How to Configure Intra-VLAN Proxy ARP of a Huawei S2300/S3300 Series Switch

Networking Requirements of Configuring Intra-VLAN Proxy ARP of a Huawei S2300/S3300 Series Switch As shown in the picture, GE0/0/2 and GE0/0/1 on the switch belong to sub-VLAN2. Sub-VLAN2 belongs to super-VLAN3. Requirements are as follows: HostA and HostB in VLAN2 should be isolated at Layer 2. HostA and HostB can communicate at Layer 3 using intra-VLAN proxy ARP. The IP address of the VLANIF interface corresponding to the super-VLAN is 10.10.10.1 and the mask is 255.255.255.0.

Configuration Roadmap of Configuring Intra-VLAN Proxy ARP of a Huawei S2300/S3300 Series Switch The configuration roadmap is as follows: 1. Create and configure a super-VLAN and a sub-VLAN. 2. Add interfaces to the sub-VLAN. 3. Create a VLANIF interface corresponding to the super-VLAN and assign an IP address to the VLANIF interface.

4. Enable intra-VLAN proxy ARP on the VLANIF interface.

Procedure  of Configuring Intra-VLAN Proxy ARP of a Huawei S2300/S3300 Series Switch

Configuration Files of a Huawei S2300/S3300 Series Switch Configuration file of the switch

# sysname Quidway # vlan batch 2 to 3 # vlan 3 aggregate-vlan access-vlan 2 # port-isolate mode l2 # interface Vlanif3 ip address 10.10.10.1 255.255.255.0 arp-proxy inner-sub-vlan-proxy enable # interface GigabitEthernet0/0/1 port link-type access port default vlan 2 port-isolate enable group 1 # interface GigabitEthernet0/0/2 port link-type access port default vlan 2 port-isolate enable group 1 # return

More related:

How to Configure Routed Proxy ARP of a Huawei S2300/S3300 Series Switch

How to Configurethe GPON FTTH Voice Service?

How to configure a 10G GPON service board

Huawei S2326TP-EI-DC

Huawei S2326TP-PWR-EI

Huawei S3352P-EI-AC

Huawei S7700&S9700 Switch Card Structure and Dimensions

Huawei S7700&S9700 Switch Card Structure and Dimensions

Huawei Campus Switch includes S1700, S2300, S2700, S3300, S3700, S5300, S5700, S600-E, S6300, S6700, S7700, S7900, S9300, S9300X, S9700, S12700 Series. In this article, HongTelecom will introduce Huawei S7700&S9700 Switch Card Structure and Dimensions.

Card Structure and Dimensions Card Structure

Figure 1 shows an example of a card.

Figure 1 Card 1. Name label 2. Ejector lever 3. Front panel…

View On WordPress

How to Configure a DNS Test Instance on Huawei S2300/S3300 Series Switch

Networking Requirements for configuring a DNS Test Instance on a Huawei S2300/S3300 Series Switch As shown in the below picture, SwitchA functions as a DNS client to access the host 10.2.1.1/24, using a domain name server.com.

Configuration Roadmap for configuring a DNS Test Instance on a Huawei S2300/S3300 Series Switch The configuration roadmap is as follows: 1. Configure SwitchA as an NQA client. 2. Create and start a DNS test instance on the SwitchA to check whether SwitchA can set up a connection with the DNS server and to obtain the speed of responding to an address resolution request.

Procedure for configuring a DNS Test Instance on a Huawei S2300/S3300 Series Switch Step 1 Configure IP addresses for the interfaces on the SwitchA and ensure reachable routes between SwitchA and server.com, SwitchA and the DNS server. <Quidway> system-view [Quidway] sysname SwitchA [SwitchA] vlan 100 [SwitchA-vlan100] quit [SwitchA] interface ethernet 0/0/1 [SwitchA-Ethernet0/0/1] port hybrid pvid vlan 100 [SwitchA-Ethernet0/0/1] port hybrid untagged vlan 100 [SwitchA-Ethernet0/0/1] quit [SwitchA] interface Vlanif 100 [SwitchA-Vlanif100] ip address 10.1.1.1 24 [SwitchA-Vlanif100] quit [SwitchA] ospf [SwitchA-ospf-1] area 0 [SwitchA-ospf-1-area-0.0.0.0] network 10.1.1.0 0.0.0.255 [SwitchA-ospf-1-area-0.0.0.0] quit [SwitchA-ospf-1] quit Step 2 Configure an NQA DNS test instance. [SwitchA] dns resolve [SwitchA] dns server 10.3.1.1 [SwitchA] nqa test-instance admin dns [SwitchA-nqa-admin-dns] test-type dns [SwitchA-nqa-admin-dns] dns-server ipv4 10.3.1.1 [SwitchA-nqa-admin-dns] destination-address url server.com Step 3 Start the test instance. [SwitchA-nqa-admin-dns] start now Step 4 Verify the configuration. [SwitchA-nqa-admin-dns] display nqa results test-instance admin dns

