Huawei V100R006C00 Configuration Manual

Download

Quidway S5700 Series Ethernet Switches

V100R006C00

Configuration Guide - Device Management

Issue 01

Date 2011-07-15

HUAWEI TECHNOLOGIES CO., LTD.

No part of this document may be reproduced or transmitted in any form or by any means without prior written consent of Huawei Technologies Co., Ltd.

Trademarks and Permissions

and other Huawei trademarks are trademarks of Huawei Technologies Co., Ltd.

All other trademarks and trade names mentioned in this document are the property of their respective holders.

Notice

The purchased products, services and features are stipulated by the contract made between Huawei and the customer. All or part of the products, services and features described in this document may not be within the purchase scope or the usage scope. Unless otherwise specified in the contract, all statements, information, and recommendations in this document are provided "AS IS" without warranties, guarantees or representations of any kind, either express or implied.

The information in this document is subject to change without notice. Every effort has been made in the preparation of this document to ensure accuracy of the contents, but all statements, information, and recommendations in this document do not constitute the warranty of any kind, express or implied.

Huawei Technologies Co., Ltd.

Address: Huawei Industrial Base

Bantian, Longgang Shenzhen 518129 People's Republic of China

Website: http://www.huawei.com

Email: support@huawei.com

Issue 01 (2011-07-15) Huawei Proprietary and Confidential

DANGER

WARNING

CAUTION

TIP

NOTE

Quidway S5700 Series Ethernet Switches Configuration Guide - Device Management About This Document

About This Document

Intended Audience

This document describes procedures and provides examples for configuring the Device Management features of the S5700.

This document guides you through the configuration and applicable environment of the Device Management features of the S5700.

This document is intended for:

l Data configuration engineers

l Commissioning engineers

l Network monitoring engineers

l System maintenance engineers

Symbol Conventions

The symbols that may be found in this document are defined as follows.

Symbol

Description

Indicates a hazard with a high level of risk, which if not avoided, will result in death or serious injury.

Indicates a hazard with a medium or low level of risk, which if not avoided, could result in minor or moderate injury.

Indicates a potentially hazardous situation, which if not avoided, could result in equipment damage, data loss, performance degradation, or unexpected results.

Indicates a tip that may help you solve a problem or save time.

Provides additional information to emphasize or supplement important points of the main text.

Issue 01 (2011-07-15) Huawei Proprietary and Confidential

Quidway S5700 Series Ethernet Switches Configuration Guide - Device Management About This Document

Command Conventions

The command conventions that may be found in this document are defined as follows.

Convention Description

Boldface The keywords of a command line are in boldface.

Italic Command arguments are in italics.

[ ] Items (keywords or arguments) in brackets [ ] are optional.

{ x | y | ... } Optional items are grouped in braces and separated by

vertical bars. One item is selected.

[ x | y | ... ] Optional items are grouped in brackets and separated by

vertical bars. One item is selected or no item is selected.

{ x | y | ... }

[ x | y | ... ]

&<1-n> The parameter before the & sign can be repeated 1 to n times.

# A line starting with the # sign is comments.

Change History

Updates between document issues are cumulative. Therefore, the latest document issue contains all changes made in previous issues.

Changes in Issue 01 (2011-07-15)

Initial commercial release.

Optional items are grouped in braces and separated by vertical bars. A minimum of one item or a maximum of all items can be selected.

Optional items are grouped in brackets and separated by vertical bars. Several items or no item can be selected.

Issue 01 (2011-07-15) Huawei Proprietary and Confidential

iii

Quidway S5700 Series Ethernet Switches Configuration Guide - Device Management Contents

About This Document.....................................................................................................................ii

1 Auto-Config....................................................................................................................................1

1.1 Overview............................................................................................................................................................2

1.2 Auto-Config Features Supported by the S5700..................................................................................................3

1.3 Deploying Unconfigured Switches (Same Network Segment)..........................................................................6

1.3.1 Establishing the Configuration Task.........................................................................................................6

1.3.2 Configuring the DHCP Server...................................................................................................................7

1.3.3 Configuring the FTP/TFTP Server............................................................................................................8

1.3.4 Checking the Configuration.......................................................................................................................8

1.4 Deploying Unconfigured Switches (Different Network Segments)...................................................................9

1.4.1 Establishing the Configuration Task.........................................................................................................9

1.4.2 Configuring the DHCP Server.................................................................................................................10

1.4.3 Configuring DHCP Relay........................................................................................................................11

1.4.4 Configuring the FTP/TFTP Server..........................................................................................................11

1.4.5 Checking the Configuration.....................................................................................................................11

2 NAP Configuration.....................................................................................................................13

2.1 NAP Overview.................................................................................................................................................14

2.2 Configuring NAP-based Remote Deployment.................................................................................................14

2.2.1 Establishing the Configuration Task.......................................................................................................14

2.2.2 Configuring and Starting the NAP Master Interface...............................................................................15

2.2.3 Remote Login..........................................................................................................................................17

2.2.4 Disabling NAP on the Slave Device........................................................................................................18

2.2.5 Checking the Configuration.....................................................................................................................18

2.3 Configuration Examples...................................................................................................................................19

2.3.1 Example for Configuring NAP-based Remote Deployment in Static Mode...........................................20

2.3.2 Example for Configuring NAP-based Remote Deployment in Automatic Mode...................................21

3 Stacking.........................................................................................................................................24

3.1 Stacking Overview...........................................................................................................................................25

3.2 Principle of Stacking........................................................................................................................................25

3.3 Features of Stacking Supported by the S5700..................................................................................................31

3.4 Typical Topology of a Stack............................................................................................................................32

3.5 Configuring the Stacking Function on the S5700............................................................................................33

Issue 01 (2011-07-15) Huawei Proprietary and Confidential

Quidway S5700 Series Ethernet Switches Configuration Guide - Device Management Contents

3.5.1 Establishing the Configuration Task.......................................................................................................33

3.5.2 (Optional) Configuring the Reserved VLAN of the Stack......................................................................33

3.5.3 (Optional) Enabling the Stacking Function.............................................................................................34

3.5.4 (Optional) Configuring a Stack ID for the S5700...................................................................................34

3.5.5 (Optional) Configuring a Stack Priority for a Device.............................................................................35

3.5.6 (Optional) Configuring the MAC Address Switchover Time.................................................................35

3.5.7 Checking the Configuration.....................................................................................................................36

3.6 Configuration Examples...................................................................................................................................37

3.6.1 Example for Configuring a Stack in a Ring Topology............................................................................37

4 Using display commands to check the status of the device................................................39

4.1 Introduction......................................................................................................................................................40

4.2 Checking the Status of the S5700.....................................................................................................................40

4.2.1 Checking Information About the S5700..................................................................................................40

4.2.2 Checking the Version of the S5700.........................................................................................................40

4.2.3 Checking the Electronic Labels...............................................................................................................40

4.2.4 Checking Temperature............................................................................................................................41

4.2.5 Checking the Fan Status..........................................................................................................................41

4.2.6 Checking the Power Supply Status..........................................................................................................41

4.2.7 Checking the CPU Usage........................................................................................................................42

4.2.8 Checking the Memory Usage..................................................................................................................42

4.2.9 Checking Alarms.....................................................................................................................................42

4.2.10 Checking the Status of an Interface.......................................................................................................42

5 Hardware Management..............................................................................................................44

5.1 Hardware Management Overview....................................................................................................................45

5.2 Hardware Management Features Supported by the S5700...............................................................................45

5.3 Backing Up the Electronic Label......................................................................................................................45

5.3.1 Establishing the Configuration Task.......................................................................................................45

5.3.2 Backing Up the Electronic Label.............................................................................................................46

5.4 Configuring Electrical Port Sleep.....................................................................................................................46

5.4.1 Establishing the Configuration Task.......................................................................................................46

5.4.2 Enabling Electrical Port Sleep.................................................................................................................47

5.4.3 Checking the Configuration.....................................................................................................................47

6 Monitoring the Device Through the Information Center...................................................48

6.1 Information Center Overview...........................................................................................................................49

6.1.1 Introduction to the Information Center....................................................................................................49

6.1.2 Information Center Supported by the S5700...........................................................................................49

6.2 Configuring the Information Center.................................................................................................................54

6.2.1 Establishing the Configuration Task.......................................................................................................55

6.2.2 Enabling the Information Center.............................................................................................................55

6.2.3 (Optional) Naming the Information Channel..........................................................................................56

6.2.4 Defining the Information Channel...........................................................................................................56

Issue 01 (2011-07-15) Huawei Proprietary and Confidential

Quidway S5700 Series Ethernet Switches Configuration Guide - Device Management Contents

6.2.5 (Optional) Configuring the Timestamp for the Output Information.......................................................56

6.2.6 Checking the Configuration.....................................................................................................................57

6.3 Sending Information to the Information Center...............................................................................................57

6.3.1 Sending Information to the Console........................................................................................................57

6.3.2 Sending Information to the Telnet Terminal...........................................................................................58

6.3.3 Sending Information to the SNMP Agent...............................................................................................59

6.3.4 Sending Information to the Log Buffer...................................................................................................59

6.3.5 Sending Information to the Trap Buffer..................................................................................................59

6.3.6 Sending Information to the Log Host......................................................................................................60

6.3.7 Checking the Configuration.....................................................................................................................60

6.4 Maintaining the Information Center.................................................................................................................60

6.5 Configuration Examples...................................................................................................................................61

6.5.1 Example for Configuring the Information Center...................................................................................61

7 Mirroring.......................................................................................................................................64

7.1 Introduction......................................................................................................................................................66

7.1.1 Mirroring Functions.................................................................................................................................66

7.2 Configuring Local Port Mirroring....................................................................................................................69

7.2.1 Establishing the Configuration Task.......................................................................................................69

7.2.2 Configuring Local Port Mirroring...........................................................................................................70

7.2.3 Checking the Configuration.....................................................................................................................70

7.3 Configuring Remote Port Mirroring.................................................................................................................71

7.3.1 Establishing the Configuration Task.......................................................................................................71

7.3.2 Configuring Remote Port Mirroring........................................................................................................71

7.3.3 Checking the Configuration.....................................................................................................................74

7.4 Canceling Port Mirroring..................................................................................................................................74

7.4.1 Establishing the Configuration Task.......................................................................................................74

7.4.2 Canceling Port Mirroring.........................................................................................................................75

7.4.3 Checking the Configuration.....................................................................................................................75

7.5 Configuring Local VLAN Mirroring................................................................................................................75

7.5.1 Establishing the Configuration Task.......................................................................................................76

7.5.2 Configuring Local VLAN Mirroring.......................................................................................................76

7.5.3 Checking the Configuration.....................................................................................................................77

7.6 Configuring Remote VLAN Mirroring............................................................................................................77

7.6.1 Establishing the Configuration Task.......................................................................................................77

7.6.2 Configuring Remote VLAN Mirroring...................................................................................................78

7.6.3 Checking the Configuration.....................................................................................................................79

7.7 Canceling VLAN Mirroring.............................................................................................................................79

7.7.1 Establishing the Configuration Task.......................................................................................................79

7.7.2 Canceling VLAN Mirroring....................................................................................................................79

7.7.3 Checking the Configuration.....................................................................................................................80

7.8 Configuring MAC Address-based Local Mirroring.........................................................................................80

7.8.1 Establishing the Configuration Task.......................................................................................................80

Issue 01 (2011-07-15) Huawei Proprietary and Confidential

Quidway S5700 Series Ethernet Switches Configuration Guide - Device Management Contents

7.8.2 Configuring Local SPAN Based on MAC Addresses.............................................................................81

7.8.3 Checking the Configuration.....................................................................................................................81

7.9 Configuring RSPAN Based on MAC Addresses.............................................................................................82

7.9.1 Establishing the Configuration Task.......................................................................................................82

7.9.2 Configuring Remote MAC Address Mirroring.......................................................................................82

7.9.3 Checking the Configuration.....................................................................................................................83

7.10 Canceling Mirroring Based on MAC Addresses............................................................................................84

7.10.1 Establishing the Configuration Task.....................................................................................................84

7.10.2 Canceling Mirroring Based on MAC Addresses...................................................................................84

7.10.3 Checking the Configuration...................................................................................................................85

7.11 Configuring Local Flow Mirroring.................................................................................................................85

7.11.1 Establishing the Configuration Task.....................................................................................................85

7.11.2 Configuring Traffic Classification Rules..............................................................................................85

7.11.3 Configuring Flow Mirroring..................................................................................................................86

7.11.4 Creating and Applying a Traffic Policy................................................................................................86

7.11.5 Checking the Configuration...................................................................................................................87

7.12 Configuring Remote Flow Mirroring.............................................................................................................87

7.12.1 Establishing the Configuration Task.....................................................................................................88

7.12.2 Setting Traffic Classification Rules.......................................................................................................88

7.12.3 Configuring Remote Flow Mirroring....................................................................................................88

7.12.4 Creating and Applying a Traffic Policy................................................................................................89

7.12.5 Checking the Configuration...................................................................................................................89

7.13 Canceling Flow Mirroring..............................................................................................................................90

7.13.1 Establishing the Configuration Task.....................................................................................................90

7.13.2 Canceling Flow Mirroring.....................................................................................................................91

7.13.3 Checking the Configuration...................................................................................................................91

7.14 Changing or Deleting an Observing Port.......................................................................................................92

7.14.1 Establishing the Configuration Task.....................................................................................................92

7.14.2 (Optional) Deleting an Observing Port..................................................................................................92

7.14.3 (Optional) Changing an Observing Port................................................................................................93

7.14.4 Checking the Configuration...................................................................................................................93

7.15 Configuring CPU Mirroring...........................................................................................................................94

7.15.1 Establishing the Configuration Task.....................................................................................................94

7.15.2 (Optional) Configuring an ACL Rule....................................................................................................94

7.15.3 Configuring an Observing Port..............................................................................................................95

7.15.4 Configuring CPU Mirroring..................................................................................................................95

7.15.5 Checking the Configuration...................................................................................................................95

7.16 Cancelling CPU Mirroring.............................................................................................................................96

7.16.1 Establishing the Configuration Task.....................................................................................................96

7.16.2 Cancelling CPU Mirroring....................................................................................................................96

7.16.3 Checking the Configuration...................................................................................................................96

7.17 Configuration Examples.................................................................................................................................97

Issue 01 (2011-07-15) Huawei Proprietary and Confidential

vii

Quidway S5700 Series Ethernet Switches Configuration Guide - Device Management Contents

7.17.1 Example for Configuring Local Port Mirroring....................................................................................97

7.17.2 Example for Configuring Local VLAN Mirroring................................................................................98

7.17.3 Example for Configuring MAC Address-based Local Mirroring.......................................................100

7.17.4 Example for Configuring Local Flow Mirroring.................................................................................102

7.17.5 Example for Configuring Remote Port Mirroring...............................................................................105

7.17.6 Example for Changing an Observing Port...........................................................................................108

8 PoE Configuration.....................................................................................................................111

8.1 PoE Overview.................................................................................................................................................112

8.2 PoE Features Supported by the S5700...........................................................................................................112

8.3 Configuring PoE Functions............................................................................................................................113

8.3.1 Establishing the Configuration Task.....................................................................................................113

8.3.2 Configuring the PoE Function Globally................................................................................................113

8.3.3 Configuring the PoE Function on an Interface......................................................................................115

8.3.4 Checking the Configuration...................................................................................................................117

8.4 Configuration Examples.................................................................................................................................117

8.4.1 Example for Configuring PoE on the Switch........................................................................................118

9 ALS Configuration....................................................................................................................120

9.1 ALS Overview................................................................................................................................................121

9.2 ALS Features Supported by the S5700...........................................................................................................121

9.3 Configuring ALS............................................................................................................................................122

9.3.1 Establishing the Configuration Task.....................................................................................................122

9.3.2 Enabling ALS on an Interface...............................................................................................................123

9.3.3 (Optional) Setting the Restart Mode of the Laser..................................................................................124

9.3.4 (Optional) Starting the Laser Manually.................................................................................................124

9.3.5 (Optional) Setting the ALS Pulse Interval and Width of the Laser.......................................................125

9.3.6 Checking the Configuration...................................................................................................................126

9.4 Configuration Examples.................................................................................................................................126

9.4.1 Example for Configuring ALS..............................................................................................................126

10 Restarting and Resetting........................................................................................................129

10.1 Introduction..................................................................................................................................................130

10.1.1 Process of Starting the S5700..............................................................................................................130

10.1.2 Process of Starting the BootROM.......................................................................................................130

10.2 Restarting the S5700 Immediately...............................................................................................................131

10.2.1 Restarting the S5700 Immediately Through Command Lines............................................................132

10.2.2 Restarting the S5700 by Pressing the Power Button on the S5700.....................................................132

10.3 Restarting the S5700 at a Fixed Time..........................................................................................................132

Issue 01 (2011-07-15) Huawei Proprietary and Confidential

viii

Quidway S5700 Series Ethernet Switches Configuration Guide - Device Management 1 Auto-Config

1 Auto-Config

About This Chapter

This chapter describes the concept, working mechanism, and deployment of Auto-Config.

1.1 Overview

This section describes the functions, application scenarios, and terms of Auto-Config.

1.2 Auto-Config Features Supported by the S5700

This section describes how Auto-Config runs on the S5700.

1.3 Deploying Unconfigured Switches (Same Network Segment)

This section describes how to deploy S5700s without configuration file.

1.4 Deploying Unconfigured Switches (Different Network Segments)

This section describes how to deploy unconfigured S5700s.

Issue 01 (2011-07-15) Huawei Proprietary and Confidential

Quidway S5700 Series Ethernet Switches Configuration Guide - Device Management 1 Auto-Config

1.1 Overview

This section describes the functions, application scenarios, and terms of Auto-Config.

