Professional Documents
Culture Documents
Ethernet Switches
11
Date
2016-07-22
Notice
The purchased products, services and features are stipulated by the contract made between Huawei and the
customer. All or part of the products, services and features described in this document may not be within the
purchase scope or the usage scope. Unless otherwise specified in the contract, all statements, information,
and recommendations in this document are provided "AS IS" without warranties, guarantees or
representations of any kind, either express or implied.
The information in this document is subject to change without notice. Every effort has been made in the
preparation of this document to ensure accuracy of the contents, but all statements, information, and
recommendations in this document do not constitute a warranty of any kind, express or implied.
Website:
http://e.huawei.com
Issue 11 (2016-07-22)
Intended Audience
This document is intended for:
l
Commissioning engineers
Symbol Conventions
The symbols that may be found in this document are defined as follows.
Symbol
Description
Indicates an imminently hazardous situation
which, if not avoided, will result in death or
serious injury.
Indicates a potentially hazardous situation
which, if not avoided, could result in death
or serious injury.
Indicates a potentially hazardous situation
which, if not avoided, may result in minor
or moderate injury.
Indicates a potentially hazardous situation
which, if not avoided, could result in
equipment damage, data loss, performance
deterioration, or unanticipated results.
NOTICE is used to address practices not
related to personal injury.
Issue 11 (2016-07-22)
ii
Symbol
Description
Calls attention to important information,
best practices and tips.
NOTE
Command Conventions
The command conventions that may be found in this document are defined as follows.
Convention
Description
Boldface
Italic
[]
{ x | y | ... }
[ x | y | ... ]
{ x | y | ... }*
[ x | y | ... ]*
&<1-n>
Security Conventions
l
Issue 11 (2016-07-22)
Password setting
Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
iii
To ensure device security, use ciphertext when configuring a password and change
the password periodically.
The switch considers all passwords starting and ending with %^%#, %#%#, %@
%@ or @%@% as ciphertext and decrypts them. If you configure a plaintext
password that starts and ends with %^%#, %#%#, %@%@ or @%@%, the switch
decrypts it and records it into the configuration file (plaintext passwords are not
recorded for the sake of security). Therefore, do not set a password starting and
ending with %^%#, %#%#, %@%@ or @%@%.
When you configure passwords in ciphertext, different features must use different
ciphertext passwords. For example, the ciphertext password set for the AAA feature
cannot be used for other features.
Encryption algorithms
The switch currently supports the 3DES, AES, RSA, SHA1, SHA2, and MD5 encryption
algorithms. 3DES, RSA, and AES are reversible, whereas SHA1, SHA2, and MD5 are
irreversible. Using the encryption algorithms DES , 3DES, RSA (RSA-1024 or lower),
MD5 (in digital signature scenarios and password encryption), or SHA1 (in digital
signature scenarios) is a security risk. If protocols allow, use more secure encryption
algorithms, such as AES, RSA (RSA-2048 or higher), SHA2, or HMAC-SHA2.
An irreversible encryption algorithm must be used for the administrator password. SHA2
is recommended for this purpose.
Personal data
Some personal data may be obtained or used during operation and fault location of your
purchased products, services, or features. Set up privacy policies and take appropriate
measures to protect personal data based on regional privacy laws.
Mirroring
The terms mirrored port, port mirroring, traffic mirroring, and mirroring in this
document are mentioned only to describe the product's function of communication error
or failure detection, and do not involve collection or processing of any personal
information or communication data of users.
Disclaimer
This document is designed as a reference for you to configure your devices. Its contents,
including web pages, command line input and output, are based on laboratory conditions. It
provides instructions for general scenarios, but does not cover all use cases of all product
models. The examples given may differ from your use case due to differences in software
versions, models, and configuration files. When configuring your advice, alter the
configuration depending on your use case.
The specifications provided in this document are tested in lab environment (for example, the
tested device has been installed with a certain type of boards or only one protocol is run on
the device). Results may differ from the listed specifications when you attempt to obtain the
maximum values with multiple functions enabled on the device.
Change History
Changes between document issues are cumulative. Therefore, the latest document version
contains all updates made to previous versions.
Issue 11 (2016-07-22)
iv
4.1 MAC
4.14 VBST
Issue 11 (2016-07-22)
Contents
Contents
About This Document.....................................................................................................................ii
1 Basic Configuration.......................................................................................................................1
1.1 EasyDeploy.....................................................................................................................................................................2
1.2 USB-based Deployment................................................................................................................................................. 7
3 Interface Management................................................................................................................ 47
3.1 Ethernet Interface......................................................................................................................................................... 48
3.2 Logical Interface...........................................................................................................................................................63
4 Ethernet Switching...................................................................................................................... 67
4.1 MAC............................................................................................................................................................................. 68
4.2 Link Aggregation..........................................................................................................................................................70
4.3 VLAN........................................................................................................................................................................... 74
4.4 VLAN Aggregation...................................................................................................................................................... 77
4.5 MUX VLAN.................................................................................................................................................................79
4.6 VLAN Termination.......................................................................................................................................................81
4.7 Voice VLAN................................................................................................................................................................. 83
4.8 QinQ............................................................................................................................................................................. 85
4.9 VLAN Mapping............................................................................................................................................................90
4.10 GVRP..........................................................................................................................................................................94
4.11 VCMP......................................................................................................................................................................... 97
4.12 STP/RSTP...................................................................................................................................................................99
4.13 MSTP........................................................................................................................................................................101
4.14 VBST........................................................................................................................................................................ 103
4.15 SEP........................................................................................................................................................................... 106
4.16 RRPP........................................................................................................................................................................ 108
4.17 ERPS (G.8032)......................................................................................................................................................... 110
Issue 11 (2016-07-22)
vi
Contents
5 IP Service.....................................................................................................................................117
5.1 ARP.............................................................................................................................................................................118
5.2 DHCP..........................................................................................................................................................................120
5.3 DHCP Policy VLAN.................................................................................................................................................. 123
5.4 DNS............................................................................................................................................................................ 124
5.5 mDNS Relay...............................................................................................................................................................126
5.6 UDP Helper................................................................................................................................................................ 128
5.7 IP Performance........................................................................................................................................................... 130
5.8 Basic IPv6...................................................................................................................................................................132
5.9 DHCPv6......................................................................................................................................................................134
5.10 IPv6 DNS..................................................................................................................................................................135
5.11 IPv6 over IPv4 Tunnel.............................................................................................................................................. 137
5.12 IPv4 over IPv6 Tunnel..............................................................................................................................................139
7 IP Multicast.................................................................................................................................163
7.1 IGMP.......................................................................................................................................................................... 164
7.2 MLD........................................................................................................................................................................... 166
7.3 PIM (IPv4).................................................................................................................................................................. 168
7.4 PIM (IPv6).................................................................................................................................................................. 170
7.5 MSDP......................................................................................................................................................................... 172
7.6 Multicast VPN............................................................................................................................................................ 174
7.7 Multicast Route Management (IPv4)......................................................................................................................... 176
7.8 Multicast Route Management (IPv6)......................................................................................................................... 178
7.9 IGMP Snooping.......................................................................................................................................................... 180
7.10 MLD Snooping......................................................................................................................................................... 183
7.11 Static Multicast MAC Address................................................................................................................................. 186
7.12 Multicast VLAN Replication....................................................................................................................................189
7.13 Controllable Multicast.............................................................................................................................................. 192
7.14 Multicast Network Management.............................................................................................................................. 195
Issue 11 (2016-07-22)
vii
Contents
8 MPLS............................................................................................................................................199
8.1 Static LSP................................................................................................................................................................... 200
8.2 MPLS LDP................................................................................................................................................................. 201
8.3 MPLS QoS..................................................................................................................................................................203
8.4 MPLS TE.................................................................................................................................................................... 205
9 VPN.............................................................................................................................................. 208
9.1 GRE............................................................................................................................................................................ 209
9.2 BGP/MPLS IP VPN................................................................................................................................................... 210
9.3 BGP/MPLS IPv6 VPN............................................................................................................................................... 212
9.4 VLL............................................................................................................................................................................ 214
9.5 PWE3..........................................................................................................................................................................216
9.6 VPLS.......................................................................................................................................................................... 218
10 WLAN-AC................................................................................................................................. 221
10.1 WLAN Service......................................................................................................................................................... 222
10.2 WLAN Security........................................................................................................................................................ 223
10.3 Radio Resource Management................................................................................................................................... 225
10.4 Spectrum Analysis.................................................................................................................................................... 228
10.5 Roaming....................................................................................................................................................................229
10.6 WLAN QoS.............................................................................................................................................................. 231
10.7 WDS......................................................................................................................................................................... 232
10.8 Mesh......................................................................................................................................................................... 235
10.9 Vehicle-Ground Communication.............................................................................................................................. 238
10.10 Tag Location........................................................................................................................................................... 239
10.11 Terminal Location...................................................................................................................................................241
10.12 Bluetooth Location................................................................................................................................................. 243
10.13 Dual-Link Backup.................................................................................................................................................. 245
10.14 N+1 Backup............................................................................................................................................................246
11 Reliability..................................................................................................................................248
11.1 BFD...........................................................................................................................................................................249
11.2 VRRP........................................................................................................................................................................ 250
11.3 DLDP........................................................................................................................................................................ 252
11.4 Smart Link and Monitor Link...................................................................................................................................254
11.5 MAC Swap Loopback.............................................................................................................................................. 256
11.6 EFM.......................................................................................................................................................................... 258
11.7 CFM.......................................................................................................................................................................... 260
11.8 Y.1731....................................................................................................................................................................... 261
viii
Contents
13 Security...................................................................................................................................... 278
13.1 ACL.......................................................................................................................................................................... 279
13.2 Local Attack Defense............................................................................................................................................... 282
13.3 MFF.......................................................................................................................................................................... 284
13.4 Attack Defense......................................................................................................................................................... 285
13.5 Traffic Suppression and Storm Control.................................................................................................................... 287
13.6 ARP Security............................................................................................................................................................ 290
13.7 Port Security............................................................................................................................................................. 292
13.8 DHCP Snooping....................................................................................................................................................... 294
13.9 ND Snooping............................................................................................................................................................ 295
13.10 PPPoE+...................................................................................................................................................................297
13.11 IPSG........................................................................................................................................................................299
13.12 SAVI....................................................................................................................................................................... 301
13.13 URPF...................................................................................................................................................................... 303
13.14 Keychain................................................................................................................................................................. 304
13.15 MPAC..................................................................................................................................................................... 306
14 QoS............................................................................................................................................. 308
14.1 MQC......................................................................................................................................................................... 309
14.2 Priority Mapping.......................................................................................................................................................313
14.3 Traffic Policing, Traffic Shaping, and Interface-based Rate Limiting..................................................................... 315
14.4 Congestion Avoidance and Congestion Management.............................................................................................. 320
14.5 ACL-based Simplified Traffic Policy.......................................................................................................................323
14.6 HQoS........................................................................................................................................................................ 325
ix
Contents
15.11 sFlow.......................................................................................................................................................................367
Issue 11 (2016-07-22)
1 Basic Configuration
Basic Configuration
Issue 11 (2016-07-22)
1 Basic Configuration
1.1 EasyDeploy
Involved Network Elements
EasyDeploy networking involves the following components:
l
DHCP server
File server
License Support
EasyDeploy is not under license control.
Version Support
Table 1-1 Products and minimum version supporting EasyDeploy
Series
Product
Minimum Version
Required
S1700
S1720GFR
Not supported
S2700
S2700SI/S2700EI
Not supported
S2710SI
Not supported
S2720EI
S2750EI
V200R003
S3700SI/S3700EI
Not supported
S3700HI
Not supported
S5700LI/S5700S-LI
V200R003
S5710-C-LI
Not supported
S5710-X-LI
V200R008
S5700EI/S5700SI
S5710EI
S5720EI
V200R007
S3700
S5700
Issue 11 (2016-07-22)
Series
Issue 11 (2016-07-22)
1 Basic Configuration
Product
Minimum Version
Required
S5720SI/S5720S-SI
V200R008
S5700HI
S5710HI
S5720HI
V200R006
Series
Issue 11 (2016-07-22)
1 Basic Configuration
Product
Minimum Version
Required
S6700
S6700EI
V
2
0
0
R
0
0
3
(
T
h
e
S
6
7
0
0
E
I
i
s
u
n
a
v
a
i
l
a
b
l
e
i
n
V
2
0
0
R
0
0
6
a
n
d
l
a
t
e
Series
1 Basic Configuration
Product
Minimum Version
Required
r
v
e
r
s
i
o
n
s
.
)
S6720EI
V200R008
S6720S-EI
V200R009
In the unconfigured device deployment or faulty device replacement scenarios, if you log
in to a device to be configured through its console interface, the device stops the
EasyDeploy process and starts to operate.
The option fields or intermediate file method only applies to unconfigured device
deployment. The Commander method applies to both deployment and maintenance
scenarios and therefore is recommended.
The Commander can be located anywhere on a network, as long as reachable routes exist
between the Commander and clients. If a client does not have the configuration file, the
client must already obtain an IP address.
EasyDeploy is mutually exclusive with USB-based deployment, SVF, and web initial
login mode.
EasyDeploy allows a stack system to act as a client. In this case, the client MAC address
is the system MAC address of the stack system, and the client ESN is the ESN of the
stack master switch.
When the EasyDeploy topology collection function is enabled, the Commander that
initiates topology collection will receive a large number of protocol packets if the
Network Topology Discovery Protocol (NTDP) needs to collect the topology of more
than 200 devices. If the rate of NTDP packets exceeds the default committed access rate
(CAR), NTDP packets will be dropped. To prevent packet loss from affecting topology
collection, you can run the car (attack defense policy view) command to increase the
central processor CAR (CPCAR) of NTDP packets.
Specifications
Issue 11 (2016-07-22)
1 Basic Configuration
Table 1-2 lists the product models that support the EasyDeploy feature and specifications of
this feature.
Table 1-2 EasyDeploy feature specifications
EasyDeplo
y
Implement
ation
Role
Product
Model
Version
Maximum
Number of
Managed
Clients
Descriptio
n
Through the
Commander
Commander
S5700HI,
S5710HI,
S6700EI
V200R003C
00 to
V200R005C
00
128
S5720HI
V200R006C
00 and later
128
S5720EI
V200R007C
00 and later
128
S6720EI
V200R008C
00 and later
128
S6720S-EI
V200R009C
00 and later
128
All fixed
switch
models
except
S1720GFR
V200R003C
00 and later
l If the
clients
are
modular
switches,
EasyDepl
oy can
only be
applied
to the
batch
upgrade
and batch
configura
tion
scenarios
.
l If the
clients
are fixed
switches,
EasyDepl
oy
applies to
the batch
upgrade,
batch
configura
tion,
unconfig
ured
device
deploym
ent, and
faulty
device
replacem
ent
scenarios
.
S5700EI and
S5710EI
Client
All modular
switch
models
Issue 11 (2016-07-22)
64
1 Basic Configuration
EasyDeplo
y
Implement
ation
Role
Product
Model
Version
Maximum
Number of
Managed
Clients
Through
option fields
or an
intermediate
file
Descriptio
n
Table 1-3 lists the types of files that can be loaded through EasyDeploy in various scenarios.
Table 1-3 File types supported by EasyDeploy
Usage Scenario
File Type
Batch upgrade
Batch configuration
Command script
NOTE
Each device can download a maximum of three user-defined files, including batch file and login
headline file. Devices cannot download user-defined files when unconfigured device deployment is
implemented using option fields or an intermediate file.
License Support
USB-based deployment is not under license control.
Issue 11 (2016-07-22)
1 Basic Configuration
Version Support
Table 1-4 Products and minimum version supporting USB-based deployment
Series
Product
Minimum Version
Required
S1700
S1720
Not supported
S2700
S2700SI/S2700EI
Not supported
S2710SI
Not supported
S2720EI
Not supported
S2750EI
Not supported
S3700SI/S3700EI
Not supported
S3700HI
Not supported
S5700LI
V200R003
S5700S-LI
V200R008
S5710-C-LI
S5710-X-LI
V200R008
S5700SI
S5700EI
Not supported
S5710EI
S5720EI
V200R007
S5700HI
S5710HI
S5720HI
V200R006
S5720SI/S5720S-SI
V200R008
S3700
S5700
Issue 11 (2016-07-22)
1 Basic Configuration
Series
Product
Minimum Version
Required
S6700
S6700EI
S6720EI
V200R008
S6720S-EI
V200R009
The file system format of the USB flash drive must be FAT32, and standard for the USB
interface is USB2.0 (USB1.1 interface on the S5700LI). To ensure compatibility between
USB flash drives and devices, use Huawei-certified USB flash drives to configure the
Huawei devices. Table 1-5 lists the USB flash drives applicable to a switch.
Table 1-5 USB flash drives applicable to a switch
Capaci
ty
Vendor
Model
Remarks
4 GB
Netac
U208
SanDisk
Cruzer Blade
HewlettPackard
v218G
PNY
M1
Netac
U208
HewlettPackard
v225w
8 GB
Issue 11 (2016-07-22)
Capaci
ty
1 Basic Configuration
Vendor
Model
Remarks
STEC
SLUFD8GU2T
UI
USB-based deployment using the usbload_config.txt index file can only be performed
in a single switch, not a stack of multiple switches. In a stack of multiple switches, if the
USB flash drive is connected to the standby switch or a slave switch, the USB-based
deployment process will not start. If the USB flash drive is connected to the master
switch, the USB indicator blinks red fast, indicating that the USB-based deployment
fails. In this case, the switch records an error report including the following information:
The usbload_config.txt index file cannot be used for USB deployment of a multimember stack.
Fields in an index file are restricted by the current system version. For example, if some
fields in the index file are not supported by the current system version, these fields are
invalid for an upgrade to a later version.
USB-based deployment is mutually exclusive with the SVF, web initial login mode and
EasyDeploy functions.
Devices to be deployed are unconfigured devices and do not have security measures
configured. Therefore, when onsite non-professionals perform deployment task, ensure
that they do not perform any unauthorized operations on the devices, USB flash drive,
and deployment files.
Before saving files to a USB flash drive, disable the write-protection function of the
USB flash drive.
Do not use a partitioned USB flash drive to deploy the S5720EI, S5720HI, S5720SI,
S5720S-SI, S6720EI, or S6720S-EI switches. Otherwise, the switches may fail to find
the files saved on the USB flash drive, resulting in a failed USB-based deployment.
