No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

S12700 Series Agile Switches Typical Configuration Examples

This document provides examples for configuring features in typical usage scenarios.
Rate and give feedback :
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Example for Configuring ACU2 and NGFW on Switches

Example for Configuring ACU2 and NGFW on Switches

Background

When a switch on the live network has both ACU2 and NGFW configured, redirection needs to be configured to ensure correct forwarding for the upstream and downstream traffic of STAs. In addition, the wireless traffic entering and leaving the switch must be processed according to the policies configured on NGFW.

Configuration Notes

On the NGFW side, two fixed internal Ethernet interfaces are GE1/0/0 and GE1/0/1. On the switch side, the internal Ethernet interface numbers depend on the slot ID of the NGFW module. For example, when the NGFW module is installed in slot 1, the interface numbers are XGE1/0/0 and XGE1/0/1.

On the ACU2 side, two fixed internal Ethernet interfaces are XGE0/0/1 and XGE0/0/2. On the switch side, the internal Ethernet interface numbers depend on the slot ID of the ACU2. For example, when the ACU2 is installed in slot 2, the interface numbers are XGE2/0/0 and XGE2/0/1.

Table 2-24 lists the products and versions to which this configuration example is applicable.
Table 2-24  Applicable products and versions
Product Model Software Version

S12700

V200R007 and V200R008
ACU2 V200R005C10 and V200R005C20
NGFW module V100R001C10 and later versions

Networking Requirements

Two switches are located on the network shown in Figure 2-25. Switch_1 has NGFW and ACU2 configured. Traffic policies are configured on NGFW.

The customer wants to use ACU2 to manage the wireless network, providing stable wireless service to STAs.

Figure 2-25  Configuring ACU2 and NGFW on switches

Data Plan

Table 2-25, Table 2-26, and Table 2-27 provide the data plan.
Table 2-25  Eth-Trunk
Device

Interface Number

Member Interfaces

Switch_2

Eth-trunk0

XGE0/0/1

XGE0/0/2

Switch_1

Eth-trunk0

XGE3/0/2

XGE3/0/3

Eth-trunk1

XGE2/0/0

XGE2/0/1

ACU2_1

Eth-trunk1

XGE0/0/1

XGE0/0/2

Table 2-26  VLAN

Device

Data

Remarks

Switch_2

Eth-trunk0: transparently transmits the packets from VLAN 42.

Connected to Switch_1.

GE0/0/1: VLAN 42

Connected to AP.

Switch_1

Eth-trunk0: transparently transmits the packets from VLAN 42.

Connected to Switch_2.

Eth-trunk1: transparently transmits the packets from VLAN 42, VLAN 428.

Connected to ACU2_1.

XGE1/0/0: transparently transmits the packets from VLAN 428.

Connected to NGFW_1.

XGE1/0/1: transparently transmits the packets from VLAN 428.

Connected to NGFW_1.

XGE3/0/1: transparently transmits the packets from VLAN 428.

Connected to an upper-layer device.

ACU2_1

Eth-trunk1: transparently transmits the packets from VLAN 42, VLAN 428.

Connected to Switch_1.

NGFW_1

XGE1/0/0: transparently transmits the packets from VLAN 428.

Connected to Switch_1.

XGE1/0/1: transparently transmits the packets from VLAN 428.

Connected to Switch_1.

Table 2-27  IP Addresses

Device

Data

Remarks

ACU2_1

VLANIF428: 172.16.29.1/24

Configure VLANIF 428 to assign IP addresses to STAs.

VLANIF42: 172.18.255.240/24

Configure VLANIF 42 as the CAPWAP source address.

Configuration Roadmap

The configuration roadmap is as follows:

  1. Configure Eth-Trunk on each switch and add interfaces to VLANs. Configure the interfaces connecting Switch_2 to the DHCP server and AP to implement network connectivity.

  2. Implement connections between ACU2 and Switch_1.

  3. Implement connections between NGFW and Switch_1.

  4. Configure wireless service on ACU2. Wireless service traffic is forwarded through tunnels, and ACU2_1 functions as a DHCP server to assign IP addresses to APs and STAs.

