No relevant resource is found in the selected language.
Enterprise
Worldwide
Search
Support Documentation
S2720, S5700, and S6720 V200R013C00 Configuration Guide - Device Management

This document describes the configurations of Device Management, including device status query, hardware management, Stack, SVF, cloud-based management, PoE, monitoring interface, OPS, energy-saving management, information center, fault management, NTP, synchronous ethernet, PTP.

Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Service Configuration Supported on an AS

Service Configuration Supported on an AS

An AS supports different service configurations in different configuration modes, as described in the following tables.

Centralized Mode (Batch Configuration: Functions Globally Delivered)

Function

Description
Configure the SVF forwarding mode.

An SVF system supports two forwarding modes: centralized forwarding and distributed forwarding.

  • In centralized forwarding mode, traffic forwarded by the local AS and forwarded between ASs is sent to the parent for forwarding.

  • In distributed forwarding mode, an AS directly forwards local traffic and the parent forwards traffic between ASs.

NOTE:
  • In centralized forwarding mode, ports of the ASs connected to the same fabric port of the parent are isolated and so cannot communicate at Layer 2, and need to have proxy ARP in the corresponding VLAN configured using the arp-proxy inner-sub-vlan-proxy enable command to communicate at Layer 3.
  • In centralized forwarding mode, after an AS goes offline, traffic of its attached network cannot be forwarded by the parent and will be interrupted.
  • In distributed forwarding mode, after an AS goes offline, in versions earlier than V200R012C00, downlink ports of the AS are automatically shut down. As a result, traffic of the AS attached network will be interrupted. In V200R012C00 and later versions, downlink ports of the AS will not be shut down, and traffic of the AS attached network will be forwarded as usual.

By default, the forwarding mode of an SVF system is distributed forwarding.
Configure the URL encoding function for an AS (This function is supported in V200R009 and later versions).

To improve web application security, data from untrustworthy sources must be encoded before being sent to clients. URL encoding is most commonly used in web applications. After URL encoding is enabled for ASs, special characters in redirected URLs are converted to secure formats, preventing clients from mistaking them for syntax signs or instructions and unexpectedly modifying the original syntax. In this way, cross-site scripting attacks and injection attacks are prevented. By default, URL encoding is enabled in ASs. This function can be disabled using the portal url-encode disable command.
Configure authentication-free rules.

In addition to the configurations in service profiles, the parent delivers the configured Portal authentication-free rules to ASs. Authentication-free rules 0 to 127 can be delivered to ASs of the S5720EI model; authentication-free rules 0 to 31 can be delivered to ASs of other models; authentication-free rules outside the two ranges will not be delivered to ASs.
Enable IGMP snooping for a service VLAN on an AS (This function is supported in V200R010 and later versions).

By default, IGMP snooping is disabled for service VLANs on an AS.

Centralized Mode (Batch Configuration: Functions Delivered Using Profiles)

Function

Sub-function

Service
Device management Administrator User name and password of the local administrator
Traffic policing Rate limit for outgoing ARP and DHCP packets on an uplink fabric port
BPDU protection BPDU protection on ASs (supported only in V200R013C00 and later versions)
Basic network service VLAN management Addition and removal of ports to or from a VLAN
Configuration of the port that connects an AS to an AP
Voice VLAN based on LLDP or CDP negotiation
Enhanced network service Basic QoS Trust 802.1p (This function is not supported in V200R011C10 and later versions)
NOTE:

In V200R011C10 and later versions, the priority-trust enable command cannot be executed in the network enhanced profile view to configure the priority trust function. When the S2720EI, S2750EI, S5700LI, S5700S-LI, S5710-X-LI, S5720LI, S5720S-LI, S5720SI, S5720I-SI, or S5720S-SI switches go online as ASs, the parent delivers the default trust 8021p configuration. When other switches go online as ASs, by default, they use the default trust 8021p configuration. Therefore, the parent does not need to deliver the configuration.
Port security Broadcast, multicast, and unknown unicast traffic suppression on a port
Port rate limiting
STP edge port
Access security DHCP snooping, IPSG, and DAI
MAC management

