No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

S1720GFR, S2700, S5700, and S6720 V200R010C00 Web-based Configuration Guide

This document describes the configuration and maintenance of device through the web network management system. The web network management system provides the functions of viewing device information and managing the entire system, interfaces, services, ACL, QoS, routes, security, and tools.
Rate and give feedback :
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Basic Services

Basic Services

Basic services include interface, VLAN, DHCP, MAC, and STP settings.

Interface Settings

This chapter describes common interface configurations.

NOTE:
  • A combo interface is a logical interface, which corresponds to a GE electrical interface and a GE optical interface on the device panel. The electrical interface is used with the optical interface as a combo interface. When the device supports electrical interfaces, you do not need to use the GE copper module to convert an optical interface to an electrical interface.

  • Only the S5720HI, S5720EI, S6720S-EI, and S6720EI support connecting the router. If the device cannot be connected to a router, the page is hidden.

View Configuration

Context

You can view interface related functions on this page.

Figure 1-79 shows interface status and optical/electrical interfaces.
Figure 1-79  Interface status and optical/electrical interfaces

Procedure

  1. Choose Configuration > Basic Services > Interface Settings. Click View Configuration, as shown in Figure 1-80.

    Figure 1-80  View Configuration

  2. Click an interface icon to select an interface. You can select only one interface at one time.
  3. Check the interface functions in step 3, as shown in Figure 1-81.

    Figure 1-81  View Interface Attribute

    Table 1-64 describes the parameters on the View Interface Attribute.

    Table 1-64  Interface status list

    Item

    Description

    Interface

    Indicates the type and number of the selected interface.

    Interface Status

    • Up: The interface is enabled.
    • Down: The interface is disabled.
    • Shutdown: The shutdown command has been run on the interface.

    Auto-Negotiation

    Indicates the auto-negotiation status of the interface.

    • Enable: Auto-negotiation is enabled.
    • Disable: Auto-negotiation is disabled.

    Duplex Mode

    Indicates the duplex mode of the interface.
    • Full-duplex
    • Half-duplex

    Interface Rate

    Indicates the interface rate.

    Jumbo

    Indicates the number of Ethernet frames with length ranging from 1518 bytes to the maximum jumbo frame length and correct FCS values received by the interface, or number of VLAN frames with length ranging from 1522 bytes to the maximum jumbo frame length and correct FCS values received by the interface.

    Indicates the number of frames with length exceeding 1518 bytes and correct FCS values sent by the interface, or number of sent VLAN frames with length exceeding 1522 bytes and correct FCS values sent by the interface.

    Combo

    Indicates the working mode of a combo interface.

    • auto: The combo interface automatically selects the working mode.
    • copper: The combo interface works as an electrical interface and uses a network cable to transmit and receive data.
    • fiber: The combo interface works as an optical interface and uses an optical fiber to transmit and receive data.
    • --: The combo interface is not supported.

    Flow Control

    Indicates the flow control status.

    • Enable: Flow control is enabled on the interface.
    • Disable: Flow control is disabled on the interface.

    EEE

    Indicates energy efficient Ethernet (EEE) that dynamically adjusts the electrical interface power according to network traffic volume.

    • Enable: The EEE function is enabled on the interface.
    • Disable: The EEE function is disabled on the interface.

    Power Saving Mode

    Indicates whether the power saving mode is enabled.

    • Enable: The power saving mode is enabled on the interface.
    • Disable: The power saving mode is disabled on the interface.

  4. If you want to delete all configurations on the interface to restore the default settings, click Clear Configuration. After configurations are deleted, the interface is disabled.
Connect to PC

Context

After a switch is connected to a PC, you can configure functions such as the default VLAN, port security, and port isolation based on service requirements.

Procedure

  1. Choose Configuration > Basic Services > Interface Settings. Click Connect to PC, as shown in Figure 1-82.

    Figure 1-82  Configuring the port connected to a PC

  2. Select a port to be configured. Perform the following operations as required in the port area:

    • Click a port icon. To deselect the port, click the port icon again.
    • Drag the cursor to select consecutive ports in a batch.
    • Click multiple port icons to select these ports, and click a port icon again to deselect the port.
    • Select a slot where a panel is located. All ports on the panel are selected.

  3. Configure the port.

    Table 1-65 describes parameters and their values.

    Table 1-65  Parameters and their values

    Parameter

    Description

    Interface Status

    Enables or disables the interface:
    • ON: The interface is enabled.
    • OFF: The interface is disabled.

    Default VLAN

    Adds the interface to the default VLAN. The VLAN ID ranges from 1 to 4094.

    Port Isolation

    Enables or disables port isolation:
    • ON: Port isolation is enabled.
    • OFF: Port isolation is disabled.

    Port Security

    Enables or disables port security:
    • ON: Port security is enabled.
    • OFF: Port security is disabled.

    MAC Address Limit

    Is valid when Port Security is set to ON.

    Sets the maximum number of secure MAC addresses. The value ranges from 1 to 1024.

    Loopback Detection

    Enables or disables loopback detection:
    • ON: Loopback detection is enabled.
    • OFF: Loopback detection is disabled.

    Trust Priority

    Configures trust priority on the interface.

    NOTE:

    The values vary depending on the switch model. The values on your switch may be different from those provided in this example.

    Operation

    If you click More Configurations, the following parameters are valid.

    Auto-Negotiation

    Enables or disables auto-negotiation on the interface:

    • ON: Auto-negotiation is enabled.
    • OFF: Auto-negotiation is disabled.

    Duplex Mode

    Is valid when Auto-Negotiation is set to OFF.

    Configures the duplex mode on the interface.
    • Full-duplex
    • Half-duplex

    Interface Rate

    Is valid when Auto-Negotiation is set to OFF.

    Configures the interface rate.
    • 10 Mbit/s
    • 100 Mbit/s
    • 1000 Mbit/s

    Jumbo

    Sets the jumbo frame length. The value ranges from 1536 to 10240.

    Combo

    Configures the working mode of a combo interface.

    • auto: The combo interface automatically selects the working mode.
    • copper: The combo interface works as an electrical interface and uses a network cable to transmit and receive data.
    • fiber: The combo interface works as an optical interface and uses an optical fiber to transmit and receive data.

    Flow Control

    Enables or disables flow control:

    • ON: Flow control is enabled.
    • OFF: Flow control is disabled.

    EEE

    Is valid when Auto-Negotiation is set to ON.

    Enables or disables the EEE function:

    • ON: The EEE function is enabled.
    • OFF: The EEE function is disabled.

    Power Saving Mode

    Enables or disables the power saving mode:

    • ON: The power saving mode is enabled.
    • OFF: The power saving mode is disabled.

  4. Click Apply to make the configuration take effect.
Connect to IP Phone

Context

After a switch is connected to an IP phone, you can configure functions such as the default VLAN, voice VLAN, port security, and port isolation based on service requirements.

Procedure

  • Based On Phone Model (Auto)
    1. Choose Configuration > Basic Services > Interface Settings.Click Connect to IP Phone to open the Connect to IP Phone page.
    2. Select a port to be configured. Perform the following operations as required in the port area:

      • Click a port icon. To deselect the port, click the port icon again.
      • Drag the cursor to select consecutive ports in a batch.
      • Click multiple port icons to select these ports, and click a port icon again to deselect the port.
      • Select a slot where a panel is located. All ports on the panel are selected.

    3. Click the Based On Phone Model (Auto) tab, and click Auto Phone Scan. Check whether the interface is connected to an IP phone. Figure 1-83 indicates that the interface is not connected to an IP phone, and Figure 1-84 indicates that the interface is connected to an IP phone.

      Figure 1-83  Auto phone scan result - no IP phone connected

      Figure 1-84  Auto phone scan result - IP phone connected

      Table 1-66 describes the configuration options on Figure 1-84.

      Table 1-66  Auto phone scan parameters

      Parameter

      Description

      Interface

      Interface where IP phones are scanned.

      Phone Type

      Type of IP phone connected to the scanned interface.

      Interface Status

      Enables or disables the interface:
      • ON: The interface is enabled.
      • OFF: The interface is disabled.

      Default VLAN

      Adds the interface to the default VLAN. The VLAN ID ranges from 1 to 4094.

      Voice VLAN

      Enables the voice VLAN function and specifies the VLAN ID.

      Add Voice VLAN to Untag VoIP

      Enables or disables the function of adding the voice VLAN ID to untagged packets.

      • ON: The function is enabled.
      • OFF: The function is disabled.

      LLDP

      LLDP status:
      • ON: enabled
      • OFF: disabled

      Port Isolation

      Enables or disables port isolation:
      • ON: Port isolation is enabled.
      • OFF: Port isolation is disabled.
      Operation

      If you click More Configurations, the following parameters are valid.

      Port Security

      Enables or disables port security:
      • ON: Port security is enabled.
      • OFF: Port security is disabled.

      MAC Address Limit

      Is valid when Port Security is set to ON.