  5. Configure traffic policies on each interface of Switch_1 and Switch_2 to ensure that STAs can successfully go online. The configurations include:
    • Configure a redirection policy for the inbound traffic on Eth-Trunk 1, which is the internal interface between switch and ACU2, to redirect the upstream wireless traffic to XGE1/0/1, which is the internal interface between switch and NGFW. When traffic is forwarded from NGFW to XGE1/0/0, the traffic matches the inbound redirection policy again, and is forwarded to upstream interface XGE3/0/1.
    • Configure a redirection policy for the inbound traffic on XGE3/0/1 to redirect the downstream wireless traffic to XGE1/0/0, which is the internal interface between switch and NGFW. When traffic is forwarded from NGFW to XGE1/0/1, the traffic matches the inbound redirection policy again, and is forwarded to Eth-Trunk 0, which is the internal interface between switch and ACU2.

Procedure

  1. Configure Eth-Trunks between Switch_1 and Switch_2.

    # Configure Switch_1.

    <HUAWEI> system-view
    [HUAWEI] sysname Switch_1
    [Switch_1] vlan batch 42 428
    [Switch_1] interface Eth-Trunk 0
    [Switch_1-Eth-Trunk0] port link-type trunk
    [Switch_1-Eth-Trunk0] port trunk allow-pass vlan 42
    [Switch_1-Eth-Trunk0] quit
    [Switch_1] interface XGigabitEthernet 3/0/2
    [Switch_1-XGigabitEthernet3/0/2] eth-trunk 0
    [Switch_1-XGigabitEthernet3/0/2] quit
    [Switch_1] interface XGigabitEthernet 3/0/3
    [Switch_1-XGigabitEthernet3/0/3] eth-trunk 0
    [Switch_1-XGigabitEthernet3/0/3] quit
    

    # Configure the connection between Switch_1 and upper-layer device.

    [Switch_1] interface XGigabitEthernet 3/0/1
    [Switch_1-XGigabitEthernet0/0/1] port link-type trunk
    [Switch_1-XGigabitEthernet0/0/1] port trunk allow-pass vlan 428
    [Switch_1-XGigabitEthernet0/0/1] quit
    

    # Configure Eth-trunk0 between Switch_2 and Switch_1.

    <HUAWEI> system-view
    [HUAWEI] sysname Switch_2
    [Switch_2] vlan batch 42 428
    [Switch_2] interface Eth-Trunk 0
    [Switch_2-Eth-Trunk0] port link-type trunk
    [Switch_2-Eth-Trunk0] port trunk allow-pass vlan 42
    [Switch_2-Eth-Trunk0] quit
    [Switch_2] interface XGigabitEthernet 0/0/1
    [Switch_2-XGigabitEthernet0/0/1] eth-trunk 0
    [Switch_2-XGigabitEthernet0/0/1] quit
    [Switch_2] interface XGigabitEthernet 0/0/2
    [Switch_2-XGigabitEthernet0/0/2] eth-trunk 0
    [Switch_2-XGigabitEthernet0/0/2] quit
    

    # Configure the interfaces between Switch_2 and AP.

    [Switch_2] interface GigabitEthernet 0/0/1
    [Switch_2-GigabitEthernet0/0/1] port link-type trunk
    [Switch_2-GigabitEthernet0/0/1] port trunk pvid vlan 42
    [Switch_2-GigabitEthernet0/0/1] port trunk allow-pass vlan 42
    [Switch_2-GigabitEthernet0/0/1] quit
    

  2. Configure Eth-Trunks between Switch_1 and ACU2.

    # Configure Switch_1.

    [Switch_1] interface Eth-Trunk 1
    [Switch_1-Eth-Trunk1] port link-type trunk
    [Switch_1-Eth-Trunk1] port trunk allow-pass vlan 42 428
    [Switch_1-Eth-Trunk1] quit
    [Switch_1] interface XGigabitEthernet 2/0/0 //Switch_1 connects to ACU2 through XGE2/0/0 and XGE2/0/1. The first digit 2 indicates that ACU2 is installed in slot 2 on Switch_1.
    [Switch_1-XGigabitEthernet2/0/0] eth-trunk 1
    [Switch_1-XGigabitEthernet2/0/0] quit
    [Switch_1] interface XGigabitEthernet 2/0/1
    [Switch_1-XGigabitEthernet2/0/1] eth-trunk 1
    [Switch_1-XGigabitEthernet2/0/1] quit
    

