3.1.1 Min/Max/Average Completion Time: 1/1/1 Sum/Square-Sum Completion Time: 1/1 Last Good Probe Time: 2012-07-20 16:23:49.1 Lost packet ratio: 0 % ----End Configuration Files for Configuring a DNS Test Instance of a Huawei S2300/S3300 Series Switch Configuration file of SwitchA # sysname SwitchA # vlan batch 100 # dns resolve dns server 10.3.1.1 # interface Vlanif100 ip address 10.1.1.1 255.255.255.0 # interface Ethernet0/0/1 port hybrid pvid vlan 100 port hybrid untagged vlan 100 # ospf 1 area 0.0.0.0 network 10.1.1.0 0.0.0.255 # nqa test-instance admin dns test-type dns destination-address url server.com dns-server ipv4 10.3.1.1 # return

More related:

Huawei S2326TP-EI-AC

Huawei S2326TP-EI-DC

Huawei S3328TP-SI-AC

MA5600V800R00X series devices load the IO data package

How to Configure the BTV Service

How to Perform Ping and Tracert Operations of Huawei S2300/S3300 Series Switch

How to Perform Ping and Tracert Operations of Huawei S2300/S3300 Series Switch

Configuration Requirements for Performing Ping and Tracert Operations of a Huawei S2300/S3300 Series Switch As shown in the below picture, after configuring SwitchA, check the link between SwitchA and the log host. If the link is disconnected, you need to locate the fault.

Configuration Roadmap for Performing Ping and Tracert Operations of a Huawei S2300/S3300 Series Switch The configuration roadmap is as follows: 1. Run the ping command on SwitchA to check connectivity between SwitchA and the log host. 2. Run the tracert command to locate the faulty link segment if the link is disconnected. Procedure for Performing Ping and Tracert Operations of a Huawei S2300/S3300 Series Switch Step 1 Run the ping command. # Run the ping command on SwitchA to check connectivity between SwitchA and the log host. <Quidway> ping 1.1.3.2 PING 1.1.3.2: 56 data bytes, press CTRL_C to break Request time out Request time out Request time out Request time out Request time out --- 1.1.3.2 ping statistics --- 5 packet(s) transmitted 0 packet(s) received 100.00% packet loss The output on SwitchA shows that the log host is unreachable, which indicates that a fault occurs on the link between SwitchA and the log host. Step 2 Run the tracert command. # Run the tracert command on SwitchA to locate the faulty link segment. <Quidway> tracert 1.1.3.2 traceroute to 1.1.3.2(1.1.3.2), max hops: 30 ,packet length: 40 1 1.1.1.2 4 ms 5 ms 5 ms 2 * * * 3 * * * 4 * * * 5 * * * 6 * * * 7 * * * 8 * * * ... The preceding output shows that the ICMP Echo Request packet passes SwitchB but does not reach SwitchC. This indicates that the link between SwitchB and SwitchC fails. After the link between SwitchB and SwitchC is recovered, repeat Step 1 and Step 2 to ensure that SwitchA and the log host can communicate properly. ----End

More related:

Huawei S2318TP-SI-AC

Huawei S3328TP-EI-MC

Huawei S3328TP-PWR-EI

How to Configure NAP-based Remote Deployment of Huawei S2300/S3300 Series Switch

GPON FTTH PPPoE login gets disconnected

How to Configure the SIP-based Voice Service

How to Configure NAP-based Remote Deployment of Huawei S2300/S3300 Series Switch

Networking Requirements for Configuring NAP-based Remote Deployment  of a Huawei S2300/S3300 Series Switch As shown in the below picture, SwitchC and SwitchB are directly connected, but they are located at equipment rooms far away from each other. SwitchC is a new device on the network and does not load any configuration file while SwitchB is an existing device on the network. You want to implement remote deployment for SwitchC on SwitchB to reduce network operation and maintenance costs.

Configuration Roadmap  for Configuring NAP-based Remote Deployment  of a Huawei S2300/S3300 Series Switch The configuration roadmap is as follows: 1. Set interface Ethernet0/0/1 of SwitchB to a master NAP interface to establish NAP neighbor relationship between SwitchB and SwitchC. 2. Use Telnet to log in to SwitchC from SwitchB to configure remote deployment. 3. Disable NAP for all interfaces of SwitchC.