When a new switch or a switch without any configuration file is powered on, Auto-Config runs automatically to obtain a configuration file. With the Auto-Config function, the network administrator can manage new switches or switches without any configuration file remotely.

NOTE

The Auto-Config function is applicable to new switches or switches without any configuration file (unconfigured switches).

The Auto-Config function has the following advantages:

l The maintenance personnel do not need to manually configure each switch. With this

function, a few maintenance personnel can maintenance widely deployed devices.

l Auto-Config simplifies the network configurations and implements unified management

and remote debugging on switches.

l With Auto-Config allows switches to automatically download corresponding configuration

files, reducing the workload of network administrators.

Intermediate File

The intermediate file lswnet.cfg is used in the Auto-Config process. The intermediate file records the mapping between MAC addresses of switches and names of configuration files. After an unconfigured switch obtains the IP address of the FTP/TFTP server, it downloads the lswnet.cfg file from the FTP/TFTP server to search for the name of the required configuration file, and then downloads the configuration file from the FTP/TFTP server.

For example, if the MAC address of an S5700 is 0018-82C5-AA89 and the S5700 needs to download the configuration file S5700.cfg, the contents of the intermediate file are as follows:

mac=0018-82C5AA89;vrpfile=V100R006C00.cc;vrpver=V100R006C00;cfgfile=S5700.cfg;patchfile=S5700pat.pat; esn=0213778899;vrpfile=V100R006C00.cc;vrpver=V100R006C00;cfgfile=S5700. cfg;patchfile=S5700-pat.pat;

NOTE

Auto-Config uses Option 67 to obtain the configuration file first. If Option 67 is not configured, AutoConfig obtains the intermediate file.

NOTE

If the configuration file is located on the FTP or TFTP server, its extension must be .cfg.

A MAC address and a configuration file name are separated by a semicolon. The format of a MAC address is xxxx-xxxx-xxxx-xxxx. The name of a configuration file contains up to 48 characters, including the extension .cfg. The name is case insensitive and cannot contain special characters. It is recommended that the name consists of English letters, numbers, and underscore (_).

If multiple unconfigured switches need to be configured, each row in the intermediate file records the MAC address of a switch and the name of the configuration file that the switch requires.

Option 67

The Option 67 field is configured on the DHCP server to specify the configuration file.

Issue 01 (2011-07-15) Huawei Proprietary and Confidential

Quidway S5700 Series Ethernet Switches Configuration Guide - Device Management 1 Auto-Config

Option 150

The Option 150 field is configured on the DHCP server to specify the IP address of the TFTP server.

Option 14x

The Option 14x field is configured on the DHCP server to specify the IP address, user name, and password of the FTP server.

l Option 141: specifies the user name of the FTP user.

l Option 142: specifies the password of the FTP user.

l Option 143: specifies the IP address of the FTP server.

l Option 145: version file.

l Option 146: identity.

l Option 147: authentication.

1.2 Auto-Config Features Supported by the S5700

This section describes how Auto-Config runs on the S5700.

Figure 1-1 shows the basic process of Auto-Config.

Issue 01 (2011-07-15) Huawei Proprietary and Confidential

Obtain a configuration

file

Timer expires, delete

temporary

configuration and

make configuration

file effective

End

Does the

device need to be

upgraded?

Start a timer to set the delay in device restart

Can a

patch file be

downloaded to

device?

Obtain a version file Obtain the patch file

Is the

version file

obtained?

Is the patch

file obtained?

Yes

Is there patch file

information?

Yes

Is the version file

valid?

Restart device

Is the patch file

valid?

Obtain the Web file

Is the

configuration file

obtained? Yes

Is there Web

file information?

Yes

Set the restart flag

Yes

Specify it as next

startup file

Specify it as next

startup file

Start a new

AutoConfig process

Is the restart

flag 1?

Yes

Send DHCP Request

packets periodically

Auto-Config starts

Stop sending DHCP

Request packets

Yes

Configure non-

authentication for VTYs

Allocate IP address

Parse Option

parameters

Are

DHCP Reply Packets

received?

Are

DHCP Reply packets

valid?

Are there

Version file name and

version info?

Quidway S5700 Series Ethernet Switches Configuration Guide - Device Management 1 Auto-Config

Figure 1-1 Basic process of Auto-Config

Issue 01 (2011-07-15) Huawei Proprietary and Confidential

Quidway S5700 Series Ethernet Switches Configuration Guide - Device Management 1 Auto-Config

The Auto-Config process can be divided into three phases:

l Startup

After being powered on, an unconfigured switch checks whether there is *.cfg or *.zip file except the *web.zip and web.zip files in the flash memory, and then takes actions according to the checking result:

– If the switch detects a configuration file, it loads the configuration file to complete the

startup.

– If the switch does not detect any configuration file, it checks whether Auto-Config is

enabled. If Auto-Config is enabled, the switch starts a 5-minute timer for obtaining a configuration file and then load the default configuration to complete the startup. If Auto-Config is disabled, the switch loads the default configuration to complete the startup.

l Obtaining a configuration file when the timer expires

When the timer set for obtaining a configuration file expires, the switch checks whether a configuration file is saved in the flash memory. If the flash memory does not contain any configuration file, the switch checks whether it is added to a Huawei Group Management Protocol (HGMP) cluster. If the switch is not in any HGMP cluster, the switch begins to obtain a configuration file as follows:

1. Obtaining the IP address and information about the FTP/TFTP server

A switch that does not load any configuration file automatically enables the DHCP client function on the VLANIF1 interface in Up state. VLANIF1 then broadcasts DHCP Request packets (presuming that the DHCP server has been configured with the address pool, Option 150 or Option 14x, and gateway information). Then, the DHCP server sends the related configurations to the switch, including the IP address allocated to the switch, IP address of the FTP/TFTP server, FTP user name and password, and default gateway.

If the switch fails to obtain the IP address of the FTP/TFTP server, it sends DHCP requests repeatedly until it obtains the IP address.

2. Downloading a configuration file

After the switch that does not load any configuration file obtains the IP address of the FTP/TFTP server, it accesses the FTP/TFTP server to obtain a configuration file through Layer 2 or Layer 3 forwarding.

(1) The switch downloads the intermediate file lswnet.cfg from the FTP/TFTP

server.

(2) The switch searches for the name of the required configuration file, and then

downloads the configuration file from the FTP/TFTP server.

(3) If downloading the configuration file fails, the AutoConfig process will be

suspend.

l Loading a configuration file

After the configuration file is downloaded successfully, the router is restarted according to the setting of Option 146. If no Option 146 is configured, the router is restarted immediately after the configuration file is downloaded.

Issue 01 (2011-07-15) Huawei Proprietary and Confidential

SwitchA

SwitchC

SwitchB

DHCP Server FTP/TFTP Server

Operator

Quidway S5700 Series Ethernet Switches Configuration Guide - Device Management 1 Auto-Config

1.3 Deploying Unconfigured Switches (Same Network Segment)

This section describes how to deploy S5700s without configuration file.

1.3.1 Establishing the Configuration Task

Applicable Environment

As shown in Figure 1-2, unconfigured switches are reachable from a DHCP server. A PC is connected to the DHCP server and functions as an FTP or a TFTP server to store configuration files. After the DHCP server and FTP/TFTP server are configured, every switch obtains a configuration file through Auto-Config.

The DHCP server, FTP/TFTP server, and switches are deployed on the same network segment.

Figure 1-2 Auto-Config networking where the DHCP server, FTP/TFTP server, and unconfigured switch are on the same network segment

Pre-configuration Tasks

Before deploying unconfigured switches, complete the following tasks:

l Ensuring that there are routes from the DHCP server and FTP/TFTP server to the switches

l Ensuring that there is no *.cfg or *.zip file except the *web.zip and web.zip files in the

flash memory of each switch

l Ensuring that the switches are not added to any HGMP cluster

Data Preparation

To deploy unconfigured switches, you need the following data.

Issue 01 (2011-07-15) Huawei Proprietary and Confidential

Quidway S5700 Series Ethernet Switches Configuration Guide - Device Management 1 Auto-Config

No.Data

1 Interconnection information about the upstream interfaces on each S5700 and the

downstream interfaces on the DHCP server

2 MAC address of each unconfigured switch

3 IP address, mask, address pool, and Option 150 or Option 14x of the DHCP server

4 IP address, version file, patch file, and configuration file on the FTP/TFTP server

1.3.2 Configuring the DHCP Server

Context

The configuration procedure varies according to the device type of the DHCP server. Therefore, the configuration procedure is not described and only the configuration contents are provided.

Procedure

NOTE

The DHCP server must support either Option 150 or Option 14x.

l Enable DHCP server.

l Configure an address pool, including the address range and Option 150 (or Option 14x).

It is required that the address pool be on the same network segment with unconfigured switches and the FTP/TFTP server.

NOTE

Pay attention to the following points when configuring Option 150 or Option 14x:

l When new switches obtain configuration files through TFTP, the DHCP server must support

Option 150.

l When new switches obtain configuration files through FTP, the DHCP server must support

Option 141, Option 142, and Option 143.

l If both Option 150 and Option 14x are configured on the DHCP server, Option 150 takes

precedence over Option 14x.

l If you use ordinary characters to configure Option 150 or Option 143 on the DHCP server, the

Auto-Config module cannot recognize the IP address, which results in an Auto-Config process sends the DHCP messages incessantly.

l Add the downstream interface on the DHCP server to the management VLAN in access

mode and assign an IP address on the same network segment as the IP address of the DHCP server to the management VLAN.

After Auto-Config is enabled, packets from an unconfigured switch do not carry tags. Therefore, ensure that untagged packets can be transmitted between unconfigured switches and the DHCP server.

----End

Issue 01 (2011-07-15) Huawei Proprietary and Confidential

Quidway S5700 Series Ethernet Switches Configuration Guide - Device Management 1 Auto-Config

1.3.3 Configuring the FTP/TFTP Server

Context

The configuration procedure varies according to the device type of the FTP/TFTP server. Therefore, the configuration procedure is not described and only the configuration contents are provided.

Procedure

l Set the IP address of the FTP/TFTP server.

For an FTP server, the IP address must be the same as the value of Option 143 configured on the DHCP server; for a TFTP server, the IP address must be the same as the value of Option 150 configured on the DHCP server.

l Create and configure an intermediate file.

The intermediate file is configured according to the MAC addresses of unconfigured switches and the names of configuration files. For the format of the intermediate file, see

1.1 Overview.

l Save the intermediate file and configuration files to the working directory on the FTP/TFTP

server.

----End

1.3.4 Checking the Configuration

Prerequisite

The configurations of the DHCP server and FTP/TFTP server are complete.

Context

You can check different items in different phases in the Auto-Config process to confirm that Auto-Config runs properly.

Procedure

Step 1 Five minutes after unconfigured switches are powered on, check address allocation on the DHCP

server to confirm that the switches are connected to the DHCP server.

NOTE

If the switches are connected to the DHCP server, you can log in to the switches through Telnet but do not configure the switches.

Step 2 Five minutes after the switches obtain IP addresses, check the file downloading log on the FTP/

TFTP server or log in to the switches to confirm that correct configuration files have been downloaded.

NOTE

Do not save a configuration file to a switch to be configured immediately after the configuration file is downloaded; otherwise, only a temporary configuration file is saved because the configurations have not taken effect.

Step 3 If the user has specified the activation delay, the configuration file will take effect after the delay.

If the user has not specified the activation delay, the configuration file will take effect

Issue 01 (2011-07-15) Huawei Proprietary and Confidential

SwitchA

SwitchC

SwitchB

DHCP Server

FTP/TFTP Server

Operator

Network

DHCP Relay

Quidway S5700 Series Ethernet Switches Configuration Guide - Device Management 1 Auto-Config

immediately by default. Then run the display current-configuration command to check whether the configurations take effect.

NOTE

If you access the switch when it is busy delivering configurations in the Auto-Config process, the switch may not respond in real time.

After the configurations take effect, modify the configuration of the downstream interface on the DHCP server as required.

----End

1.4 Deploying Unconfigured Switches (Different Network Segments)

This section describes how to deploy unconfigured S5700s.

1.4.1 Establishing the Configuration Task

Applicable Environment

As shown in Figure 1-3, unconfigured switches are reachable from a DHCP relay and a DHCP server. A PC is connected to the DHCP server and functions as an FTP or a TFTP server to store configuration files. After the DHCP server and FTP/TFTP server are configured, every switch obtains a configuration file through Auto-Config.

The DHCP server, FTP/TFTP server, and switches are deployed on different network segments.

Figure 1-3 Auto-Config networking where the DHCP server, FTP/TFTP server, and unconfigured switches are on different network segments

Pre-configuration Tasks

Before deploying unconfigured switches, complete the following tasks:

l Ensuring that there are routes from the DHCP server, DHCP relay, and FTP/TFTP server

to the switches

Issue 01 (2011-07-15) Huawei Proprietary and Confidential

Quidway S5700 Series Ethernet Switches Configuration Guide - Device Management 1 Auto-Config

l Ensuring that there is no *.cfg or *.zip file except the *web.zip and web.zip files in the

flash memory of each switch

l Ensuring that the switches are not added to any HGMP cluster and USB upgrade

Data Preparation

To deploy unconfigured switches, you need the following data.

No.Data

1 Interconnection information about the upstream interfaces on each S5700 and the

downstream interfaces on the DHCP relay

2 Interconnection information about the DHCP relay and DHCP server

3 MAC address of each unconfigured switch

4 IP address, mask, address pool, and Option 150 or Option 14x of the DHCP server

5 IP address, mask, and relay address of the DHCP relay

6 IP address, default configuration file, and configuration files on the FTP/TFTP server

1.4.2 Configuring the DHCP Server

Context

The configuration procedure varies according to the device type of the DHCP server. Therefore, the configuration procedure is not described and only the configuration contents are provided.

NOTE

The DHCP server must support either Option 150 or Option 14x.

Procedure

l Enable DHCP server.

l Configure an address pool, including the address range, gateway, and Option 150 (or Option

14x).

NOTE

Pay attention to the following points when configuring Option 150 or Option 14x:

l When new switches obtain configuration files through TFTP, the DHCP server must support

Option 150.

l When new switches obtain configuration files through FTP, the DHCP server must support

Option 141, Option 142, and Option 143.

l If both Option 150 and Option 14x are configured on the DHCP server, Option 150 takes

precedence over Option 14x.

l If you use ordinary characters to configure Option 150 or Option 143 on the DHCP server, the

Auto-Config module cannot recognize the IP address.

----End

Issue 01 (2011-07-15) Huawei Proprietary and Confidential

Quidway S5700 Series Ethernet Switches Configuration Guide - Device Management 1 Auto-Config

1.4.3 Configuring DHCP Relay

Context

The configuration procedure varies according to the device type of the DHCP relay. Therefore, the configuration procedure is not described and only the configuration contents are provided.

Procedure

l Enable DHCP relay.

l Configure the upstream and downstream interfaces.

You need to configure the IP address and mask for the upstream interface and configure the IP address, mask, and DHCP relay address for the downstream interface.

NOTE

You can temporarily set the IP address of the downstream interface on the same network segment with the IP addresses of unconfigured switches, and then add the downstream interface to the management VLAN in access mode.

----End

1.4.4 Configuring the FTP/TFTP Server

Context

The configuration procedure varies according to the device type of the FTP/TFTP server. Therefore, the configuration procedure is not described and only the configuration contents are provided.

Procedure

l Set the IP address of the FTP/TFTP server.

l Create and configure an intermediate file.

The intermediate file is configured according to the MAC addresses of unconfigured switches and the names of configuration files. For the format of the intermediate file, see

1.1 Overview.

l Save the intermediate file and configuration files to the working directory on the FTP/TFTP

server.

----End

1.4.5 Checking the Configuration

Prerequisite

The configurations of the DHCP server, DHCP relay, and FTP/TFTP server are complete.

Issue 01 (2011-07-15) Huawei Proprietary and Confidential

Quidway S5700 Series Ethernet Switches Configuration Guide - Device Management 1 Auto-Config

Context

You can check different items in different phases in the Auto-Config process to confirm that Auto-Config runs properly.

Procedure

Step 1 Five minutes after unconfigured switches are powered on, check address allocation on the DHCP

server to confirm that the switches are connected to the DHCP server.

NOTE

If the switches are connected to the DHCP server, you can log in to the switches through Telnet but do not configure the switches.

Step 2 Five minutes after the switches obtain IP addresses, check the file downloading log on the FTP/

TFTP server or log in to the switches to confirm that correct configuration files have been downloaded.

NOTE

Step 3 If the user has specified the activation delay, the configuration file will take effect after the delay.

If the user has not specified the activation delay, the configuration file will take effect immediately by default. Then run the display current-configuration command to check whether the configurations take effect.

NOTE

If you access the switch when it is busy delivering configurations in the Auto-Config process, the switch may not respond in real time.

After the configurations take effect, modify the configuration of the downstream interface on the DHCP relay as required.

----End

Issue 01 (2011-07-15) Huawei Proprietary and Confidential

Quidway S5700 Series Ethernet Switches Configuration Guide - Device Management 2 NAP Configuration

2 NAP Configuration

About This Chapter

This chapter describes how to configure the Neighbor Access Protocol (NAP) on the S5700.

2.1 NAP Overview

NAP is a Huawei proprietary protocol that implements remote configuration and deployment of unconfigured devices. You can log in to an unconfigured device from a directly connected device and configure the unconfigured device remotely through NAP.

2.2 Configuring NAP-based Remote Deployment

Using NAP, you can remotely log in to devices with empty configurations to implement remote deployment.

2.3 Configuration Examples

This section provides upgrade and maintenance examples together with the configuration flowchart. The configuration examples explain networking requirements, configuration notes, and configuration roadmap.