Issue 11 (2016-07-22)
10
1 Basic Configuration
Before using a USB flash drive to upgrade a device, ensure that the device can start
successfully and has sufficient space to store the required files.
Do not power off the device during a USB-based deployment process. Otherwise, the
upgrade fails or the device cannot start.
Do not remove the USB flash drive before the USB-based deployment process is
complete. Otherwise, data in the USB flash drive may be corrupted.
A smart_config.ini index file supports encryption and HMAC check for a configuration
file, whereas a usbload_config.txt index file does not. Therefore, if upgrade files include
a configuration file, you are advised to make a smart_config.ini index file, configure an
encryption password for the configuration file, and enable HMAC check to enhance
security.
The S5700LI supports two index file formats: smart_config.ini and usbload_config.txt.
If both types of index files are saved in a USB flash drive, the smart_config.ini file is
preferred. During USB-based deployment, it is not recommended to save the two types
of index files in the USB flash drive. When rolling back a device to V200R003 or earlier
using a USB flash drive, it is recommended to use the usbload_config.txt index file
because V200R003 and earlier versions do not support the smart_cfg.ini index file.
Issue 11 (2016-07-22)
11
2 Device Management
Device Management
Issue 11 (2016-07-22)
12
2 Device Management
Run a command to view logs in the log buffer. Only the latest logs are saved in the log
buffer.
The first two methods do not require other network elements. To use the third method, you
need a server to save logs.
License Support
Information center is a basic feature of a switch and is not under license control.
Version Support
Table 2-1 Products and minimum version supporting information center
Series
Product Model
S1700
S1720
S2700
S2700SI/S2700EI
S2710SI
S2720EI
S2750EI
V200R003
S3700SI/S3700EI
S3700HI
S5700LI/S5700S-LI
V200R001
S3700
S5700
Issue 11 (2016-07-22)
13
Series
S6700
2 Device Management
Product Model
S5710-C-LI
S5710-X-LI
V200R008
S5700SI/S5700EI
S5720S-SI/S5720SI
V200R008
S5710EI
S5700HI
S5710HI
S5720EI
V200R007
S5720HI
V200R006
S6700EI
S6720EI
V200R008
S6720S-EI
V200R009
2.2 NTP
Involved Network Elements
Other network elements are required to support NTP.
License Support
NTP is a basic feature of a switch and is not under license control.
Issue 11 (2016-07-22)
14
2 Device Management
Version Support
Table 2-2 Products and minimum version supporting NTP
Series
Product
Minimum Version
Required
S1700
S1720
S2700
S2700SI
S2700EI
S2710SI
S2720EI
S2750EI
V200R003
S3700SI
S3700EI
S3700HI
S5700LI/S5700S-LI
V200R001
S5710-C-LI
S5710-X-LI
V200R008
S5700SI
S5700EI
S3700
S5700
Issue 11 (2016-07-22)
15
Series
S6700
2 Device Management
Product
Minimum Version
Required
S5710EI
S5720EI
V200R007
S5720SI/S5720S-SI
V200R008
S5700HI
S5710HI
S5720HI
V200R006
S6700EI
S6720EI
V200R008
S6720S-EI
V200R009
S5700-10P-LI-AC
S5700-10P-PWR-LI-AC
S5700-28P-LI-BAT
S5700-28P-LI-4AH
S5700-28P-LI-24S-BAT
S5700-28P-LI-24S-4AH
16
2 Device Management
License Support
Energy-saving management is not under license control.
Version Support
Table 2-3 Products and minimum version supporting energy-saving management
Series
Product
Minimum Version
Required
S1700
S1720
S2700
S2700SI/S2700EI
S2710SI
S2720EI
S2750EI
V200R003
S3700SI/S3700EI
S3700HI
S5700LI/S5700S-LI
V200R001
S5710-C-LI
S5710-X-LI
V200R008
S5700EI/S5700SI
S5710EI
S3700
S5700
Issue 11 (2016-07-22)
17
Series
S6700
2 Device Management
Product
Minimum Version
Required
S5720EI
V200R007
S5720SI/S5720S-SI
V200R008
S5700HI
S5710HI
S5720HI
V200R006
S6700EI
S6720EI
V200R008
S6720S-EI
V200R009
During device sleeping configuration, if you run the speed { 10 | 100 } command on any
awakening port to set the port rate to 10 or 100 Mbit/s or run the loopback internal
command on any awakening port to configure the loopback detection mode, the device
cannot enter the sleeping state. To enable the device to enter the sleeping state, you need
to configure the awakening port on which the speed { 10 | 100 } or loopback internal
command has been configured as a non-awakening port or delete the speed { 10 | 100 }
or loopback internal command configuration from the awakening port.
When the interval between the sleeping start time and end time is less than 10 minutes,
the device will not enter the sleeping state.
2.4 PoE
Involved Network Elements
Powered devices (PDs)
License Support
PoE is not under license control.
Issue 11 (2016-07-22)
18
2 Device Management
Version Support
Table 2-4 Products and minimum version supporting PoE
Series
Product
Minimum Version
Required
S1700
S1720
Not supported
S2700
S2700EI
S2700SI
Not supported
S2710SI
S2720EI
Not supported
S2750EI
V200R003
S3700SI/S3700EI
S3700HI
Not supported
S5700LI
V200R001
S5700S-LI
V200R008
S5710-C-LI
S5710-X-LI
Not supported
S5700EI/S5700SI
S5710EI
S5720EI
V200R007
S5700HI
Not supported
S5710HI
S3700
S5700
Issue 11 (2016-07-22)
19
Series
S6700
2 Device Management
Product
Minimum Version
Required
S5720HI
V200R006
S5720SI
V200R008
S5720S-SI
Not supported
S6700EI
Not supported
S6720EI
Not supported
S6720S-EI
Not supported
The device supports power supply capability negotiation using the Link Layer Discovery
Protocol (LLDP).
PoE power supply is independent of the system power supply. You can configure
maximum power, alarm threshold, and reserved PoE to the total power supply.
The device supports automatic, manual, and forcible power-on and power-off mode.
The device can detect PDs that are compliant with 802.3af or 802.3at and provides
power for these PDs.
The device can be configured with the power-off time range to facilitate PD
management.
The device can be equipped with more than one PoE power supply. You can install
corresponding PoE power supplies according to the total power consumption of PDs to
ensure stability of the PoE system.
If a switch supports PoE, its PoE feature is not affected after it joins a stack.
The PoE models of the S5700LI, S5700S-LI, S2750EI, S5710EI, S5720EI, S5720SI,
S5720HI and S5710HI series can still power the attached PDs when they are reboot
using the reboot command. After rebooting, a PD will be powered off and then on when
all the following conditions are met:
a.
b.
Forcible power supply has been enabled on the port connected to the PD or any of
the other three ports that share the same PSE chip with this port, but the forcible
power supply configuration has not been saved before the reboot.
If the system power is sufficient but PDs cannot be powered on, try to use the poe forcepower command to forcibly power on the PDs connected to interfaces.
20
2 Device Management
250 W
PoE Power
Device
Maximum
Number of
Interfaces
123.2 W
S2700-52PPWR-EI
l 802.3af (15
W per port):
8
S2710-52PPWR-SI
S3700-28TPPWR-EI
l 802.3at (30
W per port):
4
S3700-28TPPWR-SI
S3700-52PPWR-EI
S3700-52PPWR-SI
500 W
369.6 W
S2700-52PPWR-EI
S2710-52PPWR-SI
S3700-28TPPWR-EI
l 802.3af (15
W per port):
24
l 802.3at (30
W per port):
12
S3700-28TPPWR-SI
S3700-52PPWR-EI
S3700-52PPWR-SI
Issue 11 (2016-07-22)
21
Power Supply
250 W
250 W
2 Device Management
PoE Power
Device
Maximum
Number of
Interfaces
246.4 W
S2700-52PPWR-EI
l 802.3af (15
W per port):
16
S2710-52PPWR-SI
S3700-28TPPWR-EI
l 802.3at (30
W per port):
8
S3700-28TPPWR-SI
S3700-52PPWR-EI
S3700-52PPWR-SI
500 W
500 W
739.2 W
S3700-28TPPWR-EI
S3700-28TPPWR-SI
S2700-52PPWR-EI
S2710-52PPWR-SI
S3700-52PPWR-EI
l 802.3af (15
W per port):
24
l 802.3at (30
W per port):
24
l 802.3af (15
W per port):
48
l 802.3at (30
W per port):
24
S3700-52PPWR-SI
The following S5700EI, S5700SI, S5710EI and S5710HI switches support the PoE function
and the power supply configurations are shown in the following table.
Issue 11 (2016-07-22)
22
2 Device Management
Power Supply
PoE Power
Device
Maximum
Number of
Interfaces
250 W
123.2 W
S5700-48TP-PWRSI
l 802.3af (15.4 W
per port): 8
S5700-52C-PWR-EI
S5700-28C-PWR-EI
S5700-24TP-PWRSI
S5700-28C-PWR-SI
S5700-52C-PWR-SI
500 W
369.6 W
S5700-48TP-PWRSI
l 802.3af (15.4 W
per port): 24
S5700-52C-PWR-EI
S5700-28C-PWR-EI
S5700-24TP-PWRSI
S5700-28C-PWR-SI
S5700-52C-PWR-SI
250 W
250 W
246.4 W
S5700-48TP-PWRSI
l 802.3af (15.4 W
per port): 16
S5700-52C-PWR-EI
S5700-28C-PWR-EI
S5700-24TP-PWRSI
S5700-28C-PWR-SI
S5700-52C-PWR-SI
500 W
500 W
739.2 W
S5700-48TP-PWRSI
l 802.3af (15.4 W
per port): 48
S5700-52C-PWR-EI
S5700-52C-PWR-SI
S5700-28C-PWR-EI
l 802.3af (15.4 W
per port): 24
l 802.3at (30 W per
port): 24
369.6 W
Issue 11 (2016-07-22)
S5700-24TP-PWRSI
l 802.3af (15.4 W
per port): 24
S5700-28C-PWR-SI
23
2 Device Management
Power Supply
PoE Power
Device
Maximum
Number of
Interfaces
580 W
369.6 W
S5710-28C-PWREI-AC
l 802.3af (15.4 W
per port): 24
S5710-52C-PWR-EI
S5710-52C-PWREI-AC
580 W
580 W
739.2 W
S5710-52C-PWR-EI
S5710-52C-PWREI-AC
S5710-28C-PWREI-AC
l 802.3af (15.4 W
per port): 48
l 802.3at (30 W per
port): 24
l 802.3af (15.4 W
per port): 24
l 802.3at (30 W per
port): 24
1150 W
785.4 W
S5710-52C-PWR-EI
S5710-108C-PWRHI
1150 W
1150 W
1570.8 W
S5710-52C-PWR-EI
S5710-108C-PWRHI
l 802.3af (15.4 W
per port): 48
l 802.3at (30 W per
port): 26
l 802.3af (15.4 W
per port): 48
l 802.3at (30 W per
port): 48
The S5700LI series provides built-in PoE power supplies. The S5700LI series includes
S5700-10P-PWR-LI-AC, S5700-28P-PWR-LI-AC, S5700-28TP-PWR-LI-AC, S5701-28TPPWR-LI-AC, S5700-52P-PWR-LI-AC, S5700-28X-PWR-LI-AC and S5700-52X-PWR-LIAC.
The S5700-10P-PWR-LI-AC has an internal power module and cannot connect to the RPS.
The internal power module provides 123.2 W PoE power. The switch supports a maximum of
eight ports in compliance with 802.3af or a maximum of four ports in compliance with
802.3at.
The S5700-28P-PWR-LI-AC, S5700-28TP-PWR-LI-AC, S5701-28TP-PWR-LI-AC,
S5700-52P-PWR-LI-AC, S5700-28X-PWR-LI-AC and S5700-52X-PWR-LI-AC can connect
to the RPS1800. The power supply configurations are shown in the following table.
Issue 11 (2016-07-22)
24
2 Device Management
Power
Supply
PoE Power
Device
Maximum Number of
Interfaces
No
connection
with the RPS
369.6 W
S5700-28P-PWR-LI-AC
S5700-28TP-PWR-LIAC
S5700-52P-PWR-LI-AC
S5700-28X-PWR-LI-AC
S5700-52X-PWR-LI-AC
184.8 W
S5701-28TP-PWR-LIAC
Connection
with the RPS
800 W
S5700-28P-PWR-LI-AC
S5700-28TP-PWR-LIAC
S5700-28X-PWR-LI-AC
S5700-52P-PWR-LI-AC
S5700-52X-PWR-LI-AC
184.8 W
S5701-28TP-PWR-LIAC
Issue 11 (2016-07-22)
25
2 Device Management
Power
Supply 1
Power
Supply 2
PoE Power
Device
Maximum
Number of Ports
(Full PoE Power)
1150 W
(220 V)
785.4 W
S5720-56C-PWRHI-AC
l 802.3af (15.4 W
per port): 48
l 802.3at (30 W per
port): 26
1150 W
(220 V)
1150 W
(220 V)
1440 W
S5720-56C-PWRHI-AC
l 802.3af (15.4 W
per port): 48
l 802.3at (30 W per
port): 48
1150 W
(110 V)
446.6 W
S5720-56C-PWRHI-AC
l 802.3af (15.4 W
per port): 29
l 802.3at (30 W per
port): 14
1150 W
(110 V)
1150 W
(110 V)
893.2 W
S5720-56C-PWRHI-AC
l 802.3af (15.4 W
per port): 48
l 802.3at (30 W per
port): 29
580 W
369.6 W
S5720-56C-PWRHI-AC1
l 802.3af(15.4 W
per port): 24
l 802.3at(30 W per
port): 12
580 W
580 W
739.2 W
S5720-56C-PWRHI-AC1
l 802.3af(15.4 W
per port): 48
l 802.3at(30 W per
port): 24
500 W or
650 W
500 W or
650 W
500 W or
650 W
369.6 W
739.2 W
S5720-36C-PWREI-AC
l 802.3af (15.4 W
per port): 24
S5720-56C-PWREI-AC
S5720-36C-PWREI-AC
l 802.3af (15.4 W
per port): 28
l 802.3at (30 W per
port): 24
S5720-56C-PWREI-AC
l 802.3af (15.4 W
per port): 48
l 802.3at (30 W per
port): 24
Issue 11 (2016-07-22)
26
2 Device Management
Power
Supply 1
Power
Supply 2
PoE Power
Device
Maximum
Number of Ports
(Full PoE Power)
1150 W
(220 V)
785.4 W
S5720-56C-PWREI-AC1
l 802.3af (15.4 W
per port): 48
l 802.3at (30 W per
port): 26
1150 W
(220 V)
1150 W
(220 V)
1440 W
S5720-56C-PWREI-AC1
l 802.3af (15.4 W
per port): 48
l 802.3at (30 W per
port): 48
1150 W
(110 V)
446.6 W
S5720-56C-PWREI-AC1
l 802.3af (15.4 W
per port): 29
l 802.3at (30 W per
port): 14
1150 W
(110 V)
1150 W
(110 V)
893.2 W
S5720-56C-PWREI-AC1
l 802.3af (15.4 W
per port): 48
l 802.3at (30 W per
port): 29
In the S5720SI series, S5720-28X-PWR-SI-AC, S5720-52X-PWR-SI-AC, and S5720-52XPWR-SI-ACF support the PoE function. The following table shows the mappings between
power modules and device models.
Power
Supply 1
Power
Supply 2
PoE Power
Device
Maximum
Number of Ports
(Full PoE Power)
500 W or
650 W
369.6 W
l S5720-28XPWR-SI-AC
l 802.3af (15.4 W
per port): 24
l S5720-52XPWR-SI-AC
S5720-28X-PWRSI-AC
l 802.3af (15.4 W
per port): 24
500 W or
650 W
500 W or
650 W
739.2 W
l 802.3af (15.4 W
per port): 48
l 802.3at (30 W per
port): 24
Issue 11 (2016-07-22)
27
2 Device Management
Power
Supply 1
Power
Supply 2
PoE Power
Device
Maximum
Number of Ports
(Full PoE Power)
1150 W
(220 V)
785.4 W
S5720-52X-PWRSI-ACF
l 802.3af (15.4 W
per port): 48
l 802.3at (30 W per
port): 26
1150 W
(220 V)
1150 W
(220 V)
1440W
S5720-52X-PWRSI-ACF
l 802.3af (15.4 W
per port): 48
l 802.3at (30 W per
port): 48
1150 W
(110 V)
446.6W
S5720-52X-PWRSI-ACF
l 802.3af (15.4 W
per port): 29
l 802.3at (30 W per
port): 14
1150 W
(110 V)
1150 W
(110 V)
893.2W
S5720-52X-PWRSI-ACF
l 802.3af (15.4 W
per port): 48
l 802.3at (30 W per
port): 29
The S5720-14X-PWH-SI-AC has a built-in PoE power module and cannot connect to the
RPS1800. The following table shows the mappings between power modules and device
models.
Issue 11 (2016-07-22)
28
2 Device Management
Device
369.6W
S5720-14X-PWH-SI-AC
The S5700S-LI series has only one PoE model: S5700S-28P-PWR-LI-AC, which has a builtin PoE power module. The built-in PoE power module can provide PoE power and connect to
an RPS1800 for power supply. Table 2-6 lists the power supply configurations.
Table 2-6 Power supply configurations
Power Supply
PoE Power
No connection with
the RPS
369.6 W
800 W
NOTE
When two power supplies are used, they work in redundancy mode to provide power for the device and
in load balancing mode to provide power for PDs.
2.5 iStack
Issue 11 (2016-07-22)
29
2 Device Management
License Support
Stacking is not under license control.
Version Support
Table 2-7 Products and minimum version supporting stacking
Series
Product
Minimum Version
Required
S1700
S1720
Not supported
S2700
S2700EI
S2700SI
Not supported
S2710SI
S2720EI
S2750EI
V200R003
S3700SI/S3700EI
S3700HI
Not supported
S5700LI
V200R001
S5700S-LI
V200R008
S5710-C-LI
S5710-X-LI
V200R008
S5700EI/S5700SI
S3700
S5700
Issue 11 (2016-07-22)
30
Series
S6700
2 Device Management
Product
Minimum Version
Required
S5710EI
S5720EI
V200R007
S5700HI
S5720SI/S5720S-SI
V200R008
S5710HI
Not supported
S5720HI
V200R009
S6700EI
S6720EI
V200R008
S6720S-EI
V200R009
You can configure a maximum of eight direct detection links for each member switch in
a stack
You can configure the relay mode on a maximum of four Eth-Trunks in a stack
After multiple switches form a stack, the following features cannot be configured in the stack:
l
Y.1731
When you establish a stack on the switches that support both stack card connection and
service port connection, such as S5720-C-EI, note the following:
l
All member switches must use the same stack connection mode.