    # Configure ACU2_1 on Switch_1.

    <HUAWEI> system-view
    [HUAWEI] sysname ACU2_1
    [ACU2_1] vlan batch 42 428
    [ACU2_1] interface eth-trunk 1
    [ACU2_1-Eth-Trunk1] port link-type trunk
    [ACU2_1-Eth-Trunk1] port trunk allow-pass vlan 42 428
    [ACU2_1-Eth-Trunk1] quit
    [ACU2_1] interface XGigabitEthernet0/0/1
    [ACU2_1-XGigabitEthernet0/0/0] eth-trunk 1
    [ACU2_1-XGigabitEthernet0/0/0] quit
    [ACU2_1] interface XGigabitEthernet0/0/2
    [ACU2_1-XGigabitEthernet0/0/1] eth-trunk 1
    [ACU2_1-XGigabitEthernet0/0/1] quit
    

  3. Configure the interfaces connecting Switch_1 to NGFW.

    # Configure Switch_1.

    [Switch_1] interface XGigabitEthernet 1/0/0
    [Switch_1-XGigabitEthernet1/0/0] port link-type trunk
    [Switch_1-XGigabitEthernet1/0/0] mac-address learning disable
    [Switch_1-XGigabitEthernet1/0/0] port trunk allow-pass vlan 428
    [Switch_1-XGigabitEthernet1/0/0] stp disable
    [Switch_1-XGigabitEthernet1/0/0] carrier up-hold-time 10000
    [Switch_1-XGigabitEthernet1/0/0] am isolate XGigabitEthernet1/0/1
    [Switch_1-XGigabitEthernet1/0/0] quit
    [Switch_1] interface XGigabitEthernet 1/0/1
    [Switch_1-XGigabitEthernet1/0/1] port link-type trunk
    [Switch_1-XGigabitEthernet1/0/1] mac-address learning disable
    [Switch_1-XGigabitEthernet1/0/1] port trunk allow-pass vlan 428
    [Switch_1-XGigabitEthernet1/0/1] stp disable
    [Switch_1-XGigabitEthernet1/0/1] carrier up-hold-time 10000
    [Switch_1-XGigabitEthernet1/0/1] am isolate XGigabitEthernet1/0/0
    [Switch_1-XGigabitEthernet1/0/1] quit
    

    Configure NGFW_1 on Switch_1.

    <HUAWEI> system-view
    [HUAWEI] sysname NGFW_1
    [NGFW_1] vlan batch 428
    [NGFW_1] interface GigabitEthernet1/0/0
    [NGFW_1-GigabitEthernet1/0/0] portswitch
    [NGFW_1-GigabitEthernet1/0/0] port link-type trunk
    [NGFW_1-GigabitEthernet1/0/0] undo port trunk permit vlan 1
    [NGFW_1-GigabitEthernet1/0/0] port trunk permit vlan 428
    [NGFW_1-GigabitEthernet1/0/0] quit
    [NGFW_1] interface GigabitEthernet1/0/1
    [NGFW_1-GigabitEthernet1/0/1] portswitch
    [NGFW_1-GigabitEthernet1/0/1] port link-type trunk
    [NGFW_1-GigabitEthernet1/0/1] undo port trunk permit vlan 1
    [NGFW_1-GigabitEthernet1/0/1] port trunk permit vlan 428
    [NGFW_1-GigabitEthernet1/0/1] quit
    [NGFW_1] pair-interface 1 GigabitEthernet1/0/0 GigabitEthernet1/0/1  //Add the two interfaces into an interface group. Traffic entering an interface is sent out through a fixed interface, without the need of looking up the routing or MAC address table.
    

    # Add the interfaces on NGFW_1 to the security zone.

    [NGFW_1] firewall zone trust
    [NGFW_1-zone-trust] add interface GigabitEthernet1/0/1
    [NGFW_1-zone-trust] quit
    [NGFW_1] firewall zone untrust
    [NGFW_1-zone-untrust] add interface GigabitEthernet1/0/0
    [NGFW_1-zone-untrust] quit
    
    # Configure an IPSec policy.
    NOTE:
    To facilitate verification, all packets within VLAN 428 are allowed in this example. Modify the IPSec policy after verification if necessary.
    [NGFW_1] security-policy
    [NGFW_1-policy-security] rule name policy1
    [NGFW_1-policy-security-rule-policy1] source-zone trust
    [NGFW_1-policy-security-rule-policy1] destination-zone untrust
    [NGFW_1-policy-security-rule-policy1] action permit
    [NGFW_1-policy-security-rule-policy1] quit
    [NGFW_1-policy-security] rule name policy2
    [NGFW_1-policy-security-rule-policy2] source-zone untrust
    [NGFW_1-policy-security-rule-policy2] destination-zone trust
    [NGFW_1-policy-security-rule-policy2] action permit
    [NGFW_1-policy-security-rule-policy2] quit
    [NGFW_1-policy-security] quit
    