Issue 01 (2011-07-15) Huawei Proprietary and Confidential

Quidway S5700 Series Ethernet Switches Configuration Guide - Device Management 2 NAP Configuration

2.1 NAP Overview

Usually, a device is installed with only necessary software before delivery and no configuration is made. Therefore, engineers must configure and commission new devices on site but cannot log in to the devices remotely. This makes the deployment inconvenient and increases the costs of project operation and delivery.

The Huawei Group Management Protocol (HGMP) implements remote configuration on Layer 2 networks and is applicable to Ethernet networks. NAP implements remote configuration on Layer 3 networks. It establishes a temporary neighbor relationship between a configured device and an unconfigured device that are directly connected through physical links. Then you can log in to the unconfigured device from the configured device and configure the unconfigured device remotely. NAP greatly reduces the costs of network operation, maintenance, and delivery.

2.2 Configuring NAP-based Remote Deployment

Using NAP, you can remotely log in to devices with empty configurations to implement remote deployment.

Context

CAUTION

After the device with an empty configuration is powered on and started, you must make sure that its interfaces connected to the devices on the current network are Up and support NAP; otherwise, the function of NAP-based remote deployment cannot take effect.

2.2.1 Establishing the Configuration Task

Before configuring NAP-based remote deployment, familiarize yourself with the applicable environment, complete the pre-configuration tasks, and obtain the required data. This can help you complete the configuration task quickly and accurately.

Applicable Environment

To deploy devices having empty configurations, you can use NAP to perform remote login to the devices from a device in the current network. In this manner, you can implement remote deployment of devices.

Pre-configuration Tasks

Before configuring NAP-based remote deployment, complete the following tasks:

Issue 01 (2011-07-15) Huawei Proprietary and Confidential

Quidway S5700 Series Ethernet Switches Configuration Guide - Device Management 2 NAP Configuration

l Connecting the device having an empty configuration to a device in the current network

via a single hop by using network cables

l Ensuring that the interfaces connecting the device with an empty configuration and the

device in the current network are both in the Up state, and support NAP.

Data Preparation

NOTE

l If the IP addresses used for establishing NAP connections are to be manually configured, you need to

prepare the following data before configuring NAP.

l Conversely, if the IP addresses for establishing NAP connections are to be automatically configured,

you can skip this.

To configure NAP-based remote deployment, you need the following data.

No. Data

1 Two primary IP addresses. The two IP addresses are primary IP addresses for the

master interface and the slave interface respectively, and should be on the same network segment.

2 Two secondary IP addresses. The two IP addresses are secondary IP addresses for

the master interface and the slave interface respectively, and should be on the same network segment.

2.2.2 Configuring and Starting the NAP Master Interface

You can assign an IP address to the NAP master interface or use the IP address that is automatically allocated by the system to start the NAP master interface.

Context

CAUTION

If commands affecting the IP address configuration or IP packet forwarding (such as configurations and commands related to the VPN, Eth-Trunk, or Layer 2 interface) exist on device of the master interface, NAP enabled on the master interface becomes unavailable. You are recommended to delete these commands and re-enable NAP.

Do as follows on the switch to configure and start the NAP master interface.

In NAP, IP addresses can be allocated either automatically or manually.

Procedure

l Automatic allocation of IP addresses

1. Run:

system-view

Issue 01 (2011-07-15) Huawei Proprietary and Confidential

Quidway S5700 Series Ethernet Switches Configuration Guide - Device Management 2 NAP Configuration

The system view is displayed.

2. Run:

interface interface-type interface-number

The interface view is displayed.

3. Run:

nap port master

The NAP Master interface is configured and started.

l Manual IP address allocation

Two methods are available for manually allocating IP addresses. You can choose the method according to actual needs.

You can specify the NAP IP address pool. Then, IP addresses are automatically allocated to the IP address pool. To use this method, do as follows.

1. Run:

system-view

The system view is displayed.

2. Run:

nap ip-pool ip-address mask-length

An IP address pool is configured for NAP.

The default IP address pool for establishing NAP connections is 10.167.253.0/24. You can run the nap ip-pool ip-address mask-length command to change the IP address pool.

NOTE

After NAP is started on the master device, the IP address pool cannot be changed.

3. Run:

interface interface-type interface-number

The interface view is displayed.

4. Run:

nap port master

The NAP Master interface is configured and started.

You can also specify the NAP IP addresses. To use this method, do as follows.

1. Run:

system-view

The system view is displayed.

2. Run:

interface interface-type interface-number

The interface view is displayed.

3. Run:

nap port master

The NAP master interface is configured and started.

4. Run:

nap local-ip mast-inter-mast-ip sub-ip mast-inter-sub-ip peer-ip subinter-mast-ip sub-ip sub-inter-sub-ip mask-length

Issue 01 (2011-07-15) Huawei Proprietary and Confidential

Quidway S5700 Series Ethernet Switches Configuration Guide - Device Management 2 NAP Configuration

IP addresses are configured for establishing NAP connections.

The default IP address pool for establishing NAP connections is 10.167.253.0/24.

When configuring IP addresses, ensure that the primary IP addresses of both the master and the slave interfaces are on the same network segment, and that the secondary IP addresses of both the master and the slave interfaces are on the same network segment.

----End

2.2.3 Remote Login

After the neighbor relationship is set up, you can log in to the NAP slave device from the NAP master device.

Context

Using the display nap interface command, you can view the NAP status of an interface to ensure that the interface is assigned a correct IP address.

Do as follows on the switch where the NAP master interface is configured.

Procedure

Step 1 Run:

Step 2 Run:

Step 3 Run:

system-view

The system view is displayed.

interface interface-type interface-number

The interface view is displayed.

nap login neighbor

The login to the slave device from the master device is performed.

l If the slave device has an empty configuration, you can log in to the slave device from the

master device without a user name and a password.

l If, however, the slave device is configured with user name(s) and password(s), you must

enter the correct user name and password to perform a NAP-based remote login to the slave device.

NOTE

To ensure security for NAP, the slave device having an empty configuration checks the source address of the Telnet login. If the Telnet source address is the NAP address of the master device that is telnetting to the slave device, the slave device allows the master device to directly log in without being authenticated. This is because by default, the user level of the remote login based on the NAP address is the same as the login through the console interface, which enjoys the highest user level. If the Telnet source address is not the NAP address of the master device, the remote login fails.

If ip source check user-bind enable command is executed on an interface, the interface cannot connect to the NAP neighbor.

----End

Issue 01 (2011-07-15) Huawei Proprietary and Confidential

Quidway S5700 Series Ethernet Switches Configuration Guide - Device Management 2 NAP Configuration

2.2.4 Disabling NAP on the Slave Device

If the NAP function is no longer required, you need to disable NAP on the slave interface of the slave device.

Context

The master device has logged in to the slave device through Telnet. The NAP function is no longer required, and to ensure security of the network, NAP should be globally disabled on the slave interface of the slave device.

Do as follows on the switch that is configured as the NAP slave device.

Procedure

Step 1 Run:

system-view

The system view is displayed.

Step 2 Run:

undo nap slave enable

NAP is disabled on the slave device.

----End

2.2.5 Checking the Configuration

After configuring NAP-based remote deployment, you can view the NAP status globally or on a specified interface.

Prerequisite

NAP-based remote deployment has been completed.

Procedure

Step 1 Using the display nap status command, you can view the current NAP status.

Step 2 Using the display nap interface [ interface-type interface-number ] command, you can view

the NAP status of the specified interface.

----End

Example

Run the display nap status command to view the current NAP status.

<Quidway> display nap status Slave port status : Enable Nap ip-pool/Mask : 12.12.12.0/24

Run the display nap interface interface-type interface-number command to view the NAP status of the specified interface.

<Quidway> display nap interface gigabitethernet0/0/1

Issue 01 (2011-07-15) Huawei Proprietary and Confidential

Quidway S5700 Series Ethernet Switches Configuration Guide - Device Management 2 NAP Configuration

l If the interface is not assigned an IP address, the following information is displayed.

----------------------------------------------------- NAP master port list: Port count : 2

----------------------------------------------------- Port property : Master Current status : DETECTING Local port : GigabitEthernet0/0/1 Peer port : GigabitEthernet0/0/1 Local primary ip : NULL Peer primary ip : NULL Local secondary ip : NULL Peer secondary ip : NULL Hello time : 3s Linked time : 00:00:00

----------------------------------------------------- Port property : Master Current status : DETECTING Local port : GigabitEthernet0/0/2 Peer port : GigabitEthernet0/0/2 Local primary ip : NULL Peer primary ip : NULL Local secondary ip : NULL Peer secondary ip : NULL Hello time : 3s Linked time : 00:00:00

------------------------------------------------------

l If the interface is assigned an IP address, the following information is displayed.

----------------------------------------------------- NAP master port list : Port count : 2

----------------------------------------------------- Port property : Master Current status : IP-ASSIGNED Local port : GigabitEthernet0/0/1 Peer port : GigabitEthernet0/0/1 Local primary ip : 12.12.12.5 Peer primary ip : 12.12.12.6 Local secondary ip : 12.12.12.9 Peer secondary ip : 12.12.12.10 Hello time : 3s Linked time : 00:09:12

----------------------------------------------------- Port property : Master Current status : IP-ASSIGNED Local port : GigabitEthernet0/0/2 Peer port : GigabitEthernet0/0/2 Local primary ip : 10.10.10.5 Peer primary ip : 10.10.10.6 Local secondary ip : 10.10.10.9 Peer secondary ip : 10.10.10.10 Hello time : 3s Linked time : 00:03:41

------------------------------------------------------

2.3 Configuration Examples

Issue 01 (2011-07-15) Huawei Proprietary and Confidential

Network

SwitchAPC SwitchB SwitchC

Quidway S5700 Series Ethernet Switches Configuration Guide - Device Management 2 NAP Configuration

2.3.1 Example for Configuring NAP-based Remote Deployment in Static Mode

In this example, the temporary neighbor relationship is set up between the switch and the device with the empty configuration and IP addresses are assigned to the switch and the device to implement remote deployment in manual mode.

Networking Requirements

As shown in Figure 2-1, the user needs to perform a remote login to Switch B from Switch A. Switch B is the master device, and temporary neighbor relationship is to be set up between Switch B and Switch C having an empty configuration. Switch B and Switch C need to be directly connected via a single hop. Both the interfaces connecting Switch B and Switch C should be in the Up state, and should support NAP.

Figure 2-1 Networking diagram of NAP-based remote deployment

Configuration Roadmap

The configuration roadmap is as follows:

1. Configure a NAP master interface on Switch B.

2. Configure an IP address for establishing a NAP connection on Switch B.

3. Use NAP to log in to Switch C from Switch B by means of Telnet.

Data Preparation

To complete the configuration, you need the following data:

l Two primary IP addresses. The two IP addresses are primary IP addresses for the master

interface and the slave interface respectively, and should be on the same network segment.

l Two secondary IP addresses. The two IP addresses are secondary IP addresses for the

master interface and the slave interface respectively, and should be on the same network segment.

Procedure

Step 1 Configure a NAP master interface on Switch B

<Quidway> system-view [Quidway] sysname SwitchB [SwitchB] interface gigabitethernet0/0/1 [SwitchB-GigabitEthernet0/0/1] nap port master

Step 2 Configure an IP address for establishing a NAP connection on Switch B

Issue 01 (2011-07-15) Huawei Proprietary and Confidential

Quidway S5700 Series Ethernet Switches Configuration Guide - Device Management 2 NAP Configuration

[SwitchB-GigabitEthernet0/0/1] nap local-ip 12.12.12.5 sub-ip 12.12.12.9 peer-ip

12.12.12.6 sub-ip 12.12.12.10 30 Are you sure to continue?[Y/N] y

# After the preceding configuration is complete, run the display nap status command on Switch B. You can view that NAP has been enabled on Switch B. Then, run the display nap interface command. You can view that the primary and secondary IP addresses have been assigned to the master and slave interfaces. For example:

[SwitchB-GigabitEthernet0/0/1] display nap status Slave port status : Enable Nap ip-pool/Mask : 10.167.253.0/24 [SwitchB-GigabitEthernet0/0/1] display nap interface

----------------------------------------------------- NAP master port list Port count : 1

------------------------------------------------------

Step 3 Log in to the slave device from the master device.

# Configure Switch B.

[SwitchB-GigabitEthernet0/0/1] nap login neighbor Trying 12.12.12.10 ... Press CTRL+K to abort Connected to 12.12.12.10 ...

Info: The max number of VTY users is 10, and the number of current VTY users on line is 1.

Step 4 Disable NAP on the slave device.

# Configure Switch C.

<Quidway> system-view [Quidway] sysname SwitchC [SwitchC] undo nap slave enable

----End

Configuration Files

None

2.3.2 Example for Configuring NAP-based Remote Deployment in Automatic Mode

In this example, the temporary neighbor relationship is set up between a switch and another switch that has the empty configuration to implement remote deployment in automatic mode.

Networking Requirements

As shown in Figure 2-2, the user needs to perform a remote login to Switch B from Switch A. Switch B is the master device, and temporary neighbor relationship is to be set up between

Issue 01 (2011-07-15) Huawei Proprietary and Confidential

Network

SwitchAPC SwitchB SwitchC

Quidway S5700 Series Ethernet Switches Configuration Guide - Device Management 2 NAP Configuration

Switch B and Switch C having an empty configuration. Switch B and Switch C need to be directly connected via a single hop. Both the interfaces connecting Switch B and Switch C should be in the Up state, and should support NAP.

Figure 2-2 Networking diagram of NAP-based remote deployment

Configuration Roadmap

The configuration roadmap is as follows:

1. Configure a primary IP address and a secondary IP address on Switch B.

2. Configure a NAP master interface on Switch B.

3. Telnet to Switch C from Switch B by means of NAP.

Data Preparation

None

Procedure

Step 1 Configuring the NAP master interface

# Do as follows on Switch B.

<Quidway> system-view [Quidway] sysname SwitchB [SwitchB] interface gigabitethernet0/0/1 [SwitchB-GigabitEthernet0/0/1] nap port master

Step 2 Logging in to the slave device from the master device.

# Do as follows on Switch B.

[SwitchB-GigabitEthernet0/0/1] nap login neighbor Trying 10.167.253.10 ... Press CTRL+K to abort Connected to 10.167.253.10 ...

Info: The max number of VTY users is 10, and the number of current VTY users on line is 1.

Step 3 Shutting down NAP on the slave device.

# Do as follows on Switch C.

<Quidway> system-view [Quidway] sysname SwitchC [SwitchC] undo nap slave enable

----End

Issue 01 (2011-07-15) Huawei Proprietary and Confidential

Quidway S5700 Series Ethernet Switches Configuration Guide - Device Management 2 NAP Configuration

Configuration Files

None

Issue 01 (2011-07-15) Huawei Proprietary and Confidential

Quidway S5700 Series Ethernet Switches Configuration Guide - Device Management 3 Stacking

3 Stacking

About This Chapter

This chapter describes the basic concepts and configuration methods of the stacking function.

3.1 Stacking Overview

This section describes the basic concepts of the stacking function.

3.2 Principle of Stacking

This section describes how a stack system is set up.

3.3 Features of Stacking Supported by the S5700

3.4 Typical Topology of a Stack

This section describes two typical topologies of a stack.

3.5 Configuring the Stacking Function on the S5700

This section describes how to configure the stacking function on the S5700.

3.6 Configuration Examples

This section provides an example for configuring a stack in a ring topology.

Issue 01 (2011-07-15) Huawei Proprietary and Confidential

Quidway S5700 Series Ethernet Switches Configuration Guide - Device Management 3 Stacking

3.1 Stacking Overview

This section describes the basic concepts of the stacking function.

The stacking function indicates that multiple devices that support the stacking function are connected together to logically function as one device. Up to nine stack devices are connected through stack cables in a ring or link topology. All stack devices logically function as one device to forward packets. Roles of devices in a stack are as follows:

l Master switch

A stack has only one master switch. The master switch manages the entire stack system by assigning stack IDs to member switches, collecting information about the stack topology, and notifying all the member switches of the information.

l Standby switch

A stack has only one standby switch. The standby switch backs up the master switch. When the master switch is faulty, the standby switch functions as a master switch.

l Slave switch

The slave switch sends packets to inform the master switch of the topology change after detecting that a neighbor is lost. Apart from the master switch and standby switch, all the other switches in a stack are slave switches.

The master switch, standby switch, and all the slave switches are all member switches.

Interfaces connecting member switches are stack interfaces, and other interfaces are common user interfaces. Member switches are connected through independent stack modules and stack cables.

3.2 Principle of Stacking

This section describes how a stack system is set up.

Prerequisites for Setting Up a Stack System

To successfully create a stack system, complete the following tasks:

l Configure the same software version for all the member switches. When the master switch

detects that a new member switch runs a different version, the master switch synchronizes system version of the member switch.

NOTE

l When the products of the same series are stacked, the switch that is closest to the physical interface

of the new member switch added to the stack system synchronizes the system version of the new member switch.

l If no switch in the stack system is of the same series as the new member switch or the system

version of the new member switch cannot be synchronized to the master switch version, the new member cannot join the stack system.

l Use the devices of the same type (for example, EI devices or SI devices) as the member

switches of a stack system. The EI devices and SI devices cannot be used in the same stack system.

l Connect all devices by using leased stack cables and stack modules.

Issue 01 (2011-07-15) Huawei Proprietary and Confidential

Quidway S5700 Series Ethernet Switches Configuration Guide - Device Management 3 Stacking

l Ensure that all the stack devices can be started normally.

l Ensure that the stacking function is enabled on all the stack devices.

Creation of a Stack System

If all the member switches in a stack meet the preceding prerequisites, the stack system is automatically created when a member switch in the stack is powered on.

The master switch is elected as follows:

l The device that is started first becomes the master switch.

l If all the devices are started at the same time, the one of the highest priority becomes the

master switch.

l If all the devices are started at the same time and are of the same priority, the one with the

smallest MAC address becomes the master switch.

