No part of this document may be reproduced or transmitted in any form or by any means without prior written
consent of Huawei Technologies Co., Ltd.
Trademarks and Permissions
and other Huawei trademarks are trademarks of Huawei Technologies Co., Ltd.
All other trademarks and trade names mentioned in this document are the property of their respective holders.
Notice
The purchased products, services and features are stipulated by the contract made between Huawei and the
customer. All or part of the products, services and features described in this document may not be within the
purchase scope or the usage scope. Unless otherwise specified in the contract, all statements, information,
and recommendations in this document are provided "AS IS" without warranties, guarantees or representations
of any kind, either express or implied.
The information in this document is subject to change without notice. Every effort has been made in the
preparation of this document to ensure accuracy of the contents, but all statements, information, and
recommendations in this document do not constitute the warranty of any kind, express or implied.
Huawei Technologies Co., Ltd.
Address:Huawei Industrial Base
Bantian, Longgang
Shenzhen 518129
People's Republic of China
Website:http://www.huawei.com
Email:support@huawei.com
Issue 01 (2011-07-15)Huawei Proprietary and Confidential
Quidway S5700 Series Ethernet Switches
Configuration Guide - Device ManagementAbout This Document
About This Document
Intended Audience
This document describes procedures and provides examples for configuring the Device
Management features of the S5700.
This document guides you through the configuration and applicable environment of the Device
Management features of the S5700.
This document is intended for:
lData configuration engineers
lCommissioning engineers
lNetwork monitoring engineers
lSystem maintenance engineers
Symbol Conventions
The symbols that may be found in this document are defined as follows.
Symbol
Description
Indicates a hazard with a high level of risk, which if not
avoided, will result in death or serious injury.
Indicates a hazard with a medium or low level of risk, which
if not avoided, could result in minor or moderate injury.
Indicates a potentially hazardous situation, which if not
avoided, could result in equipment damage, data loss,
performance degradation, or unexpected results.
Indicates a tip that may help you solve a problem or save
time.
Provides additional information to emphasize or supplement
important points of the main text.
Issue 01 (2011-07-15)Huawei Proprietary and Confidential
1.3.1 Establishing the Configuration Task.........................................................................................................6
1.3.2 Configuring the DHCP Server...................................................................................................................7
1.3.3 Configuring the FTP/TFTP Server............................................................................................................8
1.3.4 Checking the Configuration.......................................................................................................................8
1.4.4 Configuring the FTP/TFTP Server..........................................................................................................11
1.4.5 Checking the Configuration.....................................................................................................................11
2 NAP Configuration.....................................................................................................................13
2.1 NAP Overview.................................................................................................................................................14
2.2.4 Disabling NAP on the Slave Device........................................................................................................18
2.2.5 Checking the Configuration.....................................................................................................................18
3.2 Principle of Stacking........................................................................................................................................25
3.3 Features of Stacking Supported by the S5700..................................................................................................31
3.4 Typical Topology of a Stack............................................................................................................................32
3.5 Configuring the Stacking Function on the S5700............................................................................................33
Issue 01 (2011-07-15)Huawei Proprietary and Confidential
Quidway S5700 Series Ethernet Switches
Configuration Guide - Device ManagementContents
3.5.1 Establishing the Configuration Task.......................................................................................................33
3.5.2 (Optional) Configuring the Reserved VLAN of the Stack......................................................................33
3.5.3 (Optional) Enabling the Stacking Function.............................................................................................34
3.5.4 (Optional) Configuring a Stack ID for the S5700...................................................................................34
3.5.5 (Optional) Configuring a Stack Priority for a Device.............................................................................35
3.5.6 (Optional) Configuring the MAC Address Switchover Time.................................................................35
3.5.7 Checking the Configuration.....................................................................................................................36
4.2 Checking the Status of the S5700.....................................................................................................................40
4.2.1 Checking Information About the S5700..................................................................................................40
4.2.2 Checking the Version of the S5700.........................................................................................................40
4.2.3 Checking the Electronic Labels...............................................................................................................40
4.2.5 Checking the Fan Status..........................................................................................................................41
4.2.6 Checking the Power Supply Status..........................................................................................................41
4.2.7 Checking the CPU Usage........................................................................................................................42
4.2.8 Checking the Memory Usage..................................................................................................................42
5.2 Hardware Management Features Supported by the S5700...............................................................................45
5.3 Backing Up the Electronic Label......................................................................................................................45
5.3.1 Establishing the Configuration Task.......................................................................................................45
5.3.2 Backing Up the Electronic Label.............................................................................................................46
5.4 Configuring Electrical Port Sleep.....................................................................................................................46
5.4.1 Establishing the Configuration Task.......................................................................................................46
5.4.2 Enabling Electrical Port Sleep.................................................................................................................47
5.4.3 Checking the Configuration.....................................................................................................................47
6 Monitoring the Device Through the Information Center...................................................48
6.1 Information Center Overview...........................................................................................................................49
6.1.1 Introduction to the Information Center....................................................................................................49
6.1.2 Information Center Supported by the S5700...........................................................................................49
6.2 Configuring the Information Center.................................................................................................................54
6.2.1 Establishing the Configuration Task.......................................................................................................55
6.2.2 Enabling the Information Center.............................................................................................................55
6.2.3 (Optional) Naming the Information Channel..........................................................................................56
6.2.4 Defining the Information Channel...........................................................................................................56
Issue 01 (2011-07-15)Huawei Proprietary and Confidential
Quidway S5700 Series Ethernet Switches
Configuration Guide - Device ManagementContents
6.2.5 (Optional) Configuring the Timestamp for the Output Information.......................................................56
6.2.6 Checking the Configuration.....................................................................................................................57
6.3 Sending Information to the Information Center...............................................................................................57