      Sets the maximum number of secure MAC addresses. The value ranges from 1 to 1024.

      Loopback Detection

      Enables or disables loopback detection:
      • ON: Loopback detection is enabled.
      • OFF: Loopback detection is disabled.

      Auto-Negotiation

      Enables or disables auto-negotiation on the interface:

      • ON: Auto-negotiation is enabled.
      • OFF: Auto-negotiation is disabled.

      Duplex Mode

      Is valid when Auto-Negotiation is set to OFF.

      Configures the duplex mode on the interface.
      • Full-duplex
      • Half-duplex

      Interface Rate

      Is valid when Auto-Negotiation is set to OFF.

      Configures the interface rate.
      • 10 Mbit/s
      • 100 Mbit/s
      • 1000 Mbit/s

      Jumbo

      Sets the jumbo frame length.

      Combo

      Configures the working mode of a combo interface.

      • auto: The combo interface automatically selects the working mode.
      • copper: The combo interface works as an electrical interface and uses a network cable to transmit and receive data.
      • fiber: The combo interface works as an optical interface and uses an optical fiber to transmit and receive data.

      Flow Control

      Enables or disables flow control:

      • ON: Flow control is enabled.
      • OFF: Flow control is disabled.

      EEE

      Is valid when Auto-Negotiation is set to ON.

      Enables or disables the EEE function:

      • ON: The EEE function is enabled.
      • OFF: The EEE function is disabled.

      Power Saving Mode

      Enables or disables the power saving mode:

      • ON: The power saving mode is enabled.
      • OFF: The power saving mode is disabled.
      QoS Configuration

      802.1p priority

      Specify the 802.1p priority.

      DSCP priority

      Specify the DSCP priority.

    4. After setting the parameters, click Apply.
    5. Click on the left of More voice VLAN settings to expand voice VLAN configurations. Click Create to display the configuration options of voice VLAN, as shown in Figure 1-85.

      Figure 1-85  Voice VLAN configuration

      Table 1-67 describes parameters on the displayed page.

      Table 1-67  Voice VLAN creation parameters

      Parameter

      Description

      OUI

      This parameter is mandatory. It specifies the MAC address of voice packets, for example, 0812-f231-05e1.

      Mask

      This parameter is mandatory. Enter the mask, for example, ffff-ffff-ffff.

      Description

      Enter the description of the OUI.

      After setting the parameters, click .

  • Based On Phone Model (Manual)
    1. Choose Configuration > Basic Services > Interface Settings.Click Connect to IP Phone to open the Connect to IP Phone page.
    2. Select an interface from Select Interface and click the Based On Phone Model (Manual) tab, as shown in Figure 1-86.

      Figure 1-86  Based on phone type (manual)

      Table 1-68 describes the configuration options in Figure 1-86.

      Table 1-68  Based on phone type (manual) parameters

      Parameter

      Description

      Phone Type

      Type of connected phone.

      Interface Status

      Enables or disables the interface:
      • ON: The interface is enabled.
      • OFF: The interface is disabled.

      Default VLAN

      Adds the interface to the default VLAN. The VLAN ID ranges from 1 to 4094.

      Voice VLAN

      Enables the voice VLAN function and specifies the VLAN ID.

      Add Voice VLAN to Untag VoIP

      Enables or disables the function of adding the voice VLAN ID to untagged packets:

      • ON: The function is enabled.
      • OFF: The function is disabled.

      LLDP

      LLDP status:
      • ON: enabled
      • OFF: disabled

      Port Isolation

      Enables or disables port isolation:
      • ON: Port isolation is enabled.
      • OFF: Port isolation is disabled.
      Operation

      If you click More Configurations, the following parameters are valid.

      Port Security

      Enables or disables port security:
      • ON: Port security is enabled.
      • OFF: Port security is disabled.

      MAC Address Limit

      Is valid when Port Security is set to ON.

      Sets the maximum number of secure MAC addresses. The value ranges from 1 to 1024.

      Loopback Detection

      Enables or disables loopback detection:
      • ON: Loopback detection is enabled.
      • OFF: Loopback detection is disabled.

      Auto-Negotiation

      Enables or disables auto-negotiation on the interface:

      • ON: Auto-negotiation is enabled.
      • OFF: Auto-negotiation is disabled.

      Duplex Mode

      Is valid when Auto-Negotiation is set to OFF.

      Configures the duplex mode on the interface.
      • Full-duplex
      • Half-duplex

      Interface Rate

      Is valid when Auto-Negotiation is set to OFF.

      Configures the interface rate.
      • 10 Mbit/s
      • 100 Mbit/s
      • 1000 Mbit/s

      Jumbo

      Sets the jumbo frame length.

      Combo

      Configures the working mode of a combo interface.

      • auto: The combo interface automatically selects the working mode.
      • copper: The combo interface works as an electrical interface and uses a network cable to transmit and receive data.
      • fiber: The combo interface works as an optical interface and uses an optical fiber to transmit and receive data.

      Flow Control

      Enables or disables flow control:

      • ON: Flow control is enabled.
      • OFF: Flow control is disabled.

      EEE

      Is valid when Auto-Negotiation is set to ON.

      Enables or disables the EEE function:

      • ON: The EEE function is enabled.
      • OFF: The EEE function is disabled.

      Power Saving Mode

      Enables or disables the power saving mode:

      • ON: The power saving mode is enabled.
      • OFF: The power saving mode is disabled.
      QoS Configuration

      802.1p priority

      Specify the 802.1p priority.

      DSCP priority

      Specify the DSCP priority.

    3. After setting the parameters, click Apply.
    4. Click on the left of More voice VLAN settings to expand voice VLAN configurations. Click Create to display the configuration options of voice VLAN, as shown in Figure 1-87.

      Figure 1-87  Voice VLAN configuration

      Table 1-69 describes parameters on the displayed page.

      Table 1-69  Voice VLAN creation parameters

      Parameter

      Description

      OUI

      This parameter is mandatory. It specifies the MAC address of voice packets, for example, 0812-f231-05e1.

      Mask

      This parameter is mandatory. Enter the mask, for example, ffff-ffff-ffff.

      Description

      Enter the description of the OUI.

      After setting the parameters, click .

  • Customized configuration
    1. Choose Configuration > Basic Services > Interface Settings.Click Connect to IP Phone to open the Connect to IP Phone page.
    2. Select an interface from Select Interface and click the Customized tab, as shown in Figure 1-88.

      Figure 1-88  Customized configuration

      Table 1-70 describes the configuration options on Figure 1-88.

      Table 1-70  Customized configuration options and meanings

      Parameter

      Description

      Interface Status

      Enables or disables the interface:
      • ON: The interface is enabled.
      • OFF: The interface is disabled.

      Default VLAN

      Adds the interface to the default VLAN. The VLAN ID ranges from 1 to 4094.

      Voice VLAN

      Enables the voice VLAN function and specifies the VLAN ID.

      Add Voice VLAN to Untag VoIP

      Enables or disables the function of adding the voice VLAN ID to untagged packets:

      • ON: The function is enabled.
      • OFF: The function is disabled.

      Port Isolation

      Enables or disables port isolation:
      • ON: Port isolation is enabled.
      • OFF: Port isolation is disabled.

      Port Security

      Enables or disables port security:
      • ON: Port security is enabled.
      • OFF: Port security is disabled.

      MAC Address Limit

      Is valid when Port Security is set to ON.

      Sets the maximum number of secure MAC addresses. The value ranges from 1 to 1024.

      Loopback Detection

      Enables or disables loopback detection:
      • ON: Loopback detection is enabled.
      • OFF: Loopback detection is disabled.
      Operation

      If you click More Configurations, the following parameters are valid.

      Auto-Negotiation

      Enables or disables auto-negotiation on the interface:

      • ON: Auto-negotiation is enabled.
      • OFF: Auto-negotiation is disabled.

      Duplex Mode

      Is valid when Auto-Negotiation is set to OFF.

      Configures the duplex mode on the interface.
      • Full-duplex
      • Half-duplex

      Interface Rate

      Is valid when Auto-Negotiation is set to OFF.

      Configures the interface rate.
      • 10 Mbit/s
      • 100 Mbit/s
      • 1000 Mbit/s

      Jumbo

      Sets the jumbo frame length.

      Combo

      Configures the working mode of a combo interface.

      • auto: The combo interface automatically selects the working mode.
      • copper: The combo interface works as an electrical interface and uses a network cable to transmit and receive data.
      • fiber: The combo interface works as an optical interface and uses an optical fiber to transmit and receive data.

      Flow Control

      Enables or disables flow control:

      • ON: Flow control is enabled.
      • OFF: Flow control is disabled.

      EEE

      Is valid when Auto-Negotiation is set to ON.

      Enables or disables the EEE function:

      • ON: The EEE function is enabled.
      • OFF: The EEE function is disabled.

      Power Saving Mode

      Enables or disables the power saving mode:

      • ON: The power saving mode is enabled.
      • OFF: The power saving mode is disabled.