  4. Configure wireless service on ACU2.

    # Configure ACU2_1 to assign IP addresses to APs and STAs.

    [ACU2_1] dhcp enable
    [ACU2_1] interface Vlanif42
    [ACU2_1-Vlanif42] ip address 172.18.255.240 255.255.255.0
    [ACU2_1-Vlanif42] dhcp select interface
    [ACU2_1-Vlanif42] quit
    [ACU2_1] interface Vlanif428
    [ACU2_1-Vlanif428] ip address 172.16.29.1 255.255.255.0
    [ACU2_1-Vlanif428] dhcp select interface
    [ACU2_1-Vlanif428] quit
    

    # Configure the country code.

    [ACU2_1] wlan ac-global country-code cn
    Warning: Modifying the country code will clear channel configurations of the AP radio using the country code and reset the AP. If the new country code does not support the radio, all configurations of the radio are cleared. Continue?[Y/N]:y

    # Configure the AC ID and carrier ID.

    [ACU2_1] wlan ac-global ac id 1 carrier id other
    Warning: Modify the carrier ID or AC ID may cause all of the AP offline, continue?[Y/N]:y

    # Configure the source interface on ACU2_1.

    [ACU2_1] capwap source interface vlanif42  

    # Configure basic WLAN services.

    [ACU2_1] wlan
    [ACU2_1-wlan-view] ap-auth-mode mac-auth
    [ACU2_1-wlan-view] ap id 1 type-id 19 mac 9c37-f48c-0c40
    [ACU2_1-wlan-ap-0] quit
    [ACU2_1-wlan-view] ap-region id 0
    [ACU2_1-wlan-ap-region-0] quit
    [ACU2_1-wlan-view] ap id 1
    [ACU2_1-wlan-ap-1] region-id 0
    [ACU2_1-wlan-ap-1] quit
    [ACU2_1-wlan-view] wmm-profile name wmm id 1
    [ACU2_1-wlan-wmm-prof-wmm] quit
    [ACU2_1-wlan-view] radio-profile name radio id 1
    [ACU2_1-wlan-radio-prof-radio] wmm-profile name wmm
    [ACU2_1-wlan-radio-prof-radio] quit
    [ACU2_1-wlan-view] quit
    [ACU2_1] interface wlan-ess 1
    [ACU2_1-Wlan-Ess1] port hybrid pvid vlan 428
    [ACU2_1-Wlan-Ess1] port hybrid untagged vlan 428
    [ACU2_1-Wlan-Ess1] quit
    [ACU2_1] wlan
    [ACU2_1-wlan-view] security-profile name security id 1
    [ACU2_1-wlan-sec-prof-security] quit
    [ACU2_1-wlan-view] traffic-profile name traffic id 1
    [ACU2_1-wlan-traffic-prof-traffic] quit
    [ACU2_1-wlan-view] service-set name huawei id 1
    [ACU2_1-wlan-service-set-huawei] ssid huawei
    [ACU2_1-wlan-service-set-huawei] wlan-ess 1
    [ACU2_1-wlan-service-set-huawei] security-profile name security
    [ACU2_1-wlan-service-set-huawei] traffic-profile name traffic
    [ACU2_1-wlan--huawei] service-vlan 428
    [ACU2_1-wlan-service-set-huawei] forward-mode tunnel
    [ACU2_1-wlan-service-set-huawei] quit
    [ACU2_1-wlan-view] ap 1 radio 0
    [ACU2_1-wlan-radio-0/0] radio-profile name radio
    [ACU2_1-wlan-radio-0/0] service-set name huawei
    [ACU2_1-wlan-radio-0/0] quit
    [ACU2_1-wlan-view] commit ap 1
    [ACU2_1-wlan-view] quit

  5. Configure traffic policies on each interface of Switch_1.

    # Configure a traffic classifier.

    [Switch_1] traffic classifier service_vlan operator or precedence 50
    [Switch_1-classifier-service_vlan] if-match vlan-id 428  //Configure a traffic classifier to match wireless service VLAN.
    [Switch_1-classifier-service_vlan] quit