6.3.1 Sending Information to the Console........................................................................................................57
6.3.2 Sending Information to the Telnet Terminal...........................................................................................58
6.3.3 Sending Information to the SNMP Agent...............................................................................................59
6.3.4 Sending Information to the Log Buffer...................................................................................................59
6.3.5 Sending Information to the Trap Buffer..................................................................................................59
6.3.6 Sending Information to the Log Host......................................................................................................60
6.3.7 Checking the Configuration.....................................................................................................................60
6.4 Maintaining the Information Center.................................................................................................................60
7.2 Configuring Local Port Mirroring....................................................................................................................69
7.2.1 Establishing the Configuration Task.......................................................................................................69
7.2.2 Configuring Local Port Mirroring...........................................................................................................70
7.2.3 Checking the Configuration.....................................................................................................................70
7.3 Configuring Remote Port Mirroring.................................................................................................................71
7.3.1 Establishing the Configuration Task.......................................................................................................71
7.3.2 Configuring Remote Port Mirroring........................................................................................................71
7.3.3 Checking the Configuration.....................................................................................................................74
7.4 Canceling Port Mirroring..................................................................................................................................74
7.4.1 Establishing the Configuration Task.......................................................................................................74
7.4.2 Canceling Port Mirroring.........................................................................................................................75
7.4.3 Checking the Configuration.....................................................................................................................75
7.5 Configuring Local VLAN Mirroring................................................................................................................75
7.5.1 Establishing the Configuration Task.......................................................................................................76
7.5.2 Configuring Local VLAN Mirroring.......................................................................................................76
7.5.3 Checking the Configuration.....................................................................................................................77
7.6.3 Checking the Configuration.....................................................................................................................79
7.7.3 Checking the Configuration.....................................................................................................................80
7.8 Configuring MAC Address-based Local Mirroring.........................................................................................80
7.8.1 Establishing the Configuration Task.......................................................................................................80
Issue 01 (2011-07-15)Huawei Proprietary and Confidential
Quidway S5700 Series Ethernet Switches
Configuration Guide - Device ManagementContents
7.8.2 Configuring Local SPAN Based on MAC Addresses.............................................................................81
7.8.3 Checking the Configuration.....................................................................................................................81
7.9 Configuring RSPAN Based on MAC Addresses.............................................................................................82
7.9.1 Establishing the Configuration Task.......................................................................................................82
7.9.2 Configuring Remote MAC Address Mirroring.......................................................................................82
7.9.3 Checking the Configuration.....................................................................................................................83
7.10 Canceling Mirroring Based on MAC Addresses............................................................................................84
7.10.1 Establishing the Configuration Task.....................................................................................................84
7.10.2 Canceling Mirroring Based on MAC Addresses...................................................................................84
7.10.3 Checking the Configuration...................................................................................................................85
7.11 Configuring Local Flow Mirroring.................................................................................................................85
7.11.1 Establishing the Configuration Task.....................................................................................................85
7.13.3 Checking the Configuration...................................................................................................................91
7.14 Changing or Deleting an Observing Port.......................................................................................................92
7.14.1 Establishing the Configuration Task.....................................................................................................92
7.14.2 (Optional) Deleting an Observing Port..................................................................................................92
7.14.3 (Optional) Changing an Observing Port................................................................................................93
7.14.4 Checking the Configuration...................................................................................................................93
7.15 Configuring CPU Mirroring...........................................................................................................................94
7.15.1 Establishing the Configuration Task.....................................................................................................94
7.15.2 (Optional) Configuring an ACL Rule....................................................................................................94
7.15.3 Configuring an Observing Port..............................................................................................................95
7.15.4 Configuring CPU Mirroring..................................................................................................................95
7.15.5 Checking the Configuration...................................................................................................................95
7.16 Cancelling CPU Mirroring.............................................................................................................................96
7.16.1 Establishing the Configuration Task.....................................................................................................96
7.16.2 Cancelling CPU Mirroring....................................................................................................................96
7.16.3 Checking the Configuration...................................................................................................................96
8.4.1 Example for Configuring PoE on the Switch........................................................................................118
9 ALS Configuration....................................................................................................................120
9.1 ALS Overview................................................................................................................................................121
9.2 ALS Features Supported by the S5700...........................................................................................................121
10.1.1 Process of Starting the S5700..............................................................................................................130
10.1.2 Process of Starting the BootROM.......................................................................................................130
10.2 Restarting the S5700 Immediately...............................................................................................................131
10.2.1 Restarting the S5700 Immediately Through Command Lines............................................................132
10.2.2 Restarting the S5700 by Pressing the Power Button on the S5700.....................................................132
10.3 Restarting the S5700 at a Fixed Time..........................................................................................................132
Issue 01 (2011-07-15)Huawei Proprietary and Confidential
This section describes the functions, application scenarios, and terms of Auto-Config.
