No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Configuration Guide - Device Management

S1720, S2700, S5700, and S6720 V200R011C10

This document describes the principles and configurations of the Device Management features, and provides configuration examples of these features.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Restrictions on an SVF System

Restrictions on an SVF System

Restrictions of Other Features
  • The SVF function is mutually exclusive with the web initial login mode, EasyDeploy, USB-based deployment, and cloud-based management functions.

  • The SVF function can be enabled only when the NAC configuration mode is unified mode. Therefore, the commands in NAC common mode cannot be configured in an SVF system. For example, the guest VLAN commands in NAC common mode cannot be configured in an SVF system.
  • In an SVF system running V200R008C00 and earlier versions, you can run the authentication free-rule command to control the network access right of NAC users before they pass authentication. UCL-based group authorization is not supported for NAC users.
  • In an SVF system running V200R009C00 and later versions, you can run the free-rule command to control the network access right of NAC users before they pass authentication. UCL-based group authorization is not supported for NAC users.
  • S2700&S5700&S6720&S600-E series switches support the built-in Portal server function. After these switches join an SVF system, they do not support the built-in Portal server function.
  • The system automatically enables the STP and LLDP functions globally on the parent. Pay attention to the following points when using the STP and LLDP functions in an SVF system:
    • The STP and LLDP functions cannot be disabled globally but can be disabled on interfaces.

    • The LLDP function cannot be disabled on member ports of a fabric port, ports connected to APs, and AP uplink ports. Otherwise, SVF topology information becomes inaccurate.

  • After the SVF function is enabled, the parent changes STP to Rapid Spanning Tree Protocol (RSTP) and sets the priority of instance 0 to 28672 using the stp instance 0 priority 28672 command. After the SVF function is disabled, the priority of instance 0 restores to the default value. When the SVF function is enabled or disabled, STP recalculates the port roles and changes the interface status. Subsequently, traffic on the interface is interrupted temporarily.

Restrictions After the SVF Function Is Enabled
  • To perform MAD in an AS that is a stack, the multi-active detection (MAD) relay function is automatically enabled on the Eth-Trunk to which a downlink fabric port is bound, and the MAD function is automatically enabled on the Eth-Trunk to which an uplink fabric port is bound. When the standby switch in an AS is removed, MAD cannot be performed because the standby switch restarts automatically without saving the configuration.

  • To prevent the SVF function from being affected, do not perform the following operations using MIBs:
    • Modify the configurations automatically generated in an SVF system, including STP configuration, LLDP configuration, and Eth-Trunk binding to a fabric port.
    • Execute the commands shielded in an SVF system, including the commands used to configure STP, LLDP, and member ports of a fabric port.
  • On the parent, there is a delay in displaying the output of some commands (such as patch delete all and patch load filename all [ active | run ]) executed on the ASs.

  • In versions earlier than V200R011C10, Eth-Trunk can be manually created and deleted on an AS in centralized mode. In V200R011C10 and later versions, Eth-Trunk cannot be manually created and deleted on an AS in centralized mode and must be created and deleted on the parent.
  • In an SVF system, the maximum frame length allowed by interfaces cannot be configured on an AS. Therefore, the maximum frame length is the default value 9216 (including the CRC field).

  • After an AS goes online, a static ARP entry in which the IP address is the management address of the parent is generated on the AS. Deleting the static ARP entry is not allowed. Otherwise, the AS may be forcibly removed from the SVF system.

  • Internal attacks in the management VLAN will cause an AS to go offline. You need to identify the attack source and then shut down the attacked port or remove the port from the management VLAN.

  • After an AS goes offline, all downlink ports of the AS are shut down.

  • When an AS goes offline and needs to go online again, and the AS configuration is changed on the parent after the AS goes offline, the AS restarts and then goes online again.
  • After an AS is changed to the independent mode, it is recommended that you just add or remove the fabric port of the AS to or from a VLAN. If you perform other configurations on the fabric port, the AS may go offline. For details, see the description of the port connect independent-as command.
When an AS connects to the parent across a Layer 2 network, pay attention to the following points
  • Automatic AS discovery is not supported, and fabric ports of the parent and AS need to be manually configured.
  • The indirectly-connected fabric port of the parent and configured uplink fabric port of the AS do not support connection error check. The administrator needs to ensure the connection correctness of the Eth-Trunk, and the AS can only connect to third-party network devices through Eth-Trunks in manual load balancing mode.
  • The administrator needs to ensure that the downlink fabric port of the parent and the intermediate Layer 2 network are correctly configured, the SVF management VLAN and service VLAN between the parent and AS are correctly connected, and the intermediate network transparently transmits data traffic between the parent and AS. Therefore, the intermediate network must be a pure Layer 2 network.
  • The AS does not support the MAD function because this function requires that third-party devices support the MAD relay function.
  • In centralized forwarding mode, traffic from the network segment where the AS resides may be forwarded by the intermediate network but not the parent.
  • After the AS is configured to work in client mode, the AS can only be manually configured to return to the standalone mode and must be restarted. If the AS is a stack, new stack member devices will be automatically configured to work in client mode after the AS is configured to work in client mode.
Translation
Download
Updated: 2019-10-21

Document ID: EDOC1000178167

Views: 208803

Downloads: 1000

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next