When a member switch has stack cards installed and the service port stack configuration,
the switch uses the service port connection mode to establish a stack. It does not use the
stack card connection mode even though a stack fails to be established in service port
connection mode and stack cards are connected correctly.
Issue 11 (2016-07-22)
31
2 Device Management
A switch uses the stack card connection mode to establish a stack only when it has no
service port stack configuration.
If a switch is currently using the stack card connection mode, perform the service port
stack configuration on the switch before changing the stack connection mode to service
port connection. After the service port stack configuration is complete, the switch uses
the service port connection mode when restarting.
If a switch using the stack card connection mode has service port configuration, a
smooth upgrade cannot be performed on the switch.
If a switch is currently using the service port connection mode, correctly connect stack
cards and stack cables and clear the existing service port stack configuration before
changing the stack connection mode to stack card connection. You can use the reset
stack-port configuration command to clear the existing service port stack
configuration.
When changing service port connection to stack card connection, you are advised to
remove the cables connected to service ports to prevent loops.
When multiple switches set up a stack, member switches will synchronize the running version
of the master switch. If a member switch does not support this running version, it will restart
repeatedly.
In V200R009C00, if MPLS-incapable S5720EIs exist in a stack, this stack cannot have MPLS
enabled. If member devices in a stack are running MPLS services, adding MPLS-incapable
S5720EIs to the stack is not allowed.
An S5720HI supports the stacking function since V200R009C00. When a member device in a
stack is faulty and fails to restart for three consecutive times, the device attempts to roll back
to a version earlier than V200R009C00 for restart. When the device restarts successfully after
rolling back to a version earlier than V200R009C00, a multi-active situation may occur
because the version earlier than V200R009C00 does not support the stacking function. To
prevent this situation, you are advised to delete the system software earlier than
V200R009C00 from member devices when using S5720HIs to set up a stack.
2.6 SVF
Involved Network Elements
SVF networking involves the following components:
l
Parent
AS
AP
License Support
The SVF function on a parent requires a license. The license controls only the SVF function
but not the SVF service specifications and only needs to be loaded on the parent.
Issue 11 (2016-07-22)
32
2 Device Management
Version Support
Table 2-8 Products and minimum version supporting SVF
Series
Product
Minimum Version
Required
S1700
S1720
Not supported
S2700
S2700SI/S2700EI
Not supported
S2710SI
Not supported
S2720EI
V200R009
S2750EI
V200R007
S3700SI/S3700EI
Not supported
S3700HI
Not supported
S5700LI/S5700S-LI
V200R007
S5710-C-LI
Not supported
S5710-X-LI
V200R008
S5700EI/S5700SI
Not supported
S5710EI
Not supported
S5720EI
V200R007
S5720SI/S5720S-SI
V200R008
S5700HI
Not supported
S5710HI
Not supported
S5720HI
V200R007
S6700EI
Not supported
S6720EI/S6720S-EI
V200R009
S7712/S7706
(The main control unit is not
SRUH.)
V200R007
S7712/S7706
(The main control unit is
SRUH.)
V200R008
S7703
V200R007
S9700
S9712/S9706/S9703
V200R007
S12700
S12704
V200R008
S12708/S12712
V200R007
S3700
S5700
S6700
S7700
Issue 11 (2016-07-22)
33
2 Device Management
Series
Product
Minimum Version
Required
E600
E600
V200R008
The SVF function is mutually exclusive with the web initial login mode, EasyDeploy,
and USB-based deployment functions.
The system automatically enables the STP and LLDP functions globally on the parent.
Pay attention to the following points when using the STP and LLDP functions in an SVF
system:
The STP and LLDP functions cannot be disabled globally but can be disabled on
interfaces.
The LLDP function cannot be disabled on member ports of a fabric port, ports
connected to APs, and AP uplink ports. Otherwise, SVF topology information
becomes inaccurate.
After the SVF function is enabled, the parent changes STP to Rapid Spanning Tree
Protocol (RSTP) and sets the priority of instance 0 to 28672 using the stp instance 0
priority 28672 command. After the SVF function is disabled, the priority of instance 0
restores to the default value. When the SVF function is enabled or disabled, STP
recalculates the port roles and changes the interface status. Subsequently, traffic on the
interface is interrupted temporarily.
The multi-active detection (MAD) relay function is automatically enabled on the EthTrunk to which a downlink fabric port is bound, and the MAD function is automatically
enabled on the Eth-Trunk to which an uplink fabric port is bound to perform MAD in an
AS that is a stack. When the standby switch in an AS is removed, MAD cannot be
performed because the standby switch restarts automatically without saving the
configuration.
To prevent the SVF function from being affected, do not modify the configuration
automatically generated in an SVF system using MIB operations, including the
configuration of STP, LLDP, and Eth-Trunk to which a fabric port is bound.
If an AP has connected to the parent before the SVF function is enabled, the parent
cannot collect topology information about the AP after the uni-mng command is used to
enable the SVF function. You need to run the commit { all | ap ap-id } command in the
WLAN view to commit the AP configuration. Subsequently, the parent can collect
topology information about the AP.
When GE or XGE optical interfaces are used to connect a level-1 AS to the parent and
connect a level-2 AS to a level-1 AS, the interfaces must use GE optical modules but not
XGE optical modules.
On the parent, there may be a delay in displaying the output of some commands (such as
patch delete all and patch load filename all [ active | run ]) executed on the ASs.
Issue 11 (2016-07-22)
34
2 Device Management
After an AS goes online, a static ARP entry in which the IP address is the management
address of the parent is generated on the AS. Deleting the static ARP entry is not
allowed. Otherwise, the AS may be forcibly removed from the SVF system.
Internal attacks in the management VLAN will cause an AS to go offline. You need to
identify the attack source and then shut down the attacked port or remove the port from
the management VLAN.
After an AS goes offline, all downlink ports of the AS are shut down.
When an AS connects to APs, all member ports of the Eth-Trunk bound to the fabric port
that connects the parent to the AS must be ports on X1E cards or ports on non-X1E
cards. Otherwise, APs cannot go online.
Configured CAPWAP tunnel parameters apply to the SVF system. To ensure that the
CAPWAP tunnel of the SVF system works normally, you are advised to retain the
default CAPWAP tunnel parameters. For details on how to configure CAPWAP tunnel
parameters, see Configuring CAPWAP Tunnel Parameters.
The AS cannot negotiate to join the SVF system if the AS directly connects to the
parent.
To solve these problems, start the AS in standalone mode and run the undo assign
forward-mode command in the system view to disable Layer 3 hardware forwarding for
IPv4 packets.
l
In an SVF system running V200R008C00 and earlier versions, you can run the
authentication free-rule command to control the network access right of NAC users
before they pass authentication. UCL-based group authorization is not supported for
NAC users.
In an SVF system running V200R009C00 and later versions, you can run the free-rule
command to control the network access right of NAC users before they pass
authentication. UCL-based group authorization is not supported for NAC users.
If the AS is a stack set up using service ports, you need to configure the stack function
on the AS and then connect the AS to the SVF system. This requirement does not apply
to the AS that is a stack set up using stack cards.
From V200R009C00, an AS can a stack of the same device series but different device
models. If an AS is a stack, you can run the slot command to modify the preconfigured
device type.
Some commands such as STP and LLDP commands are shielded on the parent, and
configuration commands are shielded on member ports of fabric ports. However, these
commands can still be executed through MIBs. Do not execute these commands through
MIBs.
When an AS connects to the parent across a Layer 2 network, pay attention to the following
points:
l
Automatic AS discovery is not supported, and fabric ports of the parent and AS need to
be manually configured.
The indirectly-connected fabric port of the parent and configured uplink fabric port of
the AS do not support connection error check. The administrator needs to ensure the
Issue 11 (2016-07-22)
35
2 Device Management
connection correctness of the Eth-Trunk, and the AS can only connect to third-party
network devices through Eth-Trunks in manual load balancing mode.
l
The administrator needs to ensure that the downlink fabric port of the parent and the
intermediate Layer 2 network are correctly configured, the SVF management VLAN and
service VLAN between the parent and AS are correctly connected, and the intermediate
network transparently transmits data traffic between the parent and AS. Therefore, the
intermediate network must be a pure Layer 2 network.
The AS does not support the MAD function because this function requires that thirdparty devices support the MAD relay function.
In centralized forwarding mode, traffic from the network segment where the AS resides
may be forwarded by the intermediate network but not the parent.
After the AS is configured to work in client mode, the AS can only be manually
configured to return to the standalone mode and must be restarted. If the AS is a stack,
new stack member devices will be automatically configured to work in client mode after
the AS is configured to work in client mode.
The S6720EI or S6720S-EI can function as the parent or AS. The device works in AS
mode by default. To change the device working mode, run the as-mode disable
command.
Parent/AS Specifications
Issue 11 (2016-07-22)
36
2 Device Management
Device
Model
Softw
are
Versi
on
Ma
xim
um
Nu
mb
er
of
AS
s
Ma
xim
um
Nu
mb
er
of
AP
s
Parent
S12708/
S12712
V200R
007C0
0 and
later
versio
ns
(The
SVF
functio
n is
not
suppor
ted in
V200R
007C1
0.)
V20
0R0
07C
00
and
V20
0R0
08C
00:
64
V20
0R0
09C
00
and
later
vers
ions
:
256
Ma
xim
um
Nu
mb
er
of
CA
PW
AP
Lin
ks
Description
l V l V
2
2
0
0
0
0
R
R
0
0
0
0
9
9
a
a
Issue 11 (2016-07-22)
37
Devic
e
Role
Issue 11 (2016-07-22)
Device
Model
Softw
are
Versi
on
2 Device Management
Ma
xim
um
Nu
mb
er
of
AS
s
Ma
xim
um
Nu
mb
er
of
AP
s
Ma
xim
um
Nu
mb
er
of
CA
PW
AP
Lin
ks
n
d
l
a
t
e
r
v
e
r
s
i
o
n
s
:
6
1
4
4
n
d
l
a
t
e
r
v
e
r
s
i
o
n
s
:
6
1
4
4
S9712/
S9706
64
204
8
204
8
S9703
32
512
512
S7712/
S7706
(The main
control unit
is not
SRUH.)
64
102
4
102
4
S7703
32
512
512
S5720HI
32
102
4
102
4
Description
38
Devic
e
Role
2 Device Management
Device
Model
Softw
are
Versi
on
Ma
xim
um
Nu
mb
er
of
AS
s
Ma
xim
um
Nu
mb
er
of
AP
s
Ma
xim
um
Nu
mb
er
of
CA
PW
AP
Lin
ks
S7712/
S7706
(The main
control unit
is SRUH.)
V200R
008C0
0 and
later
versio
ns
V20
0R0
08C
00:
64
204
8
204
8
409
6
409
6
32
S12704
Description
V20
0R0
09C
00
and
later
vers
ions
:
256
V20
0R0
08C
00:
64
V20
0R0
09C
00
and
later
vers
ions
:
256
S6720EI/
S6720S-EI
Issue 11 (2016-07-22)
V200R
009C0
0 and
later
versio
ns
32
39
2 Device Management
Devic
e
Role
Device
Model
Softw
are
Versi
on
Ma
xim
um
Nu
mb
er
of
AS
s
Ma
xim
um
Nu
mb
er
of
AP
s
Ma
xim
um
Nu
mb
er
of
CA
PW
AP
Lin
ks
Description
AS
l S2750E
I
V200R
007C0
0 and
later
versio
ns
V200R
008C0
0 and
later
versio
ns
l S5700L
I
l S5700S
-LI
l S5720E
I
l S5720S
I
l S5720S
-SI
l S5710X-LI
l E600
Issue 11 (2016-07-22)
40
Devic
e
Role
2 Device Management
Device
Model
Softw
are
Versi
on
Ma
xim
um
Nu
mb
er
of
AS
s
Ma
xim
um
Nu
mb
er
of
AP
s
Ma
xim
um
Nu
mb
er
of
CA
PW
AP
Lin
ks
l S2720E
I
V200R
009C0
0 and
later
versio
ns
l S6720E
I
l S6720S
-EI
Description
Issue 11 (2016-07-22)
41
Devic
e
Role
Device
Model
Softw
are
Versi
on
2 Device Management
Ma
xim
um
Nu
mb
er
of
AS
s
Ma
xim
um
Nu
mb
er
of
AP
s
Ma
xim
um
Nu
mb
er
of
CA
PW
AP
Lin
ks
Description
Issue 11 (2016-07-22)
42
Devic
e
Role
Device
Model
Softw
are
Versi
on
2 Device Management
Ma
xim
um
Nu
mb
er
of
AS
s
Ma
xim
um
Nu
mb
er
of
AP
s
Ma
xim
um
Nu
mb
er
of
CA
PW
AP
Lin
ks
Description
NOTE
If APs need to connect to an SVF system with an S12700, S9700, or S7700 functioning as the parent,
X1E cards must be configured on the parent.
If DTLS encryption is configured for packets transmitted in a CAPWAP tunnel, recommendations on
the maximum number of ASs and APs supported on the parent are as follows:
l S12704/S12708/S12712: The maximum numbers of ASs and APs do not exceed 32 and 96
respectively.
l S9712/S9706/S7712/S7706/S9703/S7703/S5720HI: The maximum numbers of ASs and APs do not
exceed 16 and 48 respectively.
l S6720EI/S6720S-EI:The maximum numbers of ASs do not exceed 16.
l The preceding AS or AP specifications apply to scenarios where all ASs or APs go online. If both
ASs and APs go online, it is recommended that the value of AS*3+AP do not exceed the maximum
number of APs.
l When the number of ASs or APs exceeds the maximum value, a high CPU usage may occur,
affecting existing services.
If more ASs&APs are deployed, more terminals can connect to the campus network, requiring
more CPU and memory resources of the parent. Table 2-10 lists the recommended maximum
numbers of ASs&APs and access terminals in an SVF system depending on CPU and
memory capabilities of the parent.
Table 2-10 Recommended maximum numbers of ASs&APs and access terminals
Issue 11 (2016-07-22)
Model of the
Parent
Recommende
d Maximum
Number of
ASs
Recommende
d Maximum
Number of
Wired
Terminals
Recommende
d Maximum
Number of
APs
Recommende
d Maximum
Number of
Wireless
Terminals
S12712/
S12708/S12704
64
3000 to 5000
1000
3000 to 5000
S9712/S9706
48
2000 to 3000
800
2000 to 3000
S7712/S7706
32
Smaller than
2000
300
Smaller than
1000
S5720HI
32
1000 to 2000
600
1000 to 2000
43
2 Device Management
Model of the
Parent
Recommende
d Maximum
Number of
ASs
Recommende
d Maximum
Number of
Wired
Terminals
Recommende
d Maximum
Number of
APs
Recommende
d Maximum
Number of
Wireless
Terminals
S6720EI/
S6720S-EI
32
1000 to 2000
S9703/S7703
200
Maximum
Number of
Groups
Description
AS group
16
AS administrator profile
l An AS can be added to
only one AS group.
l An AS port group can
be bound to only one
AS administrator
profile.
AS port
group
256
Issue 11 (2016-07-22)
44
2 Device Management
Group
Type
Maximum
Number of
Groups
Description
AP port
group
AS administrator profile
16
256
16
16
Issue 11 (2016-07-22)
Series
Device Models
S2750EI
S5700-P-LI
S5700-28P-LI-AC, S5700-28P-LI-DC,
S5700-52P-LI-AC, S5700-52P-LI-DC,
S5700-28P-PWR-LI-AC, S5700-52PPWR-LI-AC
S5700-X-LI
S5700-28X-LI-AC, S5700-28X-LI-DC,
S5700-52X-LI-AC, S5700-52X-LI-DC,
S5700-28X-PWR-LI-AC, S5700-52XPWR-LI-AC, S5700-28X-LI-24S-DC,
S5700-28X-LI-24S-AC, S5700-52XLI-48CS-AC
S5700S-X-LI
S5700S-28X-LI-AC, S5700S-52X-LIAC
S5700-TP-LI
S5710-X-LI
S5710-28X-LI-AC, S5710-52X-LI-AC
45
Issue 11 (2016-07-22)
2 Device Management
Series
Device Models
S5720SI
S5720EI
S6720EI/S6720S-EI
E600
46
3 Interface Management
Interface Management
Issue 11 (2016-07-22)
47
3 Interface Management
License Support
An Ethernet interface is a basic feature of a switch and is not under license control.
Version Support
Table 3-1 Products and minimum version supporting Ethernet interfaces
Issue 11 (2016-07-22)
Serie
s
Produ
ct
Mini
mum
Versi
on
Supp
ortin
g FE
Electr
ical
Interf
aces
Mini
mum
Versi
on
Supp
ortin
g GE
Electr
ical
Interf
aces
Mini
mum
Versi
on
Supp
ortin
g
XGE
Electr
ical
Interf
aces
Mini
mum
Versi
on
Supp
ortin
g
Multi
GE
Interf
aces
Mini
mum
Versi
on
Supp
ortin
g FE
Optic
al
Interf
aces
Mini
mum
Versi
on
Supp
ortin
g GE
Optic
al
Interf
aces
Mini
mum
Versi
on
Supp
ortin
g
XGE
Optic
al
Interf
aces
Mini
mum
Versi
on
Supp
ortin
g
40GE
Optic
al
Interf
aces
S1700
S1720
Not
suppor
ted by
any
versio
n
V200
R006
(The
S1720
is
unavai
lable
in
V200
R007
and
V200
R008.
)
Not
suppor
ted by
any
versio
n
Not
suppor
ted by
any
versio
n
Not
suppor
ted by
any
versio
n
V200
R006
(The
S1720
is
unavai
lable
in
V200
R007
and
V200
R008.)