NQA entry(admin, dns) :testflag is inactive ,testtype is dns 1 . Test 1 result The test is finished Send operation times: 1 Receive response times: 1 Completion:success RTD OverThresholds number: 0 Attempts number:1 Drop operation number:0 Disconnect operation number:0 Operation timeout number:0 System busy operation number:0 Connection fail number:0 Operation sequence errors number:0 RTT Status errors number:0 Destination ip address: 10.3.1.1 Min/Max/Average Completion Time: 1/1/1 Sum/Square-Sum Completion Time: 1/1 Last Good Probe Time: 2012-07-20 16:23:49.1 Lost packet ratio: 0 %

Configuration Files Configuration file of SwitchA # sysname SwitchA # vlan batch 100 # dns resolve dns server 10.3.1.1 # interface Vlanif100 ip address 10.1.1.1 255.255.255.0 # interface Ethernet0/0/1 port hybrid pvid vlan 100 port hybrid untagged vlan 100 # ospf 1 area 0.0.0.0 network 10.1.1.0 0.0.0.255 # nqa test-instance admin dns test-type dns destination-address url server.com dns-server ipv4 10.3.1.1 # return

More related:

Huawei S2326TP-PWR-EI

Huawei S3328TP-SI-DC

Huawei S3352P-EI-24S-DC

How to Switch an Interface to Layer 3 Mode of Huawei Switch

# Change the working mode of GE1/0/1 from Layer 2 mode to Layer 3 mode. <Quidway> system-view [Quidway] interface gigabitethernet 1/0/1 [Quidway-GigabitEthernet1/0/1] undo portswitch [Quidway-GigabitEthernet1/0/1] ip address 10.10.10.10 255.255.255.0 To switch an interface to Layer 3 mode, run the undo port switch command in the interface view. By default, an Ethernet interface works in Layer 2 mode.

When you run this command on an interface, the mode switching configuration takes effect when only attribute configurations (such as shutdown and description configurations) exist on the interface. If service configurations (such as the port link-type trunk configuration) exist on the interface, you need to clear all service configurations before running this command. The switches and versions that support switching between Layer 2 and Layer 3 modes are as follows: S5300EI: V200R005C00&C01 (Huawei S5320-50X-EI-AC) S5300HI: V100R005C01, V100R006C00&C01, V200R001C00, V200R002C00, V200R003C00, V200R005C00&C01  S5310EI: V200R002C00, V200R003C00, V200R005C00&C01 S5320EI: V200R007C00, V200R008C00, V200R009C00, V200R010C00 (Huawei S5320-32P-EI-AC) S5320HI: V200R009C00, V200R010C00 S6300EI: V200R005C00&C01 S6320EI: V200R008C00, V200R009C00, V200R010C00 S9300&S9300E: V200R001C00&C01, V200R001C00, V200R002C00, V200R003C00, V200R005C00, V200R006C00, V200R007C00, V200R008C00, V200R009C00, V200R010C00 S9300X: V200R010C00 For switches in V200R005C00 and later versions, after running the undo portswitch command to switch an Ethernet interface to Layer 3 mode, you can assign an IP address to the interface.

More related:

Huawei S2352P-EI-AC

Huawei S2326TP-SI-AC

Huawei S3352P-EI-48S-AC

How to Configure the Duplex Mode of Huawei Switch

How to configure Link Aggregation and Security Policy?

How to modify a GPON UNI Port?

How to Delet the Device Configuration

To clear the current configuration and restore factory settings of a Huawei Switch, run the reset saved- configuration command to clear the configuration file for the next startup and then restart the device. If you are prompted to save the configuration, select N indicating that the device will not save the current configuration. NOTICE Exercise caution and follow the instructions of the technical support personnel when you run this command. <Quidway> reset saved-configuration Warning: The action will delete the saved configuration in the device. The configuration will be erased to reconfigure. Continue? [Y/N]:y Warning: Now clearing the configuration in the device. Info: Succeeded in clearing the configuration in the device. <Quidway> reboot Info: The system is now comparing the configuration, please wait. Warning: The configuration has been modified, and it will be saved to the next startup saved-configuration file flash:/vrpcfg.zip. Continue? [Y/N]:n //Select "N" here. Info: If want to reboot with saving diagnostic information, input 'N' and then execute 'reboot save diagnostic-information'. System will reboot! Continue?[Y/N]:y The command outputs on your device may be different from that provided in this example.