    # Configure a traffic behavior.

    [Switch_1] traffic behavior Redirect_to_XGE3/0/1
    [Switch_1-behavior-Redirect_to_XGE3/0/1] permit
    [Switch_1-behavior-Redirect_to_XGE3/0/1] redirect interface XGigabitEthernet3/0/1
    [Switch_1-behavior-Redirect_to_XGE3/0/1] quit
    [Switch_1] traffic behavior Redirect_to_ETH1
    [Switch_1-behavior-Redirect_to_ETH1] permit
    [Switch_1-behavior-Redirect_to_ETH1] redirect interface Eth-Trunk1
    [Switch_1-behavior-Redirect_to_ETH1] quit
    [Switch_1] traffic behavior Redirect_to_XGE1/0/0
    [Switch_1-behavior-Redirect_to_XGE1/0/0] permit
    [Switch_1-behavior-Redirect_to_XGE1/0/0] redirect interface XGigabitEthernet1/0/0
    [Switch_1-behavior-Redirect_to_XGE1/0/0] quit
    [Switch_1] traffic behavior Redirect_to_XGE1/0/1
    [Switch_1-behavior-Redirect_to_XGE1/0/1] permit
    [Switch_1-behavior-Redirect_to_XGE1/0/1] redirect interface XGigabitEthernet1/0/1
    [Switch_1-behavior-Redirect_to_XGE1/0/1] quit

    # Configure traffic policies.

    [Switch_1] traffic policy Redirect_to_XGE3/0/1 match-order config
    [Switch_1-trafficpolicy-Redirect_to_XGE3/0/1] classifier service_vlan behavior Redirect_to_XGE3/0/1
    [Switch_1-trafficpolicy-Redirect_to_XGE3/0/1] quit
    [Switch_1]traffic policy Redirect_to_ETH1 match-order config
    [Switch_1-trafficpolicy-Redirect_to_ETH1] classifier service_vlan behavior Redirect_to_ETH1
    [Switch_1-trafficpolicy-Redirect_to_ETH1] quit
    [Switch_1] traffic policy Redirect_to_XGE1/0/0 match-order config
    [Switch_1-trafficpolicy-Redirect_to_XGE1/0/0] classifier service_vlan behavior Redirect_to_XGE1/0/0
    [Switch_1-trafficpolicy-Redirect_to_XGE1/0/0] quit
    [Switch_1]traffic policy Redirect_to_XGE1/0/1 match-order config
    [Switch_1-trafficpolicy-Redirect_to_XGE1/0/1] classifier service_vlan behavior Redirect_to_XGE1/0/1
    [Switch_1-trafficpolicy-Redirect_to_XGE1/0/1] quit

    # Apply a traffic policy to Eth-Trunk 1.

    [Switch_1] interface Eth-Trunk1
    [Switch_1-Eth-Trunk1] traffic-policy Redirect_to_XGE1/0/1 inbound  //Redirect wireless service traffic forwarded by ACU2 to XGE1/0/1 of Switch_1. This interface connects to GE1/0/1 of NGFW_1.
    [Switch_1-Eth-Trunk1] quit

    # Apply a traffic policy to XGE1/0/0.

    [Switch_1] interface XGigabitEthernet 1/0/0
    [Switch_1-XGigabitEthernet1/0/0] traffic-policy Redirect_to_XGE3/0/1 inbound  //Redirect the wireless traffic forwarded by NGFW to XGE3/0/1.
    [Switch_1-XGigabitEthernet1/0/0] quit

    # Apply a traffic policy to XGE3/0/1.

    [Switch_1] interface XGigabitEthernet 3/0/1
    [Switch_1-Eth-Trunk0] traffic-policy Redirect_to_XGE1/0/0 inbound  //Redirect downstream wireless traffic to XGE1/0/0 of Switch_1. This interface connects to GE1/0/0 of NGFW_1.
    [Switch_1-Eth-Trunk0] quit

    # Apply a traffic policy to XGE1/0/1.

    [Switch_1] interface XGigabitEthernet 1/0/1
    [Switch_1-XGigabitEthernet1/0/1] traffic-policy Redirect_to_ETH1 inbound  //Redirect wireless service traffic forwarded by NGFW to Eth-Trunk1 of Switch_1. This interface connects to Eth-Trunk1 of ACU2_1.
    [Switch_1-XGigabitEthernet1/0/1] quit