Not
suppor
ted by
any
versio
n
Not
suppor
ted by
any
versio
n
48
Issue 11 (2016-07-22)
3 Interface Management
Serie
s
Produ
ct
Mini
mum
Versi
on
Supp
ortin
g FE
Electr
ical
Interf
aces
Mini
mum
Versi
on
Supp
ortin
g GE
Electr
ical
Interf
aces
Mini
mum
Versi
on
Supp
ortin
g
XGE
Electr
ical
Interf
aces
Mini
mum
Versi
on
Supp
ortin
g
Multi
GE
Interf
aces
Mini
mum
Versi
on
Supp
ortin
g FE
Optic
al
Interf
aces
Mini
mum
Versi
on
Supp
ortin
g GE
Optic
al
Interf
aces
Mini
mum
Versi
on
Supp
ortin
g
XGE
Optic
al
Interf
aces
Mini
mum
Versi
on
Supp
ortin
g
40GE
Optic
al
Interf
aces
S2700
S2700
SI and
S2700
EI
V100
R005
(The
S2700
SI and
S2700
EI are
unavai
lable
in
V200
R001
and
later
versio
ns.)
V100
R005
(The
S2700
SI and
S2700
EI are
unavai
lable
in
V200
R001
and
later
versio
ns.)
Not
suppor
ted by
any
versio
n
Not
suppor
ted by
any
versio
n
V100
R005
(The
S2700
SI and
S2700
EI are
unavai
lable
in
V200
R001
and
later
versio
ns.)
V100
R005
(The
S2700
SI and
S2700
EI are
unavai
lable
in
V200
R001
and
later
versio
ns.)
Not
suppor
ted by
any
versio
n
Not
suppor
ted by
any
versio
n
S2710
SI
V100
R006
(The
S2710
SI is
unavai
lable
in
V200
R001
and
later
versio
ns.)
V100
R006
(The
S2710
SI is
unavai
lable
in
V200
R001
and
later
versio
ns.)
Not
suppor
ted by
any
versio
n
Not
suppor
ted by
any
versio
n
V100
R006
(The
S2710
SI is
unavai
lable
in
V200
R001
and
later
versio
ns.)
V100
R006
(The
S2710
SI is
unavai
lable
in
V200
R001
and
later
versio
ns.)
Not
suppor
ted by
any
versio
n
Not
suppor
ted by
any
versio
n
49
Serie
s
S3700
Issue 11 (2016-07-22)
3 Interface Management
Produ
ct
Mini
mum
Versi
on
Supp
ortin
g FE
Electr
ical
Interf
aces
Mini
mum
Versi
on
Supp
ortin
g GE
Electr
ical
Interf
aces
Mini
mum
Versi
on
Supp
ortin
g
XGE
Electr
ical
Interf
aces
Mini
mum
Versi
on
Supp
ortin
g
Multi
GE
Interf
aces
Mini
mum
Versi
on
Supp
ortin
g FE
Optic
al
Interf
aces
Mini
mum
Versi
on
Supp
ortin
g GE
Optic
al
Interf
aces
Mini
mum
Versi
on
Supp
ortin
g
XGE
Optic
al
Interf
aces
Mini
mum
Versi
on
Supp
ortin
g
40GE
Optic
al
Interf
aces
S2720
EI
V200
R006
(The
S2720
EI is
unavai
lable
in
V200
R007
and
V200
R008.)
Not
suppo
rted
by any
versio
n
Not
suppor
ted by
any
versio
n
Not
suppor
ted by
any
versio
n
Not
suppor
ted by
any
versio
n
V200
R006
(The
S2720
EI is
unavai
lable
in
V200
R007
and
V200
R008.)
Not
suppor
ted by
any
versio
n
Not
suppor
ted by
any
versio
n
S2750
EI
V200
R003
V200
R003
Not
suppor
ted by
any
versio
n
Not
suppor
ted by
any
versio
n
Not
suppor
ted by
any
versio
n
V200
R003
Not
suppor
ted by
any
versio
n
Not
suppor
ted by
any
versio
n
S3700
SI and
S3700
EI
V100
R005
(The
S3700
SI and
S3700
EI are
unavai
lable
in
V200
R001
and
later
versio
ns.)
V100
R005
(The
S3700
SI and
S3700
EI are
unavai
lable
in
V200
R001
and
later
versio
ns.)
Not
suppor
ted by
any
versio
n
Not
suppor
ted by
any
versio
n
V100
R005
(The
S3700
SI and
S3700
EI are
unavai
lable
in
V200
R001
and
later
versio
ns.)
V100
R005
(The
S3700
SI and
S3700
EI are
unavai
lable
in
V200
R001
and
later
versio
ns.)
Not
suppor
ted by
any
versio
n
Not
suppor
ted by
any
versio
n
50
Serie
s
S5700
Issue 11 (2016-07-22)
3 Interface Management
Produ
ct
Mini
mum
Versi
on
Supp
ortin
g FE
Electr
ical
Interf
aces
Mini
mum
Versi
on
Supp
ortin
g GE
Electr
ical
Interf
aces
Mini
mum
Versi
on
Supp
ortin
g
XGE
Electr
ical
Interf
aces
Mini
mum
Versi
on
Supp
ortin
g
Multi
GE
Interf
aces
Mini
mum
Versi
on
Supp
ortin
g FE
Optic
al
Interf
aces
Mini
mum
Versi
on
Supp
ortin
g GE
Optic
al
Interf
aces
Mini
mum
Versi
on
Supp
ortin
g
XGE
Optic
al
Interf
aces
Mini
mum
Versi
on
Supp
ortin
g
40GE
Optic
al
Interf
aces
S3700
HI
V100
R006
(The
S3700
HI is
unavai
lable
in
V200
R002
and
later
versio
ns.)
V100
R006
(The
S3700
HI is
unavai
lable
in
V200
R002
and
later
versio
ns.)
Not
suppor
ted by
any
versio
n
Not
suppor
ted by
any
versio
n
V100
R006
(The
S3700
HI is
unavai
lable
in
V200
R002
and
later
versio
ns.)
V100
R006
(The
S3700
HI is
unavai
lable
in
V200
R002
and
later
versio
ns.)
Not
suppor
ted by
any
versio
n
Not
suppor
ted by
any
versio
n
S5700
LI and
S5700
S-LI
Not
suppor
ted by
any
versio
n
V200
R001
Not
suppor
ted by
any
versio
n
Not
suppor
ted by
any
versio
n
Not
suppor
ted by
any
versio
n
V200
R001
V200
R001
Not
suppor
ted by
any
versio
n
S5710
-C-LI
Not
suppor
ted by
any
versio
n
V200
R001
(The
S5710
-C-LI
is
unavai
lable
in
V200
R002
and
later
versio
ns.)
Not
suppor
ted by
any
versio
n
Not
suppor
ted by
any
versio
n
Not
suppor
ted by
any
versio
n
V200
R001
(The
S5710
-C-LI
is
unavai
lable
in
V200
R002
and
later
versio
ns.)
V200
R001
(The
S5710
-C-LI
is
unavai
lable
in
V200
R002
and
later
versio
ns.)
Not
suppor
ted by
any
versio
n
51
Serie
s
Issue 11 (2016-07-22)
3 Interface Management
Produ
ct
Mini
mum
Versi
on
Supp
ortin
g FE
Electr
ical
Interf
aces
Mini
mum
Versi
on
Supp
ortin
g GE
Electr
ical
Interf
aces
Mini
mum
Versi
on
Supp
ortin
g
XGE
Electr
ical
Interf
aces
Mini
mum
Versi
on
Supp
ortin
g
Multi
GE
Interf
aces
Mini
mum
Versi
on
Supp
ortin
g FE
Optic
al
Interf
aces
Mini
mum
Versi
on
Supp
ortin
g GE
Optic
al
Interf
aces
Mini
mum
Versi
on
Supp
ortin
g
XGE
Optic
al
Interf
aces
Mini
mum
Versi
on
Supp
ortin
g
40GE
Optic
al
Interf
aces
S5710
-X-LI
Not
suppor
ted by
any
versio
n
V200
R008
Not
suppor
ted by
any
versio
n
Not
suppor
ted by
any
versio
n
Not
suppor
ted by
any
versio
n
V200
R008
V200
R008
Not
suppor
ted by
any
versio
n
S5700
EI and
S5700
SI
Not
suppor
ted by
any
versio
n
V100
R005
(The
S5700
SI and
S5700
EI are
unavai
lable
in
V200
R006
and
later
versio
ns.)
Not
suppor
ted by
any
versio
n
Not
suppor
ted by
any
versio
n
Not
suppor
ted by
any
versio
n
V100
R005
(The
S5700
SI and
S5700
EI are
unavai
lable
in
V200
R006
and
later
versio
ns.)
V100
R005
(The
S5700
SI and
S5700
EI are
unavai
lable
in
V200
R006
and
later
versio
ns.)
Not
suppor
ted by
any
versio
n
S5710
EI
Not
suppor
ted by
any
versio
n
V200
R001
(The
S5710
EI is
unavai
lable
in
V200
R006
and
later
versio
ns.)
Not
suppor
ted by
any
versio
n
Not
suppor
ted by
any
versio
n
Not
suppor
ted by
any
versio
n
V200
R001
(The
S5710
EI is
unavai
lable
in
V200
R006
and
later
versio
ns.)
V200
R001
(The
S5710
EI is
unavai
lable
in
V200
R006
and
later
versio
ns.)
Not
suppor
ted by
any
versio
n
52
Serie
s
Issue 11 (2016-07-22)
3 Interface Management
Produ
ct
Mini
mum
Versi
on
Supp
ortin
g FE
Electr
ical
Interf
aces
Mini
mum
Versi
on
Supp
ortin
g GE
Electr
ical
Interf
aces
Mini
mum
Versi
on
Supp
ortin
g
XGE
Electr
ical
Interf
aces
Mini
mum
Versi
on
Supp
ortin
g
Multi
GE
Interf
aces
Mini
mum
Versi
on
Supp
ortin
g FE
Optic
al
Interf
aces
Mini
mum
Versi
on
Supp
ortin
g GE
Optic
al
Interf
aces
Mini
mum
Versi
on
Supp
ortin
g
XGE
Optic
al
Interf
aces
Mini
mum
Versi
on
Supp
ortin
g
40GE
Optic
al
Interf
aces
S5720
EI
Not
suppor
ted by
any
versio
n
V200
R007
V200
R007
Not
suppor
ted by
any
versio
n
Not
suppor
ted by
any
versio
n
V200
R007
V200
R007
Not
suppor
ted by
any
versio
n
S5700
HI
Not
suppor
ted by
any
versio
n
V100
R006
(The
S5700
HI is
unavai
lable
in
V200
R006
and
later
versio
ns.)
Not
suppor
ted by
any
versio
n
Not
suppor
ted by
any
versio
n
Not
suppor
ted by
any
versio
n
V200
R001
(The
S5700
HI is
unavai
lable
in
V200
R006
and
later
versio
ns.)
V200
R001
(The
S5700
HI is
unavai
lable
in
V200
R006
and
later
versio
ns.)
Not
suppor
ted by
any
versio
n
S5710
HI
Not
suppor
ted by
any
versio
n
V200
R003
(The
S5710
HI is
unavai
lable
in
V200
R006
and
later
versio
ns.)
Not
suppor
ted by
any
versio
n
Not
suppor
ted by
any
versio
n
Not
suppor
ted by
any
versio
n
V200
R003
(The
S5710
HI is
unavai
lable
in
V200
R006
and
later
versio
ns.)
V200
R003
(The
S5710
HI is
unavai
lable
in
V200
R006
and
later
versio
ns.)
V200
R003
(The
S5710
HI is
unavai
lable
in
V200
R006
and
later
versio
ns.)
53
Serie
s
S6700
Issue 11 (2016-07-22)
3 Interface Management
Produ
ct
Mini
mum
Versi
on
Supp
ortin
g FE
Electr
ical
Interf
aces
Mini
mum
Versi
on
Supp
ortin
g GE
Electr
ical
Interf
aces
Mini
mum
Versi
on
Supp
ortin
g
XGE
Electr
ical
Interf
aces
Mini
mum
Versi
on
Supp
ortin
g
Multi
GE
Interf
aces
Mini
mum
Versi
on
Supp
ortin
g FE
Optic
al
Interf
aces
Mini
mum
Versi
on
Supp
ortin
g GE
Optic
al
Interf
aces
Mini
mum
Versi
on
Supp
ortin
g
XGE
Optic
al
Interf
aces
Mini
mum
Versi
on
Supp
ortin
g
40GE
Optic
al
Interf
aces
S5720
HI
Not
suppor
ted by
any
versio
n
V200
R006
Not
suppor
ted by
any
versio
n
Not
suppor
ted by
any
versio
n
Not
suppor
ted by
any
versio
n
V200
R006
V200
R006
Not
suppor
ted by
any
versio
n
S5720
SI and
S5720
S-SI
Not
suppor
ted by
any
versio
n
V200
R008
Not
suppor
ted by
any
versio
n
Suppo
rted
by
only
the
S5720
-14XPWHSI-AC
in
V200
R009
Not
suppor
ted by
any
versio
n
V200
R008
V200
R008
Not
suppor
ted by
any
versio
n
S6700
EI
Not
suppor
ted by
any
versio
n
V100
R006
(The
S6700
EI is
unavai
lable
in
V200
R006
and
later
versio
ns.)
Not
suppor
ted by
any
versio
n
Not
suppor
ted by
any
versio
n
Not
suppor
ted by
any
versio
n
V100
R006
(The
S6700
EI is
unavai
lable
in
V200
R006
and
later
versio
ns.)
V200
R001
(The
S6700
EI is
unavai
lable
in
V200
R006
and
later
versio
ns.)
Not
suppor
ted by
any
versio
n
54
Serie
s
3 Interface Management
Produ
ct
Mini
mum
Versi
on
Supp
ortin
g FE
Electr
ical
Interf
aces
Mini
mum
Versi
on
Supp
ortin
g GE
Electr
ical
Interf
aces
Mini
mum
Versi
on
Supp
ortin
g
XGE
Electr
ical
Interf
aces
Mini
mum
Versi
on
Supp
ortin
g
Multi
GE
Interf
aces
Mini
mum
Versi
on
Supp
ortin
g FE
Optic
al
Interf
aces
Mini
mum
Versi
on
Supp
ortin
g GE
Optic
al
Interf
aces
Mini
mum
Versi
on
Supp
ortin
g
XGE
Optic
al
Interf
aces
Mini
mum
Versi
on
Supp
ortin
g
40GE
Optic
al
Interf
aces
S6720
EI
Not
suppor
ted by
any
versio
n
Not
suppo
rted
by any
versio
n
Not
suppor
ted by
any
versio
n
Not
suppor
ted by
any
versio
n
Not
suppor
ted by
any
versio
n
Not
suppor
ted by
any
versio
n
V200
R008
V200
R008
S6720
S-EI
Not
suppor
ted by
any
versio
n
Not
suppo
rted
by any
versio
n
Not
suppor
ted by
any
versio
n
Not
suppor
ted by
any
versio
n
Not
suppor
ted by
any
versio
n
Not
suppor
ted by
any
versio
n
V200
R009
V200
R009
Issue 11 (2016-07-22)
Interfac
e Type
Transm
ission
Mediu
m
Rate
(Mbit/s)
Duplex
Mode
AutoNegotia
tion
Flow
Control
Flow
Contro
l AutoNegoti
ation
Remark
s
MultiGE
interface
Network
cable
100
Fullduplex/
halfduplex
Supporte
d
Supporte
d
Support
ed
1000
Fullduplex
Only the
S5720-14
X-PWHSI-AC
supports
MultiGE
interfaces
.
You can
set the
rate of a
MultiGE
55
Interfac
e Type
FE
electrica
l
interface
GE
electrica
l
interface
Issue 11 (2016-07-22)
Transm
ission
Mediu
m
Network
cable
Network
cable
3 Interface Management
Rate
(Mbit/s)
Duplex
Mode
2500
Fullduplex
10
Fullduplex/
halfduplex
100
Fullduplex/
halfduplex
10
Fullduplex/
halfduplex
100
Fullduplex/
halfduplex
1000
Fullduplex
AutoNegotia
tion
Flow
Control
Flow
Contro
l AutoNegoti
ation
Remark
s
interface
to 100
Mbit/s
and
duplex
mode to
halfduplex
only
when the
interface
works in
autonegotiati
on mode.
Supporte
d
Supporte
d
Support
ed
Supporte
d
Supporte
d
Support
ed
Before
enabling
flow
control
autonegotiati
on,
enable
autonegotiati
on first.
FE
optical
interface
FE
optical
module
100
Fullduplex
Not
supporte
d
Supporte
d
Not
support
ed
GE
optical
interface
FE
optical
module
100
Fullduplex
Not
supporte
d
Supporte
d
Not
support
ed
56
Interfac
e Type
Issue 11 (2016-07-22)
3 Interface Management
Transm
ission
Mediu
m
Rate
(Mbit/s)
Duplex
Mode
AutoNegotia
tion
Flow
Control
Flow
Contro
l AutoNegoti
ation
Remark
s
GE
optical
module
100
Fullduplex
Supporte
d
Supporte
d
Not
support
ed
By
default,
autonegotiati
on is
enabled
on GE
optical
interfaces
and rate
autonegotiati
on is
disabled.
You can
run the
speed
autonegotiati
on
comman
d to
enable
rate autonegotiati
on.
After
running
the speed
autonegotiati
on
comman
d to
configure
rate autonegotiati
on on a
GE
optical
interface
working
in autonegotiati
on mode,
you
57
Interfac
e Type
Transm
ission
Mediu
m
GE
copper
module
Issue 11 (2016-07-22)
3 Interface Management
Rate
(Mbit/s)
Duplex
Mode
AutoNegotia
tion
Flow
Control
Flow
Contro
l AutoNegoti
ation
Remark
s
1000
Fullduplex
Supporte
d
Supporte
d
Support
ed
cannot
configure
flow
control
autonegotiati
on on the
interface.
10
Fullduplex/
halfduplex
Supporte
d
Supporte
d
Support
ed
100
Fullduplex/
halfduplex
1000
Fullduplex
Before
enabling
flow
control
autonegotiati
on,
enable
autonegotiati
on first.
XGE
(10GE)
electrica
l
interface
Network
cable
10000
Fullduplex
Supporte
d
Supporte
d
Support
ed
Only the
ES5D21
X02T01
card of
the
S5720EI
supports
XGE
electrical
interfaces
.