    3. After setting the parameters, click Apply.
Connect to Switch

Context

After a switch is connected to another switch, you can configure the switch port to allow packets from a specified VLAN based on service requirements.

Procedure

  1. Choose Configuration > Basic Services > Interface Settings. Click Connect to Switch, as shown in Figure 1-89.

    Figure 1-89  Configuring the port connected to a switch

  2. Select a port to be configured. Perform the following operations as required in the port area:

    • Click a port icon. To deselect the port, click the port icon again.
    • Drag the cursor to select consecutive ports in a batch.
    • Click multiple port icons to select these ports, and click a port icon again to deselect the port.
    • Select a slot where a panel is located. All ports on the panel are selected.

  3. Configure the port.

    Table 1-71 describes parameters and their values.

    Table 1-71  Parameters of a port and their values

    Parameter

    Description

    Load balancing mode

    Sets the Eth-Trunk load balancing mode. This parameter is valid only after Enable link aggregation is selected.

    • dst-ip: Load balancing is performed based on the destination IP address.
    • dst-mac: Load balancing is performed based on the destination MAC address.
    • src-ip: Load balancing is performed based on the source IP address.
    • src-mac: Load balancing is performed based on the source MAC address.
    • src-dst-ip: Load balancing is performed based on the Exclusive-OR calculation result of the source and destination IP addresses.
    • src-dst-mac: Load balancing is performed based on the Exclusive-OR calculation result of the source and destination MAC addresses.

    Interface Status

    Enables or disables the interface:
    • ON: The interface is enabled.
    • OFF: The interface is disabled.

    Eth-Trunk

    Adds the interface to an Eth-Trunk. This parameter can be set only after Enable link aggregation is selected.

    Eth-Trunk Mode

    Sets the Eth-Trunk working mode. This parameter can be set only after Enable link aggregation is selected.

    • Manual load balancing (default): The Eth-Trunk working mode is set to manual.
    • Static LACP: The Eth-Trunk working mode is set to LACP.

    Allowed VLANs

    Configures VLANs allowed by the interface. The VLAN ID ranges from 1 to 4094.

    Auto VLAN Creation

    Configures whether the system automatically creates allowed VLANs:
    • Yes
    • No
    Operation

    If you click More Configurations, the following parameters are valid.

    Auto-Negotiation

    Enables or disables auto-negotiation on the interface:

    • ON: Auto-negotiation is enabled.
    • OFF: Auto-negotiation is disabled.

    Duplex Mode

    Is valid when Auto-Negotiation is set to OFF.

    Configures the duplex mode on the interface.
    • Full-duplex
    • Half-duplex

    Interface Rate

    Is valid when Auto-Negotiation is set to OFF.

    Configures the interface rate.
    • 10 Mbit/s
    • 100 Mbit/s
    • 1000 Mbit/s

    Jumbo

    Sets the jumbo frame length.

    Combo

    Configures the working mode of a combo interface.

    • auto: The combo interface automatically selects the working mode.
    • copper: The combo interface works as an electrical interface and uses a network cable to transmit and receive data.
    • fiber: The combo interface works as an optical interface and uses an optical fiber to transmit and receive data.

    Flow Control

    Enables or disables flow control:

    • ON: Flow control is enabled.
    • OFF: Flow control is disabled.

    EEE

    Is valid when Auto-Negotiation is set to ON.

    Enables or disables the EEE function:

    • ON: The EEE function is enabled.
    • OFF: The EEE function is disabled.

    Power Saving Mode

    Enables or disables the power saving mode:

    • ON: The power saving mode is enabled.
    • OFF: The power saving mode is disabled.

  4. Click Apply to make the configuration take effect.
Connect to Router

Context

You can configure functions of interfaces on switches that are connected to routers on the GUI. Figure 1-90 shows interface status and optical/electrical interfaces.
Figure 1-90  Interface status and optical/electrical interfaces

NOTE:

Only the S5720HI, S5720EI, S6720S-EI, and S6720EI support connecting the router.

If the device cannot be connected to a router, this page is hidden.

Procedure

  1. Choose Configuration > Basic Services > Interface Settings. Click Connect to Router, as shown in Figure 1-91.

    Figure 1-91  Connect Router

  2. Click an interface icon to select an interface. You can select only one interface at one time.
  3. Set parameters on the Configure Interface. Figure 1-92 shows the Configure Interface.

    Figure 1-92  Configure Interface

    Table 1-72 describes the parameters on the Configure Interface.

    Table 1-72  Parameters on the Configure Interface

    Item

    Description

    Interface Status

    Set the interface status.
    • ON: The current interface is enabled.
    • OFF: The current interface is disabled.

    IP Address

    Configure an IP address for the current interface.

    Mask

    Select a subnet mask from the drop-down list box, for example, 24 (255.255.255.0).

  4. Click Apply to complete the configuration.
Enable/Disable Interface

Context

You can disable an idle interface that is not connected to a cable or an optical fiber on the GUI to prevent the idle interface from interfering other interfaces in working state.

Figure 1-93 shows interface status and optical/electrical interfaces.
Figure 1-93  Interface status and optical/electrical interfaces

Procedure

  1. Choose Configuration > Basic Services > Interface Settings. Click Enable/Disable Interface, as shown in Figure 1-94.

    Figure 1-94  Enable/Disable Interface

  2. Select the interface that you want to configure. Perform either of the following operations as required.

    • Click an interface icon to select an interface.
    • Drag the mouse to select multiple consecutive interfaces in a batch.
    • Click multiple port icons to select these ports, and click a port icon again to deselect the port.
    • Click the check box before a front panel name to select all the interfaces on the front panel.

  3. Set parameters on the Configure Interface. Figure 1-95 shows the Configure Interface.

    Figure 1-95  Configure Interface

    Table 1-73 describes the parameters on the Configure Interface.

    Table 1-73  Parameters on the Configure Interface

    Item

    Description

    Interface Status

    Set interface status.
    • ON: The current interface is not shut down.
    • OFF: The current interface is shut down.

  4. Click Apply to complete the configuration.
Detect Link

Context

Virtual cable test (VCT) technology uses time domain reflectometry (TDR) to detect the cable status. When a pulse is transmitted to the end of a cable or a failure point in the cable, some pulse energies are reflected to the transmitting end. The VCT algorithm measures the time spent on transmitting pulses over a cable, reaching a failure point, and returning the pulses. The measured time is converted to the distance.

VCT can detect the fault type of a network cable and identify failure points to help locate network cable faults.

The VCT test result is only for reference and may be inaccurate for cables of some vendors.

VCT takes effect only on optical interfaces that have GE copper modules installed or GE electrical interfaces on the device.

Figure 1-96 shows interface status and optical/electrical interfaces.
Figure 1-96  Interface status and optical/electrical interfaces

Procedure

  1. Choose Configuration > Basic Services > Interface Settings. Click Detect Link, as shown in Figure 1-97.

    Figure 1-97  Detect Link

  2. Select the interface that you want to configure. Perform either of the following operations as required.

    • Click an interface icon to select an interface.
    • Drag the mouse to select multiple consecutive interfaces in a batch.
    • Click multiple port icons to select these ports, and click a port icon again to deselect the port.
    • Click the check box before a front panel name to select all the interfaces on the front panel.

  3. Click Apply. In the dialog box that is displayed, click OK.
  4. You can view check results on the Configure Interface. Figure 1-98 shows the Configure Interface.

    Figure 1-98  Configure Interface

    Table 1-74 describes the parameters on the Configure Interface.

    Table 1-74  Parameters on the Configure Interface

    Item

    Description

    Interface

    Type and number of the interface on which link detection is performed.

    Management Status

    Management status of the interface.
    • Down: The interface is disabled.
    • Up: The interface is enabled.
    • Shutdown: indicates that the administrator has run the shutdown command on the interface.

    Detection Result

    Link detection result, which can be either The network cable is faulty or The interface works normally.
    NOTE:
    If network cable faults occur, click Details to view the detailed detection result. The displayed page contains the following fields:
    • Pair A/B/C/D: indicates the 4 pairs of circuits in a network cable.
    • Pair A length: indicates the length of a network cable. If a fault occurs, this field indicates the distance between the interface and the location of the fault; when the network cable works properly, this field indicates the actual length of the cable; If the interface is not connected to any network cable, the default length is 0 meters.
    • Pair A state: indicates the status of a network cable. (OK: normal; Open: open-circuited; Short: short-circuited; Crosstalk: incorrect cable sequence; Unknown: unknown fault)

Port Loopback Test

Context

A port loopback test is used to check whether the internal forwarding chip controls forwarding on the interface properly.