More related;

How to Handle Loss of the Password for Web Login of Huawei Switch

Uninstalling the U2000 Server

MA5600T Series LACP Configuration

Huawei S3328TP-EI-AC

Huawei S3328TP-EI-MC

Huawei S5328C-HI-24S

How to Configure an HTTP Test Instance of Huawei S2300/S3300 Series Switch

Networking Requirements for Configuring an HTTP Test Instance of a Huawei S2300/S3300 Series Switch As shown in the below picture, SwitchA is connected to the HTTP server over a WAN to test the speed of SwitchA accessing the HTTP server.

Configuration Roadmap for Configuring an HTTP Test Instance of a Huawei S2300/S3300 Series Switch The configuration roadmap is as follows: 1. Configure SwitchA as an NQA client. 2. Create and start an HTTP test instance on the SwitchA to check whether SwitchA can set up a connection with the HTTP server and to check the duration for transferring files between SwitchA and the HTTP server. Procedure for Configuring an HTTP Test Instance of a Huawei S2300/S3300 Series Switch Step 1 Configure IP addresses for the interfaces on the SwitchA and ensure reachable routes between SwitchA and the HTTP server. <Quidway> system-view [Quidway] sysname SwitchA [SwitchA] vlan 100 [SwitchA-vlan100] quit [SwitchA] interface ethernet 0/0/1 [SwitchA-Ethernet0/0/1] port hybrid pvid vlan 100 [SwitchA-Ethernet0/0/1] port hybrid untagged vlan 100 [SwitchA-Ethernet0/0/1] quit [SwitchA] interface Vlanif 100 [SwitchA-Vlanif100] ip address 10.1.1.1 24 [SwitchA-Vlanif100] quit [SwitchA] ospf [SwitchA-ospf-1] area 0 [SwitchA-ospf-1-area-0.0.0.0] network 10.1.1.0 0.0.0.255 [SwitchA-ospf-1-area-0.0.0.0] quit [SwitchA-ospf-1] quit Step 2 Enable the NQA client and create an NQA HTTP test instance. [SwitchA] nqa test-instance admin http [SwitchA-nqa-admin-http] test-type http [SwitchA-nqa-admin-http] destination-address ipv4 10.2.1.1 [SwitchA-nqa-admin-http] http-operation get [SwitchA-nqa-admin-http] http-url www.huawei.com Step 3 Start the test instance. [SwitchA-nqa-admin-http] start now Step 4 Check the configuration. [SwitchA-nqa-admin-http] display nqa results test-instance admin http NQA entry(admin, http) :testflag is inactive ,testtype is http 1 . Test 1 result The test is finished SendProbe:3 ResponseProbe:3 Completion:success RTD OverThresholdsnumber: 0 MessageBodyOctetsSum: 411 TargetAddress: 10.2.1.1 DNSQueryError number: 0 HTTPError number: 0 TcpConnError number : 0 System busy operation number:0 DNSRTT Sum/Min/Max:0/0/0 TCPConnectRTT Sum/Min/Max: 4/1/2 TransactionRTT Sum/Min/Max: 3/1/1 RTT Sum/Min/Max/Avg: 7/2/3/2 DNSServerTimeout:0 TCPConnectTimeout:0 TransactionTimeout: 0 Lost packet ratio:0% ----End Configuration Files for Configuring an HTTP Test Instance of a Huawei S2300/S3300 Series Switch Configuration file of SwitchA # sysname SwitchA # vlan batch 100 # interface Vlanif100 ip address 10.1.1.1 255.255.255.0 # interface Ethernet0/0/1 port hybrid pvid vlan 100 port hybrid untagged vlan 100 # ospf 1 area 0.0.0.0 network 10.1.1.0 0.0.0.255 # nqa test-instance admin http test-type http destination-address ipv4 10.2.1.1 http-url www.huawei.com http-operation get # return

More related:

How to Configure a DNS Test Instance of Huawei S2300/S3300 Series Switch

P2P Access: Configuring FTTH Service

How to Configuring a GPON ONT (Distributed Mode)

Huawei S2326TP-PWR-EI

Huawei S3328TP-SI-DC

Huawei S3352P-EI-24S-DC

How to Configure a DNS Test Instance of Huawei S2300/S3300 Series Switch

Networking Requirements for Configuring a DNS Test Instance of a Huawei S2300/S3300 Series Switch As shown in the below picture, SwitchA functions as a DNS client to access the host 10.2.1.1/24, using a domain name server.com.