XGE
(10GE)
optical
interface
XGE
optical
module
10000
Fullduplex
Not
supporte
d
Supporte
d
Not
support
ed
GE
optical
module
1000
Fullduplex
Supporte
d
Supporte
d
Not
support
ed
GE
copper
module
100
Fullduplex
Supporte
d
Supporte
d
Support
ed
l The
XGE
interf
aces
on the
ES5D
21X0
2S01
card
of the
S5720
EI
and
58
Interfac
e Type
Issue 11 (2016-07-22)
Transm
ission
Mediu
m
3 Interface Management
Rate
(Mbit/s)
Duplex
Mode
AutoNegotia
tion
Flow
Control
Flow
Contro
l AutoNegoti
ation
Remark
s
1000
Fullduplex
Supporte
d
Supporte
d
Support
ed
the
ES5D
21X0
4S01
card
of the
S5720
HI
suppo
rt
only
XGE
optica
l
modul
es.
l The
last
four
GE
interf
aces
(base
d on
the
interf
ace
numb
er) on
the
S5720
-PCEI,
S5720
-P-EI,
S5720
-28PSIAC
and
S5720
-52PSIAC
suppo
rt
59
Interfac
e Type
Transm
ission
Mediu
m
Rate
(Mbit/s)
3 Interface Management
Duplex
Mode
AutoNegotia
tion
Flow
Control
Flow
Contro
l AutoNegoti
ation
Remark
s
only
GE
optica
l
modul
es and
GE
coppe
r
modul
es,
and
the
interf
ace
rate
can
only
be
1000
Mbit/
s.
l Only
XGE
optica
l
interf
aces
on the
S6720
EI
and
S6720
S-EI
in
V200
R009
can
autom
aticall
y
negoti
ate
the
rate to
100
Issue 11 (2016-07-22)
60
Interfac
e Type
Transm
ission
Mediu
m
Rate
(Mbit/s)
3 Interface Management
Duplex
Mode
AutoNegotia
tion
Flow
Control
Flow
Contro
l AutoNegoti
ation
Remark
s
Mbit/
s after
havin
g GE
coppe
r
modul
es
install
ed.
40GE
optical
interface
Issue 11 (2016-07-22)
Highspeed
cable
10000
Fullduplex
Supporte
d
Supporte
d
Not
support
ed
When
used for
data
transmiss
ion
between
service
ports,
copper
cables
can only
connect
switches
of the
same
subseries,
and
cannot be
used
between
switches
of
different
subseries
or
between
Huawei
and nonHuawei
switches.
40GE
optical
module
40000
Fullduplex
Not
supporte
d
Supporte
d
Not
support
ed
61
Interfac
e Type
Issue 11 (2016-07-22)
3 Interface Management
Transm
ission
Mediu
m
Rate
(Mbit/s)
Duplex
Mode
AutoNegotia
tion
Flow
Control
Flow
Contro
l AutoNegoti
ation
Remark
s
Highspeed
cable
40000
Fullduplex
Supporte
d
Supporte
d
Not
support
ed
When
you run
the
display
interface
comman
d on a
40GE
optical
interface
that has a
highspeed
cable
installed,
the
comman
d output
shows
that autonegotiati
on is
enabled.
However,
you
cannot
run the
negotiati
on auto
comman
d to
configure
the autonegotiati
on mode.
62
3 Interface Management
virtual cable test on the interface. The 10GE interfaces on the S5700EI do not support
GE copper modules.
l
Only the XGE optical interfaces that have XGE optical modules installed support singlefiber communication without requiring licenses. S5720HI does not support single-fiber
communication.
Only MEth0/0/1 on the S5720HI, S5720EI, S6700EI, S6720EI, and S6720S-EI supports
the duplex mode configuration.
On the S5720S-28P-SI-AC, S5720S-52P-SI-AC, S5720-28P-SI-AC, and S5720-52P-SIAC, the last four GE interfaces cannot have FE optical modules installed and do not
support the rate auto-negotiation configuration.
For switches in V200R003C00 and earlier versions, only Layer 2 Ethernet interfaces on
the S5700HI, S5710EI, and S5710HI can be configured as Layer 3 interfaces. For
switches in V200R005C00 and later versions, only Layer 2 Ethernet interfaces on the
S5700HI, S5710EI, S5710HI, S5700EI, S6700EI, S5720EI, S5720HI, S6720EI, and
S6720S-EI can be configured as Layer 3 interfaces.
License Support
A logical interface is a basic feature of a switch and is not under license control.
Version Support
Table 3-3 Products and minimum version supporting logical interfaces
Issue 11 (2016-07-22)
Series
Product
Minim
um
Version
Suppor
ting
Subinterfac
es
Minim
um
Version
Suppor
ting
EthTrunk
S1700
S1720
Not
supporte
d by any
version
S2700
S2700SI
and
S2700EI
Not
supporte
d by any
version
Minim
um
Version
Suppor
ting
Tunnel
Interfac
es
Minim
um
Version
Suppor
ting
VLANI
F
Interfac
es
Minim
um
Version
Suppor
ting
Loopba
ck
Interfac
es
Minim
um
Version
Suppor
ting
Null
Interfac
es
63
Series
S3700
Product
Issue 11 (2016-07-22)
Minim
um
Version
Suppor
ting
EthTrunk
Minim
um
Version
Suppor
ting
Tunnel
Interfac
es
Minim
um
Version
Suppor
ting
VLANI
F
Interfac
es
Minim
um
Version
Suppor
ting
Loopba
ck
Interfac
es
Minim
um
Version
Suppor
ting
Null
Interfac
es
S2710SI
S2720EI
S2750EI
V200R003
S3700SI
and
S3700EI
Not
supporte
d by any
version
S5700LI
and
S5700SLI
Not
supporte
d by any
version
V200R001
S5710C-LI
Not
supporte
d by any
version
S5710X-LI
Not
supporte
d by any
version
V200R008
S5700EI
and
S5700SI
Not
supporte
d by any
version
S3700HI
S5700
Minim
um
Version
Suppor
ting
Subinterfac
es
3 Interface Management
64
Series
Issue 11 (2016-07-22)
3 Interface Management
Product
Minim
um
Version
Suppor
ting
Subinterfac
es
Minim
um
Version
Suppor
ting
EthTrunk
S5710EI
V200R0
03 (The
S5710EI
is
unavaila
ble in
V200R0
06 and
later
versions.
)
S5720EI
V200R0
09
V200R007
S5700HI
V200R0
03 (The
S5700HI
is
unavaila
ble in
V200R0
06 and
later
versions.
)
S5710HI
V200R0
03 (The
S5710HI
is
unavaila
ble in
V200R0
06 and
later
versions.
)
S5720HI
V200R0
07
V200R007
Minim
um
Version
Suppor
ting
Tunnel
Interfac
es
Minim
um
Version
Suppor
ting
VLANI
F
Interfac
es
Minim
um
Version
Suppor
ting
Loopba
ck
Interfac
es
Minim
um
Version
Suppor
ting
Null
Interfac
es
65
Series
S6700
3 Interface Management
Product
Minim
um
Version
Suppor
ting
Subinterfac
es
Minim
um
Version
Suppor
ting
EthTrunk
S5720SI
and
S5720SSI
Not
supporte
d by any
version
V200R008
S6700EI
V200R0
05 (The
S6700EI
is
unavaila
ble in
V200R0
06 and
later
versions.
)
S6720EI
V200R0
08
V200R008
S6720SEI
V200R0
09
V200R009
Minim
um
Version
Suppor
ting
Tunnel
Interfac
es
Minim
um
Version
Suppor
ting
VLANI
F
Interfac
es
Minim
um
Version
Suppor
ting
Loopba
ck
Interfac
es
Minim
um
Version
Suppor
ting
Null
Interfac
es
Only hybrid and trunk Layer 2 interfaces on the preceding switches support sub-interface
configuration.
After an interface is added to an Eth-Trunk, you can only configure sub-interfaces on the
Eth-Trunk, but not on the interface.
Issue 11 (2016-07-22)
66
4 Ethernet Switching
Ethernet Switching
Issue 11 (2016-07-22)
67
4 Ethernet Switching
4.1 MAC
Involved Network Elements
Other network elements are not required.
License Support
The MAC address table is a basic feature of a switch and is not under license control.
Version Support
Table 4-1 Products and minimum version supporting the MAC address table
Series
Product
Minimum Version
Required
S1700
S1720GFR
S2700
S2700SI
S2700EI
S2710SI
S2720EI
S2750EI
V200R003
S3700SI
S3700EI
S3700HI
S5700LI/S5700S-LI
V200R001
S3700
S5700
Issue 11 (2016-07-22)
68
Series
S6700
4 Ethernet Switching
Product
Minimum Version
Required
S5710-C-LI
S5710-X-LI
V200R008
S5700EI
S5700SI
S5710EI
S5720EI
V200R007
S5720SI/S5720S-SI
V200R008
S5700HI
S5710HI
S5720HI
V200R006
S6700EI
S6720EI
V200R008
S6720S-EI
V200R009
Dynamic MAC address entries can be learned on an interface only after the interface is
added to an existing VLAN.
Each static MAC address entry can have only one outbound interface.
When the aging time of dynamic MAC address entries is set to 0, dynamic MAC address
entries do not age. To age MAC address entries, delete the aging time configuration.
When MAC address learning is disabled in a VLAN and an interface in the VLAN on
the S5700EI, S5710EI, S5700HI, S5710HI, and S5720EI and the discard action is
configured for the interface, the interface does not discard packets from this VLAN. For
example, MAC address learning is disabled in VLAN 2 but enabled in VLAN 3; Port1 in
Issue 11 (2016-07-22)
69
4 Ethernet Switching
VLAN 2 and VLAN 3 has MAC address learning disabled and the discard action is
defined. In this situation, Port1 discards packets from VLAN 3 but forwards packets
from VLAN 2.
l
When the interface frequently alternates between Up and Down, MAC address entries
may be not aged within two aging period. At this time, you are advised to check the link
quality or run the port link-flap protection enable command to configure link flapping
protection.
License Support
Ethernet link aggregation is a basic feature of a switch and is not under license control.
Version Support
Table 4-2 Products and minimum version supporting Ethernet link aggregation
Series
Product
Minimum Version
Required
S1700
S1720GFR
S2700
S2700SI
S2700EI
S2710SI
S2720EI
S2750EI
V200R003
S3700SI
S3700
Issue 11 (2016-07-22)
70
Series
S5700
S6700
4 Ethernet Switching
Product
Minimum Version
Required
S3700EI
S3700HI
S5700LI/S5700S-LI
V200R001
S5710-C-LI
S5710-X-LI
V200R008
S5700SI
S5700EI
S5710EI
S5720EI
V200R007
S5720SI/S5720S-SI
V200R008
S5700HI
S5710HI
S5720HI
V200R006
S6700EI
S6720EI
V200R008
S6720S-EI
V200R009
71
4 Ethernet Switching
Member interfaces cannot be configured with some services or static MAC address
entries. For example, when an interface is added to an Eth-Trunk, the interface must use
the default link type.
Member interfaces of an Eth-Trunk must use the same Ethernet type and rate.
Interfaces that use different Ethernet types and rates cannot join the same Eth-Trunk. For
example, GE and FE interfaces cannot join the same Eth-Trunk, and GE electrical and
optical interfaces can join the same Eth-Trunk.
Both devices of the Eth-Trunk must use the same number of physical interfaces,
interface rate, duplex mode, and flow control mode.
Both devices of an Eth-Trunk must use the same link aggregation mode.
When the number of active interfaces falls below the lower threshold, the Eth-Trunk
goes Down. This ensures that the Eth-Trunk has a minimum available bandwidth.
The preceding configuration notes are applicable to scenarios where switches are directly
connected. In the following scenarios, there are other configuration notes in addition to the
preceding ones.
Table 4-3 Configuration notes in different scenarios
Issue 11 (2016-07-22)
Usage Scenario
Precaution
72
4 Ethernet Switching
Usage Scenario
Precaution
An Ethernet interface can be added to only one Eth-Trunk. To add an Ethernet interface
to another Eth-Trunk, delete it from the original one first.
After an interface is added to an Eth-Trunk, only the Eth-Trunk learns MAC address
entries or ARP entries, but the member interface does not.
Specifications
Link aggregation mode:
l
Manual
LACP
Inter-device: The inter-device link aggregation refers to E-Trunk. E-Trunk allows links
between multiple devices to be aggregated based on LACP. For details, see E-Trunk.
Based on the Exclusive-Or result of source and destination MAC addresses of packets
Issue 11 (2016-07-22)
73
4 Ethernet Switching
Enhanced load balancing: based on VLAN IDs and source physical interface numbers
for Layer 2, IPv4, IPv6, and MPLS packets
4.3 VLAN
Involved Network Elements
Other network elements are not required.
License Support
VLAN technology is a basic feature of a switch and is not under license control.
Version Support
Table 4-4 Products and minimum version supporting VLAN technology
Series
Product
Minimum Version
Required
S1700
S1720GFR
S2700
S2700SI
S2700EI
S2710SI
S2720EI
S2750EI
V200R003
S3700SI
S3700EI
S3700
Issue 11 (2016-07-22)
74
Series
S5700
S6700
4 Ethernet Switching
Product
Minimum Version
Required
S3700HI
S5700LI/S5700S-LI
V200R001
S5710-C-LI
S5710-X-LI
V200R008
S5700EI
S5700SI
S5710EI
S5720EI
V200R007
S5720SI/S5720S-SI
V200R008
S5700HI
S5710HI
S5720HI
V200R006
S6700EI
S6720EI
V200R008
S6720S-EI
V200R009
Issue 11 (2016-07-22)
75
4 Ethernet Switching
Specification
l S2700SI/S2710SI/S5710-C-LI: 1
l S2700EI/S1720GFR/S2720EI/S5710X-LI: 8
l S3700SI/S3700EI/S3700HI/S5700SI/
S5700EI: 256
l S5700HI/S5720EI/S5720HI/S5710HI/
S5720SI/S5720S-SI/S6720EI/
S6720S-EI: 1024
l S2750EI/S5700LI/S5700S-LI: 1 in
earlier versions of V200R005 and 8 in
V200R005 and later versions
l S5710EI/S6700EI: 256 in earlier
versions of V200R005 and 1024 in
V200R005 and later versions
If LNP is used to dynamically negotiate the link type (LNP is enabled by default), it is
recommended that each interface should be added to a maximum of 1000 VLANs and a
maximum of 200 interfaces should be configured on a switch. If 4096 VLANs are
configured globally, it is recommended that a maximum of 50 interfaces should be
enabled with LNP. Otherwise, the alarm about a high CPU usage is generated for a short
time.
You are advised to plan service and management VLANs so that any broadcast storms in
service VLANs do not affect switch management.
In earlier versions of V200R005, before changing the interface type, restore the default
VLAN of the interface.
All interfaces join VLAN 1 by default. When unknown unicast, multicast, or broadcast
packets of VLAN 1 exist on the network, broadcast storms may occur. When VLAN 1 is
used, pay attention to the following points:
Issue 11 (2016-07-22)
Remove the interfaces that do not need to join VLAN 1 from VLAN 1 to prevent
loops. A trunk interface often permits packets from VLAN 1 to pass through. If a
trunk interface rejects packets from VLAN 1, some protocol packets such as
BPDUs transmitted in VLAN 1 may be incorrectly discarded. To prevent such
faults, take measures to prevent potential risks when packets of VLAN 1 are
allowed to pass through.
If a spanning tree protocol is used and a trunk interface on the switch rejects packets
from VLAN 1, run the stp bpdu vlan command to enable the switch to encapsulate
Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
76
4 Ethernet Switching
the specified VLAN ID in outgoing STP BPDUs so that the spanning tree protocol
runs properly.
License Support
VLAN aggregation, also called super-VLAN, is a basic feature of a switch and is not under
license control.
Version Support
Table 4-6 Products and minimum version supporting VLAN aggregation
Series
Product
Minimum Version
Required
S1700
S1720GFR
Not supported
S2700
S2700SI
Not supported
S2700EI
S2710SI
Not supported
S2720EI
Not supported
S2750EI
Not supported
S3700SI
S3700EI
S3700
Issue 11 (2016-07-22)
77
Series
S5700
S6700
4 Ethernet Switching
Product
Minimum Version
Required
S3700HI
S5700LI/S5700S-LI
Not supported
S5710-C-LI
Not supported
S5710-X-LI
Not supported
S5700EI
S5700SI
S5710EI
S5720EI
V200R007
S5720SI/S5720S-SI
V200R008
S5700HI
S5710HI
S5720HI
V200R006
S6700EI
S6720EI
V200R008
S6720S-EI
V200R009
A VLAN that has been configured as a guest VLAN cannot be configured as a superVLAN.
A traffic policy takes effect in a super-VLAN only after the traffic policy is configured in
all sub-VLANs of the super-VLAN.
Issue 11 (2016-07-22)
78
4 Ethernet Switching
An IP address must have been assigned to the VLANIF interface corresponding to the
super-VLAN. Otherwise, proxy ARP cannot take effect.
License Support
The MUX VLAN is a basic feature of a switch and is not under license control.
Version Support
Table 4-7 Products and minimum version supporting the MUX VLAN
Series
Product
Minimum Version
Required
S1700
S1720GFR
S2700
S2700SI
Not supported
S2700EI
Not supported
S2710SI
Not supported
S2720EI
S2750EI
V200R003
S3700SI
S3700EI
S3700HI
S5700LI/S5700S-LI
V200R001
S3700
S5700
Issue 11 (2016-07-22)
79
Series
S6700
4 Ethernet Switching
Product
Minimum Version
Required
S5710-C-LI
S5710-X-LI
V200R008
S5700EI
S5700SI
S5710EI
S5720EI
V200R007
S5720SI/S5720S-SI
V200R008
S5700HI
S5710HI
S5720HI
V200R006
S6700EI
S6720EI
V200R008
S6720S-EI
V200R009
Issue 11 (2016-07-22)
Item
Specification
128
80
4 Ethernet Switching
Item
Specification
128
NOTE
Each principal VLAN supports a total of 128
separate and group VLANs. That is, if one
separate VLAN is configured, a maximum of
127 group VLANs can be configured.
Disabling MAC address learning or limiting the number of learned MAC addresses on
an interface will compromise the performance of the MUX VLAN function.
MUX VLAN and port security cannot be configured on the same interface.
MUX VLAN and MAC address authentication cannot be configured on the same
interface.
MUX VLAN and 802.1x authentication cannot be configured on the same interface.
When both DHCP snooping and MUX VLAN are configured, if DHCP snooping is
configured in the subordinate VLAN and DHCP clients are configured in the principal
VLAN, the DHCP clients may fail to obtain IP addresses. In this case, configure the
DHCP server in the principal VLAN.
After the MUX VLAN function is enabled on an interface, VLAN mapping or VLAN
stacking cannot be configured on the interface.
You can create a VLANIF interface for a principal VLAN, but cannot create a VLANIF
interface for a subordinate group VLAN or separate VLAN.