When a new switch or a switch without any configuration file is powered on, Auto-Config runs
automatically to obtain a configuration file. With the Auto-Config function, the network
administrator can manage new switches or switches without any configuration file remotely.
NOTE
The Auto-Config function is applicable to new switches or switches without any configuration file
(unconfigured switches).
The Auto-Config function has the following advantages:
lThe maintenance personnel do not need to manually configure each switch. With this
function, a few maintenance personnel can maintenance widely deployed devices.
lAuto-Config simplifies the network configurations and implements unified management
and remote debugging on switches.
lWith Auto-Config allows switches to automatically download corresponding configuration
files, reducing the workload of network administrators.
Intermediate File
The intermediate file lswnet.cfg is used in the Auto-Config process. The intermediate file records
the mapping between MAC addresses of switches and names of configuration files. After an
unconfigured switch obtains the IP address of the FTP/TFTP server, it downloads the
lswnet.cfg file from the FTP/TFTP server to search for the name of the required configuration
file, and then downloads the configuration file from the FTP/TFTP server.
For example, if the MAC address of an S5700 is 0018-82C5-AA89 and the S5700 needs to
download the configuration file S5700.cfg, the contents of the intermediate file are as follows:
Auto-Config uses Option 67 to obtain the configuration file first. If Option 67 is not configured, AutoConfig obtains the intermediate file.
NOTE
If the configuration file is located on the FTP or TFTP server, its extension must be .cfg.
A MAC address and a configuration file name are separated by a semicolon. The format of a MAC address
is xxxx-xxxx-xxxx-xxxx. The name of a configuration file contains up to 48 characters, including the
extension .cfg. The name is case insensitive and cannot contain special characters. It is recommended that
the name consists of English letters, numbers, and underscore (_).
If multiple unconfigured switches need to be configured, each row in the intermediate file records the MAC
address of a switch and the name of the configuration file that the switch requires.
Option 67
The Option 67 field is configured on the DHCP server to specify the configuration file.
Issue 01 (2011-07-15)Huawei Proprietary and Confidential
The Auto-Config process can be divided into three phases:
lStartup
After being powered on, an unconfigured switch checks whether there is *.cfg or *.zip file
except the *web.zip and web.zip files in the flash memory, and then takes actions according
to the checking result:
– If the switch detects a configuration file, it loads the configuration file to complete the
startup.
– If the switch does not detect any configuration file, it checks whether Auto-Config is
enabled. If Auto-Config is enabled, the switch starts a 5-minute timer for obtaining a
configuration file and then load the default configuration to complete the startup. If
Auto-Config is disabled, the switch loads the default configuration to complete the
startup.
lObtaining a configuration file when the timer expires
When the timer set for obtaining a configuration file expires, the switch checks whether a
configuration file is saved in the flash memory. If the flash memory does not contain any
configuration file, the switch checks whether it is added to a Huawei Group Management
Protocol (HGMP) cluster. If the switch is not in any HGMP cluster, the switch begins to
obtain a configuration file as follows:
1.Obtaining the IP address and information about the FTP/TFTP server
A switch that does not load any configuration file automatically enables the DHCP
client function on the VLANIF1 interface in Up state. VLANIF1 then broadcasts
DHCP Request packets (presuming that the DHCP server has been configured with
the address pool, Option 150 or Option 14x, and gateway information). Then, the
DHCP server sends the related configurations to the switch, including the IP address
allocated to the switch, IP address of the FTP/TFTP server, FTP user name and
password, and default gateway.
If the switch fails to obtain the IP address of the FTP/TFTP server, it sends DHCP
requests repeatedly until it obtains the IP address.
2.Downloading a configuration file
After the switch that does not load any configuration file obtains the IP address of the
FTP/TFTP server, it accesses the FTP/TFTP server to obtain a configuration file
through Layer 2 or Layer 3 forwarding.
(1) The switch downloads the intermediate file lswnet.cfg from the FTP/TFTP
server.
(2) The switch searches for the name of the required configuration file, and then
downloads the configuration file from the FTP/TFTP server.
(3) If downloading the configuration file fails, the AutoConfig process will be
suspend.
lLoading a configuration file
After the configuration file is downloaded successfully, the router is restarted according to
the setting of Option 146. If no Option 146 is configured, the router is restarted immediately
after the configuration file is downloaded.
