No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

S12700 V200R010C00 Configuration Guide - Device Management

This document describes the principles and configurations of the Device Management features, and provides configuration examples of these features.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Example for Configuring SVF to Deploy a Wired Campus Network Access Layer (S6720EI as the Parent)

Example for Configuring SVF to Deploy a Wired Campus Network Access Layer (S6720EI as the Parent)

Networking Requirements

A new wired campus network has many access devices. The widely distributed access devices complicate management and configuration of the access layer. Unified management and configuration of access devices are required to reduce the management cost.

As shown in Figure 9-9, two aggregation switches set up a CSS and function as the parent to connect to multiple ASs.

In this example, the S6720-30C-EI-24S-AC functions as the parent, the S5700-28P-LI-AC functions as a level-1 AS.

Figure 9-9  Configuring a wired campus network access layer

Configuration Roadmap

The configuration roadmap is as follows:
  1. Configure the parent as a stack system to ensure high reliability of the SVF system.

  2. Enable the SVF function on the parent.

  3. Configure AS access parameters, including the AS name, authentication mode, and fabric ports that connect the parent to level-1 ASs.

  4. Connect the parent to level-1 ASs using cables.

  5. Configure service profiles and bind them to ASs.

Procedure

  1. Configure two switches in the parent to set up a stack and then change the stack to the parent mode.

    # For the procedure and notes for configuring a stack, see Stack Configuration in the Ethernet Fixed Switches Configuration Guide - Device Management Configuration.

    # Log in to the stack and change it to the parent mode.

    <HUAWEI> system-view
    [HUAWEI] as-mode disable
    Warning: Switching the AS mode will clear current configuration and reboot the system. Continue? [Y/N]:y

  2. Log in to the stack system and enable the SVF function.

    # Configure the management VLAN in the SVF system and enable the SVF function on the parent.

    [HUAWEI] vlan batch 11
    [HUAWEI] dhcp enable
    [HUAWEI] interface vlanif 11
    [HUAWEI-Vlanif11] ip address 192.168.11.1 24
    [HUAWEI-Vlanif11] dhcp select interface
    [HUAWEI-Vlanif11] dhcp server option 43 ip-address 192.168.11.1
    [HUAWEI-Vlanif11] quit
    [HUAWEI] capwap source interface vlanif 11
    [HUAWEI] stp mode rstp
    [HUAWEI] uni-mng
    Warning: This operation will enable the uni-mng mode and disconnect all ASs. STP calculation may be triggered and service traffic will be affected. Continue? [Y/N]:y

  3. Configure AS access parameters.

    # Configure a name for each AS.

    [HUAWEI-um] as name as1 model S5700-28P-LI-AC mac-address 0200-0000-0011
    [HUAWEI-um-as-as1] quit
    [HUAWEI-um] as name as2 model S5700-28P-LI-AC mac-address 0200-0000-0022
    [HUAWEI-um-as-as2] quit
    [HUAWEI-um] as name as3 model S5700-28P-LI-AC mac-address 0200-0000-0033
    [HUAWEI-um-as-as3] quit

    # Configure fabric ports that connect the parent to level-1 ASs. The following uses fabric port 1 that connects the parent to AS 1 as an example.

    [HUAWEI-um] interface fabric-port 1
    [HUAWEI-um-fabric-port-1] port member-group interface eth-trunk 1
    [HUAWEI-um-fabric-port-1] quit
    [HUAWEI-um] quit
    [HUAWEI] interface xgigabitethernet 1/0/1
    [HUAWEI-XGigabitEthernet1/0/1] eth-trunk 1
    [HUAWEI-XGigabitEthernet1/0/1] quit
    [HUAWEI] interface xgigabitethernet 2/0/1
    [HUAWEI-XGigabitEthernet2/0/1] eth-trunk 1
    [HUAWEI-XGigabitEthernet2/0/1] quit
    