When the interface is enabled with MUX VLAN and configured with the PVID using the
port trunk pvid vlan command, do not configure the PVID as the ID of the principal
VLAN or subordinate VLAN of the MUX VLAN. For example, VLAN 10 is the
principal VLAN, VLAN 11 is a subordinate group VLAN, and VLAN 12 is a
subordinate separate VLAN. After the port mux vlan enable 10 command is used on
the interface to enable MUX VLAN, do not run the port trunk pvid vlan command to
set the PVID to VLAN 11 or VLAN 12.
License Support
VLAN termination, that is, QinQ on a sub-interface, is a basic feature of a switch and is not
under license control.
Issue 11 (2016-07-22)
81
4 Ethernet Switching
Version Support
Table 4-9 Products and minimum version supporting VLAN termination
Series
Product
Minimum Version
Required
S1700
S1720GFR
Not supported
S2700
S2700SI
Not supported
S2700EI
Not supported
S2710SI
Not supported
S2720EI
Not supported
S2750EI
Not supported
S3700SI
Not supported
S3700EI
Not supported
S3700HI
Not supported
S5700LI/S5700S-LI
Not supported
S5710-C-LI
Not supported
S5710-X-LI
Not supported
S5700EI
Not supported
S5700SI
Not supported
S5710EI
S5720EI
V200R009
S5720SI/S5720S-SI
Not supported
S5700HI
S5710HI
S5720HI
S6700EI
S3700
S5700
S6700
Issue 11 (2016-07-22)
82
Series
4 Ethernet Switching
Product
Minimum Version
Required
S6720EI
V200R008
S6720S-EI
V200R009
You are advised to add member interfaces to an Eth-Trunk and configure termination
sub-interfaces on the Eth-Trunk in sequence. Termination sub-interfaces can be
configured successfully on an Eth-Trunk only when all series of cards where member
interfaces reside support termination sub-interfaces.
The VLAN IDs terminated by a sub-interface cannot be created in the system view or be
displayed using a display command.
When VLAN IDs terminated by a sub-interface are used for Layer 3 forwarding, only
the first VLAN takes effect even if multiple inner VLAN IDs are specified.
License Support
The voice VLAN is a basic feature of a switch and is not under license control.
Version Support
Table 4-10 Products and minimum version supporting the voice VLAN
Issue 11 (2016-07-22)
Series
Product
Minimum Version
Required
S1700
S1720GFR
83
Series
Product
Minimum Version
Required
S2700
S2700SI
Not supported
S2700EI
S2710SI
S2720EI
S2750EI
V200R003
S3700SI
S3700EI
S3700HI
S5700LI/S5700S-LI
V200R001
S5710-C-LI
S5710-X-LI
V200R008
S5700EI
S5700SI
S5710EI
S5720EI
V200R007
S5720SI/S5720S-SI
V200R008
S3700
S5700
Issue 11 (2016-07-22)
4 Ethernet Switching
84
Series
S6700
4 Ethernet Switching
Product
Minimum Version
Required
S5700HI
S5710HI
S5720HI
V200R006
S6700EI
S6720EI
V200R008
S6720S-EI
V200R009
To transmit different services, ensure that the voice VLAN and default VLAN on an
interface are different VLANs.
In V200R003 and later versions, the automatic mode takes effect only when the voicevlan remark-mode mac-address command is configured to increase the priority of
voice packets based on MAC addresses and the voice-vlan enable command without
include-untagged specified is configured to enable voice VLAN on the interface.
When the remark (user group view) and voice-vlan remark commands are used
together to modify the user packet priority in V200R008, if the services conflict:
For S5720HI, the priority configured using the remark (user group view)
command takes effect.
For S5720EI and S6720EI, the priority configured using the voice-vlan remark
command takes effect.
4.8 QinQ
Issue 11 (2016-07-22)
85
4 Ethernet Switching
License Support
QinQ is a basic feature of a switch and is not under license control.
Version Support
Table 4-11 Products and minimum version supporting QinQ
Series
Product
Minimum Version
Required
S1700
S1720GFR
S2700
S2700SI
S3700
S5700
Issue 11 (2016-07-22)
S2700EI
S2710SI
S2720EI
S2750EI
V200R003
S3700SI
S3700EI
S3700HI
S5700LI/S5700S-LI
V200R001
86
Series
S6700
4 Ethernet Switching
Product
Minimum Version
Required
S5710-C-LI
S5710-X-LI
V200R008
S5700EI
S5700SI
S5710EI
S5720EI
V200R007
S5720SI/S5720S-SI
V200R008
S5700HI
S5710HI
S5720HI
V200R006
S6700EI
S6720EI
V200R008
S6720S-EI
V200R009
For the points of attention when configuring QinQ on a sub-interface, see 4.6 VLAN
Termination.
The devices listed in Table 4-12 can add double tags to untagged packets.
Issue 11 (2016-07-22)
87
4 Ethernet Switching
Table 4-12 Products and minimum version supporting the function of adding double tags
to untagged packets
Series
Product
Minimum Version
Required
S1700
S1720GFR
V200R006 (The
S1720GFR is unavailable
in V200R007 and
V200R008.)
S2700
S2700SI
Not supported
S2700EI
Not supported
S2710SI
Not supported
S2720EI
S2750EI
V200R003
S3700SI
Not supported
S3700EI
Not supported
S3700HI
Not supported
S5700LI/S5700S-LI
V200R003
S5710-C-LI
S5710-X-LI
V200R008
S5700SI
Not supported
S5700EI
Not supported
S5710EI
S5720EI
V200R007
S5720SI/S5720S-SI
V200R008
S5700HI
S3700
S5700
Issue 11 (2016-07-22)
88
Series
S6700
4 Ethernet Switching
Product
Minimum Version
Required
S5710HI
S5720HI
V200R006
S6700EI
S6720EI
V200R008
S6720S-EI
V200R009
The switch forwards packets based only on their outer VLAN tags and learns MAC
address entries based on the outer VLAN tags.
Before configuring selective QinQ, run the qinq vlan-translation enable command to
enable VLAN translation.
Selective QinQ can only be enabled on hybrid interfaces and is valid only for incoming
packets.
When an interface configured with VLAN stacking needs to remove the outer tag from
outgoing frames, the interface must join the VLAN specified by stack-vlan in untagged
mode. If the outer VLAN does not need to be removed, the interface must join the
VLAN specified by stack-vlan in tagged mode.
After selective QinQ is configured on the S3700EI, S3700SI, and S5700EI, configure
VLAN mapping to map the VLANs of which the tags need to be transparently
transmitted to themselves, for example, port vlan-mapping vlan 20 map-vlan 20.
VLAN-based flow mirroring allows the device to identify only outer VLAN tags of
QinQ packets.
The globally configured traffic-limit command that takes effect for all interfaces in the
inbound direction is invalid for QinQ packets.
ND snooping and adding double tags to untagged packets cannot be configured together
on the S1720GFR, S2720EI, S2750EI, S5700LI, S5700S-LI, S5710-C-LI, S5710-X-LI,
S5720SI, or S5720S-SI.
SAVI and adding double tags to untagged packets cannot be configured together on the
S1720GFR, S2720EI, S2750EI, S5700LI, S5700S-LI, S5710-X-LI, S5720SI, or S5720SSI.
Issue 11 (2016-07-22)
89
4 Ethernet Switching
License Support
VLAN mapping is a basic feature of a switch and is not under license control.
Product
Minimum Version
Required
S1700
S1720GFR
S2700
S2700SI
Not supported
S2700EI
S3700
Issue 11 (2016-07-22)
S2710SI
S2720EI
S2750EI
V200R003
S3700SI
S3700EI
90
Series
S5700
4 Ethernet Switching
Product
Minimum Version
Required
S3700HI
S5700LI/S5700S-LI
V200R001
S5710-C-LI
S5710-X-LI
V200R008
S5700EI
S5700SI
S5710EI
S5720EI
V200R007
S5720SI/S5720S-SI
V200R008
S5700HI
S5710HI
S5720HI
V200R006
NOTE
The S5720HI does not support
N:1 VLAN mapping.
S6700
Issue 11 (2016-07-22)
S6700EI
S6720EI
V200R008
S6720S-EI
V200R009
91
4 Ethernet Switching
Product
Minimum Version
Required
S1700
S1720GFR
Not supported
S2700
S2700SI
Not supported
S2700EI
Not supported
S2710SI
Not supported
S2720EI
Not supported
S2750EI
Not supported
S3700SI
Not supported
S3700EI
Not supported
S3700HI
S5700LI/S5700S-LI
Not supported
S5710-C-LI
Not supported
S5710-X-LI
Not supported
S5700EI
S5700SI
Not supported
S5710EI
S5720EI
V200R007
S5720SI/S5720S-SI
Not supported
S5700HI
S5710HI
S5720HI
V200R006
S3700
S5700
Issue 11 (2016-07-22)
92
4 Ethernet Switching
Series
Product
Minimum Version
Required
S6700
S6700EI
S6720EI
V200R008
S6720S-EI
V200R009
Product
Minimum Version
Required
S1700
S1720GFR
Not supported
S2700
S2700SI
Not supported
S2700EI
Not supported
S2710SI
Not supported
S2720EI
Not supported
S2750EI
Not supported
S3700SI
Not supported
S3700EI
Not supported
S3700HI
Not supported
S5700LI/S5700S-LI
Not supported
S5710-C-LI
Not supported
S5710-X-LI
Not supported
S5700EI
Not supported
S5700SI
Not supported
S5710EI
Not supported
S5720EI
V200R009
S5720SI/S5720S-SI
Not supported
S5700HI
Not supported
S5710HI
Not supported
S5720HI
V200R009
S3700
S5700
Issue 11 (2016-07-22)
93
4 Ethernet Switching
Series
Product
Minimum Version
Required
S6700
S6700EI
Not supported
S6720EI
V200R009
S6720S-EI
V200R009
VLAN mapping can be configured only on a trunk or hybrid interface, and the hybrid
interface must be added to the translated VLAN in tagged mode.
When N:1 VLAN mapping is configured (VLAN IDs can be non-contiguous before
mapping), the interface needs to be added to these VLANs in tagged mode, and the
VLAN specified by map-vlan cannot be a VLAN corresponding to a VLANIF interface.
If VLAN mapping and DHCP are configured on the same interface, the interface must be
added to the original VLANs (VLANs before mapping) in tagged mode.
Configuring MAC address limiting and N:1 VLAN mapping simultaneously causes a
high CPU usage on some low-end switches, so such configuration is not recommended.
4.10 GVRP
Involved Network Elements
Other network elements are not required.
License Support
GVRP is a basic feature of a switch and is not under license control.
Version Support
Table 4-16 Products and minimum version supporting GVRP
Issue 11 (2016-07-22)
Series
Product
Minimum Version
Required
S1700
S1720GFR
S2700
S2700SI
Not supported
S2700EI
94
Series
S3700
S5700
Issue 11 (2016-07-22)
4 Ethernet Switching
Product
Minimum Version
Required
S2710SI
Not supported
S2720EI
S2750EI
V200R003
S3700SI
S3700EI
S3700HI
S5700LI/S5700S-LI
V200R001
S5710-C-LI
S5710-X-LI
V200R008
S5700SI
S5700EI
S5710EI
S5720EI
V200R007
S5720SI/S5720S-SI
V200R008
S5700HI
S5710HI
S5720HI
V200R006
95
4 Ethernet Switching
Series
Product
Minimum Version
Required
S6700
S6700EI
S6720EI
V200R008
S6720S-EI
V200R009
N <= 500
N > 1500
GARP Hold
timer
100
centiseconds (1
second)
200
centiseconds (2
seconds)
800
centiseconds (8
seconds)
1000
centiseconds
(10 seconds)
GARP Join
timer
600
centiseconds (6
seconds)
1200
centiseconds
(12 seconds)
4000
centiseconds
(40 seconds)
6000
centiseconds (1
minute)
GARP Leave
timer
3000
centiseconds
(30 seconds)
6000
centiseconds (1
minute)
20000
centiseconds (3
minutes and 20
seconds)
30000
centiseconds (5
minutes)
GARP
LeaveAll timer
12000
centiseconds (2
minutes)
24000
centiseconds (4
minutes)
30000
centiseconds (5
minutes)
32765
centiseconds (5
minutes and
27.65 seconds)
The blocked port in instance 0 of STP/RSTP/MSTP can block GVRP packets; the blocked
ports of other MSTIs and other ring network protocols such as ERPS, SEP, RRPP, Smart
Link, and VBST cannot block GVRP packets. To ensure that GVRP runs normally and
prevent GVRP loops, do not enable GVRP on the blocked port of a ring network protocol.
Issue 11 (2016-07-22)
96
4 Ethernet Switching
4.11 VCMP
Involved Network Elements
Other network elements are not required.
License Support
VCMP is a basic feature of a switch and is not under license control.
Version Support
Table 4-18 Products and minimum version supporting VCMP
Series
Product
Minimum Version
Required
S1700
S1720GFR
S2700
S2700SI
Not supported
S2700EI
Not supported
S2710SI
Not supported
S2720EI
S2750EI
V200R005
S3700SI
Not supported
S3700EI
Not supported
S3700HI
Not supported
S5700LI/S5700S-LI
V200R005
S5710-C-LI
Not supported
S5710-X-LI
V200R008
S5700EI
S5700SI
S3700
S5700
Issue 11 (2016-07-22)
97
Series
S6700
4 Ethernet Switching
Product
Minimum Version
Required
S5710EI
S5720EI
V200R007
S5720SI/S5720S-SI
V200R008
S5700HI
S5710HI
S5720HI
V200R006
S6700EI
S6720EI
V200R008
S6720S-EI
V200R009
VCMP can only help the network administrator synchronize VLAN information but not
dynamically assign VLANs. VCMP is often used with LNP to simplify user
configurations. For details about LNP, see LNP.
VCMP packets can be only transmitted in VLAN 1. By default, all interfaces join VLAN
1. To prevent loops, deploy a loop prevention protocol such as STP in addition to VCMP.
One switch can join only one VCMP domain, and only one VCMP server exists in a
VCMP domain.
If the VCMP domain authentication password is set, ensure that the VCMP server and
clients use the same VCMP domain authentication password.
If VLANs created or deleted on the VCMP server are the control VLANs of the Ethernet
Ring Protection Switch (ERPS), Rapid Ring Protection Protocol (RRPP), Smart Ethernet
Protocol (SEP), or Smart link, or reserved VLANs of stack, a VCMP client does not
create or delete the VLANs.
If the Generic VLAN Registration Protocol (GVRP) has been enabled, the VCMP role
can be only the transparent or silent switch. If the VCMP role is set to client or server, do
not use GVRP.
Issue 11 (2016-07-22)
98
4 Ethernet Switching
After a VLAN is deleted on the VCMP server, VCMP clients delete the VLAN but do
not delete configurations in the VLAN. In addition, the vlan vlan-id configuration
command is generated in the configuration file, and the configurations in the deleted
VLAN specified by vlan-id are moved to the VLAN configuration view.
When the device used as a VCMP client that connects to a VCMP server restarts, the
VLAN configuration before the restart takes effect. To make the saved VLAN
configuration take effect, use one of the following methods to delete the vlan.dat file
and then restart the device:
Run the vcmp role { server | silent | transparent } command to change the device
role to a non-client.
Run the reset saved-configuration command to clear the saved configuration file.
This command will clear all the configuration.
NOTE
When the value of Server ID in the display vcmp status command output is not empty, the device
used as a VCMP client has been connected to a VCMP server.
4.12 STP/RSTP
Involved Network Elements
Other network elements also need to support STP or RSTP.
License Support
STP or RSTP is a basic feature of a switch and is not under license control.
Version Support
Table 4-19 Products and minimum version supporting STP or RSTP
Issue 11 (2016-07-22)
Series
Product
Minimum Version
Required
S1700
S1720GFR
S2700
S2700SI
S2700EI
99
Series
S3700
S5700
Issue 11 (2016-07-22)
4 Ethernet Switching
Product
Minimum Version
Required
S2710SI
S2720EI
S2750EI
V200R003
S3700SI
S3700EI
S3700HI
S5700LI/S5700S-LI
V200R001
S5710-C-LI
S5710-X-LI
V200R008
S5700SI
S5700EI
S5710EI
S5720EI
V200R007
S5720SI/S5720S-SI
V200R008
S5700HI
S5710HI
100
Series
S6700
4 Ethernet Switching
Product
Minimum Version
Required
S5720HI
V200R006
S6700EI
S6720EI
V200R008
S6720S-EI
V200R009
4.13 MSTP
Involved Network Elements
Other network elements are not required.
License Support
MSTP is a basic feature of a switch and is not under license control.
Version Support
Table 4-20 Products and minimum version supporting MSTP
Issue 11 (2016-07-22)
Series
Product
Minimum Version
Required
S1700
S1720GFR
S2700
S2700SI
Not supported
101
Series
S3700
S5700
Issue 11 (2016-07-22)
4 Ethernet Switching
Product
Minimum Version
Required
S2700EI
S2710SI
S2720EI
S2750EI
V200R003
S3700SI
S3700EI
S3700HI
S5700LI/S5700S-LI
V200R001
S5710-C-LI
S5710-X-LI
V200R008
S5700SI
S5700EI
S5710EI
S5720EI
V200R007
S5720SI/S5720S-SI
V200R008
S5700HI
102
Series
S6700
4 Ethernet Switching
Product
Minimum Version
Required
S5710HI
S5720HI
V200R006
S6700EI
S6720EI
V200R008
S6720S-EI
V200R009
Item
Specification
65
MSTP BPDUs may be discarded in a scenario wherein there are many MSTIs and MSTP
multi-process is configured. This is due to the default CIR of STP being insufficient.
(The default CIR of STP is insufficient because the length of MSTP BPDUs increases as
the number of MSTIs increases, and the number of outgoing MSTP BPDUs increases
when MSTP multi-process is configured.) To avoid this situation, increase the CIR of
STP.
If the CPCAR values are adjusted improperly, network services are affected. To adjust
the CPCAR values of STP BPDUs, contact technical support personnel.
4.14 VBST
Involved Network Elements
Other network elements also need to support VBST.
License Support
VBST is a basic feature of a switch and is not under license control.