The standby switch is elected as follows:

l If all the switches excluding the master switch start at the same time, the master switch

preferentially selects the switch connected to stack interface 2 on the master switch as the standby switch.

l If all the other switches excluding the master switch start at the same time and no switch

is connected to stack interface 2 on the master switch, the master switch selects the switch connected to stack interface 1 on the master switch as the standby switch.

Before the stacking system is created, each switch is an independent entity. That is, each switch has its own IP address and functions individually. As a result, a user needs to manage each switch individually. After the stacking system is created, all the member switches are presented as one unified logical entity. In this manner, a user manages and maintains all the member switches in a stack through one IP address. The stacking protocol elects the master switch, standby switch, and slave switch in a stack. Then, data can be backed up and the active/standby switchover can be implemented.

The switches are connected through stack cables in a ring or link topology. A master switch is elected among all the member switches through the stacking protocol. The master switch manages the stacking system by assigning stack IDs to member switches, collecting information about the topology of the stack, and informing all the stack members of the topology information. A standby switch is specified by the master switch. The standby switch becomes the master switch to manage the stack system if the original master switch is faulty.

After the master, standby, and slave switches are specified, the master switch collects the packets that are sent from all the slave switches to report the topology information, and then generates stack entries accordingly and deliver the entries to all the member switches in the stack.

Adding a Member Switch to a Stack System

Adding a member switch to a stack system refers to the action of adding a new switch to a stable stack. A member switch can be added to a stack system in two modes: with power on and with power off. In this manual, member switches are added to a stack system with power off. Adding a member switch to a stack system with power on refers to the action of combining two stacks. (An independent switch can be regarded as a stack system after being enabled with stacking.) The details are described in the scenario of combining two stacks. The member switch to be added is powered off at first and then restarts after being connected to the stack interface of the stack. Adding a member switch does not affect the status of the original master switch in the stack.

Issue 01 (2011-07-15) Huawei Proprietary and Confidential

Quidway S5700 Series Ethernet Switches Configuration Guide - Device Management 3 Stacking

The original service configurations on a switch are cleared after the switch is added to a stack. Then, the switch uses global configurations of the master switch. If the configuration file already exists on the master device and an interface already exists in the configuration file, the interface can be configured through the configuration file. If an interface does not exist in the configuration file, the configuration of the interface is null. If the configuration file does not exist on the master device, the default configuration of the interface is used. If the stack ID of the added switch conflicts with the stack ID of another member switch in the stack, the master switch reassigns a stack ID to the added switch. Adding a member switch does not affect the original services in the stack system.

A stack consists of up to nine switches. The number of the member switches cannot exceed the limit after new member switches are added to the stack.

Quitting a Stack System

Quitting a stack system refers to the action of leaving a stack. Different roles inflict different impacts on a stack by quitting the stack system. The following describes different situations:

l When the master switch quits a stack system, the neighbor switch detects the change, and

then informs the neighbors of the change and updates the information about the local neighbors. The standby switch becomes the master switch, and then recalculates the stack topology and informs all the other member switches of the change. In addition, the new master switch specifies a member switch as the standby switch, and then runs normally.

l When the standby switch quits a stack system, the master switch re-specifies a member

switch as the standby switch, and then recalculates the stack topology and informs all the other member switches of the change.

l When a slave switch quits a stack system, the master switch only recalculates the stack

topology and informs all the other switches of the change. The quitting slave switch restarts immediately.

l When the master and standby switches quit a stack system at the same time, all the other

member switches in the stack system restart and recreate a stack system.

Restarting a Member Switch

If a stack system runs stably, restarting a member switch indicates that a member switch quits a stack system first and then rejoins the stack system.

l If the master switch restarts, the standby switch becomes the master switch, and then

specifies another member switch as the standby switch and synchronizes data to the new standby switch.

l If the standby switch restarts, the master switch specifies another member switch as the

standby switch and synchronizes data to the new standby switch.

l When the master and standby switches restart at the same time, all the other member

switches in the stack system restart and recreate a stack system.

When a member switch restarts, the master switch recalculates the stack topology and delivers the stack routing table. Then, the member switch rejoins the stack as a standby or slave switch.

Replacing a Member Switch

If a stack system runs stably, replacing a member switch indicates that a member switch quits the stack system first and then a new member switch joins the stack system. For more details, see the description of adding a member switch to a stack system and quitting a stack system.

Issue 01 (2011-07-15) Huawei Proprietary and Confidential

Quidway S5700 Series Ethernet Switches Configuration Guide - Device Management 3 Stacking

Replacing a member switch requires that the stack cables connecting the replaced switches to other switches be removed.

l If the master switch is replaced, the standby switch becomes the master switch, and then

specifies another member switch as the standby switch and synchronizes data to the new standby switch.

l If the standby switch is replaced, the master switch specifies another member switch as the

standby switch and synchronizes data to the new standby switch.

Switchover Between the Master and Standby Switches

After a stack system is created, the standby switch automatically becomes the master switch if the master switch is faulty or exits from the stack system. The new master switch specifies the new slave switch and data is synchronized on the master and slave switches.

l After a stack system is created for the first time, the MAC address of the stack system is

the MAC address of the master switch. When the master switch is faulty or quits the stack system, the MAC address of the stack system is immediately switched to be that of the newly-elected master switch if the function of the delay in switching the MAC address of the stack system is disabled. By default, the MAC address switchover is enabled and the delay for switchover is 10 minutes.

l When a stack system is created, the MAC address of the stack system is switched to be that

of the newly-elected master switch, if the master switch is faulty or quits the stack system, the stack system is configured with the MAC address switchover time, and the quitting switch does not rejoin the stack within the switchover timeout interval. If the quitting switch rejoins the stack before the switchover timer expires, the switch becomes a slave and the MAC address of the stack system remains unchanged. In this case, the MAC address of the stack system is the MAC address of a slave switch.

l When a slave switch quits a stack system, the MAC address of the stack system is switched

to be that of the master switch, if the MAC address of the stack system is the same as that of the quitting slave switch and the quitting slave switch does not rejoin the stack after the switchover timer times out.

CAUTION

Frequent switchovers may cause split of the stack.

Combining Two Stack Systems

If two stack systems are combined, a new master switch is elected. The running time of the two stack systems is compared and is accurate to minutes. The stack system that has a long running time is of a higher priority. If the running time is the same, the election mode in the setup of the stack system is used for electing the master switch. In one stack system, the roles, configurations, and services of the switches keep unchanged. In the other stack system, all the switches restart and join the combined stack system as slave switches. The master switch reassigns stack IDs to these slave switches and synchronizes its configurations to these slave switches. In addition, services in this stack system are interrupted.

Issue 01 (2011-07-15) Huawei Proprietary and Confidential

SwitchA

SwitchC SwitchD

SwitchB

Ethernet

stack link

common link

Stack-A

Quidway S5700 Series Ethernet Switches Configuration Guide - Device Management 3 Stacking

CAUTION

l An instance loop will occur when a stack link is disconnected intermittently or a new switch

is added to the stack.

l An instance loop will occur when a stack is being set up.

Dividing a Stack System

Dividing a stack system refers to the action of removing certain member switches with power on. As shown in Figure 3-1, Switch A, Switch B, Switch C, and Switch D form Stack-A.

Figure 3-1 Networking diagram of a stack system

Switch A is disconnected from Switch B; Switch C is disconnected from Switch D; Switch B is directly connected to the Ethernet. As shown in Figure 3-2, Switch A and Switch B form Stack- B; Switch C and Switch D form Stack-C. In this case, Stack-A is divided into Stack-B and StackC, and the process of dividing a stack system is complete.

Issue 01 (2011-07-15) Huawei Proprietary and Confidential

SwitchA

SwitchC SwitchD

SwitchB

Ethernet

stack link

common link

Stack-B Stack-C

Quidway S5700 Series Ethernet Switches Configuration Guide - Device Management 3 Stacking

Figure 3-2 Networking diagram of a stack system

The action of dividing a stack system varies with different roles of the removed switches.

l After a stack system is divided, the original master and standby switches still belong to the

same stack system. In this case, the master switch recalculates the stack topology and updates the topology information accordingly. After detecting that the stack protocol packets time out, the removed slave switches are reset by themselves and reelect the master switch. The newly-elected master switch obtains the configurations of the stack system from the flash memory and then restores the configurations of other switches.

l After a stack system is divided, the original master and standby switches belong to different

stack systems. In this case, the original master switch specifies another switch as the standby switch in its own stack system. The process of the stack system becoming stable is the same as that when the standby switch quits the stack system. In the stack system where the original standby switch currently belongs, the active/standby switchover is implemented, and the process of the stack system becoming stable is the same as that when the master switch quits the stack system.

IP Address and MAC Address Collision After a Stack System Is Divided

The IP address and MAC address of a stack system is configured globally. That is, all the switches in a stack system share the same IP address and MAC address. When a stack system is divided, configuration collision may occur at Layer 3. For example, a Layer 3 VLANIF interface is configured with an IP address 192.168.1.1. After the stack system is divided, two stack systems with the IP address 192.168.1.1 exist on the network. In this case, IP address and MAC address collision occurs. Therefore, collision detection must be implemented at Layer 2 and Layer 3 after a stack system is divided.

The dividing of a stack system mentioned here refers to the case that the original master and standby switches belong to different stack systems after the original stack system is divided. In

Issue 01 (2011-07-15) Huawei Proprietary and Confidential

Quidway S5700 Series Ethernet Switches Configuration Guide - Device Management 3 Stacking

this case, the active/standby switchover is implemented on the stack system where the standby switch belongs. After the active/standby switchover, the new master switch specifies the MAC address of its own as the MAC address of the stack system. In addition, the new master switch sends gratuitous ARP packets to instruct other switches to update their MAC address and implements IP collision detection. It is required that the two newly-created stack systems be able to receive gratuitous ARP packets. After the original stack system is divided, the original master switch detects IP address collision if receiving gratuitous packets whose source IP address is the same as the IP address of the master switch. At the same time, the original master switch keeps sending gratuitous ARP packets until no ARP packet with the conflicted IP address is received.

3.3 Features of Stacking Supported by the S5700

The features of stacking supported by the S5700 are as follows:

l The S5700EI supports the following routing features of stacking:

IPv4 static route, route-policy, OSPF, IPv6 static route, and RIP

l The S5700SI supports the following routing features of stacking:

IPv4 static route, IPv6 static route, and RIP

l The Switch supports the following Ethernet features of stacking:

Trunk, LACP, Blackhole MAC, Static MAC, Sticky MAC, MAC learning, common VLAN, MUX VLAN, VLAN stacking, voice VLAN, LLDP-MED for voice VLAN, STP, RSTP, MSTP, VLAN aggregation, port group, port security, and ARP

l The Switch supports the following security features of stacking:

802.1x, MAC authentication, AAA, DHCP snooping, attack defense, storm control, broadcast storm suppression, IPSG, MFF, MAC, and ACL

l The Switch supports the following IP service features of stacking:

DHCP client, DHCP server, DHCP relay, DNS, and ND

l The Switch supports the following multicast features of stacking:

Multicast policy, controllable multicast, IGMP snooping, MLD snooping, and multicast load balancing

l The Switch supports the following network management features of stacking:

NTP, RMON, SNMP, HGMP, ping, and tracert

l The S5700EI supports the following reliability features of stacking:

VRRP for IPv4, VRRP for IPv6, Smart Link, and Monitor Link

l The S5700SI supports the following reliability features of stacking:

Smart Link and Monitor Link

l The Switch supports the following QoS features of stacking:

Traffic policy, priority mapping, traffic policing, traffic shaping, congestion avoidance, congestion management, flow mirroring, and port mirroring

l PoE, LLDP-MED for PoE, RSPAN, and information center

l SSH, FTP (server or client), SFTP (server or client) TFTP client, and Telnet

After a stack system is created, the entire stack system logically functions as one switch. The features supported by stacking are configured the same whether in a stack system or in a nonstack system. For more details, see the related configuration guide.

Issue 01 (2011-07-15) Huawei Proprietary and Confidential

stack link

common link

SwitchA

SwitchC SwitchD

SwitchB

SwitchA SwitchB SwitchCPC1 PC2

stack link

common link

Quidway S5700 Series Ethernet Switches Configuration Guide - Device Management 3 Stacking

3.4 Typical Topology of a Stack

This section describes two typical topologies of a stack.

Ring Topology

The typical topology of a stack is a ring topology. As shown in Figure 3-3, stack interfaces on the Switches are connected through leased stack cables.

NOTE

Do not directly connect stack ports on the same switch to form a loop.

Figure 3-3 Ring Topology

Link Topology

As shown in Figure 3-4, stack interfaces on the Switches are connected through leased stack cables.

NOTE

Do not directly connect stack ports on the same switch to form a loop.

Figure 3-4 link Topology

Issue 01 (2011-07-15) Huawei Proprietary and Confidential

Quidway S5700 Series Ethernet Switches Configuration Guide - Device Management 3 Stacking

Compared with the link topology, the ring topology enjoys higher reliability. When a stack link in a ring topology breaks, the ring topology becomes a link topology. The entire stack system, however, runs normally. You are recommended to adopt a ring topology when deploying services.

3.5 Configuring the Stacking Function on the S5700

This section describes how to configure the stacking function on the S5700.

3.5.1 Establishing the Configuration Task

Applicable Environment

To improve the interface density and forwarding capacity of a network, you can configure the stacking function on the S5700. In this manner, you can expand the network capacity and facilitate users' management.

Pre-configuration Tasks

Before creating a stack system, complete the following tasks:

l Configuring the same software version for all the member switches

l Using the devices of the same type (for example, EI devices or SI devices) as the member

switches of a stack system

The EI devices and SI devices cannot be used in the same stack system.

l Installing stack cards on all devices and connecting the devices through stack cables

l Ensuring that all the stack devices can be started normally

Data Preparation

To configure the stacking function, you need the following data.

No.

1 Stack ID of an S5700

2 Stack priority of an S5700

3 MAC address switchover time

Data

3.5.2 (Optional) Configuring the Reserved VLAN of the Stack

This section describes how to configure the reserved VLAN for the stack.

Context

When the default reserved VLAN of the stack is used for other services, you need to configure a new reserved VLAN before enabling the stacking function.

Issue 01 (2011-07-15) Huawei Proprietary and Confidential

Quidway S5700 Series Ethernet Switches Configuration Guide - Device Management 3 Stacking

The reserved VLAN of the stack is configured on the master switch.

Procedure

Step 1 Run:

system-view

The system view is displayed.

Step 2 Run:

stack reserved-vlan vlan-id

The reserved VLAN is configured.

By default, a stack system uses VLAN 4093 as the reserved VLAN.

NOTE

The reserved VLAN cannot be used for other services.

----End

3.5.3 (Optional) Enabling the Stacking Function

Context

Procedure

Step 1 Run:

Step 2 Run:

Before connecting stack devices through leased stack cables, do as follows on the stackingcapable devices.

system-view

The system view is displayed.

stack enable

The stacking function is enabled on the S5700.

By default, the stacking function is enabled.

NOTE

If you run the undo stack enable command to disable the stacking function on the S5700, the configuration takes effect only after the S5700 is restarted. If you run the stack enable command to enable the stacking function on the S5700, the configuration takes effect only after the S5700 is restarted.

----End

3.5.4 (Optional) Configuring a Stack ID for the S5700

Context

Stack IDs can be configured before or after the stack system is created. By default, stack IDs of member switches in a stack are all 0s. If stack IDs are not configured for member switches before the stack system is created, the stack system assigns stack IDs to member switches after being

Issue 01 (2011-07-15) Huawei Proprietary and Confidential

Quidway S5700 Series Ethernet Switches Configuration Guide - Device Management 3 Stacking

created. After the stack system is created successfully, all the configuration of the stack system can be performed on the master switch only.

Procedure

Step 1 Run:

system-view

The system view is displayed.

Step 2 Run:

stack slot slot-id renumber new-slot-id

A stack ID is configured for a device.

By default, the stack ID of a device is 0.

NOTE

After the stack ID is configured, the configuration takes effect only after the device is restarted. The stack slot-id command is valid only on the device where the stacking function is enabled.

----End

3.5.5 (Optional) Configuring a Stack Priority for a Device

Context

The stack priority of a device can be configured before or after the stack system is created. If the stack system is created, you can configure stack priorities on the master switch only; if the stack system is not created, you can configure a stack priority on each device.

Procedure

Step 1 Run:

system-view

The system view is displayed.

Step 2 Run:

stack slot slot-id priority priority

A stack priority is configured for a specified stack device.

By default, the priority value of a device is 100. A great value indicates a high priority.

NOTE

Before the stack system is created, the default stack ID is 0. You can run the display stack and display stack peers commands to view the stack ID of a device.

----End

3.5.6 (Optional) Configuring the MAC Address Switchover Time

Context

The MAC address switchover time can be configured before or after the stack system is created. If the MAC address switchover time is configured for all the stack switches before the stack

Issue 01 (2011-07-15) Huawei Proprietary and Confidential

Quidway S5700 Series Ethernet Switches Configuration Guide - Device Management 3 Stacking

system is created, the MAC address switchover time of the stack system is specified by the MAC address switchover time of the master switch after the stack system is created, and the MAC address switchover time of other member switches keeps the same as that of the master switch. After the stack system is restarted, the MAC address of the stack is changed into the MAC address of the new master switch. In this case, the MAC address of the stack system keeps unchanged if the master switch is unchanged. If the stack system is created before the MAC address switchover time of the system is configured, you can configure the MAC address switchover time of the system on the master switch only. In this case, the MAC address switchover time of other member switches keeps the same as that of the master switch. The MAC address of the stack system keeps unchanged after the stack system is restarted. Do as follows on the devices where the MAC address switchover time is to be configured.