(supported only in V200R013C00 and later versions)

 Action taken on an interface in case of MAC address flapping
Alarm function for MAC address learning and aging
Access service Access authentication 802.1x authentication, MAC address authentication, and Portal authentication
Access control MAC address limiting
Maximum number of access users on an AS port (This function is supported in V200R010 and later versions)
Traffic policing Rate limit for incoming ARP and DHCP packets on an AS port
QoS service

(supported only in V200R013C00 and later versions)

 Priority mapping To configure priority mapping based on DSCP priorities, run the trust dscp command.
Queue scheduling mode To configure a queue scheduling mode, run the qos { pq | wrr | drr } command.
Queue scheduling weight To configure a queue scheduling weight, run the qos queue command.

Centralized Mode (Single Configuration: Functions Delivered Using the direct-command Command)

The interface view cannot be the Eth-Trunk interface view.

A maximum of 4096 commands can be configured.

Service Category

Format

View

Function

Configuration Dependency and Restriction

Energy-saving management

port-auto-sleep enable

Interface view

Enables the port sleeping function on an electrical interface.

This command can be used on electrical interfaces (excluding MultiGE interfaces) and combo interfaces working as electrical interfaces.

PoE

poe force-power

Interface view

Enables forcible PoE power supply on an interface.

-

poe legacy enable

Interface view

Enables an interface to check compatibility of PDs.

-

poe priority { critical | high | low }

Interface view

Sets the power supply priority of a PoE interface.

-

poe af-inrush enable slot slot-id

System view

Configures the IEEE 802.3at-compliant device to provide power in accordance with IEEE 802.3af.

-

poe high-inrush enable slot slot-id

System view

Configures a device to allow high inrush current during power-on.

-

undo poe enable (supported in V200R011C10 and later versions)

Interface view

Disables the PoE function on an interface.

-

Ethernet interfaces

undo negotiation auto

Interface view

Configures an interface to work in non-auto negotiation mode.

After you run the undo direct-command command, the interface works in auto negotiation mode.
  • This command cannot be configured on combo interfaces.

  • Do not cancel the undo negotiation auto command when speed or duplex is specified.

speed { 10 | 100 | 1000 | 2500 | 5000 | 10000 }

Interface view

Sets the rate in non-auto negotiation mode.

  • This command cannot be configured on combo interfaces.

  • Ensure that the interface works in non-auto negotiation mode before configuring this command.

speed auto-negotiation

Interface view

Enables auto-negotiation on a GE optical interface.

  • Support for this command varies depending on switch models. For details, see the speed auto-negotiation command in the Command Reference - Interface Management Commands - Ethernet Interface Configuration Commands.

  • Ensure that the interface works in auto-negotiation mode before configuring this command.

duplex { full | half }

Interface view

Sets the duplex mode for an electrical interface in non-auto negotiation mode.

  • This command cannot be configured on combo interfaces.

  • Ensure that the interface works in non-auto negotiation mode before configuring this command.

  • When the working rate of a GE electrical interface is 1000 Mbit/s, the interface supports only the full duplex mode.

loopback internal

Interface view

Configures a loopback detection mode on an interface.

-

description description (supported in V200R011C10 and later versions)

Interface view

Configures the description for an interface.

The description contains a maximum of 52 characters in V200R011C10, and the description contains a maximum of 116 characters in V200R012C00 and later versions.

Port bridge

port bridge enable

Interface view

Enables the bridging function on an interface.

-

Voice VLAN

voice-vlan mac-address mac-address mask mask (supported in V200R011C10 and later versions)

System view

Configures the OUI address of the voice VLAN.

-

LBDT

loopback-detect enable

Interface view

Enables loopback detection on an interface.

-

loopback-detect packet vlan vlan-id

Interface view

Enables loopback detection for a specified VLAN.