Issue 11 (2016-07-22)
103
4 Ethernet Switching
Version Support
Table 4-22 Products and minimum version supporting VBST
Series
Product
Minimum Version
Required
S1700
S1720GFR
S2700
S2700SI
Not suooprted
S2700EI
Not suooprted
S2710SI
Not suooprted
S2720EI
S2750EI
V200R005
S3700SI
Not suooprted
S3700EI
Not suooprted
S3700HI
Not suooprted
S5700LI/S5700S-LI
V200R005
S5710-C-LI
Not suooprted
S5710-X-LI
V200R008
S5700SI
S5700EI
S5710EI
S5720EI
V200R007
S5720SI/S5720S-SI
V200R008
S5700HI
S5710HI
S3700
S5700
Issue 11 (2016-07-22)
104
Series
S6700
4 Ethernet Switching
Product
Minimum Version
Required
S5720HI
V200R006
S6700EI
S6720EI
V200R008
S6720S-EI
V200R009
Specification
128
When VBST is enabled on a ring network, VBST immediately starts spanning tree
calculation. Parameters such as the device priority and port priority affect spanning tree
calculation, and the change of these parameters may cause network flapping. To ensure
fast and stable spanning tree calculation, perform basic configurations on the switch and
interfaces before enabling VBST.
If the protected instance has been configured in a SEP segment or ERPS ring but the
mapping between protected instances and VLANs is not configured, VBST cannot be
enabled.
VBST cannot be enabled in the ignored VLAN or control VLAN used by ERPS, RRPP,
SEP, or Smart Link.
If 1:N (N>1) mapping between MSTIs and VLANs has been configured on the switch,
delete the mapping before changing the STP working mode to VBST.
If the stp vpls-subinterface enable command has been configured on a switch, run the
undo stp vpls-subinterface enable command on an interface before changing the STP
working mode to VBST.
If the device has been configured as the root bridge or secondary root bridge, run the
undo stp vlan { vlan-id1 [ to vlan-id2 ] } &<1-10> root command to disable the root
bridge or secondary root bridge function and run the stp vlan { vlan-id1 [ to vlan-id2 ] }
&<1-10> priority priority command to change the device priority.
When more than 128 MSTIs are dynamically specified, STP is disabled in a created
VLAN in the configuration file, for example, stp vlan 100 disable.
To prevent frequent network flapping, ensure that the values of Hello time, Forward
Delay, and Max Age conform to the following formulas:
Issue 11 (2016-07-22)
105
4 Ethernet Switching
After all ports are configured as edge ports and BPDU filter ports in the system view,
none of ports on the switch send BPDUs or negotiate the VBST status with directly
connected ports on the remote device. All ports are in forwarding state. This may cause
loops on the network, leading to broadcast storms. Exercise caution when you configure
a port as an edge port and BPDU filter port.
After a port is configured as an edge port and BPDU filter port in the interface view, the
port does not process or send BPDUs. The port cannot negotiate the VBST status with
the directly connected port on the peer device. Exercise caution when you configure a
port as an edge port and BPDU filter port.
An alternate port is the backup of the root port. If a switch has an alternate port,
configure loop protection on both the root port and alternate port.
4.15 SEP
Involved Network Elements
Other network elements also need to support SEP.
License Support
SEP is a basic feature of a switch and is not under license control.
Version Support
Table 4-24 Products and minimum version supporting SEP
Series
Product
Minimum Version
Required
S1700
S1720GFR
Not supported
S2700
S2700SI
Not supported
S2700EI
Not supported
S2710SI
Not supported
S2720EI
S2750EI
V200R003
S3700SI
S3700EI
S3700
Issue 11 (2016-07-22)
106
Series
S5700
S6700
4 Ethernet Switching
Product
Minimum Version
Required
S3700HI
S5700LI/S5700S-LI
V200R001
S5710-C-LI
S5710-X-LI
V200R008
S5700SI
S5700EI
S5710EI
S5720EI
V200R007
S5720SI/S5720S-SI
V200R008
S5700HI
S5710HI
S5720HI
V200R006
S6700EI
S6720EI
V200R008
S6720S-EI
V200R009
Issue 11 (2016-07-22)
107
4 Ethernet Switching
Item
Specification
16.
On a SEP network where there are no-neighbor edge interfaces, a device that is not in a
SEP segment cannot be added to the control VLAN of the SEP segment. Otherwise, a
loop will occur on the network.
4.16 RRPP
Involved Network Elements
Other network elements are not required.
License Support
RRPP is a basic feature of a switch and is not under license control.
Version Support
Table 4-26 Products and minimum version supporting RRPP
Series
Product
Minimum Version
Required
S1700
S1720GFR
Not supported
S2700
S2700SI
Not supported
S2700EI
S2710SI
S2720EI
S2750EI
V200R003
S3700SI
S3700
Issue 11 (2016-07-22)
108
Series
S5700
S6700
Issue 11 (2016-07-22)
4 Ethernet Switching
Product
Minimum Version
Required
S3700EI
S3700HI
S5700LI/S5700S-LI
V200R001
S5710-C-LI
S5710-X-LI
V200R008
S5700SI
S5700EI
S5710EI
S5720EI
V200R007
S5700HI
S5710HI
S5720HI
V200R006
S5720SI/S5720S-SI
V200R008
S6700EI
S6720EI
V200R008
S6720S-EI
V200R009
109
4 Ethernet Switching
You can delete or change existing protected VLANs before configuring an RRPP ring.
The protected VLANs cannot be changed after the RRPP ring is configured.
In the same physical topology, the control VLAN in a domain cannot be configured as a
protected VLAN in another domain.
The control VLAN must be included in the protected VLANs; otherwise, the RRPP ring
cannot be configured.
The control VLAN can be mapped to other instances before the RRPP ring is created.
After the RRPP ring is created, the mapping cannot be changed unless you delete the
RRPP ring.
When the mapping between instances and VLANs changes, the protected VLANs in the
RRPP domain also change.
All the VLANs allowed by an RRPP interface must be configured as protected VLANs.
License Support
ERPS is a basic feature of a switch and is not under license control.
Version Support
Table 4-27 Products and minimum version supporting ERPS
Issue 11 (2016-07-22)
Series
Product
Minimum Version
Required
S1700
S1720GFR
Not supported
S2700
S2700SI
Not supported
S2700EI
S2710SI
Not supported
110
Series
S3700
S5700
S6700
Issue 11 (2016-07-22)
4 Ethernet Switching
Product
Minimum Version
Required
S2720EI
S2750EI
V200R003
S3700SI
Not supported
S3700EI
Not supported
S3700HI
S5700LI
V200R001
S5700S-LI
Not supported
S5710-C-LI
S5710-X-LI
V200R008
S5700SI
S5700EI
S5710EI
S5720EI
V200R007
S5700HI
S5710HI
S5720HI
V200R006
S5720SI/S5720S-SI
V200R008
S6700EI
111
Series
4 Ethernet Switching
Product
Minimum Version
Required
S6720EI
V200R008
S6720S-EI
V200R009
Before adding a port to an ERPS ring, ensure that port security has been disabled on the
port. Otherwise, loops cannot be eliminated.
Before adding a port to an ERPS ring, ensure that the Spanning Tree Protocol (STP),
Rapid Ring Protection Protocol (RRPP), Smart Ethernet Protection (SEP), or Smart Link
is not enabled on the port.
The S5700S-LI and S6700EI do not support association between an ERPS interface and
Ethernet CFM.
4.18 LBDT
Involved Network Elements
Other network elements are not required.
License Support
LBDT is a basic feature of a switch and is not under license control.
Version Support
Table 4-28 Products and minimum version supporting LBDT
Issue 11 (2016-07-22)
Series
Product
Minimum Version
Required
S1700
S1720GFR
S2700
S2700EI
S2700SI
112
Series
S3700
S5700
Issue 11 (2016-07-22)
4 Ethernet Switching
Product
Minimum Version
Required
S2710SI
S2720EI
S2750EI
V200R003
S3700SI
S3700EI
S3700HI
S5700LI/S5700S-LI
V200R001
S5710-C-LI
S5710-X-LI
V200R008
S5700EI
S5700SI
S5710EI
S5720EI
V200R007
S5720SI/S5720S-SI
V200R008
S5700HI
S5710HI
113
Series
S6700
4 Ethernet Switching
Product
Minimum Version
Required
S5720HI
V200R006
S6700EI
S6720EI
V200R008
S6720S-EI
V200R009
LBDT requires that the device should send a large number of detection packets to detect
loops, occupying system resources. Therefore, disable LBDT if loops do not need to be
detected.
LBDT cannot be used with ERPS, RRPP, SEP, Smart Link, STP, RSTP, MSTP, or VBST.
The S2700SI and S2710SI support only detection of self-loops on an interface, and do
not support detection loops on the downstream device or between interfaces.
License Support
Layer 2 protocol transparent transmission is a basic feature of a switch and is not under
license control.
Version Support
Table 4-29 Products and minimum version supporting Layer 2 protocol transparent
transmission
Issue 11 (2016-07-22)
Series
Product
Minimum Version
Required
S1700
S1720GFR
S2700
S2700SI
Not supported
114
Series
S3700
S5700
Issue 11 (2016-07-22)
4 Ethernet Switching
Product
Minimum Version
Required
S2700EI
S2710SI
Not supported
S2720EI
S2750EI
V200R003
S3700SI
S3700EI
S3700HI
S5700LI/S5700S-LI
V200R001
S5710-C-LI
S5710-X-LI
V200R008
S5700EI
S5700SI
S5710EI
S5720EI
V200R007
S5720SI/S5720S-SI
V200R008
S5700HI
115
Series
S6700
4 Ethernet Switching
Product
Minimum Version
Required
S5710HI
S5720HI
V200R006
S6700EI
S6720EI
V200R008
S6720S-EI
V200R009
When the default CPCAR value is used, the device transparently transmits a maximum
of 10 Layer 2 protocol packets per second. Excess packets are discarded.
Do not replace the destination MAC addresses of SSTP, STP, GVRP, and GMRP packets
with the same multicast MAC address.
When configuring Layer 2 protocol transparent transmission, do not use any of the
following multicast MAC addresses to replace the destination MAC address of Layer 2
protocol packets:
Common multicast MAC addresses that have been used on the device
Issue 11 (2016-07-22)
116
5 IP Service
IP Service
Issue 11 (2016-07-22)
117
5 IP Service
5.1 ARP
Involved Network Elements
Other network elements are not required.
License Support
ARP is a basic feature of a switch and is not under license control.
Version Support
Table 5-1 Products and minimum version supporting ARP
Series
Product
Minimum Version
Required
S1700
S1720GFR
S2700
S2700SI
S2700EI
S2710SI
S2720EI
S2750EI
V200R003
S3700SI
S3700EI
S3700HI
S5700LI/S5700S-LI
V200R001
S3700
S5700
Issue 11 (2016-07-22)
118
Series
S6700
5 IP Service
Product
Minimum Version
Required
S5710-C-LI
S5710-X-LI
V200R008
S5700SI
S5700EI
S5710EI
S5720EI
V200R007
S5720SI/S5720S-SI
V200R008
S5700HI
S5710HI
S5720HI
V200R006
S6700EI
S6720EI
V200R008
S6720S-EI
V200R009
119
5 IP Service
5.2 DHCP
Involved Network Elements
Other network elements are not required.
License Support
DHCP is a basic feature of the device and is not under license control.
Version Support
Table 5-2 Products and minimum version supporting DHCP(DHCP server, and DHCP relay)
Series
Product
Minimum Version
Required
S1700
S1720GFR
S2700
S2700SI
Not supported
S2700EI
Not supported
S2710SI
Not supported
S2720EI
S3700
S5700
Issue 11 (2016-07-22)
S2750EI
V200R005
S3700SI
S3700EI
S3700HI
S5700LI/S5700S-LI
V200R005
S5710-C-LI
Not supported
120
Series
S6700
5 IP Service
Product
Minimum Version
Required
S5710-X-LI
V200R008
S5700SI
S5700EI
S5710EI
S5720EI
V200R007
S5720SI/S5720S-SI
V200R008
S5700HI
S5710HI
S5720HI
V200R006
S6700EI
S6720EI
V200R008
S6720S-EI
V200R009
Issue 11 (2016-07-22)
Function
Description
Specifications
DHCP server
Maximum number of IP
addresses that can be
allocated by the device
16384
121
Function
DHCP relay
DHCP client
5 IP Service
Description
Specifications
Maximum number of IP
address pools that can be
configured on the device
Maximum number of IP
addresses in each address
pool
4096
Number of customized
options in each address pool
32
20
20
Maximum number of IP
addresses that a DHCP
client can apply for
l S5720HI, S5720EI,
S5720SI, S5720S-SI,
S6720EI, and S6720SEI: 32
l S1720GFR, S2720,
S2750EI, S5700LI,
S5700S-LI, and S5710X-LI: 8
Issue 11 (2016-07-22)
122
5 IP Service
License Support
The DHCP policy VLAN function is a basic feature of the device and is not under license
control.
Version Support
Table 5-4 Products and minimum version supporting the DHCP policy VLAN function
Series
Product
Minimum Version
Required
S1700
S1720GFR
Not supported
S2700
S2700SI
Not supported
S2700EI
Not supported
S2710SI
Not supported
S2720EI
Not supported
S2750EI
Not supported
S3700SI
Not supported
S3700EI
Not supported
S3700HI
S5700LI/S5700S-LI
Not supported
S5710-C-LI
S5710-X-LI
Not supported
S5700SI
S3700
S5700
Issue 11 (2016-07-22)
123
Series
S6700
5 IP Service
Product
Minimum Version
Required
S5700EI
S5710EI
S5720EI
V200R007
S5720SI/S5720S-SI
V200R008
S5700HI
S5710HI
S5720HI
V200R006
S6700EI
S6720EI
V200R008
S6720S-EI
V200R009
5.4 DNS
Involved Network Elements
Other network elements are not required.
License Support
DNS is a basic feature of the device and is not under license control.
Issue 11 (2016-07-22)
124
5 IP Service
Version Support
Table 5-5 Products and minimum version supporting DNS
Series
Product
Minimum Version
Required
S1700
S1720GFR
S2700
S2700SI
S2700EI
S2710SI
S2720EI
S2750EI
V200R003
S3700SI
S3700EI
S3700HI
S5700LI/S5700S-LI
V200R001
S5710-C-LI
S5710-X-LI
V200R008
S5700SI
S5700EI
S3700
S5700
Issue 11 (2016-07-22)
125
Series
S6700
5 IP Service
Product
Minimum Version
Required
S5710EI
S5720EI
V200R007
S5720SI/S5720S-SI
V200R008
S5700HI
S5710HI
S5720HI
V200R006
S6700EI
S6720EI
V200R008
S6720S-EI
V200R009
Issue 11 (2016-07-22)
126
5 IP Service
Product Model
Minimum
Version Required
Description
mDNS gateway
Huawei ACs
V200R005
License Support
mDNS relay is a basic feature of the device and is not under license control.
Version Support
Table 5-6 Products and minimum version supporting mDNS relay
Series
Product
Minimum Version
Required
S1700
S1720GFR
Not supported
S2700
S2700SI
Not supported
S2700EI
Not supported
S2710SI
Not supported
S2720EI
Not supported
S2750EI
Not supported
S3700SI
Not supported
S3700EI
Not supported
S3700HI
Not supported
S5700LI/S5700S-LI
Not supported
S5710-C-LI
Not supported
S5710-X-LI
Not supported
S5700SI
Not supported
S5700EI
Not supported
S3700
S5700
Issue 11 (2016-07-22)
127
Series
S6700
5 IP Service
Product
Minimum Version
Required
S5710EI
S5720EI
V200R007
S5720SI/S5720S-SI
Not supported
S5700HI
S5710HI
S5720HI
V200R006
S6700EI
S6720EI
V200R008
S6720S-EI
V200R009
License Support
The UDP helper function is a basic feature of a switch and is not under license control.
Version Support
Table 5-7 Products and minimum version supporting the UDP helper function
Issue 11 (2016-07-22)
Series
Product
Minimum Version
Required
S1700
S1720GFR
Not supported
128
Series
Product
Minimum Version
Required
S2700
S2700SI
Not supported
S2700EI
Not supported
S2710SI
Not supported
S2720EI
Not supported
S2750EI
Not supported
S3700SI
Not supported
S3700EI
Not supported
S3700HI
S5700LI/S5700S-LI
Not supported
S5710-C-LI
Not supported
S5710-X-LI
Not supported
S5700SI
Not supported
S5700EI
Not supported
S5710EI
S5720EI
V200R007
S5720SI/S5720S-SI
V200R008
S5700HI
S5710HI
S5720HI
V200R006
S6700EI
S6720EI
V200R008
S6720S-EI
V200R009
S3700
S5700
S6700
Issue 11 (2016-07-22)
5 IP Service
129
5 IP Service
5.7 IP Performance
Involved Network Elements
Other network elements are not required.
License Support
IP performance is a basic feature of a switch and is not under license control.
Version Support
Table 5-8 Products and minimum version supporting IP performance
Series
Product
Minimum Version
Required
S1700
S1720GFR
S2700
S2700SI
S2700EI
S2710SI
S2720EI
S2750EI
V200R003
S3700SI
S3700EI
S3700HI
S3700
Issue 11 (2016-07-22)
130
5 IP Service
Series
Product
Minimum Version
Required
S5700
S5700LI/S5700S-LI
V200R001
S5710-C-LI
S5710-X-LI
V200R008
S5700SI
S5700EI
S5710EI
S5720EI
V200R007
S5720SI/S5720S-SI
V200R008
S5700HI
S5710HI
S5720HI
V200R006
S6700EI
S6720EI
V200R008
S6720S-EI
V200R009
S6700
Issue 11 (2016-07-22)
131
5 IP Service
License Support
IPv6 is a basic feature of a switch and is not under license control.
Version Support
Table 5-9 Products and minimum version supporting IPv6
Series
Product
Minimum Version
Required
S1700
S1720GFR
S2700
S2700SI
S2700EI
S2710SI
S2720EI
S2750EI
V200R003
S3700SI
S3700EI
S3700HI
S5700LI/S5700S-LI
V200R001
S3700
S5700
Issue 11 (2016-07-22)
132
Series
S6700
5 IP Service
Product
Minimum Version
Required
S5710-C-LI
S5710-X-LI
V200R008
S5700SI
S5700EI
S5710EI
S5720EI
V200R007
S5720SI/S5720S-SI
V200R008
S5700HI
S5710HI
S5720HI
V200R006
S6700EI
S6720EI
V200R008
S6720S-EI
V200R009
133
5 IP Service
If the CPCAR values are adjusted improperly, network services are affected. To adjust the
CPCAR values of ND packets, contact technical support personnel.