  6. Verify the configuration.

    # Check the configurations on Switch_1.

    <Switch_1> display device
    S12708's Device status:
    Slot  Sub Type         Online    Power      Register       Status     Role
    -------------------------------------------------------------------------------
    1     -   ET1D2FW00S00 Present   PowerOn    Registered     Normal     NA
    2     -   ACU2         Present   PowerOn    Registered     Normal     NA
    7     -   ET1D2G24SEC0 Present   PowerOn    Registered     Normal     NA
    9     -   ET1D2MPUA000 Present   PowerOn    Registered     Normal     Master
    10    -   ET1D2MPUA000 Present   PowerOn    Registered     Normal     Slave
    11    -   ET1D2SFUD000 Present   PowerOn    Registered     Normal     NA
    13    -   ET1D2SFUD000 Present   PowerOn    Registered     Normal     NA
          1   ET1D2VS08000 Present   PowerOn    Registered     Normal     NA
    14    -   ET1D2SFUD000 Offline   PowerOn    Registered     Normal     NA
    PWR1  -   -            Present   PowerOn    Registered     Normal     NA
    PWR2  -   -            Present   PowerOn    Registered     Normal     NA
    CMU1  -   EH1D200CMU00 Present   PowerOn    Registered     Normal     Master
    FAN1  -   -            Present   PowerOn    Registered     Abnormal   NA
    FAN2  -   -            Present   PowerOn    Registered     Normal     NA
    FAN3  -   -            Present   PowerOn    Registered     Normal     NA
    FAN4  -   -            Present   PowerOn    Registered     Normal     NA
    

    # Check that the Eth-Trunk 1 status between ACU2 and Switch_1 is normal.

    <ACU2_1> display interface brief | include up
    PHY: Physical
    *down: administratively down
    (l): loopback
    (s): spoofing
    (b): BFD down
    (e): ETHOAM down
    InUti/OutUti: input utility/output utility
    Interface                   PHY   Protocol  InUti OutUti   inErrors  outErrors
    Eth-Trunk1                  up    up        0.01%  0.01%          0          0
      XGigabitEthernet0/0/1     up    up        0.01%  0.01%          0          0
      XGigabitEthernet0/0/2     up    up           0%     0%          0          0

    # After an AP is powered on, check that the AP status is normal.

    <ACU2_1> display ap all
      All AP information:
      Normal[1],Fault[0],Commit-failed[0],Committing[0],Config[0],Download[0]
      Config-failed[0],Standby[0],Type-not-match[0],Ver-mismatch[0]
      ------------------------------------------------------------------------------
      AP    AP               AP              Profile   AP              AP
                                             /Region
      ID    Type             MAC             ID        State           Sysname
      ------------------------------------------------------------------------------
      1     AP6010DN-AGN     9c37-f48c-0c40    0/0     normal          ap-1
      ------------------------------------------------------------------------------
      Total number: 1,printed: 1

    # Check that the STAs are online.

    <ACU2_1> display access-user
     ----------------------------------------------------------------------------------------------- 
     UserID Username                       IP address                MAC            Status 
     -----------------------------------------------------------------------------------------------
     68     986cf56f7e20                   172.16.29.254               986c-f56f-7e20 Success 
     -----------------------------------------------------------------------------------------------
     Total: 1, printed: 1

    # Check that traffic statistics on each interface of Switch_1 are correct.

    <Switch_1> display interface Eth-Trunk0
    Eth-Trunk0 current state : UP
    Line protocol current state : UP
    Description: to Core
    Switch Port, Link-type : trunk(configured),
    PVID :    1, Hash arithmetic : According to SIP-XOR-DIP,Maximal BW:40G, Current BW: 40G, The Maximum Frame Length is 9216
    IP Sending Frames' Format is PKTFMT_ETHNT_2, Hardware address is d4b1-10b3-2bde
    Current system time: 2016-03-12 17:16:08
    Last 300 seconds input rate 5128 bits/sec, 5 packets/sec
    Last 300 seconds output rate 7184 bits/sec, 6 packets/sec
    Input:  996134 packets, 122502357 bytes
      Unicast:                     871023,  Multicast:                       17723
      Broadcast:                   107988,  Jumbo:                               0
      Discard:                          0,  Pause:                               0
      Frames:                           0
    
