No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Configuration Guide - Security

S1720, S2700, S5700, and S6720 V200R011C10

This document describes the configurations of Security, including ACL, local attack defense, MFF, attack defense, traffic suppression and storm control, ARP security, Port security, DHCP snooping, ND snooping, PPPoE+, IPSG, SAVI, URPF, keychain, MPAC, separating the management plane from the service plane, security risks, PKI.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Licensing Requirements and Limitations for SAVI

Licensing Requirements and Limitations for SAVI

Involved Network Elements

Other network elements are not required.

Licensing Requirements

SAVI configuration commands are available only after the S1720GW, S1720GWR, and S1720X have the license (WEB management to full management Electronic RTU License) loaded and activated and the switches are restarted. SAVI configuration commands on other models are not under license control.

For details about how to apply for a license, see S Series Switch License Use Guide.

Version Requirements

Table 13-1  Products and versions supporting SAVI

Product

Product Model

Software Version

S1700

S1720GFR

V200R006C10, V200R009C00, V200R010C00, V200R011C00, V200R011C10

S1720GW, S1720GWR

V200R010C00, V200R011C00, V200R011C10

S1720GW-E, S1720GWR-E

V200R010C00, V200R011C00, V200R011C10

S1720X, S1720X-E

V200R011C00, V200R011C10

Other S1700 models

Models that cannot be configured using commands. For details about features and versions, see S1700 Documentation Bookshelf.

S2700

S2700SI

Not supported.

S2700EI

Not supported.

S2710SI

Not supported.

S2720EI

V200R006C10, V200R009C00, V200R010C00, V200R011C10

S2750EI

V200R003C00, V200R005C00SPC300, V200R006C00, V200R007C00, V200R008C00, V200R009C00, V200R010C00, V200R011C00, V200R011C10

S3700

S3700SI, S3700EI

Not supported.

S3700HI

Not supported.

S5700

S5700LI

V200R002C00, V200R003(C00&C02&C10), V200R005C00SPC300, V200R006C00, V200R007C00, V200R008C00, V200R009C00, V200R010C00, V200R011C00, V200R011C10

S5700S-LI

V200R002C00, V200R003C00, V200R005C00SPC300, V200R006C00, V200R007C00, V200R008C00, V200R009C00, V200R010C00, V200R011C00, V200R011C10

S5710-C-LI

Not supported.

S5710-X-LI

V200R008C00, V200R009C00, V200R010C00, V200R011C00, V200R011C10

S5700SI

V200R002C00, V200R003C00, V200R005C00

S5700EI

V200R002C00, V200R003C00, V200R005(C00&C01&C02&C03)

S5710EI

V200R002C00, V200R003C00, V200R005(C00&C02)

S5720EI

V200R007C00, V200R008C00, V200R009C00, V200R010C00, V200R011C00, V200R011C10

S5720LI, S5720S-LI

V200R010C00, V200R011C00, V200R011C10

S5720SI, S5720S-SI

V200R008C00, V200R009C00, V200R010C00, V200R011C00, V200R011C10

S5730SI

V200R011C10

S5730S-EI

V200R011C10

S5700HI

V200R002C00, V200R003C00, V200R005(C00SPC500&C01&C02)

S5710HI

V200R003C00, V200R005(C00&C02&C03)

S5720HI

V200R006C00, V200R007(C00&C10), V200R008C00, V200R009C00, V200R010C00, V200R011C00, V200R011C10

S6700

S6700EI

V200R002C00, V200R003C00, V200R005(C00&C01&C02)

S6720LI, S6720S-LI

V200R011C00, V200R011C10

S6720SI, S6720S-SI

V200R011C00, V200R011C10

S6720EI

V200R008C00, V200R009C00, V200R010C00, V200R011C00, V200R011C10

S6720S-EI

V200R009C00, V200R010C00, V200R011C00, V200R011C10

NOTE:
To know details about software mappings, see Hardware Query Tool.

Feature Limitations

SAVI and adding double tags to untagged packets can be configured together on the S5720EI, S5720HI, S6720EI and S6720S-EI.

  • Enable ND snooping, DHCPv6 snooping, and IP source guard if invalid IPv6 data packets need to be filtered out
  • Run the nd snooping check enable command to enable ND protocol packet validity check if invalid ND protocol packets need to be filtered out
  • Configure defense against bogus DHCP message attacks if invalid DHCPv6 protocol packets need to be filtered out. For details, see "Configuring Defense Against Bogus DHCP Message Attacks" in DHCP Snooping Configuration in the "Configuration Guide - Security" of the corresponding product version.
Translation
Download
Updated: 2019-09-23

Document ID: EDOC1000178177

Views: 231074

Downloads: 746

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next