Procedure for Configuring NAP-based Remote Deployment  of a Huawei S2300/S3300 Series Switch Step 1 Set an interface to a master NAP interface. # Set interface Ethernet0/0/1 on SwitchB to a master NAP interface. <Quidway> system-view [Quidway] sysname SwitchB [SwitchB] interface ethernet 0/0/1 [SwitchB-Ethernet0/0/1] nap port master # Run the display nap interface command on SwitchB to check whether a NAP neighbor relationship has been established and whether IP addresses have been assigned to the master and slave interfaces. [SwitchB-Ethernet0/0/1] display nap interface ------------------------------------------------------ NAP master port list Port count : 1 ------------------------------------------------------ Port property : Master Current status : IP-ASSIGNED Local port : Ethernet0/0/1 Peer port : Ethernet0/0/1 Local IP : 10.167.253.1 Peer IP : 10.167.253.2 Hello time : 3s Linked time : 00:00:26 ------------------------------------------------------ Step 2 Log in to the slave device. # Log in to SwitchC from SwitchB. [SwitchB-Ethernet0/0/1] nap login neighbor Trying 10.167.253.2 ... Press CTRL+K to abort Connected to 10.167.253.2 ... An initial password is required for the first login via the vty user-interface. Set a password and keep it safe! Otherwise you will not be able to login via the vty user-interface. Please configure the login password (6-16) Enter Password: Confirm Password: Info: The max number of VTY users is 10, and the number of current VTY users on line is 1. The current login time is 2012-08-12 05:35:19+08:00. <Quidway> Step 3 Configure deployment on the slave device. After logging in to SwitchC, you can configure deployment on SwitchC. It is recommended that you set the IP address, user name, and password and enable the Telnet service on SwitchC so that you can use Telnet to directly log in to SwitchC. Step 4 Log in to SwitchC using the configured IP address, user name, and password to disable NAP on the slave device. # Disable NAP for all interfaces of SwitchC. <Quidway> system-view [Quidway] sysname SwitchC [SwitchC] undo nap slave enable Warning: The operation will close NAP slave. Continue? [Y/N]:y ----End

More related:

Huawei S2318TP-EI-AC

Huawei S2318TP-EI-DC

Huawei S3328TP-EI-DC

How to Configure the H.248-based Voice Service?

How to Login Huawei Equipment Through the Local Serial Port

How to Configure Attack Defense of Huawei S2300/S3300 Series Switch

How to Configure Attack Defense of Huawei S2300/S3300 Series Switch

Networking Requirements As shown in the below, if a hacker on the LAN initiates malformed packet attacks, packet fragment attacks, and flood attacks to SwitchA, SwitchA may break down. The administrator requires that attack defense measures be deployed on SwitchA to provide a secure network environment and ensure normal services.

Configuration Roadmap The configuration roadmap is as follows: 1. Enable defense against malformed packet attacks so that SwitchA can defend against such attacks. 2. Enable defense against packet fragment attacks so that SwitchA can defend against such attacks. 3. Enable defense against packet flood attacks so that SwitchA can defend against such attacks.

Procedure

Configuration Files Configuration file of SwitchA # sysname SwitchA # anti-attack fragment car cir 15000 anti-attack tcp-syn car cir 15000 anti-attack icmp-flood car cir 15000 # return

More related:

How to Configure Local Attack Defense of Huawei S2300/S3300 Series Switch

Optical attenuation is too large lead to ONU recovery failure

How to Configure the Internet Access Service?

Huawei S2309TP-PWR-EI

Huawei S3328TP-EI-24S-AC

Huawei S3328TP-EI-AC

How to Configure Local Attack Defense of Huawei S2300/S3300 Series Switch

Networking Requirements for Configuring Local Attack Defense of a Huawei S2300/S3300 Series Switch As shown in the below, users from different LANs connect to the Internet through the Switch. The Switch is connected to a large number of users, and receives many packets sent to the CPU. In this case, the CPU of the Switch may be attacked by packets. The administrator needs to know about the CPU status in real time and check whether the CPU is attacked. When potential attacks occur, the device sends alarms to the administrator to protect the CPU. Users on Net1 are forbidden to access the network because they often attack the CPU. The CPU usage occupied by ARP Request packets is `reduced because attackers may send a large number of ARP Request packets to deteriorate CPU performance. Stable and reliable data transmission is required between the administrator host and the Switch.