    # Configure ASs to be authenticated using a whitelist when they connect to the SVF system.

    [HUAWEI] as-auth
    [HUAWEI-as-auth] undo auth-mode
    [HUAWEI-as-auth] whitelist mac-address 0200-0000-0011
    [HUAWEI-as-auth] whitelist mac-address 0200-0000-0022
    [HUAWEI-as-auth] whitelist mac-address 0200-0000-0033
    [HUAWEI-as-auth] quit

  4. Connect the parent to level-1 ASs using cables.

    # Clear the configurations of ASs, restart the ASs, and then connect the parent to level-1 ASs using cables. Subsequently, an SVF system is set up.
    NOTE:
    • Before restarting an AS, check whether the port that connects this AS to the parent is a downlink port. If this port is a downlink port, run the uni-mng up-direction fabric-port command on this AS to configure this port as an uplink port before restarting this AS. Otherwise, this AS cannot go online.
    • Before connecting an AS to the parent, ensure that the AS has no configuration file and no input on the console port.

    # After connecting cables, run the display as all command to check whether ASs have connected to the SVF system.

    [HUAWEI] display as all
    Total: 3, Normal: 3, Fault: 0, Idle: 0, Version mismatch: 0
    --------------------------------------------------------------------------------
    No.  Type           MAC            IP              State        Name
    --------------------------------------------------------------------------------
    0    S5700-P-LI     0200-0000-0011 192.168.11.254  normal      as1
    1    S5700-P-LI     0200-0000-0022 192.168.11.253  normal      as2
    2    S5700-P-LI     0200-0000-0033 192.168.11.252  normal      as3
    --------------------------------------------------------------------------------
    

    When the State field in the command output displays normal for an AS, the AS has connected to the SVF system.

  5. Configure service profiles and bind them to ASs.

    # Configure an AS administrator profile and bind it to all ASs.
    [HUAWEI] uni-mng
    [HUAWEI-um] as-admin-profile name admin_profile
    [HUAWEI-um-as-admin-admin_profile] user asuser password hello@123
    [HUAWEI-um-as-admin-admin_profile] quit
    [HUAWEI-um] as-group name admin_group
    [HUAWEI-um-as-group-admin_group] as name-include as
    [HUAWEI-um-as-group-admin_group] as-admin-profile admin_profile
    [HUAWEI-um-as-group-admin_group] quit
    
    # Configure network basic profiles and bind them to AS ports.
    [HUAWEI-um] network-basic-profile name basic_profile_1
    [HUAWEI-um-net-basic-basic_profile_1] user-vlan 10
    [HUAWEI-um-net-basic-basic_profile_1] quit
    [HUAWEI-um] port-group name port_group_1
    [HUAWEI-um-portgroup-port_group_1] as name as1 interface all
    [HUAWEI-um-portgroup-port_group_1] as name as2 interface all
    [HUAWEI-um-portgroup-port_group_1] as name as3 interface all
    [HUAWEI-um-portgroup-port_group_1] network-basic-profile basic_profile_1
    [HUAWEI-um-portgroup-port_group_1] quit
    [HUAWEI-um] quit
    
    # Configure a user access profile and bind it to all AS ports.
    [HUAWEI] dot1x-access-profile name 1
    [HUAWEI-dot1x-access-profile-1] quit
    [HUAWEI] authentication-profile name dot1x_auth
    [HUAWEI-authen-profile-dot1x_auth] dot1x-access-profile 1
    [HUAWEI-authen-profile-dot1x_auth] quit
    [HUAWEI] uni-mng
    [HUAWEI-um] user-access-profile name access_profile
    [HUAWEI-um-user-access-access_profile] authentication-profile dot1x_auth
    [HUAWEI-um-user-access-access_profile] quit
    [HUAWEI-um] port-group name port_group_1
    [HUAWEI-um-portgroup-port_group_1] user-access-profile access_profile
    [HUAWEI-um-portgroup-port_group_1] quit
    

    # Commit the configuration to deliver the configurations in service profiles to ASs.

    [HUAWEI-um] commit as all
    Warning: Committing the configuration will take a long time. Continue?[Y/N]: y
    

    # Run the display uni-mng commit-result profile command to check whether the configurations in service profiles have been delivered to ASs.