Configuration Roadmap for Configuring a DNS Test Instance of a Huawei S2300/S3300 Series Switch The configuration roadmap is as follows: 1. Configure SwitchA as an NQA client. 2. Create and start a DNS test instance on the SwitchA to check whether SwitchA can set up a connection with the DNS server and to obtain the speed of responding to an address resolution request. Procedure for Configuring a DNS Test Instance of a Huawei S2300/S3300 Series Switch Step 1 Configure IP addresses for the interfaces on the SwitchA and ensure reachable routes between SwitchA and server.com, SwitchA and the DNS server. <Quidway> system-view [Quidway] sysname SwitchA [SwitchA] vlan 100 [SwitchA-vlan100] quit [SwitchA] interface ethernet 0/0/1 [SwitchA-Ethernet0/0/1] port hybrid pvid vlan 100 [SwitchA-Ethernet0/0/1] port hybrid untagged vlan 100 [SwitchA-Ethernet0/0/1] quit [SwitchA] interface Vlanif 100 [SwitchA-Vlanif100] ip address 10.1.1.1 24 [SwitchA-Vlanif100] quit [SwitchA] ospf [SwitchA-ospf-1] area 0 [SwitchA-ospf-1-area-0.0.0.0] network 10.1.1.0 0.0.0.255 [SwitchA-ospf-1-area-0.0.0.0] quit [SwitchA-ospf-1] quit Step 2 Configure an NQA DNS test instance. [SwitchA] dns resolve [SwitchA] dns server 10.3.1.1 [SwitchA] nqa test-instance admin dns [SwitchA-nqa-admin-dns] test-type dns [SwitchA-nqa-admin-dns] dns-server ipv4 10.3.1.1 [SwitchA-nqa-admin-dns] destination-address url server.com Step 3 Start the test instance. [SwitchA-nqa-admin-dns] start now Step 4 Verify the configuration. [SwitchA-nqa-admin-dns] display nqa results test-instance admin dns NQA entry(admin, dns) :testflag is inactive ,testtype is dns 1 . Test 1 result The test is finished Send operation times: 1 Receive response times: 1 Completion:success RTD OverThresholds number: 0 Attempts number:1 Drop operation number:0 Disconnect operation number:0 Operation timeout number:0 System busy operation number:0 Connection fail number:0 Operation sequence errors number:0 RTT Status errors number:0 Destination ip address: 10.3.1.1 Min/Max/Average Completion Time: 1/1/1 Sum/Square-Sum Completion Time: 1/1 Last Good Probe Time: 2012-07-20 16:23:49.1 Lost packet ratio: 0 % ----End Configuration Files for Configuring a DNS Test Instance of a Huawei S2300/S3300 Series Switch Configuration file of SwitchA # sysname SwitchA # vlan batch 100 # dns resolve dns server 10.3.1.1 # interface Vlanif100 ip address 10.1.1.1 255.255.255.0 # interface Ethernet0/0/1 port hybrid pvid vlan 100 port hybrid untagged vlan 100 # ospf 1 area 0.0.0.0 network 10.1.1.0 0.0.0.255 # nqa test-instance admin dns test-type dns destination-address url server.com dns-server ipv4 10.3.1.1 # return

More related:

Huawei S2326TP-EI-AC

Huawei S2326TP-EI-DC

Huawei S3328TP-SI-AC

MA5600V800R00X series devices load the IO data package

How to Configure the BTV Service

How to Perform Ping and Tracert Operations of Huawei S2300/S3300 Series Switch

How to Perform Ping and Tracert Operations of Huawei S2300/S3300 Series Switch

Configuration Requirements for Performing Ping and Tracert Operations of a Huawei S2300/S3300 Series Switch As shown in the below picture, after configuring SwitchA, check the link between SwitchA and the log host. If the link is disconnected, you need to locate the fault.