      Total Error:                      0
      CRC:                              0,  Giants:                              0
      Jabbers:                          0,  Fragments:                           0
      Runts:                            0,  DropEvents:                          0
      Alignments:                       0,  Symbols:                             0
      Ignoreds:                         0,  Frames:                              0
    
    Output:  1085606 packets, 134379838 bytes
      Unicast:                     309565,  Multicast:                      343925
      Broadcast:                   432116,  Jumbo:                               0
      Discard:                          0,  Pause:                               0
    
      Total Error:                      0
      Collisions:                       0,  ExcessiveCollisions:                 0
      Late Collisions:                  0,  Deferreds:                           0
      Buffers Purged:                   0
    
        Input bandwidth utilization  :    0%
        Output bandwidth utilization :    0%
    -----------------------------------------------------
    PortName                      Status      Weight
    -----------------------------------------------------
    XGigabitEthernet3/0/2         UP          1
    XGigabitEthernet3/0/3         UP          1
    -----------------------------------------------------
    The Number of Ports in Trunk : 2
    The Number of UP Ports in Trunk : 2
    <Switch_1> display interface Eth-Trunk1
    Eth-Trunk0 current state : UP
    Line protocol current state : UP
    Description: to ACU_1 Slot2
    Switch Port, Link-type : trunk(configured),
    PVID :    1, Hash arithmetic : According to SIP-XOR-DIP,Maximal BW:40G, Current BW: 40G, The Maximum Frame Length is 9216
    IP Sending Frames' Format is PKTFMT_ETHNT_2, Hardware address is d4b1-10b3-2bde
    Current system time: 2016-03-12 17:16:09
    Last 300 seconds input rate 5608 bits/sec, 4 packets/sec
    Last 300 seconds output rate 6480 bits/sec, 4 packets/sec
    Input:  1046610 packets, 131462045 bytes
      Unicast:                     568448,  Multicast:                       41189
      Broadcast:                   433973,  Jumbo:                             333
      Discard:                          0,  Pause:                               0
      Frames:                           0
    
      Total Error:                      0
      CRC:                              0,  Giants:                              0
      Jabbers:                          0,  Fragments:                           0
      Runts:                            0,  DropEvents:                          0
      Alignments:                       0,  Symbols:                             0
      Ignoreds:                         0,  Frames:                              0
    
    Output:  1603637 packets, 226275601 bytes
      Unicast:                    1114078,  Multicast:                      381346
      Broadcast:                   108213,  Jumbo:                               0
      Discard:                          0,  Pause:                               0
    
      Total Error:                      0
      Collisions:                       0,  ExcessiveCollisions:                 0
      Late Collisions:                  0,  Deferreds:                           0
      Buffers Purged:                   0
    
        Input bandwidth utilization  :    0%
        Output bandwidth utilization :    0%
    -----------------------------------------------------
    PortName                      Status      Weight
    -----------------------------------------------------
    XGigabitEthernet2/0/0         UP          1
    XGigabitEthernet2/0/1         UP          1
    -----------------------------------------------------
    The Number of Ports in Trunk : 2
    The Number of UP Ports in Trunk : 2

Configuration Files

  • Switch_1 configuration file

    #
    sysname Switch_1
    #
    vlan batch  42 428 
    #
    traffic classifier service_vlan operator or precedence 50
     if-match vlan-id 428
    #
    traffic behavior Redirect_to_XGE3/0/1
     permit
     redirect interface XGigabitEthernet3/0/1
    traffic behavior Redirect_to_ETH1
     permit
     redirect interface Eth-Trunk1
    traffic behavior Redirect_to_XGE1/0/0
     permit
     redirect interface XGigabitEthernet1/0/0
    traffic behavior Redirect_to_XGE1/0/1
     permit
     redirect interface XGigabitEthernet1/0/1
    #
    traffic policy Redirect_to_XGE3/0/1 match-order config
     classifier service_vlan behavior Redirect_to_XGE3/0/1
    traffic policy Redirect_to_ETH1 match-order config
     classifier service_vlan behavior Redirect_to_ETH1
    traffic policy Redirect_to_XGE1/0/0 match-order config
     classifier service_vlan behavior Redirect_to_XGE1/0/0
    traffic policy Redirect_to_XGE1/0/1 match-order config
     classifier service_vlan behavior Redirect_to_XGE1/0/1
    #
    interface Eth-Trunk0
     description to Core
     port link-type trunk
     port trunk allow-pass vlan 42
    #
    interface Eth-Trunk1
     description to ACU_1 Slot2
     port link-type trunk
     port trunk allow-pass vlan 42 428
     traffic-policy Redirect_to_XGE1/0/1 inbound
    #
    interface XGigabitEthernet1/0/0
     port link-type trunk
     mac-address learning disable
     port trunk allow-pass vlan 428
     stp disable
     traffic-policy Redirect_to_XGE3/0/1 inbound
     carrier up-hold-time 10000
     am isolate XGigabitEthernet1/0/1
    #
    interface XGigabitEthernet1/0/1
     port link-type trunk
     mac-address learning disable
     port trunk allow-pass vlan 428
     stp disable
     traffic-policy Redirect_to_ETH1 inbound
     carrier up-hold-time 10000
     am isolate XGigabitEthernet1/0/0
    #
    interface XGigabitEthernet2/0/0
     eth-trunk 1
    #
    interface XGigabitEthernet2/0/1
     eth-trunk 1
    #
    interface XGigabitEthernet3/0/1
     port link-type trunk
     port trunk allow-pass vlan 428
     traffic-policy Redirect_to_XGE1/0/0 inbound 
     
