No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

S12700 V200R013C00 Configuration Guide - Interface Management

This document describes the interface management configuration, including basic interface configuration, Ethernet interface configuration, and logical interface configuration.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Configuring Unidirectional Single-Fiber Communication

Configuring Unidirectional Single-Fiber Communication

Context

During network management and maintenance, the administrator may need to send traffic from users to a specified server for analysis and processing. If a server can receive and send packets, there is a possibility that the server forwards user traffic to other devices, causing a security risk. The unidirectional single-fiber communication function can address this issue. A single fiber means that two optical modules are connected by only one fiber, and unidirectional communication means that packets can be sent in only one direction. With this function, a switch can only send but cannot receive packets, and an analysis server can only receive but cannot send packets. The data security on the analysis server is ensured.

An optical module provides a TX end and an RX end. Generally, two optical modules are connected by two fibers. The TX and RX ends of one module are respectively connected to the RX and TX ends of another module. A device transmits and receives packets through two independent fibers. If the unidirectional single-fiber communication function is disabled, two devices cannot communicate with each other through a single fiber. After this function is configured, the devices can use only one fiber to communicate with each other.

As shown in Figure 2-8, SwitchA is connected to the upper-layer traffic distribution device through XGE/0/1. The traffic sent from the traffic distribution device enters SwitchA through XGE2/0/1. SwitchA transmits packets through XGE2/0/2, and the analysis server receives packets through the optical interface. After the unidirectional single-fiber function is configured on XGE2/0/2, you only need to connect the TX end of the optical module on XGE2/0/2 to the RX end of the optical module on the analysis server through one fiber. Then SwitchA can transmit packets to the analysis server through a single fiber, and the analysis server can receive packets through the single fiber. In addition, the TX end of the optical module on the analysis server is not connected, so the analysis server cannot transmit packets, ensuring data security on the server.

Figure 2-8  Networking diagram of unidirectional single-fiber communication

NOTE:

On the S12700, only the E series cards and ET1D2X12SSA0 (excluding EE cards) and SC cards in the S series support unidirectional single-fiber communication. A license is required.

40GE optical interfaces support unidirectional single-fiber communication only when no optical module is installed or 40GE optical modules are installed.

XGE optical interfaces support unidirectional single-fiber communication only when no optical module is installed or GE/XGE optical modules are installed.

If an XGE/GE optical module is installed on an XGE optical interface, the interface supports unidirectional single-fiber communication only when it works at the rate of 10000 Mbit/s.

A GE optical interface supports unidirectional single-fiber communication only when it works at the rate of 1000 Mbit/s.

When enabling unidirectional single-fiber communication on an interface, make sure that the remote interface also works in non-auto-negotiation mode and uses the same rate as that of the local interface.

An optical interface does not support this function after it connects to a cable.

Procedure

  1. Run system-view

    The system view is displayed.

  2. Run interface interface-type interface-number

    The interface view is displayed.

  3. (Optional) Run undo negotiation auto

    The interface is configured to work in non-auto-negotiation mode, that is, forcible mode.

    By default, an Ethernet interface works in auto-negotiation mode.

    Perform this step only when the interface is a GE or 10GE optical interface that has a GE optical module installed.

  4. Run single-fiber enable

    Unidirectional single-fiber communication is configured.

    By default, unidirectional single-fiber communication is disabled.

Translation
Download
Updated: 2019-04-08

Document ID: EDOC1100065645

Views: 8969

Downloads: 25

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Share
Previous Next