Issue 01 (2011-07-15)Huawei Proprietary and Confidential
This section describes how to deploy S5700s without configuration file.
1.3.1 Establishing the Configuration Task
Applicable Environment
As shown in Figure 1-2, unconfigured switches are reachable from a DHCP server. A PC is
connected to the DHCP server and functions as an FTP or a TFTP server to store configuration
files. After the DHCP server and FTP/TFTP server are configured, every switch obtains a
configuration file through Auto-Config.
The DHCP server, FTP/TFTP server, and switches are deployed on the same network segment.
Figure 1-2 Auto-Config networking where the DHCP server, FTP/TFTP server, and
unconfigured switch are on the same network segment
Pre-configuration Tasks
Before deploying unconfigured switches, complete the following tasks:
lEnsuring that there are routes from the DHCP server and FTP/TFTP server to the switches
lEnsuring that there is no *.cfg or *.zip file except the *web.zip and web.zip files in the
flash memory of each switch
lEnsuring that the switches are not added to any HGMP cluster
Data Preparation
To deploy unconfigured switches, you need the following data.
Issue 01 (2011-07-15)Huawei Proprietary and Confidential
1Interconnection information about the upstream interfaces on each S5700 and the
downstream interfaces on the DHCP server
2MAC address of each unconfigured switch
3IP address, mask, address pool, and Option 150 or Option 14x of the DHCP server
4IP address, version file, patch file, and configuration file on the FTP/TFTP server
1.3.2 Configuring the DHCP Server
Context
The configuration procedure varies according to the device type of the DHCP server. Therefore,
the configuration procedure is not described and only the configuration contents are provided.
Procedure
NOTE
The DHCP server must support either Option 150 or Option 14x.
lEnable DHCP server.
lConfigure an address pool, including the address range and Option 150 (or Option 14x).
It is required that the address pool be on the same network segment with unconfigured
switches and the FTP/TFTP server.
NOTE
Pay attention to the following points when configuring Option 150 or Option 14x:
l When new switches obtain configuration files through TFTP, the DHCP server must support
Option 150.
l When new switches obtain configuration files through FTP, the DHCP server must support
Option 141, Option 142, and Option 143.
l If both Option 150 and Option 14x are configured on the DHCP server, Option 150 takes
precedence over Option 14x.
l If you use ordinary characters to configure Option 150 or Option 143 on the DHCP server, the
Auto-Config module cannot recognize the IP address, which results in an Auto-Config process
sends the DHCP messages incessantly.
lAdd the downstream interface on the DHCP server to the management VLAN in access
mode and assign an IP address on the same network segment as the IP address of the DHCP
server to the management VLAN.
After Auto-Config is enabled, packets from an unconfigured switch do not carry tags.
Therefore, ensure that untagged packets can be transmitted between unconfigured switches
and the DHCP server.
----End
Issue 01 (2011-07-15)Huawei Proprietary and Confidential
The configuration procedure varies according to the device type of the FTP/TFTP server.
Therefore, the configuration procedure is not described and only the configuration contents are
provided.
Procedure
lSet the IP address of the FTP/TFTP server.
For an FTP server, the IP address must be the same as the value of Option 143 configured
on the DHCP server; for a TFTP server, the IP address must be the same as the value of
Option 150 configured on the DHCP server.
lCreate and configure an intermediate file.
The intermediate file is configured according to the MAC addresses of unconfigured
switches and the names of configuration files. For the format of the intermediate file, see
1.1 Overview.
lSave the intermediate file and configuration files to the working directory on the FTP/TFTP
server.
----End
1.3.4 Checking the Configuration
Prerequisite
The configurations of the DHCP server and FTP/TFTP server are complete.
Context
You can check different items in different phases in the Auto-Config process to confirm that
Auto-Config runs properly.
Procedure
Step 1 Five minutes after unconfigured switches are powered on, check address allocation on the DHCP
server to confirm that the switches are connected to the DHCP server.
NOTE
If the switches are connected to the DHCP server, you can log in to the switches through Telnet but do not
configure the switches.
Step 2 Five minutes after the switches obtain IP addresses, check the file downloading log on the FTP/
TFTP server or log in to the switches to confirm that correct configuration files have been
downloaded.
NOTE
Do not save a configuration file to a switch to be configured immediately after the configuration file is
downloaded; otherwise, only a temporary configuration file is saved because the configurations have not
taken effect.
Step 3 If the user has specified the activation delay, the configuration file will take effect after the delay.
If the user has not specified the activation delay, the configuration file will take effect
Issue 01 (2011-07-15)Huawei Proprietary and Confidential
This section describes how to deploy unconfigured S5700s.
1.4.1 Establishing the Configuration Task
Applicable Environment
As shown in Figure 1-3, unconfigured switches are reachable from a DHCP relay and a DHCP
server. A PC is connected to the DHCP server and functions as an FTP or a TFTP server to store
configuration files. After the DHCP server and FTP/TFTP server are configured, every switch
obtains a configuration file through Auto-Config.