Figure 1-99 shows the interface status and symbols of optical and electrical interfaces.
Figure 1-99  Interface status and symbols of optical and electrical ports

Procedure

  1. Choose Configuration > Basic Services > Interface Settings.Select Port Loopback Test, as shown in Figure 1-100.

    Figure 1-100  Port Loopback Test

  2. Select the interface that you want to configure. Perform either of the following operations as required.

    • Click an interface icon to select an interface.
    • Drag the mouse to select multiple consecutive interfaces in a batch.
    • Click multiple port icons to select these ports, and click a port icon again to deselect the port.
    • Click the check box before a front panel name to select all the interfaces on the front panel.

  3. Click Apply. In the dialog box that is displayed, click OK.
  4. The returned information is displayed in Configure Interface, as shown in Figure 1-101.

    Figure 1-101  Configure Interface

    Table 1-75 describes parameters on the displayed page.

    Table 1-75  Interface parameter list

    Parameter

    Description

    Interface

    Indicates the type and number of the interface where a loopback test is performed.

    Management Status

    Indicates the management status.
    • Down: indicates that the interface is disabled.
    • Up: indicates that the interface is enabled.
    • Shutdown: indicates that the shutdown command has been run on the interface.

    Detection Result

    Indicates the loopback test result.

PoE

This chapter describes how to configure PoE. PDs, such as wireless telephones and APs, are provided with power when the devices are configured with PoE.

Context

NOTE:

Only the product models with PWR or PWH in the product names support PoE.

Procedure

  1. Choose Configuration > Basic Services > PoE.
  2. Perform global settings and click Apply, as shown in Figure 1-102.

    Figure 1-102  Global Settings

    Table 1-76 describes the parameters in Global Settings.

    Table 1-76  Parameters in Global Settings

    Item

    Description

    Power supply management mode

    Configures the switch's power supply management mode:
    • Auto
    • Manual

    Max output power (mW)

    Sets the maximum output power of the switch, in mW.

    Reserved PoE power (%)

    Sets the percentage of the reserved PoE power against the total PoE power.

  3. Select a port to be configured. Perform the following operations as required in the port area:

    • Click a port icon. To deselect the port, click the port icon again.
    • Drag the cursor to select consecutive ports in a batch.
    • Click multiple port icons to select these ports, and click a port icon again to deselect the port.
    • Select a slot where a panel is located. All ports on the panel are selected.

  4. Configure interfaces.

    Figure 1-103  Interface Setting

    Table 1-77 describes the parameters in Interface Setting.

    Table 1-77  Parameters in Interface Setting

    Item

    Description

    Interface name

    Indicates the currently configured interface name. This parameter cannot be modified.

    Enable PoE on interface

    Indicates whether to enable the PoE function:
    • ON: Enable the PoE function.
    • OFF: Disable the PoE function.

    Max output power (mW)

    Sets the maximum output power of the interface, in mW.

    PoE priority

    Configures the power supply priority for an interface:
    • Low: the lowest priority
    • High: the second highest priority
    • Critical: the highest priority

    Manual power supply

    Configures the manual power supply mode:
    • Power on: Interfaces will be manually powered on.
    • Power off: Interfaces will be manually powered off.

    PD compatibility check

    Indicates whether to enable non-standard PD compatibility check on an interface:
    • ON: Enable non-standard PD compatibility check.
    • OFF: Disable non-standard PD compatibility check.

  5. Click Apply to make the configuration take effect.

VLAN

You can create, query, modify, or delete a single VLAN or create VLANs in a batch.

Context

  • A switch supports 4094 VLANs from VLAN 1 to VLAN 4094.
  • VLANs can isolate the hosts that require no communication with each other, reducing broadcast traffic and improving network security.

Procedure

  • Creating a VLAN
    1. Choose Configuration > Basic Services > VLAN.
    2. Click Create. The Create VLAN dialog box is displayed, as shown in Figure 1-104.

      Figure 1-104  Creating a VLAN

      Table 1-78 describes parameters in the Create VLAN dialog box.

      Table 1-78  Parameters for creating a VLAN

      Parameter

      Description

      VLAN ID

      ID of the VLAN. This parameter is mandatory, and its value ranges from 1 to 4094. VLAN 1 is the default VLAN, and the system will not re-create it.

      Description

      Description of the VLAN. This parameter is optional.

      VLAN attribute

      Attribute of the VLAN. This parameter is mandatory. Set VLAN attribute to Common VLAN or SVF multicast VLAN.

      NOTE:
      This parameter is available only when the device is enabled with SVF.

      IPv4 address

      IPv4 address of a VLANIF interface, such as 10.10.10.1. This parameter is optional and can be configured only for a VLANIF interface.

      Mask

      Subnet mask of the IP address. This parameter is optional.

      IPv6 address

      IPv6 address, such as FC00:0:130F:0:0:9C0:876A:130B. This parameter is optional and can be configured only for a VLANIF interface.

      Prefix length

      Length of an address prefix. This parameter is optional and the value ranges from 1 to 128.

    3. Set parameters.
    4. Click Add Interface. The Add Interface area is unfolded, as shown in Figure 1-105.

      Figure 1-105  Adding ports to the VLAN

    5. Click Select Interface. The Add Interface page is displayed, as shown in Figure 1-106.

      Figure 1-106  Selecting ports to be added to the VLAN

    6. Click OK. The Create VLAN dialog box is displayed.
    7. Click OK.
  • Creating VLANs in a batch
    1. Choose Configuration > Basic Services > VLAN.
    2. Click Batch Create. The Batch Create VLAN dialog box is displayed, as shown in Figure 1-107. Set parameters.

      Figure 1-107  Creating VLANs in a batch

    3. Click OK.
  • Querying a VLAN
    1. Choose Configuration > Basic Services > VLAN.
    2. Enter the VLAN ID in the search box. If you do not enter any VLAN ID, all created VLANs are displayed.
    3. Click . The VLAN is displayed, as shown in Figure 1-108.

      Figure 1-108  VLAN list

    4. Click View Interface, The interfaces added to VLANs are displayed, as shown in Figure 1-109.

      Figure 1-109  View Interface

  • Modifying a VLAN
    1. Choose Configuration > Basic Services > VLAN.
    2. Click a VLAN ID. The Modify VLAN dialog box is displayed, as shown in Figure 1-110. Table 1-78 describes parameters in the Modify VLAN dialog box.

      Figure 1-110  Modifying a VLAN

    3. Change the values of parameters as required.
    4. Click OK.
  • Deleting a VLAN
    1. Choose Configuration > Basic Services > VLAN.
    2. Select a VLAN to be deleted and click Delete. The system asks you whether to delete the VLAN.

      NOTE:

      VLAN 1 is the default VLAN and cannot be deleted.

    3. Click OK.

DHCP

Context

Dynamic Host Configuration Protocol (DHCP) is used to dynamically manage and configure the IP addresses for users in a centralized manner. DHCP adopts the client/server mode for communication. The client applies to the server for configurations (including IP address, subnet mask, and default gateway), and the server replies with corresponding configuration information based on policies.

Procedure

  • Global configuration
    1. Choose Configuration > Basic Services > DHCP.
    2. Set DHCP status to ON in the Global Settings area to enable the DHCP function globally.
  • Address pool list
    1. Choose Configuration > Basic Services > DHCP.
    2. Click Create in the Address Pool List area. The Create IP Pool page is displayed, as shown in Figure 1-111.

      Figure 1-111  Description of the parameters for creating a DHCP entry

      Table 1-79 describes the parameters on the Create IP Pool page.
      Table 1-79  Create IP Pool

      Parameter

      Description

      VLANIF interface

      Indicates the VLANIF interface name. Select a name from the drop-down list box.

      IP/Mask

      Indicates the IP address and mask of the VLANIF interface.

      DHCP mode

      Indicates the DHCP mode. You can select the local allocation or external server allocation mode. In local allocation mode, the device functions as a DHCP server to assign IP addresses to clients. In external server allocation mode, the device functions as a DHCP relay to assign IP addresses to clients through a DHCP server whose address is specified.

      Primary DNS server

      Indicates the primary DNS server address assigned to a client. This parameter is configured when the DHCP mode is local allocation.

      Secondary DNS server

      Indicates the secondary DNS server address assigned to a client. This parameter is configured when the DHCP mode is local allocation.

      Server IP

      Indicates the DHCP server IP address. This parameter is configured when the DHCP mode is external server allocation.

    3. Set the parameters.
    4. Click OK.
  • Address pool information
    1. Choose Configuration > Basic Services > DHCP.

      By clicking an interface address pool (the DHCP mode of the mapping interface is local allocation) in Address Pool Information, you can check the detailed address pool information, as shown in Figure 1-112.

      Figure 1-112  Address Pool Information

      Table 1-80 describes the parameters on the Address Pool Information page.
      Table 1-80  Parameters in address pool information

      Parameter

      Description

      Sum of Addresses

      Indicates the total number of IP addresses in the address pool.

      Allocated

      Indicates the number of IP addresses assigned to clients.

      Bind IP

      Indicates that an IP address in the address pool is bound to a fixed MAC address.