Configuration Roadmap for Performing Ping and Tracert Operations of a Huawei S2300/S3300 Series Switch The configuration roadmap is as follows: 1. Run the ping command on SwitchA to check connectivity between SwitchA and the log host. 2. Run the tracert command to locate the faulty link segment if the link is disconnected. Procedure for Performing Ping and Tracert Operations of a Huawei S2300/S3300 Series Switch Step 1 Run the ping command. # Run the ping command on SwitchA to check connectivity between SwitchA and the log host. <Quidway> ping 1.1.3.2 PING 1.1.3.2: 56 data bytes, press CTRL_C to break Request time out Request time out Request time out Request time out Request time out --- 1.1.3.2 ping statistics --- 5 packet(s) transmitted 0 packet(s) received 100.00% packet loss The output on SwitchA shows that the log host is unreachable, which indicates that a fault occurs on the link between SwitchA and the log host. Step 2 Run the tracert command. # Run the tracert command on SwitchA to locate the faulty link segment. <Quidway> tracert 1.1.3.2 traceroute to 1.1.3.2(1.1.3.2), max hops: 30 ,packet length: 40 1 1.1.1.2 4 ms 5 ms 5 ms 2 * * * 3 * * * 4 * * * 5 * * * 6 * * * 7 * * * 8 * * * ... The preceding output shows that the ICMP Echo Request packet passes SwitchB but does not reach SwitchC. This indicates that the link between SwitchB and SwitchC fails. After the link between SwitchB and SwitchC is recovered, repeat Step 1 and Step 2 to ensure that SwitchA and the log host can communicate properly. ----End

More related:

Huawei S2318TP-SI-AC

Huawei S3328TP-EI-MC

Huawei S3328TP-PWR-EI

How to Configure NAP-based Remote Deployment of Huawei S2300/S3300 Series Switch

GPON FTTH PPPoE login gets disconnected

How to Configure the SIP-based Voice Service

How to Configure NAP-based Remote Deployment of Huawei S2300/S3300 Series Switch

Networking Requirements for Configuring NAP-based Remote Deployment  of a Huawei S2300/S3300 Series Switch As shown in the below picture, SwitchC and SwitchB are directly connected, but they are located at equipment rooms far away from each other. SwitchC is a new device on the network and does not load any configuration file while SwitchB is an existing device on the network. You want to implement remote deployment for SwitchC on SwitchB to reduce network operation and maintenance costs.

Configuration Roadmap  for Configuring NAP-based Remote Deployment  of a Huawei S2300/S3300 Series Switch The configuration roadmap is as follows: 1. Set interface Ethernet0/0/1 of SwitchB to a master NAP interface to establish NAP neighbor relationship between SwitchB and SwitchC. 2. Use Telnet to log in to SwitchC from SwitchB to configure remote deployment. 3. Disable NAP for all interfaces of SwitchC.

Procedure for Configuring NAP-based Remote Deployment  of a Huawei S2300/S3300 Series Switch Step 1 Set an interface to a master NAP interface. # Set interface Ethernet0/0/1 on SwitchB to a master NAP interface. <Quidway> system-view [Quidway] sysname SwitchB [SwitchB] interface ethernet 0/0/1 [SwitchB-Ethernet0/0/1] nap port master # Run the display nap interface command on SwitchB to check whether a NAP neighbor relationship has been established and whether IP addresses have been assigned to the master and slave interfaces. [SwitchB-Ethernet0/0/1] display nap interface ------------------------------------------------------ NAP master port list Port count : 1 ------------------------------------------------------ Port property : Master Current status : IP-ASSIGNED Local port : Ethernet0/0/1 Peer port : Ethernet0/0/1 Local IP : 10.167.253.1 Peer IP : 10.167.253.2 Hello time : 3s Linked time : 00:00:26 ------------------------------------------------------ Step 2 Log in to the slave device. # Log in to SwitchC from SwitchB. [SwitchB-Ethernet0/0/1] nap login neighbor Trying 10.167.253.2 ... Press CTRL+K to abort Connected to 10.167.253.2 ... An initial password is required for the first login via the vty user-interface. Set a password and keep it safe! Otherwise you will not be able to login via the vty user-interface. Please configure the login password (6-16) Enter Password: Confirm Password: Info: The max number of VTY users is 10, and the number of current VTY users on line is 1. The current login time is 2012-08-12 05:35:19+08:00. <Quidway> Step 3 Configure deployment on the slave device. After logging in to SwitchC, you can configure deployment on SwitchC. It is recommended that you set the IP address, user name, and password and enable the Telnet service on SwitchC so that you can use Telnet to directly log in to SwitchC. Step 4 Log in to SwitchC using the configured IP address, user name, and password to disable NAP on the slave device. # Disable NAP for all interfaces of SwitchC. <Quidway> system-view [Quidway] sysname SwitchC [SwitchC] undo nap slave enable Warning: The operation will close NAP slave. Continue? [Y/N]:y ----End

More related:

Huawei S2318TP-EI-AC

Huawei S2318TP-EI-DC

Huawei S3328TP-EI-DC

How to Configure the H.248-based Voice Service?