The DHCP server, FTP/TFTP server, and switches are deployed on different network segments.
Figure 1-3 Auto-Config networking where the DHCP server, FTP/TFTP server, and
unconfigured switches are on different network segments
Pre-configuration Tasks
Before deploying unconfigured switches, complete the following tasks:
lEnsuring that there are routes from the DHCP server, DHCP relay, and FTP/TFTP server
to the switches
Issue 01 (2011-07-15)Huawei Proprietary and Confidential
lEnsuring that there is no *.cfg or *.zip file except the *web.zip and web.zip files in the
flash memory of each switch
lEnsuring that the switches are not added to any HGMP cluster and USB upgrade
Data Preparation
To deploy unconfigured switches, you need the following data.
No.Data
1Interconnection information about the upstream interfaces on each S5700 and the
downstream interfaces on the DHCP relay
2Interconnection information about the DHCP relay and DHCP server
3MAC address of each unconfigured switch
4IP address, mask, address pool, and Option 150 or Option 14x of the DHCP server
5IP address, mask, and relay address of the DHCP relay
6IP address, default configuration file, and configuration files on the FTP/TFTP server
1.4.2 Configuring the DHCP Server
Context
The configuration procedure varies according to the device type of the DHCP server. Therefore,
the configuration procedure is not described and only the configuration contents are provided.
NOTE
The DHCP server must support either Option 150 or Option 14x.
Procedure
lEnable DHCP server.
lConfigure an address pool, including the address range, gateway, and Option 150 (or Option
14x).
NOTE
Pay attention to the following points when configuring Option 150 or Option 14x:
l When new switches obtain configuration files through TFTP, the DHCP server must support
Option 150.
l When new switches obtain configuration files through FTP, the DHCP server must support
Option 141, Option 142, and Option 143.
l If both Option 150 and Option 14x are configured on the DHCP server, Option 150 takes
precedence over Option 14x.
l If you use ordinary characters to configure Option 150 or Option 143 on the DHCP server, the
Auto-Config module cannot recognize the IP address.
----End
Issue 01 (2011-07-15)Huawei Proprietary and Confidential
The configuration procedure varies according to the device type of the DHCP relay. Therefore,
the configuration procedure is not described and only the configuration contents are provided.
Procedure
lEnable DHCP relay.
lConfigure the upstream and downstream interfaces.
You need to configure the IP address and mask for the upstream interface and configure
the IP address, mask, and DHCP relay address for the downstream interface.
NOTE
You can temporarily set the IP address of the downstream interface on the same network segment
with the IP addresses of unconfigured switches, and then add the downstream interface to the
management VLAN in access mode.
----End
1.4.4 Configuring the FTP/TFTP Server
Context
The configuration procedure varies according to the device type of the FTP/TFTP server.
Therefore, the configuration procedure is not described and only the configuration contents are
provided.
Procedure
lSet the IP address of the FTP/TFTP server.
For an FTP server, the IP address must be the same as the value of Option 143 configured
on the DHCP server; for a TFTP server, the IP address must be the same as the value of
Option 150 configured on the DHCP server.
lCreate and configure an intermediate file.
The intermediate file is configured according to the MAC addresses of unconfigured
switches and the names of configuration files. For the format of the intermediate file, see
1.1 Overview.
lSave the intermediate file and configuration files to the working directory on the FTP/TFTP
server.
----End
1.4.5 Checking the Configuration
Prerequisite
The configurations of the DHCP server, DHCP relay, and FTP/TFTP server are complete.
Issue 01 (2011-07-15)Huawei Proprietary and Confidential
You can check different items in different phases in the Auto-Config process to confirm that
Auto-Config runs properly.
Procedure
Step 1 Five minutes after unconfigured switches are powered on, check address allocation on the DHCP
server to confirm that the switches are connected to the DHCP server.
NOTE
If the switches are connected to the DHCP server, you can log in to the switches through Telnet but do not
configure the switches.
Step 2 Five minutes after the switches obtain IP addresses, check the file downloading log on the FTP/
TFTP server or log in to the switches to confirm that correct configuration files have been
downloaded.
NOTE
Do not save a configuration file to a switch to be configured immediately after the configuration file is
downloaded; otherwise, only a temporary configuration file is saved because the configurations have not
taken effect.
Step 3 If the user has specified the activation delay, the configuration file will take effect after the delay.
If the user has not specified the activation delay, the configuration file will take effect
immediately by default. Then run the display current-configuration command to check
whether the configurations take effect.
NOTE
If you access the switch when it is busy delivering configurations in the Auto-Config process, the switch
may not respond in real time.
After the configurations take effect, modify the configuration of the downstream interface on the DHCP
relay as required.
----End
Issue 01 (2011-07-15)Huawei Proprietary and Confidential
Quidway S5700 Series Ethernet Switches
Configuration Guide - Device Management2 NAP Configuration
2 NAP Configuration
About This Chapter
This chapter describes how to configure the Neighbor Access Protocol (NAP) on the S5700.