If you configure this command multiple times, loopback detection is enabled for multiple VLANs.

ARP rate limiting

arp speed-limit source-mac maximum maximum

System view

Configures ARP rate limiting based on source MAC addresses.

  • Only the S5720EI, S6720S-EI, and S6720EI support this command.

  • The value of maximum maximum ranges from 0 to 256.

  • This function takes effect only for the ARP packets sent to the CPU.

arp speed-limit source-ip maximum maximum

System view

Configures ARP rate limiting based on source IP addresses.

  • The value of maximum maximum ranges from 0 to 256.

  • This function takes effect only for the ARP packets sent to the CPU.

Stack

port interface { interface-type interface-number1 [ to interface-type interface-number2 ] } enable (supported in V200R010 and later versions)

Stack interface view:

stack-port member-id/port-id

Configures a service interface as a stack member port and adds it to a stack port.

Before restoring the stack member ports that are added to a stack port in direct configuration mode as common service interfaces, you do not need to run the shutdown interface command in the stack interface view.

stack slot slot-id priority priority (supported in V200R010 and later versions)

System view

Sets a stack priority for a member switch in a stack.

-

stack slot slot-id renumber new-slot-id (supported in V200R011C10 and later versions)

System view

Changes the stack ID of a specified member switch in a stack.

NOTICE:
If there are services running, delivering this command may cause service interruptions and configuration loss. Therefore, you are advised to deliver this command when an AS is unconfigured.
A stack ID cannot be changed in the following situations:
  • The switch is a standalone switch that does not join any stack.
  • The newly configured stack ID is an existing stack ID of a specified member switch in a stack.
  • Ports with the specified slot-id have been configured as member ports of an uplink fabric port.
  • Ports with the specified slot-id have been configured as member ports of a downlink fabric port.

User Access and Authentication (supported in V200R012C00 and later versions)

access-user arp-detect vlan vlan-id ip-address ip-address mac-address mac-address

System view

Sets the source IP address and source MAC address of offline detection packets in a VLAN.

In V200R012C00SPC710 and later versions, when vlan, ip-address, and mac-address are all different, multiple configurations of this command can be generated. If any one of vlan, ip-address, and mac-address has been configured, delete the existing configuration before reconfiguring them.

In other V200R012C00 versions except V200R012C00SPC710, this command can be configured only one. If you want to modify the configuration, delete the existing configuration and then perform the configuration again.

access-user arp-detect default ip-address ip-address

System view

Sets the default source IP address of offline detection packets.

-

undo user-detect

System view

Disables the online user detection function.

-

authentication speed-limit max-num max-num-value interval interval-value (supported in V200R013C00 and later versions)

System view

Configures the rate limit for an access device to send user association and disassociation request messages.

-

access-user arp-detect fallback ip-address mask-length (supported in V200R013C00 and later versions)

System view

Configures an IP address required for calculating the source address of offline detection packets.

If you run this command multiple times, only the latest configuration takes effect.

access-user arp-detect delay delay (supported in V200R013C00 and later versions)

System view

Configures the delay for sending offline detection packets.

-

Centralized Mode (Configurable Commands After Logins to ASs Using the attach-as Command or Console Port)

Commands that can be configured after you log in to an AS in centralized configuration mode are mainly used for fault diagnosis.

  • In the user view and diagnostic view, all commands are supported except the commands listed in Table 4-6. Additionally, in V200R009 and earlier versions, the diagnostic view can be displayed only after the diagnose-command command is executed in the user view.