Configuration Roadmap for Configuring Local Attack Defense of a Huawei S2300/S3300 Series Switch The configuration roadmap is as follows: 1. Attack source tracing provides traffic analysis and statistics, attack source identification and alarm function. Enable attack source tracing and its alarm function. In this way, the administrator can know about the CPU status in real time. 2. Add users on Net1 to the blacklist to prevent users on Net1 from accessing the network. 3. Configure the rate limit for ARP Request packets sent to the CPU to reduce the CPU usage occupied by ARP Request packets. 4. ALP protects session-based application layer data and ensures service reliability and stability on the application layer. Configure rate limit of FTP packets sent to the CPU when an FTP connection is set up (by default, ALP is enabled for FTP packets) to ensure data transmission between the administrator host and the Switch.

Procedure for Configuring Local Attack Defense of a Huawei S2300/S3300 Series Switch

Configuration Files for Configuring Local Attack Defense of a Huawei S2300/S3300 Series Switch Configuration file of Switch # sysname Switch # acl number 2001 rule 5 permit source 1.1.1.0 0.0.0.255 # cpu-defend policy test1 blacklist 1 acl 2001 car packet-type arp-request cir 128 cbs 24064 linkup-car packet-type ftp cir 5000 cbs 940000 auto-defend enable auto-defend alarm enable # cpu-defend-policy test1 global # return

More related:

How Use a User-defined ACL to Configure a Traffic Classifier of Huawei S2300/S3300 Series Switch

Implementation of TR069 protocol in MA5600 series

Application of Time-range In HUAWEI MA5600 Series Equipment

Huawei S3352P-SI-DC

Huawei S2318TP-EI-DC

Huawei S2318TP-EI-AC

How Use a User-defined ACL to Configure a Traffic Classifier of Huawei S2300/S3300 Series Switch

Networking Requirements for Using a User-defined ACL to Configure a Traffic Classifier of a Huawei S2300/S3300 Series Switch As shown in the below picture, Eth 0/0/1 of the Switch is connected to PCs, and Eth 0/0/2 is connected to the upstream router. A user-defined ACL needs to be configured on Eth 0/0/1 to deny the packets of which the bytes from the 14th byte in the Layer 2 header matching 0x0180C200.

Configuration Roadmap for Using a User-defined ACL to Configure a Traffic Classifier of a Huawei S2300/S3300 Series Switch The configuration roadmap is as follows: 1. Configure an ACL. 2. Configure a traffic classifier. 3. Configure a traffic behavior. 4. Configure a traffic policy. 5. Apply the traffic policy to an interface.

Procedure for Using a User-defined ACL to Configure a Traffic Classifier of a Huawei S2300/S3300 Series Switch

Configuration Files for Using a User-defined ACL to Configure a Traffic Classifier of a Huawei S2300/S3300 Series Switch # acl number 5000 rule 5 deny 0x0180c200 0xffffffff 14 # traffic classifier tc1 operator and if-match acl 5000 # traffic behavior tb1 deny # traffic policy tp1 classifier tc1 behavior tb1 # interface Ethernet0/0/1 traffic-policy tp1 inbound # return

How to Use a Layer 2 ACL to Configure a Traffic Classifier of Huawei S2300/S3300 Series Switch

How To Reset Huawei OLT MA5600T Series Equipment Password

MA5600T Backup Redundant of Configuration Smart Link

Huawei S2318TP-SI-AC

Huawei S3352P-PWR-EI

Huawei S3352P-SI-AC

How to Use a Layer 2 ACL to Configure a Traffic Classifier of Huawei S2300/S3300 Series Switch

Networking Requirements for Using a Layer 2 ACL to Configure a Traffic Classifier of a Huawei S2300/S3300 Series Switch As shown in the below picture, the Switch that functions as the gateway is connected to PCs. ACL needs to be configured to prevent the packets with the source MAC address 00e0-f201-0101 and the destination MAC address 0260-e207-0002 from passing through.

Configuration Roadmap for Using a Layer 2 ACL to Configure a Traffic Classifier of a Huawei S2300/S3300 Series Switch The configuration roadmap is as follows: 1. Configure an ACL.

2. Configure a traffic classifier. 3. Configure a traffic behavior. 4. Configure a traffic policy. 5. Apply the traffic policy to an interface.

