S600-E V200R013C00 Configuration Guide - Device Management

Involved Network Elements

In addition to switches, the Huawei Cloud Managed Network Solution involves the following network elements:

• Cloud management platform
• Huawei device registration query center
• FW
• AR
• AP

Licensing Requirements

Cloud-based management is a basic feature of a switch and is not under license control.

Version Requirements

Feature Limitations

• If an unconfigured switch runs in traditional management or cloud-based management mode and cannot obtain the controller IP address, the switch periodically sends registration packets to the registration center to obtain the controller IP address. You can access the console port and run the display work-mode command to check the switch operating mode:

  • If the switch is working in traditional mode, no action is required because the input on the console port stops the switch from sending registration packets to the registration center.
  • If the switch is working in cloud-based management mode, to prevent the switch from sending registration packets to the registration center, configure Option 148 on a DHCP server to enable the switch to obtain the controller IP address through the DHCP server or configure the controller IP address on the switch using a command or through the web system.

• In cloud-based management mode, the user name and password configured through the web system or serial port are effective only before the switch registers with the cloud management platform. After the switch registers, the cloud management platform will deliver the user name and password to the switch, which will override the ones configured in other ways. The user name and password delivered from the cloud management platform are required for login to a cloud-managed switch as long as the switch has registered with the cloud management platform.

• Whena traditional switch changes its management mode through the registration center, ensure that the system time of the switch is within the validity period of the PKI certificate. Otherwise, the switch cannot change its management mode.
• IF the device system time is not within the PKI certificate validity period after the switch is changed to the cloud-based management mode, the system time is automatically set to the start time of the PKI certificate validity period so that the switch can register with the cloud management platform successfully. After the switch registers with the cloud management platform successfully, the cloud management platform changes the device system time to the correct time.

• A switch working in cloud-based management mode has a configuration file. Service configurations delivered from the cloud management platform are saved to the configuration file of the switch. To ensure that the configurations recorded by the cloud management platform are consistent with those in the configuration file of the switch, do not specify a configuration file for the switch again, for example, using the BootROM menu to specify a new configuration file. Otherwise, the configurations in the existing configuration file of the switch may be lost.

• After the switch is changed to the cloud-based management mode, a virtual management interface Meth0/0/2 will be automatically generated for the cloud management platform to locate faults on the switch. This interface has a fixed IP address configured, this fixed IP address is 169.254.2.1/30.

• After the switch is changed to the cloud-based management mode, this management IP address can be dynamically allocated by the DHCP server or use the IP address configured on a VLANIF interface used to communicate with the DHCP server.

• If the IP address dynamically assigned by the DHCP server to the switch is on the network segment 192.168.1.0/24, the switch cannot register with the cloud management platform for authentication.

• Since V200R012C00, the switch can auto-negotiate the PNP VLAN when working in cloud-based management mode. In this way, the switch can be plug-and-play in the cloud management solution.
• After the switch is changed to the cloud-based management mode, pay attention to the following points:
  • The trust dscp command configuration will be automatically generated on all interfaces.

  • If an error occurs in the cloud-based management process of the switch, detailed error information of the process will be saved in the directory flash:/core_dump.

  • The switch is disconnected from and then reconnected to the controller during patch activation if the switch needs to have patches installed and the patch file contains the cloud management-related process patch of the .bin type.

  • In addition to the commands related to the cloud-based management configuration, the switch supports only some commands used in traditional management mode for fault location. Table 5-3 lists the commands supported in cloud-based management mode.

    Table 5-3  Commands supported in cloud-based management mode

    Command	Description	View
    interface GigabitEthernet	Displays the GE interface view.	System view
    interface XGigabitEthernet	Displays the XGE interface view.	System view
    reset trace instance	Clears all the diagnosis instances on a device.	System view
    save trace information	Saves diagnosis information in the buffer area as a file.	System view
    trace undo trace	Configures service diagnosis. Cancels service diagnosis.	System view
    acl undo acl	Creates ACL rules. Deletes ACL rules.	System view
    pki undo pki	Configures PKI function. Cancels PKI function.	System view
    observe-port undo observe-port	Creates an observing port. Deletes an observing port.	System view
    traffic-mirror undo traffic-mirror	Configures the traffic mirroring function. Cancels the traffic mirroring function.	System view and Ethernet interface view
    traffic-statistic undo traffic-statistic	Enables the traffic statistics collection function. Cancels the traffic statistics collection function.	System view and Ethernet interface view
    capture-packet	Configures the packet obtaining function.	System view
    http server load undo http server load	Loads a specified web page file. Cancels loading a specified web page file.	System view
    cloud-mng controller	Configures cloud management platform information.	System view
    undo cloud-mng	Cancels the cloud-based management configuration.	System view
    lldp enable undo lldp enable	Enables LLDP. Disables LLDP.	System view and Ethernet interface view
    display	Displays the device status or configurations.	All views
    quit	Returns to the upper-level view.	All views
    return	Returns to the user view.	All views
    diagnose	Displays the diagnostic view.	System view
    reset cloud-mng	Clears cloud-based management records.	System view
    ping	Determines whether the specified IPv4 address is reachable.	All views
    tracert	Displays the path of packets from the source end to the destination end and detects network connectivity.	All views
    stelnet host-ip	Configures the IP address of the STelnet server.	System view
    sftp (supported in V200R013C00 and later versions) NOTE: SFTP connections can only be established based on IPv4. The sftp client-source, sftp client-transfile, and sftp server enable commands are not supported.	Connects the switch to an SFTP server.	System view
    negotiation auto undo negotiation auto	Configures an Ethernet interface to work in auto-negotiation mode. Configures an Ethernet interface to work in non-auto-negotiation mode.	Ethernet interface view
    speed undo speed	Sets the rate for an Ethernet interface working in non-auto-negotiation mode. Restores the default rate for an Ethernet interface working in non-auto-negotiation mode.	Ethernet interface view
    duplex undo duplex	Sets the duplex mode for an Ethernet electrical interface working in non-auto-negotiation mode. Restores the default duplex mode for an Ethernet electrical interface working in non-auto-negotiation mode.	Ethernet interface view
    port-mirroring undo port-mirroring	Binds a mirrored port to an observing port. Cancels binding a mirrored port to an observing port.	Ethernet interface view
    virtual-cable-test	Tests the cable connected to an Ethernet electrical interface and displays the test result.	Ethernet interface view
    All commands in the ACL view	Performs ACL-related configurations.	-
    All commands in the PKI entity view	Configures a PKI entity.	-
    All commands in the PKI realm view	Configures a PKI realm.	-
    All commands in the FTP client view	Configures FTP transfer.	-
    All commands in the user view	Commands starting with the following keywords in the user view are not supported: configuration clock daylight-saving-time clock timezone format local-user lock startup saved-configuration save (except save logfile) reboot (except reboot fast) schedule rollback reset saved-configuration (not supported in V200R011C10 and later versions)	Setting the date and time, using command clock datetime HH:MM:SS YYYY-MM-DD may cause the switch unable to register with the cloud management platform. Therefore, confirm the action before you use the command.
    All commands in the diagnostic view NOTICE: Some diagnostic commands may conflict with configuration delivered from the cloud management platform, resulting in interruption of the connection between the switch and cloud management platform. To prevent this problem, check the existing configuration on the cloud management platform before running diagnostic commands.	Commands starting with the following keywords in the diagnostic view are not supported: cli configuration test-device cli enable-config configuration exclusive undo startup run	-