Procedure

Step 1 Run:

system-view

The system view is displayed.

Step 2 Run:

stack timer mac-address switch-delay delay-time

The MAC address switchover time of the stack system is configured. By default, the delay of the MAC address switchover is 10 minutes.

----End

3.5.7 Checking the Configuration

Prerequisite

Run the following commands to check the previous configuration.

Procedure

l Run the display stack command to check information about the member switches in a

stack.

l Run the display stack configuration command to check the default stack ID and stack

priority when the stack member starts this time and next time.

----End

Example

You can use the display stack command to check stack IDs and priorities of member switches in a stack.

<Quidway> display stack Stack topology type : Link Stack system MAC: 0018-82b1-6eb4 MAC switch delay time: 2 min Stack reserve vlanid : 4093 slot# role Mac address Priority Device type

------ ---- -------------- ------ ------ 0 Master 0018-82b1-6eb4 200 S5700 1 Standby 0018-82b1-6eba 150 S5700

Issue 01 (2011-07-15) Huawei Proprietary and Confidential

SwitchA

SwitchC SwitchD

SwitchB

stack link

common link

Quidway S5700 Series Ethernet Switches Configuration Guide - Device Management 3 Stacking

You can use the display stack configuration command to check the default stack ID and stack priority when the stack member starts this time and next time.

<Quidway> display stack configuration Current slot-id Next slot-id Current Priority Next Priority

---------------- ------------- ---------------------- ------------ 0 8 200 200 1 3 150 150

3.6 Configuration Examples

This section provides an example for configuring a stack in a ring topology.

3.6.1 Example for Configuring a Stack in a Ring Topology

Networking Requirements

As shown in Figure 3-5, Switch A, Switch B, Switch C, and Switch D form a stack in a ring topology. The stack system is automatically created. Switch A functions as the master switch, whereas Switch B functions as a standby switch. After the active/standby switchover, the MAC address of the stack system is immediately switched. To avoid updating MAC addresses of the stack system frequently and wasting system resources, set the MAC address switchover time of the stack system to 1 minute after the active/standby switchover.

Configuration Roadmap

Figure 3-5 Networking of a stack in a ring topology

The configuration roadmap is as follows:

l Configure the MAC address switchover time of the stack system on the master switch.

Data Preparation

To complete the configuration, you need the following data:

Issue 01 (2011-07-15) Huawei Proprietary and Confidential

Quidway S5700 Series Ethernet Switches Configuration Guide - Device Management 3 Stacking

l MAC address switchover time of the stack system

Configuration Procedure

1. # Configure the MAC address switchover time of the stack system on Switch A.

<SwitchA> system-view [SwitchA] stack timer mac-address switch-delay 1

# Run the display stack command on Switch A to check basic information about a stack.

<SwitchA> display stack Stack topology type : Ring Stack system MAC : 0018-82b1-6eb8

MAC switch delay time: 1 min

Stack reserve vlanid : 4093 slot# role Mac address Priority Device type

------ ---- -------------- ------ ------ 0 Slave 0018-82d2-2e85 100 S5700 1 Slave 0018-82c6-1f44 100 S5700 3 Standby 0018-82c6-1f4c 100 S5700 4 Master 0018-82b1-6eb8 100 S5700

Configuration Files

None.

Issue 01 (2011-07-15) Huawei Proprietary and Confidential

Quidway S5700 Series Ethernet Switches Configuration Guide - Device Management 4 Using display commands to check the status of the device

4 Using display commands to check the status

of the device

About This Chapter

This chapter describes the maintenance, usage of the display commands and the regular expression.

4.1 Introduction

This section describes function of display commands.

4.2 Checking the Status of the S5700

This section describes how to check the status of the S5700 by using the display commands.

Issue 01 (2011-07-15) Huawei Proprietary and Confidential

Quidway S5700 Series Ethernet Switches Configuration Guide - Device Management 4 Using display commands to check the status of the device

4.1 Introduction

This section describes function of display commands.

You can use display commands to view the status of a device and check whether the device runs normally.

4.2 Checking the Status of the S5700

This section describes how to check the status of the S5700 by using the display commands.

4.2.1 Checking Information About the S5700

Context

You can run the following command in any view to check the type and status of a component on the S5700.

Procedure

Step 1 Run:

display device [ slot slot-id ]

Information about a component on the S5700 is displayed.

----End

4.2.2 Checking the Version of the S5700

Context

You can run the display version command in any view to check the version of the S5700.

The displayed information includes the type of a card, startup duration, version of the hardware, and version of the software.

Procedure

Step 1 Run:

display version [ slot slot-id ]

The version of the specified card is displayed.

----End

4.2.3 Checking the Electronic Labels

Context

You can run the display elabel command in any view to check the electronic labels.

Issue 01 (2011-07-15) Huawei Proprietary and Confidential

Quidway S5700 Series Ethernet Switches Configuration Guide - Device Management 4 Using display commands to check the status of the device

You can run the display elabel command to check information about the hardware code. The hardware code provides necessary basis for such services as network installation, network upgrade, network expansion, device management and maintenance, and device replacement in batches.

The displayed information includes: type of the card, bar code, Bill of Material (BOM) code, English description, production date, supplier name, issuing number, Common Language Equipment Identification (CLEI) code, and sales BOM code.

Procedure

Step 1 Run:

display elabel [ slot slot-id [ subcard-id ] ]

The electronic labels are displayed.

----End

4.2.4 Checking Temperature

Context

You can run the following command in any view to check the working temperature of the S5700.

Procedure

Step 1 Run:

display environment [ slot slot-id ]

The temperature of a temperature-sending SIC is displayed.

----End

4.2.5 Checking the Fan Status

When the device temperature is high, you can check whether the fan is functioning normally.

Procedure

Step 1 Run:

display fan [ slot slot-id | verbose ]

The fan status is displayed.

----End

4.2.6 Checking the Power Supply Status

Before replacing a power supply, you need to check the status of the power supply.

Procedure

Step 1 Run the following command in any view:

Issue 01 (2011-07-15) Huawei Proprietary and Confidential

Quidway S5700 Series Ethernet Switches Configuration Guide - Device Management 4 Using display commands to check the status of the device

display power

The status of each power supply is displayed.

----End

4.2.7 Checking the CPU Usage

You can check the CPU utilization statistics and CPU settings.

Procedure

Step 1 Run:

display cpu-usage [ configuration | slave | slot slot-id ]

The CPU utilization statistics and CPU settings are displayed.

----End

4.2.8 Checking the Memory Usage

Context

You can run the following command in any view to check the memory usage of the S5700.

Procedure

Step 1 Run:

display memory-usage [ slave | slot slot-id ]

The memory usage is displayed.

----End

4.2.9 Checking Alarms

Context

You can run the following command in any view to check alarms on the S5700.

Procedure

Step 1 Run:

display alarm urgent [ slot slot-id | time interval ]

The alarms generated during device operation are displayed.

----End

4.2.10 Checking the Status of an Interface

Issue 01 (2011-07-15) Huawei Proprietary and Confidential

Quidway S5700 Series Ethernet Switches Configuration Guide - Device Management 4 Using display commands to check the status of the device

Checking the Status of a Specified Interface

1. Run:

display interface interface-type interface-number

The status of a specified interface is displayed.

Information about the status of an interface contains the running status, basic configuration of the interface, and statistics of the transmission of packets.

Checking the Status of an Interface in the Current Interface View

1. Run:

system-view

The system view is displayed.

2. Run:

interface interface-type interface-number

The interface view is displayed.

3. Run:

display this interface

The status of the interface in the current interface view is displayed.

Issue 01 (2011-07-15) Huawei Proprietary and Confidential

Quidway S5700 Series Ethernet Switches Configuration Guide - Device Management 5 Hardware Management

5 Hardware Management

About This Chapter

This chapter describes the hardware management configurations on the S5700.

5.1 Hardware Management Overview

This section explains the definition of hardware management.

5.2 Hardware Management Features Supported by the S5700

This section describes the hardware management features supported by the S5700.

5.3 Backing Up the Electronic Label

This section describes how to back up the electronic label of the S5700.

5.4 Configuring Electrical Port Sleep

This section describes how to configure electrical port sleep to save energy.

Issue 01 (2011-07-15) Huawei Proprietary and Confidential

Quidway S5700 Series Ethernet Switches Configuration Guide - Device Management 5 Hardware Management

5.1 Hardware Management Overview

This section explains the definition of hardware management.

Hardware management refers to operating the installed hardware of the S5700 by using commands.

5.2 Hardware Management Features Supported by the S5700

This section describes the hardware management features supported by the S5700.

The S5700 supports the following hardware management features:

l Electronic label backup

l Electrical port sleep

5.3 Backing Up the Electronic Label

This section describes how to back up the electronic label of the S5700.

5.3.1 Establishing the Configuration Task

Before backing up the electronic label, familiarize yourself with the applicable environment, complete the pre-configuration tasks, and obtain the required data. This helps you complete the configuration task quickly and accurately.

Applicable Environment

Electronic labels of network devices play an important role in troubleshooting. When faults occur on a network, you can obtain hardware information quickly from electronic labels. Therefore, you need to back up electronic labels.

Pre-configuration Tasks

Before backing up the electronic label of the S5700, complete the following task:

l Connecting the S5700 to an FTP server and ensuring that there is a reachable route between

them

Data Preparation

To back up the electronic label of the S5700, you need the following data.

No.

1 Name of the electronic label backup file

2 Stack ID of the S5700 whose electronic label needs to be backed up

Issue 01 (2011-07-15) Huawei Proprietary and Confidential

Data

Quidway S5700 Series Ethernet Switches Configuration Guide - Device Management 5 Hardware Management

No. Data

3 FTP server address, FTP user name, and password (only applicable to saving the

electronic label to an FTP server)

5.3.2 Backing Up the Electronic Label

You can back up the electronic label of the S5700 to an FTP server or the CF card of the S5700.

Procedure

l Back up the electronic label to the CF card.

1. Run the following command in the user view:

backup elabel [ slot slot-id ]

The electronic label is backed up to the CF card.

l Back up the electronic label to an FTP server.

1. Run the following command in the user view:

backup elabel [ ftp ip-address filename username password ] [ slot slot- id [ subcard-id ] ]

The electronic label is backed up to an FTP server.

----End

5.4 Configuring Electrical Port Sleep

This section describes how to configure electrical port sleep to save energy.

5.4.1 Establishing the Configuration Task

Before configuring electrical port sleep, familiarize yourself with the applicable environment, complete the pre-configuration tasks, and obtain the required data. This helps you complete the configuration task quickly and accurately.

Applicable Environment

When a device is working normally, you can enable electrical port sleep to save energy.

Pre-configuration Tasks

None.

Data Preparation

To configure electrical port sleep, you need the following data.

Issue 01 (2011-07-15) Huawei Proprietary and Confidential

Quidway S5700 Series Ethernet Switches Configuration Guide - Device Management 5 Hardware Management

No. Data

1 Number of the electrical port where the sleep function is to be enabled

5.4.2 Enabling Electrical Port Sleep

To save energy on a device, you can enable electrical port sleep on the device.

Procedure

Step 1 Run:

system-view

The system view is displayed.

Step 2 Run:

interface { interface-type interface-number }

The interface view is displayed.

Step 3 Run:

port-auto-sleep enable

Electrical port sleep is enabled.

By default, the sleep function is disabled on an Ethernet port.

----End

5.4.3 Checking the Configuration

After enabling electrical port sleep, you can run the following command to check the configuration.

Procedure

l Run:

system-view

The system view is displayed.

l Run:

interface { interface-type interface-number }

The interface view is displayed.

l Run:

display this

Check whether port sleep is enabled.

----End

Issue 01 (2011-07-15) Huawei Proprietary and Confidential

Quidway S5700 Series Ethernet Switches Configuration Guide - Device Management 6 Monitoring the Device Through the Information Center

6 Monitoring the Device Through the

Information Center

About This Chapter

This chapter describes the basics of the information center, introduces the procedure for managing the information center and monitoring the device, and provides configuration examples.

6.1 Information Center Overview

The information center controls the output of logs, alarms, and debugging messages.

6.2 Configuring the Information Center

This section describes how to manage and configure the information center.

6.3 Sending Information to the Information Center

This section describes how to send information to the specified direction.

6.4 Maintaining the Information Center

This section describes how to clear the statistics.

6.5 Configuration Examples

This section provides examples for configuring the information center.

Issue 01 (2011-07-15) Huawei Proprietary and Confidential

Quidway S5700 Series Ethernet Switches Configuration Guide - Device Management 6 Monitoring the Device Through the Information Center

6.1 Information Center Overview

The information center controls the output of logs, alarms, and debugging messages.

6.1.1 Introduction to the Information Center

The information center works as the information hub of a switch. It classifies and filters the output of a system. The information center uses a debugging program to help network administrator and developers monitor network operation and analyze network faults.

6.1.2 Information Center Supported by the S5700

In the S5700, the information center outputs logs, alarms, and debugging messages with eight severity levels to different directions through 10 information channels.

Information Classification

The information receives and processes the following types of information:

l Logs

l Debugging information

l Alarm information

Severity Levels of Information

Information is classified into eight severity levels as shown in Table 6-1. The severer the information level is, the lower the severity level value is.

Table 6-1 Description of the severity levels of information

Threshold

0 Emergency A fatal fault, such as a program exception or incorrect

1 Alert An important fault occurs on the device. For example,

2 Critical A crucial fault occurs, such as the memory or

Severity Level Description

use of the memory, occurs on the device. The system must restart.

the device memory reaches the upper limit. The fault then needs to be removed immediately.

temperature reaches the lowest limit, the BFD device is unreachable, or an internal fault that is generated by the device itself. The fault then needs to be analyzed and removed.

Issue 01 (2011-07-15) Huawei Proprietary and Confidential

Quidway S5700 Series Ethernet Switches Configuration Guide - Device Management 6 Monitoring the Device Through the Information Center

Threshold Severity Level Description

3 Error A fault caused by an improper operation or a wrong

process occurs, such as entering the wrong user password or receiving wrong protocol packets from other devices.

The faults do not affect service but should be paid attention to.

6 Informational Indicates the common operations to ensure that the

7 Debugging Indicates the common information of the device that

When information filtering based on severity levels is enabled, only the information whose severity level threshold is less than or equal to the configured value is output.

For example, if the severity level value is configured to 6, only the information with the severity level value from 0 to 6 is output.

Warning An abnormal situation of the running device occurs,

such as the user disables the routing process, BFD detects packet loss, or the wrong protocol packet is received.

The fault should be paid attention to because it may affect services.

Notice Indicates the key operations used to ensure that the

device runs normally, such as the shutdown command, neighbor discovery, or the state machine.

device runs normally, such as the display command.

need not be paid attention to.

Working Process of an Information Center

The working process of the information center is as follows:

l The information center receives logs, traps, and debugging information from all modules.

l The information center outputs information with different severity levels to different

information channels according to the configurations of users.

l The information is transmitted to different directions based on the association relationship

between the information channel and the output direction.

Generally, the information center distributes the three types of information that can be classified into eight levels to ten information channels. The information is then output to different directions.

As shown in Figure 6-1, logs, alarms, and debugging information have default output channels. You can, however, customize them to be output from other channels. For example, you can configure logs to be output to the log cache through Channel 6 rather than Channel 4.

Issue 01 (2011-07-15) Huawei Proprietary and Confidential

Infomation type

Infomation channel

Console

Remote

terminal

Loghost

Trap buffer

Log buffer

SNMP agent

Logs

Traps

Debugs

Output direction

Direction of logs

Direction of alarms Direction of debugging

information

Console

SNMP agent

Monitor

Loghost

Logbuffer

Trapbuffer

channel6

channel7

channel8

channel9

Quidway S5700 Series Ethernet Switches Configuration Guide - Device Management 6 Monitoring the Device Through the Information Center

Figure 6-1 Functions of the information channel

Information Channels and Output Directions

The system supports ten channels. The first six channels (Channel 0 to Channel 5) have their default channel names, and are associated with six output directions.

For details of association relationship between default channels and output directions, see Table

6-2.

Table 6-2 Association relationship between the information channels and output directions

Channel Number

0 Console Console Outputs information to the local Console

1 Monitor Monitor Outputs information to the VTY terminals

Default Channel Name

Output

Description

Direction

that can receive logs, alarms, and debugging information.

that can receive logs, alarms, and debugging

2 Loghost Log host Outputs information to the log host that can

information and then perform remote maintenance.

receive logs, alarms, and debugging information. The information is saved to a log host in the file format for easy reference.

Issue 01 (2011-07-15) Huawei Proprietary and Confidential

<Int_16>TIMESTAMP HOSTNAME %%ddAAA/B/CCC(l):slot=XXX; YYYY

Quidway S5700 Series Ethernet Switches Configuration Guide - Device Management 6 Monitoring the Device Through the Information Center

Channel Number

3 Trapbuffer Trap buffer Outputs information to the trap buffer that

4 Logbuffer Log buffer Outputs information to the log buffer area

5 Snmpagent SNMP agent Outputs information to the SNMP agent that

6 Unspecified Unspecified Reserved.

7 Unspecified Unspecified Reserved.

8 Unspecified Unspecified Reserved.

9 Unspecified Unspecified Reserved.

Default Channel Name

Output Direction

Description

can receive traps. An area is specified inside a device as the trap buffer to record traps.

that can receive logs. The switch assigns a specified area in itself to be the log buffer area that can record the information.

can receive alarms.

Format of Logs

When multiple log hosts are configured, you can configure logs to be output to different log hosts through one channel or several channels. For example, configure parts of logs to be output to a log host either through Channel 2 (loghost) or through Channel 6. You can also change the name of Channel 6 for managing channel conveniently.

Syslog is a sub-function of the information center. It outputs information to a log host through port 514.