      Fix IP

      Indicates that an IP address being used or an expired in the address pool is bound to the corresponding MAC address and will be assigned directly to the client when it goes online next time.

      Unbind IP

      Indicates that a bound IP address is unbound.

      Reserve IP

      Indicates that an IP address in the address pool is reserved and not assigned.

      Release IP

      Indicates that a reserved IP address is released and can be assigned.

      Reclaim IP

      Indicates that an IP address being used or an expired or conflicted IP address in the address pool is reclaimed. The reclaimed IP address becomes idle again and can be re-assigned to clients.

      Refresh

      Refreshes the page.

    2. Configure IP addresses in the address pool.

      1. Select the IP addresses to be configured on the Address Pool Information page.

      2. Click Bind IP, Fix IP, Unbind IP, Reserve IP, Release IP, or Reclaim IP.

        If you click Bind IP, enter the bound MAC address and click OK.

MAC

Context

Each switch maintains a MAC address table. A MAC table records learned MAC addresses, VLAN IDs, and outbound interfaces. To forward data, the switch searches the MAC table based on destination MAC addresses and VLAN IDs carried in packets to determine the outbound interfaces for the packets. Therefore, broadcast traffic is reduced. Configure the following MAC address types and functions:
  • The interface obtains dynamic entries based on the learning of source MAC addresses. The dynamic entries can be aged.
  • Static MAC entries are manually configured and never age. For details, see Configuring a static user.
  • Blackhole MAC entries are used to discard data frames with the specified source or destination MAC addresses. Blackhole MAC entries are manually configured and never age. For details, see Configuring a blackhole MAC address entry.
  • ARP entry fixing can be configured to defend against ARP address spoofing attacks. For details, see Configuring ARP entry fixing.
  • Port security makes MAC addresses learned on an interface become secure MAC addresses to allow only hosts with secure MAC addresses and static MAC addresses to communicate with the switch through the interface, improving switch security. For details, see Configuring port security.

Procedure

  • Configuring MAC/IP address security and the aging time of dynamic MAC addresses
    1. Choose Configuration > Basic Services > MAC.
    2. Click the icon next to MAC/IP address security to enable or disable MAC/IP address security.
    3. Set the aging time of dynamic MAC addresses in the Dynamic MAC aging time text box and click Apply.

      NOTE:

      The aging time of dynamic MAC addresses is 0 or in the range of 10 to 1000000, in seconds. The default value is 300s.

  • Querying MAC/IP address entries
    1. Choose Configuration > Basic Services > MAC.
    2. Click the MAC/IP Address tab and select the interfaces. The MAC/IP Address tab page is displayed, as shown in Figure 1-113.

      Figure 1-113  Querying MAC/IP address entries

    3. Click Refresh to refresh entries in the MAC/IP address list.
    4. Set search item for querying MAC/IP address entries based on the MAC Address, IP Address, Type, Outbound Interface and VLAN ID.
    5. Click . The search result is displayed.
  • Configuring a static user
    1. Choose Configuration > Basic Services > MAC.
    2. Click the MAC/IP Address tab and select the interfaces. The MAC/IP Address tab page is displayed, as shown in Figure 1-113.
    3. Click Create Static MAC. The Create Static MAC page is displayed, as shown in Figure 1-114.

      Figure 1-114  Creating a static mac

    4. Set parameters.
    5. Click OK.
  • Creating a static secure MAC address
    1. Choose Configuration > Basic Services > MAC.
    2. Click the MAC/IP Address tab and select the interfaces. The MAC/IP Address tab page is displayed, as shown in Figure 1-113.

      NOTE:
      Before creating a static secure MAC address, enable port security by referring to Configuring port security.

      After port security is enabled, a yellow shield identifier next to the interface is displayed.

    3. Click Create Secure MAC. The Create Secure MAC page is displayed, as shown in Figure 1-115.

      Figure 1-115  Creating a secure MAC address

    4. Set parameters.
    5. Click OK.
  • Deleting MAC address entries
    1. Choose Configuration > Basic Services > MAC.
    2. Click the MAC/IP Address tab and select the interfaces. The MAC/IP Address tab page is displayed, as shown in Figure 1-113.
    3. Select an entry and click Delete MAC. The system asks you whether to delete the entry.
    4. Click OK.
  • Configuring a blackhole MAC address entry
    1. Choose Configuration > Basic Services > MAC.
    2. Click the MAC/IP Address tab and select the interfaces. The MAC/IP Address tab page is displayed, as shown in Figure 1-113.
    3. Select an entry and click Convert to Blackhole MAC. The system asks you whether to configure the entry as a blackhole MAC address entry.

      NOTE:

      Only dynamic MAC address entries can be configured as blackhole MAC address entries.

      After dynamic MAC address entries are configured as blackhole MAC address entries, select Select all interfaces so that they can be displayed in the MAC/IP address list.

    4. Click OK.
  • Configure fixing of ARP entries
    1. Choose Configuration > Basic Services > MAC.
    2. Click the MAC/IP Address tab and select the interfaces. The MAC/IP Address tab page is displayed, as shown in Figure 1-113.
    3. Select an entry and click Fix MAC. The system asks you whether to fix the MAC address entry.

      NOTE:

      Only dynamic MAC address entries can be fixed.

    4. Click OK.
  • Configuring port security
    1. Choose Configuration > Basic Services > MAC.
    2. Click the MAC Security tab. The MAC Security tab page is displayed.
    3. Select a port, as shown in Figure 1-116.

      Figure 1-116  Configuring port security

      Table 1-81 describes parameters on the MAC Security tab page.

      Table 1-81  Configuring port security

      Parameter

      Description

      Value

      Interface Name

      -

      -

      Interface Security

      If a network requires high access security, you can configure port security on specified ports. MAC addresses learned by these ports are changed to dynamic secure MAC addresses or sticky MAC addresses. When the number of learned MAC addresses reaches the limit, the ports do not learn new MAC addresses. This prevents devices with untrusted MAC addresses from connecting to these ports, improving security of the devices and the network.

      The value can be Enable or Disable.

      MAC Address Limit (1-1024)

      Maximum number of MAC addresses that can be learned by a port.

      The value ranges from 1 to 1024.

      Sticky MAC

      Sticky MAC addresses will not be aged out and will exist after the device restarts.

      The value can be Enable or Disable.

    4. Set parameters.
    5. Click Apply.

LBDT

This section describes how to configure LBDT.

Context

When a loop occurs on a network, broadcast, multicast, and unknown unicast packets are repeatedly transmitted on the network. This wastes network resources or even causes service interruption on the entire network. To allow the device to detect loops on a Layer 2 network in a timely manner and prevent the network from being severely affected by loops, configure loopback detection. Loopback detection enables the device to periodically send loopback detection packets to detect loops. When a loop is detected on an interface, the device shuts down or blocks the interface to eliminate the loop. The interface can be restored when the device detects that the loop on the interface is eliminated.

Procedure

  1. Click Configuration in the function area and choose Basic Services > LBDT from the navigation tree in the left. The LBDT page is displayed, as shown in Figure 1-117.

    Figure 1-117  Loopback detection configuration page

    Table 1-82 describes parameters on the loopback detection configuration page.

    Table 1-82  Parameters on the loopback detection configuration page

    Parameter

    Description

    Enable (Block Interface)

    Enable loopback detection on an interface and set the action to block.

    When a loop is detected, the device blocks the interface and forwards only BPDUs.

    Enable (Shut Down Interface)

    Enable loopback detection on an interface and set the action to shutdown.

    When a loop is detected, the device shuts down the interface.

    Disable

    Disable loopback detection on the interface.

  2. Select an interface that you want to configure.

    Perform either of the following operations:

    • Click the interface icon to select one or more interfaces.
    • Drag the mouse to select consecutive interfaces in a batch.
    • Select a device panel and all interfaces.

  3. Click Enable (Block Interface) or Enable (Shut Down Interface) to enable loopback detection on an interface and set the action taken when a loop is detected.

    By default, loopback detection is disabled on an interface.

    NOTE:

    If Enable (Shut Down Interface) is selected, the interface is shut down when a loop is detected. The shutdown interface can be restarted in Interface Settings > Enable/Disable Interface. For details, see Enable/Disable Interface.

  4. Check the configuration.

    The loopback detection status is displayed on all interfaces that need to be enabled with loopback detection, as shown in Figure 1-118, the configuration is successful. Otherwise, the configuration fails.

    NOTE:

    After line loopback detection is enabled, the system detects loops after about 5s. After 5s, click to view the interface status.

    Figure 1-118  Loopback detection configuration result

ACL

Access control lists (ACLs) are used to identify flows. A network device filters packets according to certain rules. It must identify packets first, and then permits or denies the packets according to the configured policy.

Context

NOTE:

For S5720HI, this node is only available in the NAC common mode.

Interface ACL

You can apply an ACL to an interface to filter the packets received by the interface.

Context

You can configure ACL rules and apply the ACL to an interface to filter the packets received by the interface. The ACL rule configuration includes source and destination IP addresses, protocol type, source and destination port numbers.