How to Login Huawei Equipment Through the Local Serial Port

How to Configure Attack Defense of Huawei S2300/S3300 Series Switch

How to Configure Attack Defense of Huawei S2300/S3300 Series Switch

Networking Requirements As shown in the below, if a hacker on the LAN initiates malformed packet attacks, packet fragment attacks, and flood attacks to SwitchA, SwitchA may break down. The administrator requires that attack defense measures be deployed on SwitchA to provide a secure network environment and ensure normal services.

Configuration Roadmap The configuration roadmap is as follows: 1. Enable defense against malformed packet attacks so that SwitchA can defend against such attacks. 2. Enable defense against packet fragment attacks so that SwitchA can defend against such attacks. 3. Enable defense against packet flood attacks so that SwitchA can defend against such attacks.

Procedure

Configuration Files Configuration file of SwitchA # sysname SwitchA # anti-attack fragment car cir 15000 anti-attack tcp-syn car cir 15000 anti-attack icmp-flood car cir 15000 # return

More related:

How to Configure Local Attack Defense of Huawei S2300/S3300 Series Switch

Optical attenuation is too large lead to ONU recovery failure

How to Configure the Internet Access Service?

Huawei S2309TP-PWR-EI

Huawei S3328TP-EI-24S-AC

Huawei S3328TP-EI-AC

How to Configure Local Attack Defense of Huawei S2300/S3300 Series Switch

Networking Requirements for Configuring Local Attack Defense of a Huawei S2300/S3300 Series Switch As shown in the below, users from different LANs connect to the Internet through the Switch. The Switch is connected to a large number of users, and receives many packets sent to the CPU. In this case, the CPU of the Switch may be attacked by packets. The administrator needs to know about the CPU status in real time and check whether the CPU is attacked. When potential attacks occur, the device sends alarms to the administrator to protect the CPU. Users on Net1 are forbidden to access the network because they often attack the CPU. The CPU usage occupied by ARP Request packets is `reduced because attackers may send a large number of ARP Request packets to deteriorate CPU performance. Stable and reliable data transmission is required between the administrator host and the Switch.

Configuration Roadmap for Configuring Local Attack Defense of a Huawei S2300/S3300 Series Switch The configuration roadmap is as follows: 1. Attack source tracing provides traffic analysis and statistics, attack source identification and alarm function. Enable attack source tracing and its alarm function. In this way, the administrator can know about the CPU status in real time. 2. Add users on Net1 to the blacklist to prevent users on Net1 from accessing the network. 3. Configure the rate limit for ARP Request packets sent to the CPU to reduce the CPU usage occupied by ARP Request packets. 4. ALP protects session-based application layer data and ensures service reliability and stability on the application layer. Configure rate limit of FTP packets sent to the CPU when an FTP connection is set up (by default, ALP is enabled for FTP packets) to ensure data transmission between the administrator host and the Switch.

Procedure for Configuring Local Attack Defense of a Huawei S2300/S3300 Series Switch

Configuration Files for Configuring Local Attack Defense of a Huawei S2300/S3300 Series Switch Configuration file of Switch # sysname Switch # acl number 2001 rule 5 permit source 1.1.1.0 0.0.0.255 # cpu-defend policy test1 blacklist 1 acl 2001 car packet-type arp-request cir 128 cbs 24064 linkup-car packet-type ftp cir 5000 cbs 940000 auto-defend enable auto-defend alarm enable # cpu-defend-policy test1 global # return

More related:

How Use a User-defined ACL to Configure a Traffic Classifier of Huawei S2300/S3300 Series Switch

Implementation of TR069 protocol in MA5600 series

Application of Time-range In HUAWEI MA5600 Series Equipment

Huawei S3352P-SI-DC

Huawei S2318TP-EI-DC

Huawei S2318TP-EI-AC

How Use a User-defined ACL to Configure a Traffic Classifier of Huawei S2300/S3300 Series Switch

Networking Requirements for Using a User-defined ACL to Configure a Traffic Classifier of a Huawei S2300/S3300 Series Switch As shown in the below picture, Eth 0/0/1 of the Switch is connected to PCs, and Eth 0/0/2 is connected to the upstream router. A user-defined ACL needs to be configured on Eth 0/0/1 to deny the packets of which the bytes from the 14th byte in the Layer 2 header matching 0x0180C200.

Configuration Roadmap for Using a User-defined ACL to Configure a Traffic Classifier of a Huawei S2300/S3300 Series Switch The configuration roadmap is as follows: 1. Configure an ACL. 2. Configure a traffic classifier. 3. Configure a traffic behavior. 4. Configure a traffic policy. 5. Apply the traffic policy to an interface.

