No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

S12700 V200R010C00 Configuration Guide - Device Management

This document describes the principles and configurations of the Device Management features, and provides configuration examples of these features.

Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Configuring an AS in Centralized Mode (Global Batch Configuration)

Configuring an AS in Centralized Mode (Global Batch Configuration)

Context

In global configuration mode, only the SVF forwarding mode, AS URL encoding function, and authentication-free rules can be configured.

Procedure

  1. Run:

    system-view

    The system view is displayed.

  2. Configure global service functions on the parent.

    Service Function

    Procedure

    Description

    Configure the SVF forwarding mode.

    1. Run the uni-mng command to enter the uni-mng view.

    2. Run the forward-mode centralized command to set the SVF forwarding mode to centralized forwarding.

    By default, the forwarding mode of an SVF system is distributed forwarding.

    An SVF system supports two forwarding modes: centralized forwarding and distributed forwarding.

    • In centralized forwarding mode, traffic forwarded by the local AS and forwarded between ASs is sent to the parent for forwarding.

      NOTE:

      In centralized forwarding mode, ports of the ASs connected to the same fabric port of the parent are isolated and so cannot communicate at Layer 2, and need to have proxy ARP in the corresponding VLAN configured using the arp-proxy inner-sub-vlan-proxy enable command to communicate at Layer 3.

    • In distributed forwarding mode, an AS directly forwards local traffic and the parent forwards traffic between ASs.

    Configure the URL encoding function for an AS.

    1. Run the uni-mng command to enter the uni-mng view.

    2. Run the portal url-encode disable command to disable the URL encoding function for the AS.

    To improve web application security, data from untrustworthy sources must be encoded before being sent to clients. URL encoding is most commonly used in web applications. After URL encoding is enabled for ASs, special characters in redirected URLs are converted to secure formats, preventing clients from mistaking them for syntax signs or instructions and unexpectedly modifying the original syntax. In this way, cross-site scripting attacks and injection attacks are prevented. By default, URL encoding is enabled in ASs. This function can be disabled using the portal url-encode disable command.

    Configure authentication-free rules.

    For details, see (Optional) Configuring Authorization Information for Authentication-free Users in the S12700 V200R010C00 Configuration Guide - User Management.

    In addition to the configurations in service profiles, the parent delivers the configured Portal authentication-free rules to ASs. Authentication-free rules 0 to 127 can be delivered to ASs of the S5320EI or S5720EI model; authentication-free rules 0 to 31 can be delivered to ASs of other models; authentication-free rules outside the two ranges will not be delivered to ASs.

    You cannot specify the interface parameter when the parent delivers authentication-free rules to an AS.

    Enable IGMP snooping for a service VLAN on an AS.

    1. Run the uni-mng command to enter the uni-mng view.

    2. Run the as service-vlan igmp-snooping {vlan-id1 [ to vlan-id2 ] } &<1-16> command to enable IGMP snooping for a specified service VLAN on an AS.

    By default, IGMP snooping is disabled for service VLANs on an AS.

  3. Run:

    commit as { name as-name | all }

    The configuration is committed.

    Before submitting the authentication-free rule configuration to an AS, you need to enter the uni-mng view. After submitting the configuration, you can run the display uni-mng commit-result free-rule command to check the authentication-free rule delivery result.

Translation
Download
Updated: 2019-12-28

Document ID: EDOC1000142080

Views: 123989

Downloads: 155

Average rating:
This Document Applies to these Products

Related Version

Related Documents

Share
Previous Next