2.1 NAP Overview
NAP is a Huawei proprietary protocol that implements remote configuration and deployment of
unconfigured devices. You can log in to an unconfigured device from a directly connected device
and configure the unconfigured device remotely through NAP.
2.2 Configuring NAP-based Remote Deployment
Using NAP, you can remotely log in to devices with empty configurations to implement remote
deployment.
2.3 Configuration Examples
This section provides upgrade and maintenance examples together with the configuration
flowchart. The configuration examples explain networking requirements, configuration notes,
and configuration roadmap.
Issue 01 (2011-07-15)Huawei Proprietary and Confidential
Quidway S5700 Series Ethernet Switches
Configuration Guide - Device Management2 NAP Configuration
2.1 NAP Overview
NAP is a Huawei proprietary protocol that implements remote configuration and deployment of
unconfigured devices. You can log in to an unconfigured device from a directly connected device
and configure the unconfigured device remotely through NAP.
Usually, a device is installed with only necessary software before delivery and no configuration
is made. Therefore, engineers must configure and commission new devices on site but cannot
log in to the devices remotely. This makes the deployment inconvenient and increases the costs
of project operation and delivery.
The Huawei Group Management Protocol (HGMP) implements remote configuration on Layer
2 networks and is applicable to Ethernet networks. NAP implements remote configuration on
Layer 3 networks. It establishes a temporary neighbor relationship between a configured device
and an unconfigured device that are directly connected through physical links. Then you can log
in to the unconfigured device from the configured device and configure the unconfigured device
remotely. NAP greatly reduces the costs of network operation, maintenance, and delivery.
2.2 Configuring NAP-based Remote Deployment
Using NAP, you can remotely log in to devices with empty configurations to implement remote
deployment.
Context
CAUTION
After the device with an empty configuration is powered on and started, you must make sure
that its interfaces connected to the devices on the current network are Up and support NAP;
otherwise, the function of NAP-based remote deployment cannot take effect.
2.2.1 Establishing the Configuration Task
Before configuring NAP-based remote deployment, familiarize yourself with the applicable
environment, complete the pre-configuration tasks, and obtain the required data. This can help
you complete the configuration task quickly and accurately.
Applicable Environment
To deploy devices having empty configurations, you can use NAP to perform remote login to
the devices from a device in the current network. In this manner, you can implement remote
deployment of devices.
Pre-configuration Tasks
Before configuring NAP-based remote deployment, complete the following tasks:
Issue 01 (2011-07-15)Huawei Proprietary and Confidential
Quidway S5700 Series Ethernet Switches
Configuration Guide - Device Management2 NAP Configuration
lConnecting the device having an empty configuration to a device in the current network
via a single hop by using network cables
lEnsuring that the interfaces connecting the device with an empty configuration and the
device in the current network are both in the Up state, and support NAP.
Data Preparation
NOTE
l If the IP addresses used for establishing NAP connections are to be manually configured, you need to
prepare the following data before configuring NAP.
l Conversely, if the IP addresses for establishing NAP connections are to be automatically configured,
you can skip this.
To configure NAP-based remote deployment, you need the following data.
No.Data
1Two primary IP addresses. The two IP addresses are primary IP addresses for the
master interface and the slave interface respectively, and should be on the same
network segment.
2Two secondary IP addresses. The two IP addresses are secondary IP addresses for
the master interface and the slave interface respectively, and should be on the same
network segment.
2.2.2 Configuring and Starting the NAP Master Interface
You can assign an IP address to the NAP master interface or use the IP address that is
automatically allocated by the system to start the NAP master interface.
Context
CAUTION
If commands affecting the IP address configuration or IP packet forwarding (such as
configurations and commands related to the VPN, Eth-Trunk, or Layer 2 interface) exist on
device of the master interface, NAP enabled on the master interface becomes unavailable. You
are recommended to delete these commands and re-enable NAP.
Do as follows on the switch to configure and start the NAP master interface.
In NAP, IP addresses can be allocated either automatically or manually.
Procedure
lAutomatic allocation of IP addresses
1.Run:
system-view
Issue 01 (2011-07-15)Huawei Proprietary and Confidential
Quidway S5700 Series Ethernet Switches
Configuration Guide - Device Management2 NAP Configuration
The system view is displayed.
2.Run:
interface interface-typeinterface-number
The interface view is displayed.
3.Run:
nap port master
The NAP Master interface is configured and started.
lManual IP address allocation
Two methods are available for manually allocating IP addresses. You can choose the
method according to actual needs.
You can specify the NAP IP address pool. Then, IP addresses are automatically allocated
to the IP address pool. To use this method, do as follows.
1.Run:
system-view
The system view is displayed.
2.Run:
nap ip-pool ip-addressmask-length
An IP address pool is configured for NAP.