    [HUAWEI-um] display uni-mng commit-result profile
    Result of profile:
    --------------------------------------------------------------------------------
     AS Name                         Commit Time               Commit/Execute Result
    --------------------------------------------------------------------------------
     as1                             2015-08-25 22:29:18       Success/Success
     as2                             2015-08-25 22:29:18       Success/Success
     as3                             2015-08-25 22:29:20       Success/Success
    --------------------------------------------------------------------------------
    

    When the Commit/Execute Result field in the command output displays Success/Success for an AS, the configurations in service profiles have been delivered to the AS.

Configuration Files

  • SVF system configuration file

    #
    vlan batch 11
    #
    stp mode rstp
    stp instance 0 priority 28672
    #
    authentication-profile name dot1x_auth
     dot1x-access-profile 1
    #
    lldp enable
    #
    dhcp enable
    #
    interface Vlanif11
     ip address 192.168.11.1 255.255.255.0
     dhcp select interface
     dhcp server option 43 ip-address 192.168.11.1
    #
    interface Eth-Trunk1
     port link-type hybrid
     port hybrid tagged vlan 1 10 to 11
     stp root-protection
     stp edged-port disable
     mode lacp
     mad relay
    #
    interface Eth-Trunk2
     port link-type hybrid
     port hybrid tagged vlan 1 10 to 11
     stp root-protection
     stp edged-port disable
     mode lacp
     mad relay
    #
    interface Eth-Trunk3
     port link-type hybrid
     port hybrid tagged vlan 1 11 20
     stp root-protection
     stp edged-port disable
     mode lacp
     mad relay
    #
    interface XGigabitEthernet1/0/1
     eth-trunk 1
    #
    interface XGigabitEthernet1/0/2
     eth-trunk 2
    #
    interface XGigabitEthernet1/0/3
     eth-trunk 3
    #
    interface XGigabitEthernet2/0/1
     eth-trunk 1
    #
    interface XGigabitEthernet2/0/2
     eth-trunk 2
    #
    interface XGigabitEthernet2/0/3
     eth-trunk 3
    #
    capwap source interface vlanif11
    #
    as-auth
     whitelist mac-address 0200-0000-0011
     whitelist mac-address 0200-0000-0022
     whitelist mac-address 0200-0000-0033
    #
    uni-mng
     as name as1 model S5700-28P-LI-AC mac-address 0200-0000-0011
     as name as2 model S5700-28P-LI-AC mac-address 0200-0000-0022 
     as name as3 model S5700-28P-LI-AC mac-address 0200-0000-0033
     interface fabric-port 1
      port member-group interface Eth-Trunk 1
     interface fabric-port 2
      port member-group interface Eth-Trunk 2
     interface fabric-port 3
      port member-group interface Eth-Trunk 3
     as-admin-profile name admin_profile
      user asuser password %^%#Ky,WNqWh_DZ[(V96yvSEph)VLMc/+U}>]i2:"9n:%^%#
     network-basic-profile name basic_profile_1
      user-vlan 10
     user-access-profile name access_profile
      authentication-profile dot1x_auth
     as-group name admin_group
      as-admin-profile admin_profile
      as name as1
      as name as2
      as name as3
     port-group name port_group_1
      network-basic-profile basic_profile_1
      user-access-profile access_profile
      as name as1 interface GigabitEthernet 0/0/1 to 0/0/24
      as name as2 interface GigabitEthernet 0/0/1 to 0/0/24
      as name as3 interface GigabitEthernet 0/0/1 to 0/0/24
    #
    dot1x-access-profile name 1 
    #
    return
    
Translation
Download
Updated: 2019-08-21

Document ID: EDOC1000142080

Views: 115190

Downloads: 149

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Share
Previous Next