Procedure for Using a Layer 2 ACL to Configure a Traffic Classifier of a Huawei S2300/S3300 Series Switch

Configuration Files for Using a Layer 2 ACL to Configure a Traffic Classifier of a Huawei S2300/S3300 Series Switch # acl number 4000 rule 5 deny destination-mac 0260-e207-0002 source-mac 00e0-f201-0101 # traffic classifier tc1 operator and if-match acl 4000 # traffic behavior tb1 deny # traffic policy tp1 classifier tc1 behavior tb1 # interface Ethernet0/0/2 traffic-policy tp1 inbound # return

More related:

How to Configure a Basic ACL to Limit Access to the FTP Server of Huawei S2300/S3300 Series Switch

MA5600T Series Equipment Boot Upgrade Guidebook

Huawei MA562X Series Equipmen Convert Into Switch Instruction

Huawei S3352P-EI-DC

Huawei S2326TP-EI-DC

Huawei S2326TP-EI-AC

How to Configure a Basic ACL to Limit Access to the FTP Server of Huawei S2300/S3300 Series Switch

Networking Requirements for Configuring a Basic ACL to Limit Access to the FTP Server of a Huawei S2300/S3300 Series Switch As shown in the below picture, the Switch functions as an FTP server (172.16.104.110/24). The requirements are as follows: All the users on subnet 1 (172.16.105.0/24) are allowed to access the FTP server at any time. All the users on subnet 2 (172.16.107.0/24) are allowed to access the FTP server only at the specified period of time. Other users are not allowed to access the FTP server. The routes between the Switch and subnets are reachable. You need to configure the Switch to limit user access to the FTP server.

Configuration Roadmap for Configuring a Basic ACL to Limit Access to the FTP Server of a Huawei S2300/S3300 Series Switch The configuration roadmap is as follows: Create a basic ACL on the Switch and configure rules in the basic ACL. Configure basic FTP functions on the Switch. Apply a basic ACL to the Switch to limit user access.

Procedure for Configuring a Basic ACL to Limit Access to the FTP Server of a Huawei S2300/S3300 Series Switch

Configuration Files for Configuring a Basic ACL to Limit Access to the FTP Server of a Huawei S2300/S3300 Series Switch # Configuration file of the Switch # sysname Switch # ftp server enable ftp acl 2001 # time-range ftp-access 14:00 to 18:00 off-day time-range ftp-access from 00:00 2009/1/1 to 23:59 2011/12/31 # acl number 2001 rule 5 permit source 172.16.105.0 0.0.0.255 rule 10 permit source 172.16.107.0 0.0.0.255 time-range ftp-access rule 15 deny # return

More related:

How to Configure Prompt Leave for Interfaces of Huawei S2300/S3300 Series Switch

MA5600T Series Equipment Aggregate Docking Cisco Equipment

Huawei MA5620 Series Equipment Port Mirror Capture

Huawei S2326TP-PWR-EI

Huawei S3352P-EI-48S-DC

Huawei S3352P-EI-AC

How to Configure Prompt Leave for Interfaces of Huawei S2300/S3300 Series Switch

Networking Requirements for Configuring Prompt Leave for Interfaces of a Huawei S2300/S3300 Series Switch In the below, the router connects to the user network through the Layer 2 Switch on an IPv6 network. Eth0/0/1 and Eth0/0/2 on the Switch respectively connect to only one receiver host. Therefore, when receiving MLD Done messages from the two interfaces, the Switchdeletes the forwarding entries of the multicast group that the hosts leave, without waiting for the timeout of the aging timer. This saves the bandwidth and system resources.

Configuration Roadmap for Configuring Prompt Leave for Interfaces of a Huawei S2300/S3300 Series Switch Enabling MLD snooping and configuring prompt leave for interfaces on the Switch can meet the requirements. Create a VLAN and add interfaces to the VLAN. Enable MLD snooping globally and in a VLAN. Enable prompt leave for interfaces in a VLAN.

Procedure for Configuring Prompt Leave for Interfaces of a Huawei S2300/S3300 Series Switch

Configuration Files for Configuring Prompt Leave for Interfaces of a Huawei S2300/S3300 Series Switch # sysname Switch # mld-snooping enable # vlan batch 10 # vlan 10 mld-snooping enable mld-snooping prompt-leave # interface Ethernet0/0/1 port hybrid pvid vlan 10 port hybrid untagged vlan 10 # interface Ethernet0/0/2 port hybrid pvid vlan 10 port hybrid untagged vlan 10 # interface Ethernet0/0/3 port hybrid pvid vlan 10 port hybrid untagged vlan 10 # return

More related:

How to Configure a Static Interface to Implement Layer 2 Multicast

How do Adding an ONU to an OLT?

Huawei OLT MA5600T Series Equipment Upgrade Instructions

Huawei S2326TP-SI-AC

Huawei S2352P-EI-AC

Huawei S3352P-EI-48S-AC