Figure 6-2 shows the format of logs.

Figure 6-2 Format of the output logs

Table 6-3 describes each field in the log format.

Table 6-3 Description of each field in the format of logs

Field

<Int_16> Leading character Before logs are output to log hosts, leading

Issue 01 (2011-07-15) Huawei Proprietary and Confidential

Indication Description

characters are added.

Logs saved in the local device do not contain leading characters.

TimeStamp HostName ModuleName/Severity/BriefDescription

Quidway S5700 Series Ethernet Switches Configuration Guide - Device Management 6 Monitoring the Device Through the Information Center

Field Indication Description

TIMESTAMP Time to send out the

information

HOSTNAME

%% Log information Indicates that this piece of log is output by the

dd Version number Identifies the version of the log format.

AAA Module name Indicates the name of the module that outputs

B Log level Indicates the severity levels of logs.

CCC Brief description Describes the information type.

Host name By default, the name is Quidway.

Timestamp has five formats.

l short-date: The only difference between date

format and short-date is that short-date does not include the year.

l format-date: It is another time format of the

system time.

l none: indicates that the information does not

contain timestamp.

There is a space between the timestamp and the host name.

device produced by Huawei.

information to an information center.

(l) Information type L: indicates the user log identifier.

slot=XXX Location information Slot indicates the number of the slot that sends the

YYYY Descriptor Indicates the detailed information output from each

Format of Alarms

Figure 6-3 shows the format of the output alarms.

Figure 6-3 Format of the output alarms

Table 6-4 describes each field of the alarm format.

location information.

module to the information center.

Each module fills in this field before outputting logs to describe the detailed contents of logs.

Issue 01 (2011-07-15) Huawei Proprietary and Confidential

Quidway S5700 Series Ethernet Switches Configuration Guide - Device Management 6 Monitoring the Device Through the Information Center

Table 6-4 Description of each field in the format of alarms

Field Indication Description

TimeStamp Time to send out the

information

HostName

ModuleName Module name Indicates the name of the module that generates an

Host name By default, the name is Quidway.

Five timestamp formats are available:

l boot: indicates relative time. By default,

debugging information adopts this timestamp format.

l date: indicates the timestamp in the format of

system time. By default, logs and traps adopt this timestamp format.

l short-date: indicates system time. The short-

date format does not contain year information.

l format-date: indicates another format of system

time.

l none: indicates that no timestamp is contained

in traps.

The timestamp and the host name are separated by a blank space.

There is a space between the sysname and module name.

alarm.

Severity Severity of

information

Brief

Description Description Provides a detailed description of the alarms.

Brief information Provides brief information of the alarms.

Indicates the severity of alarms:

l Critical

l Major

l Minor

l Warning

l Indeterminate

l Cleared

6.2 Configuring the Information Center

This section describes how to manage and configure the information center.

Issue 01 (2011-07-15) Huawei Proprietary and Confidential

Quidway S5700 Series Ethernet Switches Configuration Guide - Device Management 6 Monitoring the Device Through the Information Center

6.2.1 Establishing the Configuration Task

Applicable Environment

To collect debugging information, logs, and traps during the operation of the S5700, and to send them to the terminal for display, or to the buffer or the host for storage, you need to configure the information center.

Pre-configuration Tasks

None.

Data Preparation

To manage the information center, you need the following data.

No. Data

1 (Optional) Numbers and names of the information channels

2 (Optional) Format of the timestamp

3 (Optional) Information severity

4 (Optional) Language used in the logs and the address of the log host

5 (Optional) Size of the log buffer and the trap buffer

6.2.2 Enabling the Information Center

Context

Do as follows on the S5700.

Procedure

Step 1 Run:

system-view

The system view is displayed.

Step 2 Run:

info-center enable

The information center view is displayed.

NOTE

The system sends the system information to the log host and the console only after the information center is enabled.

----End

Issue 01 (2011-07-15) Huawei Proprietary and Confidential

Quidway S5700 Series Ethernet Switches Configuration Guide - Device Management 6 Monitoring the Device Through the Information Center

6.2.3 (Optional) Naming the Information Channel

Procedure

Step 1 Run:

system-view

The system view is displayed.

Step 2 Run:

info-center channel channel-number name channel-name

Channels are specified to send debugging information, logs, and traps.

----End

6.2.4 Defining the Information Channel

Procedure

Step 1 Run:

system-view

The system view is displayed.

Step 2 Run:

info-center source { module-name| default } channel { channel-number | channel- name } [ { debug | log | trap } { state { off | on } | level severity } * ]

A module (or modules) is specified to send debugging information, logs, or traps to the information channels.

NOTE

Run the undo info-center source { module-name | default } channel { channel-number | channelname } command to disable the unnecessary modules and select one or more modules to send information

to the information channels.

----End

6.2.5 (Optional) Configuring the Timestamp for the Output Information

Procedure

Step 1 Run:

system-view

The system view is displayed.

Step 2 Run:

info-center timestamp debugging { boot | none | { short-date | format-date | date } [ precision-time { tenth-second | second } ] }

Issue 01 (2011-07-15) Huawei Proprietary and Confidential

Quidway S5700 Series Ethernet Switches Configuration Guide - Device Management 6 Monitoring the Device Through the Information Center

The format of the timestamp is set for the debugging information.

Step 3 Run:

info-center timestamp { trap | log } { boot | none | { short-date | format-date | date } [ precision-time { tenth-second | millisecond } ] }

The format of the timestamp is set for the output logs or traps information.

----End

6.2.6 Checking the Configuration

Run the following commands to check the previous configuration.

Action Command

Check the configuration of the channel.

Check the information recorded by the information center.

Check the information in the log buffer of the memory.

Check the summary of the information in the log buffer.

Check the information in the trap buffer of the memory.

display channel [ channel-number | channel-name ]

display info-center [ statistics ]

display logbuffer [ level severity | module module- name | size value | slot slot-id ]

display logbuffer summary [ level severity | slot slot-

id ]

display trapbuffer [ size value ]

6.3 Sending Information to the Information Center

This section describes how to send information to the specified direction.

6.3.1 Sending Information to the Console

Procedure

Step 1 Run:

system-view

The system view is displayed.

Step 2 Run:

info-center console channel { channel-number | channel-name }

Information is sent to the console.

Step 3 Run:

quit

Return to the user view.

Issue 01 (2011-07-15) Huawei Proprietary and Confidential

Quidway S5700 Series Ethernet Switches Configuration Guide - Device Management 6 Monitoring the Device Through the Information Center

Step 4 Run:

terminal monitor

The terminal is enabled to display information.

By default, the terminal is enabled to display information.

Step 5 Run:

terminal debugging

terminal logging

terminal trapping

The terminal is enabled to display debugging information, logs, and traps.

NOTE

Step 4 and Step 5 are not listed in sequence.

----End

6.3.2 Sending Information to the Telnet Terminal

Procedure

Step 1 Run:

Step 2 Run:

Step 3 Run:

Step 4 Run:

Step 5 Run:

system-view

The system view is displayed.

info-center monitor channel { channel-number | channel-name }

Information is sent to the Telnet terminal.

quit

Return to the user view.

terminal monitor

The terminal is enabled to display information.

terminal debugging

terminal logging

terminal trapping

The terminal is enabled to display debugging information, logs, and traps.

NOTE

Step 4 and Step 5 are not listed in sequence.

----End

Issue 01 (2011-07-15) Huawei Proprietary and Confidential

Quidway S5700 Series Ethernet Switches Configuration Guide - Device Management 6 Monitoring the Device Through the Information Center

6.3.3 Sending Information to the SNMP Agent

Procedure

Step 1 Run:

system-view

The system view is displayed.

Step 2 Run:

info-center snmp channel { channel-number | channel-name }

Information is sent to the SNMP agent.

Step 3 Run:

snmp-agent

The SNMP agent is enabled.

For details on configuring the SNMP agent, refer to chapter "SNMP Configuration" in the Configuration Guide - Network Management.

----End

6.3.4 Sending Information to the Log Buffer

Procedure

Step 1 Run:

system-view

The system view is displayed.

Step 2 Run:

info-center logbuffer [ channel { channel-number | channel-name } | size buffersize ]

Information is sent to the log buffer.

----End

6.3.5 Sending Information to the Trap Buffer

Context

Do as follows on the S5700.

Procedure

Step 1 Run:

system-view

The system view is displayed.

Issue 01 (2011-07-15) Huawei Proprietary and Confidential

Quidway S5700 Series Ethernet Switches Configuration Guide - Device Management 6 Monitoring the Device Through the Information Center

Step 2 Run:

info-center trapbuffer [ channel { channel-number | channel-name } | size buffersize ]

Information is sent to the trap buffer.

----End

6.3.6 Sending Information to the Log Host

Procedure

Step 1 Run:

system-view

The system view is displayed.

Step 2 Run:

info-center loghost ip-address [ channel { channel-number | channel-name } | facility local-number | { language language-name | binary [ port ] } | { vpn-

instance vpn-instance-name | public-net } ]

Information is sent to the IPv4 log host.

Step 3 Run:

info-center loghost ipv6 ipv6-address [ channel { channel-number | channel-name } | facility local-number | { language language-name | binary [ port ] } ]

Information is sent to the IPv6 log host.

Step 4 Run:

info-center loghost source interface-type interface-number

The source interface for sending logs is specified.

----End

6.3.7 Checking the Configuration

Run the following commands to check the previous configuration.

Action

Check statistics in the information center.

Command

display info-center [ statistics ]

Run the preceding command. If the information center can send the statistics to the destination terminal, it means that the configuration succeeds.

6.4 Maintaining the Information Center

This section describes how to clear the statistics.

Issue 01 (2011-07-15) Huawei Proprietary and Confidential

Network

Log Host

Switch

1.0.0.1/8

VLANIF10

2.0.0.1/8

Quidway S5700 Series Ethernet Switches Configuration Guide - Device Management 6 Monitoring the Device Through the Information Center

CAUTION

Statistics cannot be restored after being cleared. So, confirm the action before you run the command.

Action Command

Clear the statistics in the information center.

Clear the information in the log buffer.

Clear the information in the trap buffer.

reset info-center statistics

reset logbuffer

reset trapbuffer

6.5 Configuration Examples

This section provides examples for configuring the information center.

6.5.1 Example for Configuring the Information Center

Networking Requirements

Figure 6-4 Networking of sending logs to the log host

Configuration Roadmap

The configuration roadmap is as follows:

1. Enable the information center.

2. Configure the information channel to ensure that the S5700 can correctly send logs to the log host. Disable the sending of the traps and debugging information to the log host.

3. Configure the log host.

Data Preparation

To complete the configuration, you need the following data:

Issue 01 (2011-07-15) Huawei Proprietary and Confidential

Quidway S5700 Series Ethernet Switches Configuration Guide - Device Management 6 Monitoring the Device Through the Information Center

l The IP address of the log host is specified as 1.0.0.1/8.

Configuration Procedure

NOTE

In the example, only the commands related to monitoring are listed. For details on configuring the log host, see the help files on the log host.

1. Enable the information center.

# Enable the information center. By default, the information center on the S5700 is enabled.

<Quidway> system-view [Quidway] info-center enable Info:Information center is enabled

2. Configure the information channel.

# Send logs of severity levels 0 to 7 from all modules on the S5700 through the channel to the log host. Disable the sending of the debugging information and traps through the channel to the log host.

[Quidway] info-center source default channel loghost log level debugging state on trap state off debug state off

# Verify the configuration.

[Quidway] display channel loghost channel number:2, channel name:loghost MODU_ID NAME ENABLE LOG_LEVEL ENABLE TRAP_LEVEL ENABLE DEBUG_LEVEL ffff0000 default Y debugging N debugging N debugging

3. Configure the log host.

# Set the IP address of the log host to 1.0.0.1.

[Quidway] info-center loghost 1.0.0.1

# Set VLANIF 10 as the interface for sending information to the log host on the S5700.

[Quidway] vlan 10 [Quidway-vlan10] quit [Quidway] interface gigabitethernet0/0/1 [Quidway-GigabitEthernet0/0/1] port link-type hybrid [Quidway-GigabitEthernet0/0/1] port hybrid untagged vlan 10 [Quidway-GigabitEthernet0/0/1] quit [Quidway] interface vlanif 10 [Quidway-vlanif10] ip address 2.0.0.1 255.0.0.0 [Quidway-vlanif10] quit [Quidway] info-center loghost source vlanif 10

# Verify the configuration.

[Quidway] display info-center Information Center:enabled Log host: the interface name of the source address:vlanif 10

1.0.0.1, channel number 2, channel name loghost, language English , host facility local7 Console: channel number : 0, channel name : console Monitor: channel number : 1, channel name : monitor SNMP Agent: channel number : 5, channel name : snmpagent Log buffer: enabled,max buffer size 1024, current buffer size 512, current messages 440, channel number : 4, channel name : logbuffer dropped messages 0, overwritten messages 0 Trap buffer: enabled,max buffer size 1024, current buffer size 256, current messages 1, channel number:3, channel name:trapbuffer dropped messages 0, overwritten messages 0

Issue 01 (2011-07-15) Huawei Proprietary and Confidential

Quidway S5700 Series Ethernet Switches Configuration Guide - Device Management 6 Monitoring the Device Through the Information Center

Information timestamp setting: log - date, trap - date, debug - boot

Sent messages = 499, Received messages = 499

IO Reg messages = 0 IO Sent messages = 0

4. Enable the terminal display of the console.

# Enable the terminal display of the console. Enable the corresponding terminal display to check the information type as required.

[Quidway] info-center console channel 0 [Quidway] quit <Quidway> terminal monitor Info:Current terminal monitor is on <Quidway> terminal logging Info:Current terminal logging is on

Configuration Files

# info-center source default channel 2 log level debugging state on trap state off debug state off info-center loghost source vlanif 10 info-center loghost 1.0.0.1

# # vlan batch 10 # interface vlanif10 ip address 2.0.0.1 255.0.0.0 # interface GigabitEthernet0/0/1 port hybrid untagged vlan 10 # return

Issue 01 (2011-07-15) Huawei Proprietary and Confidential

Quidway S5700 Series Ethernet Switches Configuration Guide - Device Management 7 Mirroring

7 Mirroring

About This Chapter

The mirroring function is used to monitor packets that meet certain requirements.

7.1 Introduction

This section describes the basics of mirroring.

7.2 Configuring Local Port Mirroring

This section describes how to configure local port mirroring.

7.3 Configuring Remote Port Mirroring

This section describes how to configure remote port mirroring.

7.4 Canceling Port Mirroring

This section describes how to cancel port mirroring.

7.5 Configuring Local VLAN Mirroring

This section describes how to configure local VLAN mirroring.

7.6 Configuring Remote VLAN Mirroring

This section describes how to configure remote VLAN mirroring.

7.7 Canceling VLAN Mirroring

This section describes how to cancel local VLAN mirroring and remote VLAN mirroring.

7.8 Configuring MAC Address-based Local Mirroring

This section describes how to configure local MAC address mirroring.

7.9 Configuring RSPAN Based on MAC Addresses

This section describes how to configure RSPAN based on MAC addresses.

7.10 Canceling Mirroring Based on MAC Addresses

This section describes how to cancel mirroring based on MAC addresses.

7.11 Configuring Local Flow Mirroring

This section describes how to configure local flow mirroring.

7.12 Configuring Remote Flow Mirroring

This section describes how to configure remote flow mirroring.

Issue 01 (2011-07-15) Huawei Proprietary and Confidential

Quidway S5700 Series Ethernet Switches Configuration Guide - Device Management 7 Mirroring

7.13 Canceling Flow Mirroring

This section describes how to cancel flow mirroring.

7.14 Changing or Deleting an Observing Port

This section describes how to change or delete an observing port.

7.15 Configuring CPU Mirroring

This section describes how to configure CPU mirroring.

7.16 Cancelling CPU Mirroring

This section describes how to cancel CPU mirroring.

7.17 Configuration Examples

This section provides several configuration examples for mirroring.

Issue 01 (2011-07-15) Huawei Proprietary and Confidential

Quidway S5700 Series Ethernet Switches Configuration Guide - Device Management 7 Mirroring

7.1 Introduction

This section describes the basics of mirroring.

7.1.1 Mirroring Functions

Mirroring is to copy packets to an observing port to monitor packets without affecting packet forwarding. You can use the mirroring function for network check and troubleshooting.

Mirroring functions are classified into port mirroring, flowing mirroring, VLAN mirroring, MAC address mirroring, and CPU mirroring.

The S5700SI does not support remote mirroring based on flows, VLANs, or MAC addresses.

Concepts

l Observing port

An observing port on the S5700 is connected to a monitoring host. It is used to export the traffic copied from a mirrored port or a flow mirroring port.

l Mirrored port

A mirrored port is the interface to be observed. Incoming traffic or outgoing traffic passing through a mirrored port is copied to an observing port.

l Flow mirroring port

A flow mirroring port is a port to which traffic policies are applied. On such a port, the incoming traffic that matches the traffic classifier in the traffic policy is copied to an observing port.

l Mirrored flow

A mirrored flow is a packet flow that runs to a flow mirroring port and is observed. When a flow becomes a mirrored flow, it is copied to an observing port.

l Mirrored VLAN

A mirrored VLAN is a VLAN to be observed. Incoming traffic or outgoing traffic passing through a mirrored VLAN is copied to an observing port.

l Mirrored MAC address

A mirrored MAC address is the source or destination MAC address of the packets to be mirrored. The S5700 copies the traffic matching this MAC address to an observing port.

l RSPAN VLAN

A Remote Switched Port Analyzer (RSPAN) VLAN is a VLAN used for remote mirroring. When the mirrored port and the observing port are located on different switches, packets from the mirrored port must be broadcast to the observing port through the RSPAN VLAN.

l Local mirroring

The observing port and mirrored port are on the same switch.

l Remote mirroring

The observing port and mirrored port are on different switches.