Procedure for Using a User-defined ACL to Configure a Traffic Classifier of a Huawei S2300/S3300 Series Switch

Configuration Files for Using a User-defined ACL to Configure a Traffic Classifier of a Huawei S2300/S3300 Series Switch # acl number 5000 rule 5 deny 0x0180c200 0xffffffff 14 # traffic classifier tc1 operator and if-match acl 5000 # traffic behavior tb1 deny # traffic policy tp1 classifier tc1 behavior tb1 # interface Ethernet0/0/1 traffic-policy tp1 inbound # return

How to Use a Layer 2 ACL to Configure a Traffic Classifier of Huawei S2300/S3300 Series Switch

How To Reset Huawei OLT MA5600T Series Equipment Password

MA5600T Backup Redundant of Configuration Smart Link

Huawei S2318TP-SI-AC

Huawei S3352P-PWR-EI

Huawei S3352P-SI-AC

How to Use a Layer 2 ACL to Configure a Traffic Classifier of Huawei S2300/S3300 Series Switch

Networking Requirements for Using a Layer 2 ACL to Configure a Traffic Classifier of a Huawei S2300/S3300 Series Switch As shown in the below picture, the Switch that functions as the gateway is connected to PCs. ACL needs to be configured to prevent the packets with the source MAC address 00e0-f201-0101 and the destination MAC address 0260-e207-0002 from passing through.

Configuration Roadmap for Using a Layer 2 ACL to Configure a Traffic Classifier of a Huawei S2300/S3300 Series Switch The configuration roadmap is as follows: 1. Configure an ACL.

2. Configure a traffic classifier. 3. Configure a traffic behavior. 4. Configure a traffic policy. 5. Apply the traffic policy to an interface.

Procedure for Using a Layer 2 ACL to Configure a Traffic Classifier of a Huawei S2300/S3300 Series Switch

Configuration Files for Using a Layer 2 ACL to Configure a Traffic Classifier of a Huawei S2300/S3300 Series Switch # acl number 4000 rule 5 deny destination-mac 0260-e207-0002 source-mac 00e0-f201-0101 # traffic classifier tc1 operator and if-match acl 4000 # traffic behavior tb1 deny # traffic policy tp1 classifier tc1 behavior tb1 # interface Ethernet0/0/2 traffic-policy tp1 inbound # return

More related:

How to Configure a Basic ACL to Limit Access to the FTP Server of Huawei S2300/S3300 Series Switch

MA5600T Series Equipment Boot Upgrade Guidebook

Huawei MA562X Series Equipmen Convert Into Switch Instruction

Huawei S3352P-EI-DC

Huawei S2326TP-EI-DC

Huawei S2326TP-EI-AC

How to Configure a Basic ACL to Limit Access to the FTP Server of Huawei S2300/S3300 Series Switch

Networking Requirements for Configuring a Basic ACL to Limit Access to the FTP Server of a Huawei S2300/S3300 Series Switch As shown in the below picture, the Switch functions as an FTP server (172.16.104.110/24). The requirements are as follows: All the users on subnet 1 (172.16.105.0/24) are allowed to access the FTP server at any time. All the users on subnet 2 (172.16.107.0/24) are allowed to access the FTP server only at the specified period of time. Other users are not allowed to access the FTP server. The routes between the Switch and subnets are reachable. You need to configure the Switch to limit user access to the FTP server.

Configuration Roadmap for Configuring a Basic ACL to Limit Access to the FTP Server of a Huawei S2300/S3300 Series Switch The configuration roadmap is as follows: Create a basic ACL on the Switch and configure rules in the basic ACL. Configure basic FTP functions on the Switch. Apply a basic ACL to the Switch to limit user access.

Procedure for Configuring a Basic ACL to Limit Access to the FTP Server of a Huawei S2300/S3300 Series Switch

Configuration Files for Configuring a Basic ACL to Limit Access to the FTP Server of a Huawei S2300/S3300 Series Switch # Configuration file of the Switch # sysname Switch # ftp server enable ftp acl 2001 # time-range ftp-access 14:00 to 18:00 off-day time-range ftp-access from 00:00 2009/1/1 to 23:59 2011/12/31 # acl number 2001 rule 5 permit source 172.16.105.0 0.0.0.255 rule 10 permit source 172.16.107.0 0.0.0.255 time-range ftp-access rule 15 deny # return

More related:

How to Configure Prompt Leave for Interfaces of Huawei S2300/S3300 Series Switch

MA5600T Series Equipment Aggregate Docking Cisco Equipment

Huawei MA5620 Series Equipment Port Mirror Capture

Huawei S2326TP-PWR-EI

Huawei S3352P-EI-48S-DC

Huawei S3352P-EI-AC

How to Configure Prompt Leave for Interfaces of Huawei S2300/S3300 Series Switch

Networking Requirements for Configuring Prompt Leave for Interfaces of a Huawei S2300/S3300 Series Switch In the below, the router connects to the user network through the Layer 2 Switch on an IPv6 network. Eth0/0/1 and Eth0/0/2 on the Switch respectively connect to only one receiver host. Therefore, when receiving MLD Done messages from the two interfaces, the Switchdeletes the forwarding entries of the multicast group that the hosts leave, without waiting for the timeout of the aging timer. This saves the bandwidth and system resources.

Configuration Roadmap for Configuring Prompt Leave for Interfaces of a Huawei S2300/S3300 Series Switch Enabling MLD snooping and configuring prompt leave for interfaces on the Switch can meet the requirements. Create a VLAN and add interfaces to the VLAN. Enable MLD snooping globally and in a VLAN. Enable prompt leave for interfaces in a VLAN.

Procedure for Configuring Prompt Leave for Interfaces of a Huawei S2300/S3300 Series Switch

Configuration Files for Configuring Prompt Leave for Interfaces of a Huawei S2300/S3300 Series Switch # sysname Switch # mld-snooping enable # vlan batch 10 # vlan 10 mld-snooping enable mld-snooping prompt-leave # interface Ethernet0/0/1 port hybrid pvid vlan 10 port hybrid untagged vlan 10 # interface Ethernet0/0/2 port hybrid pvid vlan 10 port hybrid untagged vlan 10 # interface Ethernet0/0/3 port hybrid pvid vlan 10 port hybrid untagged vlan 10 # return

More related:

How to Configure a Static Interface to Implement Layer 2 Multicast

How do Adding an ONU to an OLT?

Huawei OLT MA5600T Series Equipment Upgrade Instructions

Huawei S2326TP-SI-AC

Huawei S2352P-EI-AC

Huawei S3352P-EI-48S-AC

How to Configure a Static Interface to Implement Layer 2 Multicast

Networking Requirements for Configuring a Static Interface to Implement Layer 2 Multicast of a Huawei S2300/S3300 Series Switch In the below picture, the router connects to the user network through the Layer 2 switch on an IPv6 network. HostA, HostB, and HostC are the receivers. The user-side VLANIF interface of Router has static groups FF16::1 to FF16::5 configured and does not run MLD. HostA and HostB require to steadily receive data from FF16::1 to FF16::3 while HostC wants to steadily receive data from FF16::4 to FF16::5.

Configuration Roadmap for Configuring a Static Interface to Implement Layer 2 Multicast of a Huawei S2300/S3300 Series Switch To meet the requirement, MLD snooping static router and member ports need to configured on the Switch. 1. Create a VLAN and add interfaces to the VLAN. 2. Enable MLD snooping globally and in a VLAN. 3. Configure a static router port. 4. Configure a static member port.

Procedure for Configuring a Static Interface to Implement Layer 2 Multicast of a Huawei S2300/S3300 Series Switch

Configuration Files for Configuring a Static Interface to Implement Layer 2 Multicast of a Huawei S2300/S3300 Series Switch l Configuration file of the Switch # sysname Switch # vlan batch 10 # mld-snooping enable # vlan 10 mld-snooping enable # interface Ethernet0/0/1 port hybrid pvid vlan 10 port hybrid untagged vlan 10 mld-snooping static-group ff16:0:0:0:0:0:0:1 vlan 10 mld-snooping static-group ff16:0:0:0:0:0:0:2 vlan 10 mld-snooping static-group ff16:0:0:0:0:0:0:3 vlan 10 # interface Ethernet0/0/2 port hybrid pvid vlan 10 port hybrid untagged vlan 10 mld-snooping static-group ff16:0:0:0:0:0:0:4 vlan 10 mld-snooping static-group ff16:0:0:0:0:0:0:5 vlan 10 # interface Ethernet0/0/3 port hybrid pvid vlan 10 port hybrid untagged vlan 10 mld-snooping static-router-port vlan 10

# return

More related:

How to Configure MLD Snooping of Huawei S2300/S3300 Series Switch

How to configure the Management Channel Between OLT and ONU?

How to configure Clock Synchronization?

Huawei S3328TP-SI-DC

Huawei S3352P-EI-24S-DC

Huawei S2326TP-PWR-EI