Procedure

  • Query the ACL rules applied to interfaces.
    1. Click Configuration to display the Configuration page.
    2. Choose Basic Services > ACL in the navigation tree to display the ACL page.
    3. Click the Interface ACL tab to display the Interface ACL page, as shown in Figure 1-119.

      Figure 1-119  Interface ACL

    4. Click the icon of the interface to which the ACL rules are applied. The ACL rule record is displayed in the ACL Rule List area, as shown in Figure 1-120.

      Figure 1-120  Querying ACL rules

  • Copy the ACL rules that have been applied to an interface to another interface.
    1. Click Configuration to display the Configuration page.
    2. Choose Basic Services > ACL in the navigation tree to display the ACL page.
    3. Click the Interface ACL tab to display the Interface ACL page.
    4. Click the icon of the interface to which the ACL rules have been applied. Click Copy To to display the Copy To page, as shown in Figure 1-121.

      Figure 1-121  Copying ACL rules

    5. Select the target interface to which the ACL rules are copied. You can perform the following operations as required:

      • Click the icon of a single interface. Re-click the icon to deselect the interface.
      • Click the icons of multiple interfaces.
      • Drag the mouse to select multiple neighboring interfaces.
      • Click a device panel name and select all interfaces.

    6. Click OK.
  • Create ACL rules.

    1. Click Configuration to display the Configuration page.

    2. Choose Basic Services > ACL in the navigation tree to display the ACL page.

    3. Click the Interface ACL tab to display the Interface ACL page.

    4. Click the icon of the interface to which the ACL rules need to be applied and create ACL rules.

      • If no record is displayed in the ACL Rule List area, click on the right of Operation or Add on the left of Ascend. A record of ACL Rule List is displayed in the ACL Rule List area. Set the ACL rule parameters.

      • If the existing ACL rule records are displayed in the ACL Rule List area, click on the right of Operation or Add on the left of Ascend or on the right of Delete. A new record of ACL Rule List is displayed in the ACL Rule List area. Set the ACL rule parameters, as shown in Figure 1-122.

        NOTE:

        If you click on the right of Operation or Add on the left of Ascend, a new record of ACL Rule List is inserted to the first line in the ACL Rule List area. If you click Add on the right of Delete, a new record of ACL Rule List is inserted below the current line in the ACL Rule List area.

        Figure 1-122  Creating ACL rules

        Table 1-83 describes the parameters for creating ACL rules.

        Table 1-83  Parameters for creating ACL rules

        Parameter

        Description

        Source IP address

        Indicates the source IP address. The default value is any, indicating that any source IP address can be specified.

        Mask of Source IP

        Indicates the mask of the source IP address. The default value is 0 (0.0.0.0).

        Destination IP address

        Indicates the destination IP address. The default value is any, indicating that any destination IP address can be specified.

        Mask of Destination IP

        Indicates the mask of the destination IP address. The default value is 0 (0.0.0.0).

        Protocol type

        Indicates the protocol type, including:
        • ip
        • tcp
        • udp
        • icmp
        The default protocol type is IP.

        Source Port Num

        Indicates the source port number.

        This parameter is valid only when the protocol type is TCP or UDP. If this parameter is not specified, TCP or UDP packets with any source port are matched.

        Dest Port Num

        Indicates the destination port number.

        This parameter is valid only when the protocol type is TCP or UDP. If this parameter is not specified, TCP or UDP packets with any destination port are matched.

        Action

        Indicating the action matching a packet, including:
        • permit
        • deny
        The default action is permit.

        Operation

        • Delete
        • Add
    5. Click Apply.

  • Edit ACL rules.

    1. Click Configuration to display the Configuration page.

    2. Choose Basic Settings > ACL in the navigation tree to display the ACL page.

    3. Click the Interface ACL tab to display the Interface ACL page.

    4. Click the icon of the interface to which the ACL rules have been applied and edit ACL rules.

      • Edit ACL rule entries.

        Modify the ACL rule parameters in the ACL Rule List area.

      • Adjust the ACL rule entry sequence.

        Select a record of ACL Rule List in the ACL Rule List area. Click Ascend or Descend to adjust the ACL rule entry sequence.

    5. Click Apply.

  • Delete ACL rules.

    1. Click Configuration to display the Configuration page.

    2. Choose Basic Settings > ACL in the navigation tree to display the ACL page.

    3. Click the Interface ACL tab to display the Interface ACL page.

    4. Click the icon of the interface to which the ACL rules have been applied. In the ACL Rule List area, click Delete next to the record to be deleted or select records and click Delete next to Descend to delete the ACL rules in batches.

    5. Click Apply.

VLAN ACL

You can apply an ACL to a VLAN to filter the VLAN packets.

Context

You can configure ACL rules and apply the ACL to a VLAN to filter the VLAN packets. The ACL rule configuration includes source and destination IP addresses, protocol type, and source and destination port numbers.

Procedure

  • Query the ACL rules applied to VLANs.
    1. Click Configuration to display the Configuration page.
    2. Choose Basic Settings > ACL in the navigation tree to display the ACL page.
    3. Click the VLAN ACL tab to display the VLAN ACL page, as shown in Figure 1-123.

      Figure 1-123  VLAN ACL

    4. Select the ID of the VLAN to which the ACL rules are applied. The record is displayed in the ACL Rule List area, as shown in Figure 1-124.

      Figure 1-124  Querying ACL rules

  • Copy the ACL rules that have been applied to a VLAN to another VLAN.
    1. Click Configuration to display the Configuration page.
    2. Choose Basic Settings > ACL in the navigation tree to display the ACL page.
    3. Click the VLAN ACL tab to display the VLAN ACL page.
    4. Select the ID of the VLAN to which the ACL rules have been applied. Click Copy To to display the Copy To page, as shown in Figure 1-125.

      Figure 1-125  Copying ACL rules

    5. Enter the ID of the destination VLAN to which the ACL rules are applied, and click OK.
  • Create ACL rules.

    1. Click Configuration to display the Configuration page.

    2. Choose Basic Settings > ACL in the navigation tree to display the ACL page.

    3. Click the VLAN ACL tab to display the VLAN ACL page.

    4. Select the ID of the VLAN to which ACL rules need to be applied, and create the ACL rules.

      • If no record is displayed in the ACL Rule List area, click on the right of Operation or Add on the left of Ascend. A record of ACL Rule List is displayed in the ACL Rule List area. Set the ACL rule parameters.

      • If the existing ACL rule records are displayed in the ACL Rule List area, click on the right of Operation or Add on the left of Ascend or on the right of Delete. A new record of ACL Rule List is displayed in the ACL Rule List area. Set the ACL rule parameters, as shown in Figure 1-126.

        NOTE:

        If you click on the right of Operation or Add on the left of Ascend, a new record of ACL Rule List is inserted to the first line in the ACL Rule List area. If you click Add on the right of Delete, a new record of ACL Rule List is inserted below the current line in the ACL Rule List area.

        Figure 1-126  Creating ACL rules

        Table 1-84 describes the parameters for creating ACL rules.

        Table 1-84  Parameters for creating ACL rules

        Parameter

        Description

        Source IP address

        Indicates the source IP address. The default value is any, indicating that any source IP address can be specified.

        Mask of Source IP

        Indicates the mask of the source IP address. The default value is 0 (0.0.0.0).

        Destination IP address

        Indicates the destination IP address. The default value is any, indicating that any destination IP address can be specified.

        Mask of Destination IP

        Indicates the mask of the destination IP address. The default value is 0 (0.0.0.0).

        Protocol type

        Indicates the protocol type, including:
        • ip
        • tcp
        • udp
        • icmp
        The default protocol type is IP.

        Source Port Num

        Indicates the source port number.

        This parameter is valid only when the protocol type is TCP or UDP. If this parameter is not specified, TCP or UDP packets with any source port are matched.

        Dest Port Num

        Indicates the destination port number.

        This parameter is valid only when the protocol type is TCP or UDP. If this parameter is not specified, TCP or UDP packets with any destination port are matched.

        Action

        Indicating the action matching a packet, including:
        • permit
        • deny
        The default action is permit.

        Operation

        • Delete
        • Add
    5. Click Apply.

  • Edit ACL rules.

    1. Click Configuration to display the Configuration page.

    2. Choose Basic Settings > ACL in the navigation tree to display the ACL page.

    3. Click the VLAN ACL tab to display the VLAN ACL page.

    4. Select the ID of the VLAN to which ACL rules have been applied, and edit the ACL rules.

      • Edit ACL rule entries.

        Modify the ACL rule parameters in the ACL Rule List area.

      • Adjust the ACL rule entry sequence.

        Select a record of ACL Rule List in the ACL Rule List area. Click Ascend or Descend to adjust the ACL rule entry sequence.

    5. Click Apply.

  • Delete ACL rules.