NOTE

The S5700 does not support the function of mirroring a flow to multiple observing ports.

Issue 01 (2011-07-15) Huawei Proprietary and Confidential

Observe

port

Sniffer host

Port Data flow

Mirror

port

Copy of data flow

Mirror

port

Switch

Observe

port

Sniffer host

Port

Data flow

Mirror

port

Copy of data flow

Mirror

port

Switch

Match traffic classification

Quidway S5700 Series Ethernet Switches Configuration Guide - Device Management 7 Mirroring

Port Mirroring

In the process of port mirroring, the S5700 copies the packets passing through a mirrored port and then sends the copy to a specified observing port. Figure 7-1 shows the diagram of interface mirroring.

Figure 7-1 Schematic diagram of port mirroring

Flow Mirroring

In the process of flow mirroring, the S5700 copies the mirroring flow passing one or more interfaces and sends the copy to an observing port. Figure 7-2 shows the diagram of flow mirroring.

Figure 7-2 Schematic diagram of flow mirroring

Issue 01 (2011-07-15) Huawei Proprietary and Confidential

Sniffer host

Mirror

port

Source

Switch

Intermediate Switch

Destination

Switch

Observe

port

Observe port

Port Data flow

Copy of data flow

Quidway S5700 Series Ethernet Switches Configuration Guide - Device Management 7 Mirroring

Flow mirroring is a type of action in traffic behaviors. When a traffic policy configured with flow mirroring is applied to an interface, the S5700 copies the inbound data flow on this interface that matches the traffic classifier and sends the copy to the observing port.

VLAN Mirroring

In the process of VLAN mirroring, the S5700 mirrors the packets passing through all active interfaces in a specified VLAN to a specified observing port. Compared with interface mirroring, VLAN mirroring mirrors packets in a wider range. You can monitor packets in one or more VLANs.

MAC Address Mirroring

MAC address mirroring allows you to monitor the packets received by or sent from a specified device on a network. The S5700 mirrors the packets matching a specified source or destination MAC address in a VLAN to a specified observing port.

CPU Mirroring

RSPAN

CPU mirroring is used to mirror all the packets received by the CPU. CPU mirroring is implemented as follows:

l If an ACL rule is specified, the packets that match the ACL rule are mirrored to a specified

observing port.

l If no ACL rule is specified, all the packets received by the CPU are mirrored to a specified

observing port.

CPU mirroring facilitates debugging and fault location.

A switch can copy incoming or outgoing packets on a mirrored port to an observing port. When the observing port and the mirrored port are on different switches, packets can be copied to the observing port through the RSPAN function, which is also called remote mirroring.

Figure 7-3 Networking diagram of RSPAN

Issue 01 (2011-07-15) Huawei Proprietary and Confidential

Quidway S5700 Series Ethernet Switches Configuration Guide - Device Management 7 Mirroring

In Figure 7-3:

l The source switch is the Switch where the mirrored port is located.

l The destination switch is the Switch where the observing port is located.

l The intermediate switch is a device between the source switch and destination switch.

NOTE

The source switch and destination switch can also be directly connected to implement the RSPAN function.

The RSPAN function broadcasts mirrored packets from the source switch to the destination switch in the RSPAN VLAN. Interfaces between the source switch, intermediate switch, and destination switch must be added to the RSPAN VLAN.

Mirrored packets are forwarded to the intermediate switch through the observing port on the source switch. Then the intermediate switch broadcasts mirrored packets to the observing port on the destination switch in the RSPAN VLAN.

The observing port on the destination switch receives mirrored packets.

Through the RSPAN function, packets on a specified interface or VLAN, with a specified source or destination MAC address, or matching a classifier can be copied to an observing port on a remote device.

7.2 Configuring Local Port Mirroring

This section describes how to configure local port mirroring.

7.2.1 Establishing the Configuration Task

Applicable Environment

When all incoming or outgoing packets passing through a specified interface of the S5700 need to be monitored, you can configure local port mirroring if the mirrored port is located on the same S5700 as the observing port.

Pre-configuration Tasks

None.

Data Preparation

To configure local port mirroring, you need the following data.

No.

1 Type and number of the observing port

2 Type and number of the mirrored port

Issue 01 (2011-07-15) Huawei Proprietary and Confidential

Data

Quidway S5700 Series Ethernet Switches Configuration Guide - Device Management 7 Mirroring

7.2.2 Configuring Local Port Mirroring

Context

A mirrored port can be a physical interface or an Eth-Trunk interface.

To configure an Eth-Trunk as a mirrored port, you must run the interface eth-trunk trunk-id command to create the Eth-Trunk first.

l If an Eth-Trunk is configured as a mirrored port, its member interfaces cannot be configured

as mirrored ports.

l If a member interface of an Eth-Trunk is configured as a mirrored port, the Eth-Trunk

cannot be configured as a mirrored port.

Procedure

Step 1 Run:

system-view

The system view is displayed.

Step 2 Run:

observe-port index interface interface-type interface-number

An observing port is configured.

Step 3 Run:

interface interface-type interface-number

The view of the mirrored port is displayed.

Step 4 Run:

port-mirroring to observe-port index { both | inbound | outbound }

Interface mirroring is configured on the mirrored port.

To monitor packets on multiple interface, repeat Step 3 and Step 4.

----End

7.2.3 Checking the Configuration

Run the following commands to check the previous configuration.

Action

Command

Check information about port mirroring.

Check information about the observing port.

If the following results are obtained, the configuration is successful:

Issue 01 (2011-07-15) Huawei Proprietary and Confidential

display port-mirroring

display observe-port

Quidway S5700 Series Ethernet Switches Configuration Guide - Device Management 7 Mirroring

l The observing port is configured properly.

l The mirrored port and the mirroring direction are configured properly.

7.3 Configuring Remote Port Mirroring

This section describes how to configure remote port mirroring.

7.3.1 Establishing the Configuration Task

Applicable Environment

When incoming or outgoing packets passing through one or more ports of the S5700 need to be monitored, you can configure remote port mirroring if the monitored ports are not located on the same S5700 as the observing port.

Pre-configuration Tasks

None.

Data Preparation

To configure remote port mirroring, you need the following data.

No.

1 Type and number of the observing port

2 Number of the mirrored port

3 ID of the RSPAN VLAN

Data

7.3.2 Configuring Remote Port Mirroring

Context

A mirrored port can be a physical interface or an Eth-Trunk interface.

To configure an Eth-Trunk as a mirrored port, you must run the interface eth-trunk trunk-id command to create the Eth-Trunk first.

l If an Eth-Trunk is configured as a mirrored port, its member interfaces cannot be configured

as mirrored ports.

l If a member interface of an Eth-Trunk is configured as a mirrored port, the Eth-Trunk

cannot be configured as a mirrored port.

Procedure

l Specify a mirrored port and an RSPAN VLAN on the source switch.

NOTE

The mirrored port cannot be added to the RSPAN VLAN.

Issue 01 (2011-07-15) Huawei Proprietary and Confidential

Quidway S5700 Series Ethernet Switches Configuration Guide - Device Management 7 Mirroring

1. Run:

system-view

The system view is displayed.

2. Run:

vlan vlan-id

An RSPAN VLAN is created and the RSPAN VLAN view is displayed.

3. Run:

mac-address learning disable

The MAC address learning is disabled.

NOTE

If MAC address learning is disabled in the VLAN, other services cannot be configured in the VLAN.

4. Run:

quit

Return to the system view.

5. Run:

observe-port index interface interface-type interface-number [ vlan vlan- id ]

An observing port is configured, and the RSPAN VLAN is specified.

6. Run:

interface interface-type interface-number

The view of the mirrored port is displayed.

7. Run:

port-mirroring to observe-port index { both | inbound | outbound }

Remote port mirroring is configured.

To observe incoming and outgoing packets on multiple interfaces, repeat Step 6 and

Step 7.

l Configure the RSPAN VLAN and add the interfaces connected to the source switch and

destination switch to the RSPAN VLAN.

NOTE

The mirrored port cannot be added to the RSPAN VLAN.

Do as follows on the intermediate switch. The configurations on the interfaces connected to the source switch and destination switch are similar. If no intermediate switch exists, skip this step.

1. Run:

system-view

The system view is displayed.

2. Run:

vlan vlan-id

The RSPAN VLAN is created and the RSPAN VLAN view is displayed.

3. Run:

quit

Issue 01 (2011-07-15) Huawei Proprietary and Confidential

Quidway S5700 Series Ethernet Switches Configuration Guide - Device Management 7 Mirroring

Return to the system view.

4. Run:

interface interface-type interface-number

The view of the interface connected to the source switch or destination switch is displayed.

5. Run:

port link-type trunk

The interface is configured as a trunk interface.

6. Run:

port trunk allow-pass vlan vlan-id

The interface is added to the RSPAN VLAN.

7. Run:

quit

Return to the system view.

l Configure the remote observing port on the destination switch.

1. Run:

system-view

The system view is displayed.

2. Run:

vlan vlan-id

The RSPAN VLAN is created and the RSPAN VLAN view is displayed.

3. Run:

quit

Return to the system view.

4. Run:

interface interface-type interface-number

The view of the interface connected to the intermediate switch is displayed.

NOTE

If no intermediate switch exists, you enter the view of the interface connected to the source switch.

5. Run:

port link-type trunk

The interface is configured as a trunk interface.

6. Run:

port trunk allow-pass vlan vlan-id

The interface is added to the RSPAN VLAN.

7. Run:

interface interface-type interface-number

The observing port view is displayed.

8. Run:

port hybrid untagged vlan vlan-id

Issue 01 (2011-07-15) Huawei Proprietary and Confidential

Quidway S5700 Series Ethernet Switches Configuration Guide - Device Management 7 Mirroring

The observing port is configured as a hybrid interface and it allows packets of the RSPAN VLAN to pass.

9. Run:

quit

Return to the system view.

----End

7.3.3 Checking the Configuration

Run the following commands to check the previous configuration.

Action Command

Check information about the observing port.

Check information about port mirroring.

If the following results are obtained, the configuration is successful:

l The RSPAN VLAN is configured properly.

l The number of the observing port is configured properly.

l The type of the observing port is configured properly.

l The number of the mirrored port and the mirroring direction are configured properly.

display observe-port

display port-mirroring

7.4 Canceling Port Mirroring

This section describes how to cancel port mirroring.

7.4.1 Establishing the Configuration Task

Applicable Environment

When port mirroring is enabled on an interface of the S5700, and the incoming or outgoing packets passing through this interface do not need to be monitored, you can cancel port mirroring on that interface. You must cancel port mirroring on the bound observing port before deleting this observing port.

Pre-configuration Tasks

None.

Data Preparation

To cancel port mirroring, you need the following data.

Issue 01 (2011-07-15) Huawei Proprietary and Confidential

Quidway S5700 Series Ethernet Switches Configuration Guide - Device Management 7 Mirroring

No. Data

1 Type and number of an observing port

2 Type and number of the mirrored port to be deleted

7.4.2 Canceling Port Mirroring

Procedure

Step 1 Run:

system-view

The system view is displayed.

Step 2 Run:

interface interface-type interface-number

The view of the mirrored port is displayed.

Step 3 Run:

undo port-mirroring { both | inbound | outbound }

Interface mirroring is canceled.

----End

7.4.3 Checking the Configuration

Run the following commands to check the previous configuration.

Action

Check information about the observing port.

Check information about port mirroring.

Run the display port-mirroring command. If port mirroring is cancelled properly, the configuration is successful.

Command

display observe-port

display port-mirroring

7.5 Configuring Local VLAN Mirroring

This section describes how to configure local VLAN mirroring.

Issue 01 (2011-07-15) Huawei Proprietary and Confidential

Quidway S5700 Series Ethernet Switches Configuration Guide - Device Management 7 Mirroring

7.5.1 Establishing the Configuration Task

Applicable Environment

When incoming packets passing through all active interfaces of the S5700 in a specified VLAN or some VLANs need to be monitored, you can configure local VLAN mirroring if all interfaces receiving these monitored incoming packets are located on the same S5700 as the observing port.

Pre-configuration Tasks

Before configuring local VLAN mirroring, complete the following tasks:

l Creating a VLAN as the monitored VLAN

l Adding physical interfaces to the monitored VLAN

Data Preparation

To configure local VLAN mirroring, you need the following data.

No. Data

1 Type and number of an observing port

2 ID of a mirrored VLAN

7.5.2 Configuring Local VLAN Mirroring

Procedure

Step 1 Run:

system-view

The system view is displayed.

Step 2 Run:

observe-port index interface interface-type interface-number

An observing port is configured.

Step 3 Run:

vlan vlan-id

The view of the mirrored VLAN is displayed.

Step 4 Run:

mirroring to observe-port index inbound

VLAN mirroring is configured.

To observe incoming packets from multiple VLANs, repeat Step 3 and Step 4.

----End

Issue 01 (2011-07-15) Huawei Proprietary and Confidential

Quidway S5700 Series Ethernet Switches Configuration Guide - Device Management 7 Mirroring

7.5.3 Checking the Configuration

Run the following commands to check the previous configuration.

Action Command

Check information about the observing port.

Check information about port mirroring.

If the following results are obtained, the configuration is successful:

l The type of the observing port is configured properly.

l The number of the observing port is configured properly.

display observe-port

display port-mirroring

7.6 Configuring Remote VLAN Mirroring

This section describes how to configure remote VLAN mirroring.

7.6.1 Establishing the Configuration Task

Applicable Environment

When incoming packets passing through any active interfaces of the S5700 in a specified VLAN or some VLANs need to be monitored, you can configure remote VLAN mirroring if the interface added to the monitored VLAN is not located on the same S5700 as the observing port.

NOTE

S5700SI does not support remote VLAN mirroring.

Pre-configuration Tasks

Before configuring remote VLAN mirroring, complete the following tasks:

l Creating a VLAN as the monitored VLAN

l Adding physical interfaces to the monitored VLAN

Data Preparation

To configure remote VLAN mirroring, you need the following data.

No.

1 Type and number of the observing port

2 ID of the mirrored VLAN

Data

3 ID of the RSPAN VLAN

Issue 01 (2011-07-15) Huawei Proprietary and Confidential

Quidway S5700 Series Ethernet Switches Configuration Guide - Device Management 7 Mirroring

7.6.2 Configuring Remote VLAN Mirroring

Procedure

l Configure remote VLAN mirroring on the source switch.

NOTE

The mirrored port cannot be added to the RSPAN VLAN.

1. Run:

system-view

The system view is displayed.

2. Run:

vlan vlan-id

An RSPAN VLAN is created and the RSPAN VLAN view is displayed.

3. Run:

mac-address learning disable

The MAC address learning is disabled.

NOTE

If MAC address learning is disabled in the VLAN, other services cannot be configured in the VLAN.

4. Run:

quit

Return to the system view.

5. Run:

observe-port index interface interface-type interface-number [ vlan vlan- id ]

An observing port is configured, and the RSPAN VLAN is specified.

6. Run:

vlan vlan-id

The RSPAN VLAN view is displayed.

7. Run:

mirroring to observe-port index inbound

Remote VLAN mirroring is configured.

To observe incoming and outgoing packets of multiple VLANs, repeat Step 6 and

Step 7.

l Configure the RSPAN VLAN on the intermediate switch and add interfaces to the RSPAN

VLAN.

The configuration is the same as that for remote port mirroring. For details, see 7.3.2

Configuring Remote Port Mirroring.

l Configure the remote observing port on the destination switch.

Issue 01 (2011-07-15) Huawei Proprietary and Confidential

Quidway S5700 Series Ethernet Switches Configuration Guide - Device Management 7 Mirroring

The configuration is the same as that for remote port mirroring. For details, see 7.3.2

Configuring Remote Port Mirroring.

----End

7.6.3 Checking the Configuration

Run the following commands to check the previous configuration.

Action Command

Check information about the observing port.

Check information about port mirroring.

If the following results are obtained, the configuration is successful:

l The type of the observing port is configured properly.

l The number of the observing port is configured properly.

display observe-port

display port-mirroring

7.7 Canceling VLAN Mirroring

This section describes how to cancel local VLAN mirroring and remote VLAN mirroring.

7.7.1 Establishing the Configuration Task

Applicable Environment

When VLAN mirroring is enabled in a specified VLAN and all incoming packets in this VLAN do not need to be monitored on the S5700, or before deleting or changing the bound observing port, you need to cancel VLAN mirroring.

Pre-configuration Tasks

None.

Data Preparation

To cancel VLAN mirroring, you need the following data.

No.

1 ID of the mirrored VLAN to be deleted

Data

7.7.2 Canceling VLAN Mirroring

Issue 01 (2011-07-15) Huawei Proprietary and Confidential

Quidway S5700 Series Ethernet Switches Configuration Guide - Device Management 7 Mirroring

Procedure

Step 1 Run:

system-view

The system view is displayed.

Step 2 Run:

vlan vlan-id

The view of the monitored VLAN is displayed.

Step 3 Run:

undo mirroring inbound

VLAN mirroring is canceled.

----End

7.7.3 Checking the Configuration

Run the following commands to check the previous configuration.

Action Command

Check information about the observing port.

Check information about port mirroring.

If VLAN mirroring is cancelled, the configuration is successful.

display observe-port

display port-mirroring

7.8 Configuring MAC Address-based Local Mirroring

This section describes how to configure local MAC address mirroring.

7.8.1 Establishing the Configuration Task

Applicable Environment

When incoming packets with the specified source or destination MAC address in a VLAN need to be monitored on the S5700, you can configure local MAC address mirroring if the monitoring interface receiving these incoming packets is located on the same S5700 as the observing port.

Pre-configuration Tasks

None.

Data Preparation

To configure local MAC address mirroring, you need the following data.