The default IP address pool for establishing NAP connections is 10.167.253.0/24. You
can run the nap ip-pool ip-address mask-length command to change the IP address
pool.
NOTE
After NAP is started on the master device, the IP address pool cannot be changed.
3.Run:
interface interface-typeinterface-number
The interface view is displayed.
4.Run:
nap port master
The NAP Master interface is configured and started.
You can also specify the NAP IP addresses. To use this method, do as follows.
1.Run:
system-view
The system view is displayed.
2.Run:
interface interface-typeinterface-number
The interface view is displayed.
3.Run:
nap port master
The NAP master interface is configured and started.
4.Run:
nap local-ip mast-inter-mast-ip sub-ip mast-inter-sub-ip peer-ip subinter-mast-ip sub-ip sub-inter-sub-ip mask-length
Issue 01 (2011-07-15)Huawei Proprietary and Confidential
Quidway S5700 Series Ethernet Switches
Configuration Guide - Device Management2 NAP Configuration
IP addresses are configured for establishing NAP connections.
The default IP address pool for establishing NAP connections is 10.167.253.0/24.
When configuring IP addresses, ensure that the primary IP addresses of both the master
and the slave interfaces are on the same network segment, and that the secondary IP
addresses of both the master and the slave interfaces are on the same network segment.
----End
2.2.3 Remote Login
After the neighbor relationship is set up, you can log in to the NAP slave device from the NAP
master device.
Context
Using the display nap interface command, you can view the NAP status of an interface to
ensure that the interface is assigned a correct IP address.
Do as follows on the switch where the NAP master interface is configured.
Procedure
Step 1 Run:
Step 2 Run:
Step 3 Run:
system-view
The system view is displayed.
interface interface-typeinterface-number
The interface view is displayed.
nap login neighbor
The login to the slave device from the master device is performed.
l If the slave device has an empty configuration, you can log in to the slave device from the
master device without a user name and a password.
l If, however, the slave device is configured with user name(s) and password(s), you must
enter the correct user name and password to perform a NAP-based remote login to the slave
device.
NOTE
To ensure security for NAP, the slave device having an empty configuration checks the source address of
the Telnet login. If the Telnet source address is the NAP address of the master device that is telnetting to
the slave device, the slave device allows the master device to directly log in without being authenticated.
This is because by default, the user level of the remote login based on the NAP address is the same as the
login through the console interface, which enjoys the highest user level. If the Telnet source address is not
the NAP address of the master device, the remote login fails.
If ip source check user-bind enable command is executed on an interface, the interface cannot connect
to the NAP neighbor.
----End
Issue 01 (2011-07-15)Huawei Proprietary and Confidential
Quidway S5700 Series Ethernet Switches
Configuration Guide - Device Management2 NAP Configuration
2.2.4 Disabling NAP on the Slave Device
If the NAP function is no longer required, you need to disable NAP on the slave interface of the
slave device.
Context
The master device has logged in to the slave device through Telnet. The NAP function is no
longer required, and to ensure security of the network, NAP should be globally disabled on the
slave interface of the slave device.
Do as follows on the switch that is configured as the NAP slave device.
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
undo nap slave enable
NAP is disabled on the slave device.
----End
2.2.5 Checking the Configuration
After configuring NAP-based remote deployment, you can view the NAP status globally or on
a specified interface.
Prerequisite
NAP-based remote deployment has been completed.
Procedure
Step 1 Using the display nap status command, you can view the current NAP status.
Step 2 Using the display nap interface [ interface-type interface-number ] command, you can view
the NAP status of the specified interface.
----End
Example
Run the display nap status command to view the current NAP status.
<Quidway> display nap status
Slave port status : Enable
Nap ip-pool/Mask : 12.12.12.0/24
Run the display nap interface interface-type interface-number command to view the NAP status
of the specified interface.
<Quidway> display nap interface gigabitethernet0/0/1
Issue 01 (2011-07-15)Huawei Proprietary and Confidential
Quidway S5700 Series Ethernet Switches
Configuration Guide - Device Management2 NAP Configuration
lIf the interface is not assigned an IP address, the following information is displayed.
----------------------------------------------------- NAP master port list:
Port count : 2
----------------------------------------------------- Port property : Master
Current status : DETECTING
Local port : GigabitEthernet0/0/1
Peer port : GigabitEthernet0/0/1
Local primary ip : NULL
Peer primary ip : NULL
Local secondary ip : NULL
Peer secondary ip : NULL
Hello time : 3s
Linked time : 00:00:00
----------------------------------------------------- Port property : Master
Current status : DETECTING
Local port : GigabitEthernet0/0/2
Peer port : GigabitEthernet0/0/2
Local primary ip : NULL
Peer primary ip : NULL
Local secondary ip : NULL
Peer secondary ip : NULL
Hello time : 3s
Linked time : 00:00:00
lIf the interface is assigned an IP address, the following information is displayed.