    Table 4-6  Commands not supported in the user view and diagnostic view of ASs

    Command

    View

    configuration copy file file-name to running

    User view

    configuration copy startup to file file-name

    User view

    configuration exclusive

    User view

    format drive

    User view

    lldp clear neighbor [ interface interface-type interface-number ]

    User view

    local-user change-password

    User view

    lock

    User view

    startup patch patch-name [ slave-board | slot slot-id ]

    User view

    startup saved-configuration configuration-file [ slot slot-id ]

    User view

    startup system-software system-file [ all | slave-board | slot slot-id ]

    User view

    save [ all ] [ configuration-file ]

    User view

    save logfile [ all ]

    User view

    reboot [ fast | save diagnostic-information ]

    User view

    schedule reboot { at time | delay interval [ force ] }

    User view

    rollback

    User view

    cli enable-config

    Diagnostic view

    configuration datasync start script-file script-file { result-file result-file }

    Diagnostic view

    test-device port loopback slot { slot-id | interface { interface-type interface-number1 [ to interface-type interface-number2 ] } &<1-10> }

    Diagnostic view

    stack enable

    undo stack enable

    Diagnostic view

    undo startup system-software

    Diagnostic view

  • Commands that are supported in other views are used for service diagnosis and fault location. In V200R009 and earlier versions, the uni-mng diag-mode enable command must be executed first to enable the diagnostic mode.

    Table 4-7  Commands supported in other views

    Command

    Function

    Configuration Notes

    port-mirroring

    undo port-mirroring

    Binds a mirrored port to an observing port.

    You are not advised to perform service configurations on Eth-Trunk member ports of an AS that are bound to a fabric port, as doing so may cause a failure of SVF system setup.

    traffic-mirror

    undo traffic-mirror

    Configures the traffic mirroring function.

    You are not advised to perform service configurations on Eth-Trunk member ports of an AS that are bound to a fabric port, as doing so may cause a failure of SVF system setup.

    observe-port

    undo observe-port

    Configures an observing port.

    Generally, an observing port is dedicated to monitoring forwarding of mirrored traffic. Therefore, configuring an AS port with service configurations as an observing port is not recommended. If a port has been configured as an observing port, do not deliver service configurations to this port through service profiles or the direct-command command.

    You are not advised to perform service configurations on Eth-Trunk member ports of an AS that are bound to a fabric port, as doing so may cause a failure of SVF system setup.

    traffic-statistic

    undo traffic-statistic

    Enables the traffic statistics collection function.

    If you delete the traffic-statistic command that is delivered by the parent to an AS, you will fail to obtain traffic statistics about the AS on the parent.

    You are not advised to perform service configurations on Eth-Trunk member ports of an AS that are bound to a fabric port, as doing so may cause a failure of SVF system setup.

    capture-packet

    Configures the packet header obtaining function.

    You are not advised to perform service configurations on Eth-Trunk member ports of an AS that are bound to a fabric port, as doing so may cause a failure of SVF system setup.

    acl 2000-2999

    undo acl 2000-2999

    Creates or deletes an ACL rule.

    If the number of traffic policies on an AS reaches the upper limit, the parent fails to deliver the IPSG or DAI configurations. Run the display uni-mng commit-result profile command on the parent to check the configuration delivery result. If the command output shows that the configuration delivery fails, run the display uni-mng execute-failed-record profile as name as-name command to check execution failure records after the configuration is delivered to an AS. The command output provides detailed information about the delivery failure. You can log in to the AS to check whether the ACL resources are used up.

    acl 3000-3998

    undo acl 3000-3998

    acl 4000-4997

    undo acl 4000-4997

    rule

    undo rule

    Creates an ACL rule.

    -

    interface Eth-Trunk

    undo interface Eth-Trunk

    Creates or deletes an Eth-Trunk interface or displays the Eth-Trunk interface view.

    In V200R011C10 and later versions, you can only enter the Eth-Trunk interface view and cannot create or delete Eth-Trunk interfaces.

    Do not delete Eth-Trunk0 or Eth-Trunk interfaces that are bound to the downlink fabric port from an AS.

    interface GigabitEthernet

    Displays the GE interface view.

    -

    interface XGigabitEthernet

    Displays the XGE interface view.

    -

    interface Ethernet

    Displays the Ethernet interface view.

    -

    interface MultiGE

    Displays the MultiGE interface view.