    1. Click Configuration to display the Configuration page.

    2. Choose Basic Settings > ACL in the navigation tree to display the ACL page.

    3. Click the VLAN ACL tab to display the VLAN ACL page.

    4. Select the ID of the VLAN to which the ACL rules have been applied. In the ACL Rule List area, click Delete next to the record to be deleted or select records and click Delete next to Descend to delete the ACL rules in batches.

    5. Click Apply.

User Access Control

You can control user access to implement network security management.

Context

NOTE:

For S5720HI, this node is only available in the NAC common mode.

Authentication Configuration

This section provides configuration steps and instructions on user authentication.

Context

Authentication configuration includes configurations of the local and RADIUS authentication modes. If the local authentication mode is used, you must create a user account on the switch and set a password. If the RADIUS authentication mode is used, you must configure the IP address, port number, and shared key of the RADIUS server. If the password configured in local user creation or modification is the same as the default password, security risk exists.

NOTE:

Account management information includes information about the users whose user types are 802.1x, Bind, PPP, or Web or who do not have access types. The access type of a created user can be 802.1x, Bind, PPP, or Web.

Procedure

  • Configuring local authentication

    1. Click Configuration to display the Configuration page.

    2. Choose Basic Services > User Access Control in the navigation tree to display the User Access Control page.

    3. Click the Authentication Configuration tab to display the Authentication Configuration page.

    4. Select an option from the User domain name drop-down list box in the Authentication Configuration area.

    5. Select Local authentication for Authentication mode, as shown in Figure 1-127.

      Figure 1-127  Configuring local authentication

    6. Click Apply.

    7. Configure the user account information for local authentication in the Account Management area.

      • Create a user account.

        1. Click Create to display the Create User page, as shown in Figure 1-128.

          Figure 1-128  Create User

          Table 1-85 describes the parameters for creating a user.

          Table 1-85  Create User/Modify User

          Parameter

          Description

          User name

          Indicates the new user name.

          The user name cannot contain \ / : * ? " < > | ' or %, and cannot start with @.

          Password

          Indicates the user password.

          A secure password should contain at least two types of the following: lowercase letters, uppercase letters, numerals, special characters (such as ! $ # %). In addition, the password cannot contain spaces or single quotation marks (').

          Confirm password

          Indicates the confirm password. The format is the same as that of Password.

          Status

          Sets the user status.

          User status includes active and block. If the status is set to block, the device rejects the user's authentication requests, and the user cannot change the password.

          NOTE:

          This parameter is only displayed on the user modification page.

          Access type

          Sets the user access type.

          Forced offline

          Indicates whether a user is forcibly disconnected from the network.

          NOTE:

          This parameter is only displayed on the user modification page.

        2. Set the parameters.

        3. Click OK.

      • Modify a user account.

        1. Click Modify next to the AAA account to be modified to display the Modify User page, as shown in Figure 1-129.
          Figure 1-129  Modify User
          NOTE:
          • For parameter description, see Table 1-85.

          • The user name is fixed and cannot be changed.

        2. Set the parameters.

        3. Click OK.

      • Delete a user account.

        1. You can delete a user account using either of the following methods:

          • Click Delete next to the AAA account to be deleted.

          • Select the records of the AAA accounts to be deleted, and click Delete next to Create to delete the AAA accounts in batches.

          After you click Delete, the system prompts you to confirm the deletion operation.

        2. Click OK.

  • Configuring RADIUS authentication

    1. Click Configuration to display the Configuration page.

    2. Choose Basic Services > User Access Control in the navigation tree to display the User Access Control page.

    3. Click the Authentication Configuration tab to display the Authentication Configuration page.

    4. Select an option from the User domain name drop-down list box in the Authentication Configuration area.

    5. Select RADIUS authentication for Authentication mode, as shown in Figure 1-130.

      Figure 1-130  Configuring RADIUS authentication
      Table 1-86 describes the parameters for RADIUS authentication.
      Table 1-86  Parameters for configuring RADIUS authentication

      Parameter

      Description

      Server IP address

      Indicates the IP address of the RADIUS server, for example, 10.10.10.1.

      The server IP address must have reachable routes to the switch.

      Port number

      Indicates the UDP port number of the RADIUS server.

      Shared key

      Indicates the shared key used for communication between the switch and RADIUS server.

      When communicating with the RADIUS server, the switch uses the shared key to encrypt the user password to ensure password security during data transmission.

      The value is a string of 1 to 128 case-sensitive characters without spaces, single quotes ('), and question mask (?).

      Confirm shared key

      Indicates the confirm shared key.

      The format is the same as that of the shared key.

    6. Set the parameters.

    7. Click Apply.

Portal Server

In Portal authentication, you can directly perform access authentication without using the specified client software. The Portal server provides free portal services and Portal authentication-based pages.

Context

To ensure the communication between the switch and Portal server, you must configure the Portal server IP address and parameters (including the port number and shared key of the Portal server) about information exchange between the switch and Portal server, and bind interfaces to the Portal server.

The device supports two configuration modes. By default, the unified mode is used. You can run the undo authentication unified-mode command to switch the configuration mode to traditional mode.

NOTE:

After configuring Portal authentication, perform the Authentication Configuration. The two functions implement user authentication together.

The web system supports only one Portal server, and this Portal server can only be modified but cannot be deleted through the web system. To delete the Portal server, run the undo web-auth-server command in the system view.

Procedure

  • The traditional mode.
    1. Click Configuration to display the Configuration page.
    2. Choose Basic Services > User Access Control in the navigation tree to display the User Access Control page.
    3. Click the Portal Server tab to display the Portal Server page, as shown in Figure 1-131.

      Figure 1-131  Portal Server Configuration

      Table 1-87 describes the parameters for Portal authentication configuration.

      Table 1-87  Parameters for Portal Server configuration

      Parameter

      Description

      Server IP address

      Indicates the IP address of the Portal server.

      Port number

      Indicates the port number of the Portal server.

      Shared key

      Indicates the shared key used for communication between the switch and Portal server.

      The switch and Portal server use the shared key to encrypt packets.

      The value is a string of characters.

      Confirm shared key

      Indicates the confirm shared key.

      The format is the same as that of the shared key.

      VLANIF interface

      Select an interface and click to bind the interface to the Portal server.

      You can select multiple interfaces to bind them to the Portal server.

      To unbind an interface from the Portal server, select the interface and click .

    4. Set the parameters.
    5. Click Apply.
  • The unified mode.
    1. Click Configuration to display the Configuration page.
    2. Choose Basic Services > User Access Control in the navigation tree to display the User Access Control page.
    3. Click the Portal Server tab to display the Portal Server page, as shown in Figure 1-132.

      Figure 1-132  Portal Server Configuration

      Table 1-88 describes the parameters for Portal authentication configuration.

      Table 1-88  Parameters for Portal Server configuration

      Parameter

      Description

      Server IP address

      Indicates the IP address of the Portal server.

      Port number

      Indicates the port number of the Portal server.

      Shared key

      Indicates the shared key used for communication between the switch and Portal server.

      The switch and Portal server use the shared key to encrypt packets.

      The value is a string of characters.

      Confirm shared key

      Indicates the confirm shared key.

      The format is the same as that of the shared key.

    4. Set the parameters.
    5. Click Apply.
Access Configuration

Through access configuration, the switch can authenticate users and control user access through interfaces to ensure enterprise network security.

Context

The device supports two configuration modes. By default, the unified mode is used. You can run the undo authentication unified-mode command to switch the configuration mode to traditional mode.

  • In the traditional mode, access configuration includes No-authentication, 802.1x authentication, MAC address authentication, MAC address bypass authentication. The last authentication mode is combinations of 802.1X authentication and MAC address authentication.

    • No-authentication: Users are allowed to access the network without authentication.

    • 802.1x authentication: a Layer 2 authentication mode based on the 802.1x protocol. In this mode, the 802.1x client software must be installed on user terminals, and user identity authentication is performed between clients and servers using the Extensible Authentication Protocol (EAP).

    • MAC address authentication: uses MAC addresses of users as identity information. In this mode, the 802.1x client software does not need to be installed on user terminals.

    • MAC address bypass authentication: In this mode, 802.1x authentication is performed first and the delay timer for MAC address bypass authentication is enabled at the same time. If the 802.1x authentication still fails when the delay time expires, MAC address authentication is triggered.

    When performing access configuration, you must enable the authentication function first, and then select the interface to which the access configuration applies and select an authentication mode.

  • In the unified mode, access configuration includes No-authentication, 802.1x authentication, MAC address authentication, and Portal authentication.

NOTE:

After performing access configuration, perform the Authentication Configuration. The two functions implement user authentication together.

If non-authentication is configured, a user passes the authentication using any user name or password. Therefore, to protect the device or network security, you are advised to enable authentication, allowing only the authenticated users to access the device or network.

Procedure

  • The traditional mode.
    1. Click Configuration to display the Configuration page.
    2. Choose Basic Services > User Access Control in the navigation tree to display the User Access Control page.
    3. Click the Access Configuration tab to display the Access Configuration page, as shown in Figure 1-133.