----------------------------------------------------- NAP master port list :
Port count : 2
----------------------------------------------------- Port property : Master
Current status : IP-ASSIGNED
Local port : GigabitEthernet0/0/1
Peer port : GigabitEthernet0/0/1
Local primary ip : 12.12.12.5
Peer primary ip : 12.12.12.6
Local secondary ip : 12.12.12.9
Peer secondary ip : 12.12.12.10
Hello time : 3s
Linked time : 00:09:12
----------------------------------------------------- Port property : Master
Current status : IP-ASSIGNED
Local port : GigabitEthernet0/0/2
Peer port : GigabitEthernet0/0/2
Local primary ip : 10.10.10.5
Peer primary ip : 10.10.10.6
Local secondary ip : 10.10.10.9
Peer secondary ip : 10.10.10.10
Hello time : 3s
Linked time : 00:03:41
This section provides upgrade and maintenance examples together with the configuration
flowchart. The configuration examples explain networking requirements, configuration notes,
and configuration roadmap.
Issue 01 (2011-07-15)Huawei Proprietary and Confidential
Quidway S5700 Series Ethernet Switches
Configuration Guide - Device Management2 NAP Configuration
2.3.1 Example for Configuring NAP-based Remote Deployment in
Static Mode
In this example, the temporary neighbor relationship is set up between the switch and the device
with the empty configuration and IP addresses are assigned to the switch and the device to
implement remote deployment in manual mode.
Networking Requirements
As shown in Figure 2-1, the user needs to perform a remote login to Switch B from Switch A.
Switch B is the master device, and temporary neighbor relationship is to be set up between
Switch B and Switch C having an empty configuration. Switch B and Switch C need to be directly
connected via a single hop. Both the interfaces connecting Switch B and Switch C should be in
the Up state, and should support NAP.
Figure 2-1 Networking diagram of NAP-based remote deployment
Configuration Roadmap
The configuration roadmap is as follows:
1.Configure a NAP master interface on Switch B.
2.Configure an IP address for establishing a NAP connection on Switch B.
3.Use NAP to log in to Switch C from Switch B by means of Telnet.
Data Preparation
To complete the configuration, you need the following data:
lTwo primary IP addresses. The two IP addresses are primary IP addresses for the master
interface and the slave interface respectively, and should be on the same network segment.
lTwo secondary IP addresses. The two IP addresses are secondary IP addresses for the
master interface and the slave interface respectively, and should be on the same network
segment.
Procedure
Step 1 Configure a NAP master interface on Switch B
<Quidway> system-view
[Quidway] sysname SwitchB
[SwitchB] interface gigabitethernet0/0/1
[SwitchB-GigabitEthernet0/0/1] nap port master
Step 2 Configure an IP address for establishing a NAP connection on Switch B
Issue 01 (2011-07-15)Huawei Proprietary and Confidential
Quidway S5700 Series Ethernet Switches
Configuration Guide - Device Management2 NAP Configuration
[SwitchB-GigabitEthernet0/0/1] nap local-ip 12.12.12.5 sub-ip 12.12.12.9 peer-ip
12.12.12.6 sub-ip 12.12.12.10 30
Are you sure to continue?[Y/N] y
# After the preceding configuration is complete, run the display nap status command on
Switch B. You can view that NAP has been enabled on Switch B. Then, run the display napinterface command. You can view that the primary and secondary IP addresses have been
assigned to the master and slave interfaces. For example:
[SwitchB-GigabitEthernet0/0/1] display nap status
Slave port status : Enable
Nap ip-pool/Mask : 10.167.253.0/24
[SwitchB-GigabitEthernet0/0/1] display nap interface
----------------------------------------------------- NAP master port list
Port count : 1
----------------------------------------------------- Port property : Master
Current status : IP-ASSIGNED
Local port : GigabitEthernet0/0/1
Peer port : GigabitEthernet0/0/1
Local primary ip : 12.12.12.5
Peer primary ip : 12.12.12.6
Local secondary ip : 12.12.12.9
Peer secondary ip : 12.12.12.10
Hello time : 3s
Linked time : 00:02:33
Step 3 Log in to the slave device from the master device.
# Configure Switch B.
[SwitchB-GigabitEthernet0/0/1] nap login neighbor
Trying 12.12.12.10 ...
Press CTRL+K to abort
Connected to 12.12.12.10 ...
Info: The max number of VTY users is 10, and the number
of current VTY users on line is 1.
Step 4 Disable NAP on the slave device.
# Configure Switch C.
<Quidway> system-view
[Quidway] sysname SwitchC
[SwitchC] undo nap slave enable
----End
Configuration Files
None
2.3.2 Example for Configuring NAP-based Remote Deployment in
Automatic Mode
In this example, the temporary neighbor relationship is set up between a switch and another
switch that has the empty configuration to implement remote deployment in automatic mode.
Networking Requirements
As shown in Figure 2-2, the user needs to perform a remote login to Switch B from Switch A.
Switch B is the master device, and temporary neighbor relationship is to be set up between
Issue 01 (2011-07-15)Huawei Proprietary and Confidential