    This command is only supported by S5720-14X-PWH-SI-AC, S5720-28X-PWH-LI-AC, and S6720SI.

    display

    Displays the device status or configurations.

    -

    quit

    Returns to the upper-level view.

    -

    return

    Returns to the user view.

    -

    interface stack-port

    Displays the stack port view.

    -

    shutdown interface

    undo shutdown interface

    Shuts down/restores a stack member port.

    This command is configured in the stack port view.

    mad restore

    Restores all the blocked interfaces of a standby switch that enters the Recovery state after its stack splits.

    -

    reset trace instance (supported in V200R010 and later versions)

    Clears all the diagnosis instances on a device.

    -

    save trace information (supported in V200R010 and later versions)

    Saves diagnosis information in the buffer area as a file.

    -

    Commands starting with the trace keyword (supported in V200R010 and later versions)

    Commands starting with the undo trace keyword (supported in V200R010 and later versions)

    Used for service diagnosis and executed in the system view.

    -

Independent Mode (Configurable Commands After Logins to ASs Using the attach-as Command or Console Port)

The independent mode has been supported since V200R010. In independent mode, the commands listed in the following table can be configured on ASs. When configuring these commands, pay attention to the following points:

  • These commands vary depending on the AS device type. For details, see the command reference of these devices.
  • In independent mode, configuring some commands may cause an AS's failure to go online. To prevent this problem, some commands listed in the following table are not supported. If an unsupported command is executed on an AS, an error message is displayed.

Function

Command
Basic Configuration CLI Overview Commands
File Management Commands
System Startup Commands
Device Management Hardware Configuration Commands
Energy-saving Configuration Commands
PoE Configuration Commands
Stack Configuration Commands (except the smooth upgrade commands)
Interface Management Basic Interface Configuration Commands
Ethernet Interface Configuration Commands
Logical Interface Configuration Commands
Ethernet Switching MAC Address Table Configuration Commands
Link Aggregation Commands
VLAN Configuration Commands
VLAN Aggregation Configuration Commands
MUX VLAN Configuration Commands
Voice VLAN Configuration Commands
QinQ Configuration Commands
VLAN Mapping Configuration Commands
Loopback Detection Configuration Commands
Bpdu Protection Configuration Command (supported in V200R012C00 and later versions)
Layer 2 Protocol Transparent Transmission Commands
IP Service IPv4 Configuration Commands
ARP Configuration Commands
DHCP Policy VLAN Configuration Commands
Reliability DLDP Configuration Commands
MAC Swap Loopback Configuration Commands
User Access and Authentication AAA Configuration Commands
NAC Configuration Commands (Unified Mode)
Policy Association Configuration Commands
Security ACL Configuration Commands
Local Attack Defense Configuration Commands
Attack Defense Configuration Commands
MFF Configuration Commands
Traffic Suppression and Storm Control Configuration Commands
ARP Security Configuration Commands
Port Security Configuration Commands
DHCP Snooping Configuration Commands
ND Snooping Configuration Commands
PPPoE+ Configuration Commands
IP Source Guard Configuration Commands
SAVI Configuration Commands
MPAC Configuration Commands
QoS MQC Configuration Commands
Priority Mapping Commands
Traffic Policing, Traffic Shaping, and Interface-based Rate Limiting Commands
Congestion Avoidance and Congestion Management Commands
Filtering Configuration Commands
Redirection Configuration Commands
Statistics Configuration Commands
ACL-based Simplified Traffic Policy Commands
Network Management and Monitoring SNMP Configuration Commands
LLDP Configuration Commands
Service Diagnosis Configuration Commands
Mirroring Configuration Commands
Packet Obtaining Configuration Command
Ping and Tracert Configuration Commands
Translation
简体中文
Download
Updated: 2021-09-13

Document ID: EDOC1100065674

Views: 543128

Downloads: 798

Average rating:
This Document Applies to these Products

Related Version

Related Documents

Digital Signature File

Digital Signature Authentication Mode
Share
Previous Next

Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.

You are going to visit :