CX320 Switch Module V100R001 Configuration Guide 11

Rate and give feedback:

Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).

About This Document

Purpose

The documents describe the configuration of various services supported by the CX320 switch module. The description covers configuration examples and function configurations.

Intended Audience

This document is intended for:

Data configuration engineers
Commissioning engineers
Network monitoring engineers
System maintenance engineers

Symbol Conventions

The symbols that may be found in this document are defined as follows.

Symbol	Description
	Indicates an imminently hazardous situation which, if not avoided, will result in death or serious injury.
	Indicates a potentially hazardous situation which, if not avoided, could result in death or serious injury.
	Indicates a potentially hazardous situation which, if not avoided, may result in minor or moderate injury.
	Indicates a potentially hazardous situation which, if not avoided, could result in equipment damage, data loss, performance deterioration, or unanticipated results. NOTICE is used to address practices not related to personal injury.
	Calls attention to important information, best practices and tips. NOTE is used to address information not related to personal injury, equipment damage, and environment deterioration.

Command Conventions

The command conventions that may be found in this document are defined as follows.

Convention	Description
Boldface	The keywords of a command line are in boldface.
Italic	Command arguments are in italics.
[ ]	Items (keywords or arguments) in brackets [ ] are optional.
{ x \| y \| ... }	Optional items are grouped in braces and separated by vertical bars. One item is selected.
[ x \| y \| ... ]	Optional items are grouped in brackets and separated by vertical bars. One item is selected or no item is selected.
{ x \| y \| ... }^*	Optional items are grouped in braces and separated by vertical bars. A minimum of one item or a maximum of all items can be selected.
[ x \| y \| ... ]^*	Optional items are grouped in brackets and separated by vertical bars. Several items or no item can be selected.
&<1-n>	The parameter before the & sign can be repeated 1 to n times.
#	A line starting with the # sign is comments.

Interface Numbering Conventions

Interface numbers used in this manual are examples. In device configuration, use the existing interface numbers on devices.

Security Conventions

Password setting
- When configuring a password, the cipher text is recommended. To ensure device security, change the password periodically.
- Do not start and end a cipher-text password with %^%#. By default, the system considers the password starting and ending with %^%# as valid cipher-text password that can be decrypted. The password displayed in the configuration file is the same as the cipher-text password entered by the user. After the system root key is set using the set master-key command, do not start and end the key with %@%# because the string starting and ending with %@%# is considered as a valid cipher-text key.
- When you configure a password in cipher text, different features cannot use the same cipher-text password. For example, the cipher-text password set for the AAA feature cannot be used for other features.
Encryption algorithm

Currently, the device uses the following encryption algorithms: 3DES, AES, RSA, SHA1, SHA2, and MD5. 3DES, RSA and AES are reversible, while SHA1, SHA2, and MD5 are irreversible. The encryption algorithms DES/3DES/RSA (RSA-1024 or lower)/MD5 (in digital signature scenarios and password encryption)/SHA1 (in digital signature scenarios) have a low security, which may bring security risks. If protocols allowed, using more secure encryption algorithms, such as AES (AES-128 or higher), RSA (RSA-2048 or higher), SHA2 (SHA2-256 or higher), and HMAC-SHA2 (HMAC-SHA2-256 or higher), is recommended. The encryption algorithm depends on actual networking. The irreversible encryption algorithm must be used for the administrator password, SHA2 is recommended.
Personal data
Some personal data may be obtained or used during operation or fault location of your purchased products, services, features, so you have an obligation to make privacy policies and Remote access
- The Telnet protocol is not secure. Data is not encrypted during transmission over Telnet. Therefore, transmitted data may be restored after IP packets are captured without authorization. It is recommended that files be transmitted over SSH.
- The FTP and TFTP protocol is not secure. Data is not encrypted during transmission over FTP and TFTP. Therefore, transmitted data may be restored after IP packets are captured without authorization. It is recommended that files be transmitted over SFTP.
take measures according to the applicable law of the country to protect personal data.
The terms mirrored port, port mirroring, traffic mirroring, and mirroing in this manual are mentioned only to describe the product's function of communication error or failure detection, and do not involve collection or processing of any personal information or communication data of users.
Budong setting

To ensure secure service application, periodically upgrade the switch module software version.

Declaration

This manual is only a reference for you to configure your devices. The contents in the manual, such as command line syntax, and command outputs, are based on the device conditions in the lab. The manual provides instructions for general scenarios, but do not cover all usage scenarios of all product models. The contents in the manual may be different from your actual device situations due to the differences in software versions, models, and configuration files. The manual will not list every possible difference. You should configure your devices according to actual situations.

The specifications provided in this manual are tested in lab environment (for example, the tested device has been installed with a certain type of boards or only one protocol is run on the device). Results may differ from the listed specifications when you attempt to obtain the maximum values with multiple functions enabled on the device.

Change History

Changes between document issues are cumulative. The latest document issue contains all changes made to previous issues.

Issue	Data	Description
11	2022-06-30	Updated the document links.
10	2021-02-20	This issue is the tenth official release.
09	2020-09-04	This issue is the ninth official release.
08	2019-11-30	This issue is the eighth official release.
07	2019-08-02	This issue is the seventh official release.
06	2018-11-19	This issue is the sixth official release.
05	2018-04-25	This issue is the fifth official release, and includes the following changes: Modified Configuration Examples by adding the description about the FC and FCoE interfaces required for the configuration examples, and the description about the CX320 switch modules in the networking diagrams.
04	2017-09-04	This issue is the fourth official release.
03	2017-07-21	This issue is the third official release.
02	2017-05-05	This issue is the second official release.
01	2016-12-15	This issue is the first official release.

Translation

简体中文

Download

Updated: 2022-07-08

Document ID: EDOC1000128406

Downloads: 3452

Average rating:

This Document Applies to these Products

Related Version

Digital Signature File

Digital Signature Authentication Mode

Enterprise

Huawei Cloud

Carrier

Consumer

Corporate