    #interface XGigabitEthernet3/0/2
     eth-trunk 0
    #
    interface XGigabitEthernet3/0/3
     eth-trunk 0
    #
    return
  • Switch_2 configuration file

    #
    sysname Switch_2
    #
    vlan batch 42
    #
    interface Eth-Trunk0
     port link-type trunk
     port trunk allow-pass vlan 42
    #
    interface XGigabitEthernet0/0/1
     eth-trunk 0
    #
    interface XGigabitEthernet0/0/2
     eth-trunk 0
    #
    interface GigabitEthernet0/0/1
     port link-type trunk
     port type pvid vlan 42
     port type allow vlan 42
    #
    return
  • ACU2_1 configuration file

    #
     sysname ACU2_1
    #
    vlan batch 42 428 
    #
    wlan ac-global carrier id other ac id 1
    #
    dhcp enable
    #
    interface Vlanif42
     ip address 172.18.255.240 255.255.255.0
     dhcp select interface
    #
    interface Vlanif428
     ip address 172.16.29.1 255.255.255.0
     dhcp select interface
    #
    interface Eth-Trunk1
     port link-type trunk
     port trunk allow-pass vlan 42
    #
    interface XGigabitEthernet0/0/1
     eth-trunk 1
    #
    interface XGigabitEthernet0/0/2
     eth-trunk 1
    #
    interface Wlan-Ess1
     port hybrid pvid vlan 428
     port hybrid untagged vlan 428
    #
    capwap source interface vlanif42
    #
    wlan
     ap-region id 0
     ap-auth-mode mac-auth
     ap id 1 type-id 19 mac 9c37-f48c-0c40 sn 21023585619WF6000564
        region-id 0
     wmm-profile name wmm id 1
     traffic-profile name traffic id 1
     security-profile name security id 1
     service-set name huawei id 1
      forward-mode tunnel
      wlan-ess 1
      ssid huawei
      traffic-profile id 1
      security-profile id 1
      service-vlan 428
     radio-profile name radio id 1
      wmm-profile id 1
     ap 1 radio 0
      radio-profile id 1
      service-set id 1 wlan 1
    #
    return
  • NGFW_1 configuration file
    #
     sysname NGFW_1
    #
     vlan batch 428
    #
     pair-interface 1 GigabitEthernet1/0/0 GigabitEthernet1/0/1
    #
    interface GigabitEthernet1/0/0
     portswitch
     port link-type trunk
     undo port trunk permit vlan 1
     port trunk permit vlan 428
    #
    interface GigabitEthernet1/0/1
     portswitch
     port link-type trunk
     undo port trunk permit vlan 1
     port trunk permit vlan 428
    #
    firewall zone trust
     set priority 85 
     add interface GigabitEthernet1/0/1
    #
    firewall zone untrust
     set priority 5
     add interface GigabitEthernet1/0/0
    #
    security-policy
     rule name policy1
      source-zone trust
      destination-zone untrust
      action permit
     rule name policy2
      source-zone untrust
      destination-zone trust
      action permit
    #
    return
Download
Updated: 2019-05-16

Document ID: EDOC1000069466

Views: 162522

Downloads: 1809

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next