Issue 01 (2011-07-15) Huawei Proprietary and Confidential

Quidway S5700 Series Ethernet Switches Configuration Guide - Device Management 7 Mirroring

No. Data

1 Type and number of the observing port

2 MAC address of the packets to be mirrored

3 ID of the VLAN that the observed MAC address belongs to

7.8.2 Configuring Local SPAN Based on MAC Addresses

Procedure

Step 1 Run:

system-view

The system view is displayed.

Step 2 Run:

observe-port index interface interface-type interface-number

An observing port is configured.

Step 3 Run:

vlan vlan-id

The VLAN view is displayed.

Step 4 Run:

mac-mirroring mac-address to observe-port index inbound

Local SPAN based on MAC addresses is configured.

You can repeatedly perform Step 3 and Step 4 to monitor the incoming packets with multiple MAC addresses in multiple VLANs.

----End

7.8.3 Checking the Configuration

Run the following commands to check the previous configuration.

Action

Check information about the observing port.

Command

display observe-port

Check information about port mirroring.

If the following results are obtained, the configuration is successful:

l The type of the observing port is configured properly.

Issue 01 (2011-07-15) Huawei Proprietary and Confidential

display port-mirroring

Quidway S5700 Series Ethernet Switches Configuration Guide - Device Management 7 Mirroring

l The number of the observing port is configured properly.

7.9 Configuring RSPAN Based on MAC Addresses

This section describes how to configure RSPAN based on MAC addresses.

7.9.1 Establishing the Configuration Task

Applicable Environment

When incoming packets with the specified source or destination MAC address in a VLAN need to be monitored on the S5700, you can configure RSPAN based on MAC addresses if the monitoring interface receiving these incoming packets is not located on the same S5700 as the observing port.

Pre-configuration Tasks

None.

Data Preparation

To configure RSPAN based on MAC addresses, you need the following data.

No.

1 Type and number of an observing port

2 MAC address of the packet to be mirrored

3 ID of the VLAN that the packet with the MAC address to be mirrored belongs to

4 ID of an RSPAN VLAN

Data

7.9.2 Configuring Remote MAC Address Mirroring

This section describes how to configure remote MAC address mirroring.

Procedure

l Configure remote MAC address mirroring on the source switch.

NOTE

The mirrored port cannot be added to the RSPAN VLAN.

The S5700SI series do not support remote MAC address mirroring.

1. Run:

system-view

The system view is displayed.

2. Run:

vlan vlan-id

Issue 01 (2011-07-15) Huawei Proprietary and Confidential

Quidway S5700 Series Ethernet Switches Configuration Guide - Device Management 7 Mirroring

An RSPAN VLAN is created and the RSPAN VLAN view is displayed.

3. Run:

mac-address learning disable

The MAC address learning is disabled.

NOTE

If MAC address learning is disabled in the VLAN, other services cannot be configured in the VLAN.

4. Run:

quit

Return to the system view.

5. Run:

observe-port index interface interface-type interface-number [ vlan vlan- id ]

An observing port is configured, and the RSPAN VLAN is specified.

6. Run:

vlan vlan-id

The view of the VLAN that the observed MAC address belongs to is displayed.

7. Run:

mac-mirroring mac-address to observe-port index inbound

Remote MAC address mirroring is configured and the RSPAN VLAN is specified.

To observe incoming packets from or destined for multiple MAC addresses, repeat

Step 6 and Step 7.

l Configure the RSPAN VLAN on the intermediate switch and add interfaces to the RSPAN

VLAN.

The configuration is the same as that for remote port mirroring. For details, see 7.3.2

Configuring Remote Port Mirroring.

l Configure the remote observing port on the destination switch.

The configuration is the same as that for remote port mirroring. For details, see 7.3.2

Configuring Remote Port Mirroring.

----End

7.9.3 Checking the Configuration

Run the following commands to check the previous configuration.

Action

Check information about the observing port.

Command

display observe-port

Check information about MAC

display port-mirroring

address mirroring.

If the following results are obtained, the configuration is successful:

Issue 01 (2011-07-15) Huawei Proprietary and Confidential

Quidway S5700 Series Ethernet Switches Configuration Guide - Device Management 7 Mirroring

l The type of the observing port is configured properly.

l The RSPAN VLAN is configured properly.

l The number of the observing port is configured properly.

7.10 Canceling Mirroring Based on MAC Addresses

This section describes how to cancel mirroring based on MAC addresses.

7.10.1 Establishing the Configuration Task

Applicable Environment

When mirroring based on MAC addresses is enabled and incoming packets with specified MAC addresses in this VLAN do not need to be monitored on the S5700, or before deleting or changing the bound observing port, you need to cancel mirroring based on MAC addresses.

Pre-configuration Tasks

None.

Data Preparation

To cancel mirroring based on MAC addresses, you need the following data.

No.

1 MAC address of the mirrored packet to be deleted

Data

7.10.2 Canceling Mirroring Based on MAC Addresses

Procedure

Step 1 Run:

system-view

The system view is displayed.

Step 2 Run:

vlan vlan-id

The view of the VLAN that monitored MAC address belongs to is displayed.

Step 3 Run:

undo mac-mirroring mac-address inbound

Mirroring based on MAC addresses is canceled.

----End

Issue 01 (2011-07-15) Huawei Proprietary and Confidential

Quidway S5700 Series Ethernet Switches Configuration Guide - Device Management 7 Mirroring

7.10.3 Checking the Configuration

Run the following commands to check the previous configuration.

Action Command

Check information about the observing port.

Check the configuration of the mirrored port.

If MAC address mirroring on the VLANIF interface is cancelled, the configuration is successful.

display observe-port

display port-mirroring

7.11 Configuring Local Flow Mirroring

This section describes how to configure local flow mirroring.

7.11.1 Establishing the Configuration Task

Applicable Environment

When incoming flows passing through the S5700 with the same attribute need to be monitored, you can configure local flow mirroring if the monitored interface receiving these incoming flows is located on the same S5700 as the observing port.

Pre-configuration Tasks

None.

Data Preparation

To configure local flow mirroring, you need the following data.

No.

1 Type and number of the observing port

2 Type and number of the flow mirroring interface

3 Names of the traffic classifier, traffic behavior, and traffic policy

Data

7.11.2 Configuring Traffic Classification Rules

NOTE

There is no specified order among the matching rules in a traffic classifier. You can combine these rules.

For details on configuring traffic classification rules, see Configuring Complex Traffic Classification in the Quidway S5700 Series Ethernet Switches Configuration Guide - QoS.

Issue 01 (2011-07-15) Huawei Proprietary and Confidential

Quidway S5700 Series Ethernet Switches Configuration Guide - Device Management 7 Mirroring

7.11.3 Configuring Flow Mirroring

Procedure

Step 1 Run:

system-view

The system view is displayed.

Step 2 Run:

observe-port index interface interface-type interface-number

An observing port is configured.

Step 3 Run:

traffic behavior behavior-name

A traffic behavior is created and the traffic behavior view is displayed.

Step 4 Run:

mirroring to observe-port index

Flow mirroring is configured.

----End

Follow-up Procedure

After configuring flow mirroring in a traffic behavior, you need to bind the behavior to a traffic classifier in a traffic policy and then apply the policy to the interface. For detailed configuration procedures, see 7.11.4 Creating and Applying a Traffic Policy.

7.11.4 Creating and Applying a Traffic Policy

Context

Do as follows on the S5700 that needs to be configured with flow mirroring.

Procedure

Step 1 Run:

system-view

The system view is displayed.

Step 2 Run:

traffic policy policy-name

A traffic policy is created and the policy view is displayed.

Step 3 Run:

classifier classifier-name behavior behavior-name

A traffic behavior is configured for a specified class in the traffic policy.

Issue 01 (2011-07-15) Huawei Proprietary and Confidential

Quidway S5700 Series Ethernet Switches Configuration Guide - Device Management 7 Mirroring

class-name in this step must be the same as the name of the traffic class created in 7.11.2

Configuring Traffic Classification Rules.

In this step, behavior-name must be the same as that specified in Step 3 when you configure the traffic behavior.

Step 4 Run:

quit

Return to the system view.

Step 5 Run:

interface interface-type interface-number

The interface view is displayed.

Step 6 Run:

traffic-policy policy-name inbound

The traffic policy that contains flow mirroring is applied to the interface.

You can repeatedly perform Step 5 and Step 6 to monitor the incoming flows, with the same attributes, passing through multiple interfaces.

----End

7.11.5 Checking the Configuration

Run the following commands to check the previous configuration.

Action

Check information about the observing port.

Check information about port mirroring.

Check the flow mirroring configuration in the traffic policy on an interface.

If the following results are obtained, the configuration is successful:

l The observing port is configured properly.

l A proper traffic policy is applied to the interface where incoming flows need to be

monitored.

Command

display observe-port

display port-mirroring

display traffic policy interface [ interface-type interface-number ] [ inbound ]

l The traffic policy contains a proper traffic classifier and a traffic behavior and the traffic

behavior contains a flow mirroring action.

7.12 Configuring Remote Flow Mirroring

This section describes how to configure remote flow mirroring.

Issue 01 (2011-07-15) Huawei Proprietary and Confidential

Quidway S5700 Series Ethernet Switches Configuration Guide - Device Management 7 Mirroring

7.12.1 Establishing the Configuration Task

Applicable Environment

When incoming flows passing through the S5700 with the same attribute need to be monitored, you can configure remote flow mirroring if the monitored interface receiving these incoming flows is not located on the same S5700 as the observing port.

NOTE

S5700SI does not support remote flow mirroring.

Pre-configuration Tasks

None.

Data Preparation

To configure remote flow mirroring, you need the following data.

No. Data

1 Type and number of the observing port

2 Type and number of the flow mirroring interface

3 Names of the traffic classifier, traffic behavior, and traffic policy

4 ID of the RSPAN VLAN

7.12.2 Setting Traffic Classification Rules

Context

For how to configure traffic classification rules, see 7.11.2 Configuring Traffic Classification

Rules.

7.12.3 Configuring Remote Flow Mirroring

Procedure

l Configure remote flow mirroring on the source switch.

NOTE

The mirrored port cannot be added to the RSPAN VLAN.

The S5700SI series do not support remote flow mirroring.

1. Run:

system-view

The system view is displayed.

2. Run:

Issue 01 (2011-07-15) Huawei Proprietary and Confidential

Quidway S5700 Series Ethernet Switches Configuration Guide - Device Management 7 Mirroring

vlan vlan-id

An RSPAN VLAN is created and the RSPAN VLAN view is displayed.

3. Run:

mac-address learning disable

The MAC address learning is disabled.

NOTE

If MAC address learning is disabled in the VLAN, other services cannot be configured in the VLAN.

4. Run:

quit

Return to the system view.

5. Run:

observe-port index interface interface-type interface-number [ vlan vlan- id ]

An observing port is configured, and the RSPAN VLAN is specified.

6. Run:

traffic behavior behavior-name

A traffic behavior is created and the traffic behavior view is displayed.

7. Run:

mirroring to observe-port index

Remote flow mirroring is configured.

After configuring flow mirroring in a traffic behavior, you need to bind the behavior to a traffic classifier in a traffic policy and then apply the policy to the interface. For details, see 7.11.4 Creating and Applying a Traffic Policy.

l Configure the RSPAN VLAN on the intermediate switch and add interfaces to the RSPAN

VLAN.

The configuration is the same as that for remote port mirroring. For details, see 7.3.2

Configuring Remote Port Mirroring.

l Configure the remote observing Interface on the destination switch.

The configuration is the same as that for remote port mirroring. For details, see 7.3.2

Configuring Remote Port Mirroring.

----End

7.12.4 Creating and Applying a Traffic Policy

Context

For how to configure traffic classification rules on the source S5700, see 7.11.4 Creating and

Applying a Traffic Policy.

7.12.5 Checking the Configuration

Run the following commands to check the previous configuration.

Issue 01 (2011-07-15) Huawei Proprietary and Confidential

Quidway S5700 Series Ethernet Switches Configuration Guide - Device Management 7 Mirroring

Action Command

Check information about the observing port.

Check information about port mirroring.

Check the configuration of flow mirroring in the traffic policy on an interface.

If the following results are obtained, the configuration succeeds:

l The number of the observing port is configured properly.

l The type of the observing port is configured properly.

l The RSPAN VLAN is configured properly.

l A proper traffic policy is applied to the interface where incoming flows need to be

monitored.

l The traffic policy contains a proper traffic classifier and a traffic behavior, and the traffic

behavior contains the flow mirroring action.

display observe-port

display port-mirroring

display traffic policy interface [ interface-type interface-number ] [ inbound ]

7.13 Canceling Flow Mirroring

This section describes how to cancel flow mirroring.

7.13.1 Establishing the Configuration Task

Applicable Environment

When flow mirroring is enabled and the flow, with the same attributes, passing through the S5700 does not need to be monitored, you can cancel flow mirroring.

Pre-configuration Tasks

None.

Data Preparation

To cancel flow mirroring, you need the following data.

No.

1 Type and number of the interface where flow mirroring needs to be cancelled

Data

2 Name of the traffic policy

Issue 01 (2011-07-15) Huawei Proprietary and Confidential

Quidway S5700 Series Ethernet Switches Configuration Guide - Device Management 7 Mirroring

7.13.2 Canceling Flow Mirroring

Context

Do as follows on the S5700 that is configured with flow mirroring.

Procedure

Step 1 Run:

system-view

The system view is displayed.

Step 2 Run:

traffic behavior behavior-name

The traffic behavior view is displayed.

Step 3 Run:

undo mirroring

The flow mirroring action is cancelled.

Step 4 Run:

quit

Exit from the traffic behavior view.

Step 5 Run:

interface interface-type interface-number

The interface view is displayed.

Step 6 Run:

undo traffic-policy inbound

The traffic policy and flow mirroring action on the interface are canceled.

To cancel a traffic policy, you must cancel the traffic policy on all the interfaces where the traffic policy is applied, and then run the undo traffic policy policy-name command to cancel the traffic policy in the system view.

----End

7.13.3 Checking the Configuration

Run the following commands to check the previous configuration.

Action

Check information about the

Command

display observe-port

observing port.

Check information about port

display port-mirroring

mirroring.

Issue 01 (2011-07-15) Huawei Proprietary and Confidential

Huawei V100R006C00 Configuration Manual

Specifications and Main Features

Frequently Asked Questions

User Manual

About This Document

Contents

1 Auto-Config

1.1 Overview

1.2 Auto-Config Features Supported by the S5700

1.3 Deploying Unconfigured Switches (Same Network Segment)

1.3.1 Establishing the Configuration Task

1.3.2 Configuring the DHCP Server

1.3.3 Configuring the FTP/TFTP Server

1.3.4 Checking the Configuration

1.4 Deploying Unconfigured Switches (Different Network Segments)

1.4.1 Establishing the Configuration Task

1.4.2 Configuring the DHCP Server

1.4.3 Configuring DHCP Relay

1.4.4 Configuring the FTP/TFTP Server

1.4.5 Checking the Configuration

2 NAP Configuration

2.1 NAP Overview

2.2 Configuring NAP-based Remote Deployment

2.2.1 Establishing the Configuration Task

2.2.2 Configuring and Starting the NAP Master Interface

2.2.3 Remote Login

2.2.4 Disabling NAP on the Slave Device

2.2.5 Checking the Configuration

2.3 Configuration Examples

2.3.1 Example for Configuring NAP-based Remote Deployment in Static Mode

2.3.2 Example for Configuring NAP-based Remote Deployment in Automatic Mode

3 Stacking

3.1 Stacking Overview

3.2 Principle of Stacking

3.3 Features of Stacking Supported by the S5700

3.4 Typical Topology of a Stack

3.5 Configuring the Stacking Function on the S5700

3.5.1 Establishing the Configuration Task

3.5.2 (Optional) Configuring the Reserved VLAN of the Stack

3.5.3 (Optional) Enabling the Stacking Function

3.5.4 (Optional) Configuring a Stack ID for the S5700

3.5.5 (Optional) Configuring a Stack Priority for a Device

3.5.6 (Optional) Configuring the MAC Address Switchover Time

3.5.7 Checking the Configuration

3.6 Configuration Examples

3.6.1 Example for Configuring a Stack in a Ring Topology

Quidway S5700 Series Ethernet Switches Configuration Guide - Device Management 4 Using display commands to check the status of the device

4.1 Introduction

4.2 Checking the Status of the S5700

4.2.1 Checking Information About the S5700

4.2.2 Checking the Version of the S5700

4.2.3 Checking the Electronic Labels

4.2.4 Checking Temperature

4.2.5 Checking the Fan Status

4.2.6 Checking the Power Supply Status

4.2.7 Checking the CPU Usage

4.2.8 Checking the Memory Usage

4.2.9 Checking Alarms

4.2.10 Checking the Status of an Interface

5 Hardware Management

5.1 Hardware Management Overview

5.2 Hardware Management Features Supported by the S5700

5.3 Backing Up the Electronic Label

5.3.1 Establishing the Configuration Task

5.3.2 Backing Up the Electronic Label

5.4 Configuring Electrical Port Sleep

5.4.1 Establishing the Configuration Task

5.4.2 Enabling Electrical Port Sleep

5.4.3 Checking the Configuration

Quidway S5700 Series Ethernet Switches Configuration Guide - Device Management 6 Monitoring the Device Through the Information Center

6.1 Information Center Overview

6.1.1 Introduction to the Information Center

6.1.2 Information Center Supported by the S5700

6.2 Configuring the Information Center

6.2.1 Establishing the Configuration Task

6.2.2 Enabling the Information Center

6.2.3 (Optional) Naming the Information Channel

6.2.4 Defining the Information Channel

6.2.5 (Optional) Configuring the Timestamp for the Output Information

6.2.6 Checking the Configuration