      Figure 1-133  Access configuration

    4. Set Authentication function to ON and click OK.
    5. Select interfaces for which the authentication function needs to be enabled. You can perform the following operations as required:

      • Click the icon of a single interface or icons of multiple interfaces.
      • Drag the mouse to select multiple neighboring interfaces.
      • Click a device panel name and select all interfaces.

    6. Select an interface authentication method, as shown in Figure 1-134.

      Figure 1-134  Interface authentication mode

    7. Click Apply.

      If authentication on any interface fails, an error page is displayed, as shown in Figure 1-135.

      Figure 1-135  Interface authentication enabling result

      In the dialog box, Execution succeeded indicates the number of interfaces for which the interface authentication function is successfully applied; Execution failed indicates the number of interfaces for which the interface authentication function fails to be applied.

  • The unified mode.
    1. Click Configuration to display the Configuration page.
    2. Choose Basic Services > User Access Control in the navigation tree to display the User Access Control page.
    3. Click the Access Configuration tab to display the Access Configuration page, as shown in Figure 1-136.

      Figure 1-136  Access configuration

    4. Select interfaces for which the authentication function needs to be enabled. You can perform the following operations as required:

      • Click the icon of a single interface or icons of multiple interfaces.
      • Drag the mouse to select multiple neighboring interfaces.
      • Click a device panel name and select all interfaces.

    5. Select an interface authentication method, as shown in Figure 1-137.

      Figure 1-137  Interface authentication mode

      NOTE:

      If 802.1X authentication is configured as authentication mode 1 and MAC address authentication as authentication mode 2, the MAC address bypass authentication function is enabled.

      If MAC address authentication is configured as authentication mode 1 and 802.1X authentication as authentication mode 2, the MAC address authentication is performed first during MAC address bypass authentication.

    6. Click Apply.

STP

A spanning tree protocol can trim a network with loops into a loop-free tree network. It prevents infinite looping of packets to ensure packet processing capabilities of the switch.

STP Summary

Procedure

  • Enable STP globally.
    1. Configuration > Basic Services > STP > STP Summary to access the STP Summary page.
    2. Set Global STP status to ON to enable STP globally.

      NOTE:
      The STP Global Setting and Interface Status parameters are available only when the STP is enabled globally.

  • Configure Global STP.
    1. Choose Configuration > Basic Services > STP > STP Summary to access the STP Summary page, as shown in Figure 1-138.

      Figure 1-138  STP configuration

      Table 1-89 describes the parameters on the STP Summary page.

      Table 1-89  Description of parameters on the STP Summary page

      Parameter

      Description

      STP working mode

      Working mode of STP:

      • MSTP: The switch sends MSTP BPDUs.
      • RSTP: The switch sends RSTP BPDUs.
      • STP: The switch sends STP BPDUs.
      • VBST: The switch sends VBST BPDUs.
      NOTE:

      In an SVF, the value is RSTP by default and cannot be changed.

      BPDU protection

      Whether BPDU protection is enabled:

      • ON: BPDU protection is enabled.
      • OFF: BPDU protection is disabled.

    2. Set parameters and click Apply.
  • Configure the port status.
    1. Choose Configuration > Basic Services > STP > STP Summary to access the STP Summary page, as shown in Figure 1-138.
    2. Enter the instance ID in the Instance text box.
    3. Select a port to be configured.

      Perform either of the following operations.

      • Click the port icon to select one or more ports.
      • Drag the mouse to select consecutive ports in a batch.
      • Select the device panel to select all ports.

    4. Click Enable STP, Disable STP, Enable Edge Port, or Disable Edge Port to configure selected ports.
MST Region Configuration

Context

NOTE:
This function is not supported when a switch is working in super virtual fabric (SVF) mode.

This function is supported only when STP working mode is set to MSTP.

Procedure

  • Configure an MST region.
    1. Choose Configuration > Basic Services > STP > MST Region Configuration to access the MST Region Configuration page, as shown in Figure 1-139.

      Figure 1-139  MST Region Configuration page

      Table 1-90 describes the parameters on the MST Region Configuration page.

      Table 1-90  Description of parameters on the MSTP Region Configuration page

      Parameter

      Description

      Name

      Enter the name of an MST region.

      Revision level

      Enter the MSTP revision level.

      The MST region name, VLAN mapping table, and MSTP revision level identify the MST region that the switch belongs to.

    2. Set parameters and click Apply.
  • Create an MSTI list.
    1. Choose Configuration > Basic Services > STP > MST Region Configuration to access the MST Region Configuration page.
    2. Click Create to access the Create MSTI page, as shown in Figure 1-140.

      Figure 1-140  Create MSTI page

      Table 1-91 describes the parameters on the Create MSTI page.

      Table 1-91  Description of parameters on the Create MSTI page

      Parameter

      Description

      MSTI ID

      Enter the ID of the MSTI.

      Mapped VLAN

      Enter the range of VLAN IDs mapping to a specified MSTI.

      MSTI priority

      Select the priority of the device in the specified MSTI.

    3. Set parameters and click OK.
  • Delete an MSTI.
    1. Choose Configuration > Basic Services > STP > MST Region Configuration to access the MST Region Configuration page.
    2. Select an MSTI to be deleted and click Delete. In the dialog box that is displayed, click OK.
  • Refresh an MSTI list.
    1. Choose Configuration > Basic Services > STP > MST Region Configuration to access the MST Region Configuration page.
    2. Click Refresh to refresh the MSTI list.
VBST Configuration

Context

NOTE:
This function is not supported when a switch is working in super virtual fabric (SVF) mode.

This function is supported only when STP working mode is set to VBST.

Procedure

  • Enable VLAN-based Spanning Tree (VBST) in a VLAN.
    1. Choose Configuration > Basic Services > STP > VBST Configuration to display the VBST Configuration page.
    2. Click Enable to display the Enable VBST in VLANs page, as shown in Figure 1-141.

      Figure 1-141  Enabling VBST in a VLAN

      Table 1-92 describes the parameters on the page.

      Table 1-92  Parameters for enabling VBST in a VLAN

      Parameter

      Description

      VLAN

      Indicates the ID of the VLAN in which VBST needs to be enabled.

    3. Set the parameters, and click OK.
  • Change the VLAN priority.
    1. Choose Configuration > Basic Services > STP > VBST Configuration to display the VBST Configuration page.
    2. In the VBST list, click the ID of the VLAN whose priority needs to be changed. The Modify VLAN priority page is displayed, as shown in Figure 1-142.

      Figure 1-142  Changing VLAN priority

      Table 1-93 describes the parameters on the page.

      Table 1-93  Parameters for changing VLAN priority

      Parameter

      Description

      VLAN

      Indicates the ID of the VLAN whose priority needs to be changed. The value cannot be modified.

      VLAN priority

      Indicates the priority of the VLAN. A smaller value indicates a higher priority.

    3. Set the parameters, and click OK.
  • Disable VBST in VLANs.
    1. Choose Configuration > Basic Services > STP > VBST Configuration to display the VBST Configuration page.
    2. Select the VLANs for which VBST needs to be disabled, and click Disable. In the dialog box that is displayed, click OK.
  • Update the VBST list.
    1. Choose Configuration > Basic Services > STP > VBST Configuration to display the VBST Configuration page.
    2. Click Refresh to update the VBST list.
Multi-instance

Procedure

  • Check global information about CIST.
    1. Choose Configuration > Basic Services > STP > Multi-instance to access the Multi-instance page, as shown in Figure 1-143.

      Figure 1-143  Multi-instance page

    2. Click Refresh above Current root bridge to refresh CIST information.
  • Check the current root bridge.
    1. Choose Configuration > Basic Services > STP > Multi-instance to access the Multi-instance page.
    2. Click Refresh under Current root bridge to refresh information about the current root bridge.

      NOTE:

      Enter the MSTI ID next to MSTI ID and click to query MSTI information.

LLDP

Context

To view the Layer 2 link status between network devices and analyze the network topology, enable Link Layer Discovery Protocol (LLDP).

Procedure

  1. Choose Configuration > Basic Services > LLDP to display the LLDP configuration page, as shown in Figure 1-144.

    Figure 1-144  LLDP configuration page

  2. Set Global LLDP status to ON so that LLDP is enabled on all interfaces.
  3. Select the interfaces that you want to configure.

    Use any of the following methods to select interfaces:

    • Click interface icons to select one or multiple interfaces.
    • Drag the mouse to select multiple adjacent interfaces.
    • Select the check box of the panel to select all interfaces on the panel.

  4. Click Enable LLDP On Port or Disable LLDP On Port to enable or disable LLDP on the selected interfaces. Click Refresh to refresh information about neighbors of the selected interfaces.
Translation
Download
Updated: 2019-04-18

Document ID: EDOC1000114003

Views: 38388

Downloads: 995

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next