5.9 DHCPv6
This section provides the points of attention when configuring DHCPv6.
License Support
DHCPv6 is a basic feature of the device and is not under license control.
Version Support
Table 5-10 Products and minimum version supporting DHCPv6
Series
Product
Minimum Version
Required
S1700
S1720GFR
S2700
S2700SI
Not supported
S2700EI
Not supported
S2710SI
Not supported
S2720EI
S2750EI
V200R003
S3700SI
S3700EI
S3700HI
S5700LI/S5700S-LI
V200R001
S3700
S5700
Issue 11 (2016-07-22)
134
Series
S6700
5 IP Service
Product
Minimum Version
Required
S5710-C-LI
S5710-X-LI
V200R008
S5700SI
S5700EI
S5710EI
S5720EI
V200R007
S5720SI/S5720S-SI
V200R008
S5700HI
S5710HI
S5720HI
V200R006
S6700EI
S6720EI
V200R008
S6720S-EI
V200R009
135
5 IP Service
License Support
IPv6 DNS is a basic feature of the device and is not under license control.
Version Support
Table 5-11 Products and minimum version supporting IPv6 DNS
Series
Product
Minimum Version
Required
S1700
S1720GFR
S2700
S2700SI
S2700EI
S2710SI
S2720EI
S2750EI
V200R003
S3700SI
S3700EI
S3700HI
S5700LI/S5700S-LI
V200R001
S5710-C-LI
S5710-X-LI
V200R008
S3700
S5700
Issue 11 (2016-07-22)
136
Series
S6700
5 IP Service
Product
Minimum Version
Required
S5700SI
S5700EI
S5710EI
S5720EI
V200R007
S5720SI/S5720S-SI
V200R008
S5700HI
S5710HI
S5720HI
V200R006
S6700EI
S6720EI
V200R008
S6720S-EI
V200R009
Issue 11 (2016-07-22)
137
5 IP Service
License Support
The IPv6 over IPv4 tunnel function is a basic feature of a switch and is not under license
control.
Version Support
Table 5-12 Products and minimum version supporting the IPv6 over IPv4 tunnel function
Series
Product
Minimum Version
Required
S1700
S1720GFR
Not supported
S2700
S2700SI
Not supported
S2700EI
Not supported
S2710SI
Not supported
S2720EI
Not supported
S2750EI
Not supported
S3700SI
S3700EI
S3700HI
S5700LI/S5700S-LI
Not supported
S5710-C-LI
Not supported
S5710-X-LI
Not supported
S5700SI
S5700EI
S5710EI
S5720EI
V200R007
S5720SI/S5720S-SI
V200R008
S3700
S5700
Issue 11 (2016-07-22)
138
Series
S6700
5 IP Service
Product
Minimum Version
Required
S5700HI
S5710HI
S5720HI
V200R009
S6700EI
S6720EI
V200R008
S6720S-EI
V200R009
After you run the ip error-packet-check disable command on the S5720SI, S5720S-SI
to disable the IP packet checking function, the IPv6 over IPv4 tunnel function does not
take effect.
After you run the drop illegal-mac alarm command on the S5720SI and S5720S-SI to
configure the switch to send a trap to the network management system (NMS) when
receiving a packet with an all-0 MAC address, the IPv6 over IPv4 tunnel function does
not take effect.
After you run the drop illegal-mac enable command on the S5720SI and S5720S-SI to
discard packets with an all-0 invalid MAC address, the IPv6 over IPv4 tunnel function
does not take effect.
The devices in stack do not support the IPv6 over IPv4 Tunnel function.
License Support
The IPv4 over IPv6 tunnel function is a basic feature of a switch and is not under license
control.
Issue 11 (2016-07-22)
139
5 IP Service
Version Support
Table 5-13 Products and minimum version supporting the IPv6 over IPv4 tunnel function
Series
Product
Minimum Version
Required
S1700
S1720GFR
Not supported
S2700
S2700SI
Not supported
S2700EI
Not supported
S2710SI
Not supported
S2720EI
Not supported
S2750EI
Not supported
S3700SI
Not supported
S3700EI
Not supported
S3700HI
Not supported
S5700LI/S5700S-LI
Not supported
S5710-C-LI
Not supported
S5710-X-LI
Not supported
S5700SI
Not supported
S5700EI
Not supported
S5710EI
Not supported
S5720EI
Not supported
S5720SI/S5720S-SI
Not supported
S5700HI
Not supported
S5710HI
Not supported
S5720HI
V200R009
S6700EI
Not supported
S6720EI
Not supported
S6720S-EI
Not supported
S3700
S5700
S6700
Issue 11 (2016-07-22)
None
140
6 IP Unicast Routing
IP Unicast Routing
Issue 11 (2016-07-22)
141
6 IP Unicast Routing
License Support
The number of IPv4 FIB entries supported by an S5720HI depends on licenses. For the
maximum number of IPv4 FIB entries, contact the Huawei local office.
Version Support
Table 6-1 Products and minimum version supporting VLAN technology
Series
Product
Minimum Version
Required
S1700
S1720
S2700
S2700SI
S2700EI
S2710SI
S2720EI
S2750EI
V200R003
S3700SI
S3700EI
S3700HI
S3700
Issue 11 (2016-07-22)
142
6 IP Unicast Routing
Series
Product
Minimum Version
Required
S5700
S5700LI/S5700S-LI
V200R001
S5710-C-LI
S5710-X-LI
V200R008
S5700EI
S5700SI
S5710EI
S5720EI
V200R007
S5720SI/S5720S-SI
V200R008
S5700HI
S5710HI
S5720HI
V200R006
S6700EI
S6720EI
V200R008
S6720S-EI
V200R009
S6700
6.2 RIP
Issue 11 (2016-07-22)
143
6 IP Unicast Routing
License Support
RIP is not under license control.
Version Support
Table 6-2 Products and minimum version supporting RIP
Series
Product Model
Minimum Version
Required
S1700
S1720
Not supported
S2700
S2700SI
S2700EI
S2710SI
S2720EI
S2750EI
S3700SI
S3700EI
S3700
Issue 11 (2016-07-22)
144
Series
S5700
S6700
Issue 11 (2016-07-22)
6 IP Unicast Routing
Product Model
Minimum Version
Required
S3700HI
S5700LI/S5700S-LI
S5710-C-LI
S5710-X-LI
V200R009
S5700SI
S5700EI
S5710EI
S5720EI
V200R007
S5720SI/S5720S-SI
V200R008
S5700HI
S5710HI
S5720HI
V200R006
S6700EI
S6720EI
V200R008
S6720S-EI
V200R009
145
6 IP Unicast Routing
6.3 RIPng
Involved Network Elements
Other network elements are required to support RIPng.
License Support
RIPng is not under license control.
Version Support
Table 6-3 Products and minimum version supporting RIPng
Series
Product Model
Minimum Version
Required
S1700
S1720
Not supported
S2700
S2700SI
S2700EI
S2710SI
S2720EI
Not supported
S2750EI
Not supported
S3700SI
S3700EI
S3700
Issue 11 (2016-07-22)
146
Series
S5700
S6700
6 IP Unicast Routing
Product Model
Minimum Version
Required
S3700HI
S5700LI/S5700S-LI
S5710-C-LI
S5710-X-LI
V200R009
S5700SI
S5700EI
S5710EI
S5720EI
V200R007
S5720SI/S5720S-SI
V200R008
S5700HI
S5710HI
S5720HI
V200R006
S6700EI
S6720EI
V200R008
S6720S-EI
V200R009
147
6 IP Unicast Routing
6.4 OSPF
Involved Network Elements
Other network elements are required to support OSPF.
License Support
OSPF is not under license control.
Version Support
Table 6-4 Products and minimum version supporting OSPF
Series
Product Model
Minimum Version
Required
S1700
S1720
Not supported
S2700
S2700SI
S2700EI
S2710SI
S2720EI
Not supported
S2750EI
Not supported
S3700SI
S3700EI
S3700HI
S5700LI/S5700S-LI
Not supported
S3700
S5700
Issue 11 (2016-07-22)
148
Series
S6700
6 IP Unicast Routing
Product Model
Minimum Version
Required
S5710-C-LI
S5710-X-LI
Not supported
S5700SI
S5700EI
S5710EI
S5720EI
V200R007
S5720SI/S5720S-SI
V200R008
S5700HI
S5710HI
S5720HI
V200R006
S6700EI
S6720EI
V200R008
S6720S-EI
V200R009
6.5 OSPFv3
Involved Network Elements
Other network elements are required to support OSPFv3.
Issue 11 (2016-07-22)
149
6 IP Unicast Routing
License Support
OSPFv3 is not under license control.
Version Support
Table 6-5 Products and minimum version supporting OSPFv3
Series
Product Model
Minimum Version
Required
S1700
S1720
Not supported
S2700
S2700SI
S2700EI
S2710SI
S2720EI
Not supported
S2750EI
Not supported
S3700SI
S3700EI
S3700HI
S5700LI/S5700S-LI
Not supported
S5710-C-LI
S5710-X-LI
Not supported
S5700SI
S3700
S5700
Issue 11 (2016-07-22)
150
Series
S6700
6 IP Unicast Routing
Product Model
Minimum Version
Required
S5700EI
S5710EI
S5720EI
V200R007
S5720SI/S5720S-SI
V200R008
S5700HI
S5710HI
S5720HI
V200R006
S6700EI
S6720EI
V200R008
S6720S-EI
V200R009
License Support
IS-IS (IPv4) is not under license control.
Issue 11 (2016-07-22)
151
6 IP Unicast Routing
Version Support
Table 6-6 Products and minimum version supporting IS-IS (IPv4)
Series
Product Model
Minimum Version
Required
S1700
S1720
Not supported
S2700
S2700SI
S2700EI
S2710SI
S2720EI
Not supported
S2750EI
Not supported
S3700SI
S3700EI
S3700HI
S5700LI/S5700S-LI
Not supported
S5710-C-LI
S5710-X-LI
Not supported
S5700SI
S5700EI
S3700
S5700
Issue 11 (2016-07-22)
152
Series
S6700
6 IP Unicast Routing
Product Model
Minimum Version
Required
S5710EI
S5720EI
V200R007
S5720SI/S5720S-SI
V200R008
S5700HI
S5710HI
S5720HI
V200R006
S6700EI
S6720EI
V200R008
S6720S-EI
V200R009
License Support
IS-IS (IPv6) is not under license control.
Version Support
Table 6-7 Products and minimum version supporting IS-IS (IPv6)
Issue 11 (2016-07-22)
Series
Product Model
Minimum Version
Required
S1700
S1720
Not supported
153
Series
Product Model
Minimum Version
Required
S2700
S2700SI
S2700EI
S2710SI
S2720EI
Not supported
S2750EI
Not supported
S3700SI
S3700EI
S3700HI
S5700LI/S5700S-LI
Not supported
S5710-C-LI
S5710-X-LI
Not supported
S5700SI
S5700EI
S5710EI
S5720EI
V200R007
S5720SI/S5720S-SI
V200R008
S3700
S5700
Issue 11 (2016-07-22)
6 IP Unicast Routing
154
Series
S6700
6 IP Unicast Routing
Product Model
Minimum Version
Required
S5700HI
S5710HI
S5720HI
V200R006
S6700EI
S6720EI
V200R008
S6720S-EI
V200R009
6.8 BGP
Involved Network Elements
Other network elements are required to support BGP.
License Support
The BGP4/BGP4+ feature is not under license control.
Version Support
Table 6-8 Products and minimum version supporting BGP
Issue 11 (2016-07-22)
Series
Product Model
Minimum
Version Required
Supporting BGP
Minimum
Version Required
Supporting
BGP4+
S1700
S1720
Not supported
Not supported
155
Series
Product Model
Minimum
Version Required
Supporting BGP
Minimum
Version Required
Supporting
BGP4+
S2700
S2700SI
S2700EI
S2710SI
S2720EI
Not supported
Not supported
S2750EI
Not supported
Not supported
S3700SI
S3700EI
V100R005 (The
S3700EI is
unavailable in
V200R001 and later
versions.)
S3700HI
V100R006 (The
S3700HI is
unavailable in
V200R002 and later
versions.)
V200R001 (The
S3700HI is
unavailable in
V200R002 and later
versions.)
S5700LI/S5700S-LI
Not supported
Not supported
S5710-C-LI
S5710-X-LI
Not supported
Not supported
S3700
S5700
Issue 11 (2016-07-22)
6 IP Unicast Routing
156
Series
S6700
6 IP Unicast Routing
Product Model
Minimum
Version Required
Supporting BGP
Minimum
Version Required
Supporting
BGP4+
S5700SI
S5700EI
V100R005 (The
S5700EI is
unavailable in
V200R006 and later
versions.)
V200R001 (The
S5700EI is
unavailable in
V200R006 and later
versions.)
S5710EI
V200R001 (The
S5710EI is
unavailable in
V200R006 and later
versions.)
V200R001 (The
S5710EI is
unavailable in
V200R006 and later
versions.)
S5720EI
V200R007
V200R007
S5720SI/S5720S-SI
V200R008
V200R008
S5700HI
V100R006 (The
S5700HI is
unavailable in
V200R006 and later
versions.)
V200R001 (The
S5700HI is
unavailable in
V200R006 and later
versions.)
S5710HI
V200R003 (The
S5710HI is
unavailable in
V200R006 and later
versions.)
V200R003 (The
S5710HI is
unavailable in
V200R006 and later
versions.)
S5720HI
V200R006
V200R006
S6700EI
V100R006 (The
S6700EI is
unavailable in
V200R006 and later
versions.)
V200R001 (The
S6700EI is
unavailable in
V200R006 and later
versions.)
S6720EI
V200R008
V200R008
S6720S-EI
V200R009
V200R009
157
6 IP Unicast Routing
License Support
Route-policy is not under license control.
Version Support
Table 6-9 Products and minimum version supporting route-policy
Series
Product Model
Minimum Version
Required
S1700
S1720
Not supported
S2700
S2700SI
S2700EI
S2710SI
S2720EI
S2750EI
S3700SI
S3700
Issue 11 (2016-07-22)
158
Series
S5700
Issue 11 (2016-07-22)
6 IP Unicast Routing
Product Model
Minimum Version
Required
S3700EI
S3700HI
S5700LI/S5700S-LI
S5710-C-LI
S5710-X-LI
V200R009
S5700SI
S5700EI
S5710EI
S5720EI
V200R007
S5720SI/S5720S-SI
V200R008
S5700HI
S5710HI
S5720HI
V200R006
159
6 IP Unicast Routing
Series
Product Model
Minimum Version
Required
S6700
S6700EI
S6720EI
V200R008
S6720S-EI
V200R009
6.10 PBR
Involved Network Elements
Other network elements are not required.
License Support
PBR is not under license control.
Version Support
Table 6-10 Products and minimum version supporting PBR
Issue 11 (2016-07-22)
Series
Product Model
Minimum Version
Required
S1700
S1720
Not supported
S2700
S2700SI
S2700EI
S2710SI
S2720EI
Not supported
160
Series
S3700
S5700
S6700
Issue 11 (2016-07-22)
6 IP Unicast Routing
Product Model
Minimum Version
Required
S2750EI
Not supported
S3700SI
S3700EI
S3700HI
S5700LI/S5700S-LI
Not supported
S5710-C-LI
S5710-X-LI
Not supported
S5700SI
S5700EI
S5710EI
S5720EI
V200R007
S5720SI/S5720S-SI
V200R008
S5700HI
S5710HI
S5720HI
V200R006
S6700EI
S6720EI
V200R008
161
Series
6 IP Unicast Routing
Product Model
Minimum Version
Required
S6720S-EI
V200R009
Issue 11 (2016-07-22)
162
7 IP Multicast
IP Multicast
Issue 11 (2016-07-22)
163
7 IP Multicast
7.1 IGMP
Involved Network Elements
An IPv4 multicast network consists of the following network elements:
l
Multicast source
A device that sends multicast data to receiver hosts. For example, a video server is a
multicast source.
IGMP querier
A device that exchanges IGMP messages with receiver hosts to create and maintain
group memberships. On a multicast network, Layer 3 devices connected to network
segments of receivers must run the IGMP protocol or be configured with static IGMP
groups. Otherwise, upstream PIM devices cannot know the multicast groups that users
want to join, and therefore cannot establish multicast forwarding paths.
Receiver
A multicast user that receives multicast data. A receiver can be a PC, a set top box, or
any device with multicast client installed.
The "IGMP Configuration" chapter is about configuring a Layer 3 device as an IGMP querier.
License Support
IGMP is a basic feature of a switch and is not under license control.
Issue 11 (2016-07-22)
164
7 IP Multicast
Version Support
Table 7-1 Products and minimum versions supporting IGMP
Series
Product Model
Minimum Version
Required
S1700
S1720
Not supported
S2700
S2700SI/S2710SI/S2700EI/
S2720EI/S2750EI
Not supported
S3700
S3700SI
Not supported
S3700EI
S3700HI
S5700S-LI/S5700LI/S5710C-LI/S5710-X-LI/S5700SI
Not supported
S5720S-SI/S5720SI
V200R008
S5700EI
S5710EI
S5700HI
S5710HI
S5720EI
V200R007
S5720HI
V200R006
S6700EI
S6720EI
V200R008
S6720S-EI
V200R009
S5700
S6700
Issue 11 (2016-07-22)
165
7 IP Multicast
Only the S5720HI supports wireless access to an IPv4 multicast network. When wireless
users connect to the IPv4 multicast network, the S5720HI's Layer 3 interfaces toward
wireless users do not support IGMP SSM mapping and static multicast group
configuration.
Only the following versions of products support the IGMP multi-instance feature:
V200R005C03: S5710HI
When IGMP multi-instance is configured, physical interfaces that have been switched to
the Layer 3 mode using the undo portswitch cannot be bound to the VPN instances.
If both Layer 2 and Layer 3 multicast services are required in a VLAN, enable IGMP on
the corresponding VLANIF interface first, and then enable IGMP snooping in the
VLAN. If IGMP snooping is enabled in the VLAN first, IGMP cannot be enabled on the
VLANIF interface.
7.2 MLD
Involved Network Elements
An IPv6 multicast network consists of the following network elements:
l
Multicast source
Sends multicast data to receiver hosts. For example, a video server is a multicast source.
MLD querier
A device that exchanges MLD messages with receiver hosts to create and maintain group
memberships. On a multicast network, Layer 3 devices connected to network segments
of receivers must run the MLD protocol or be configured with static MLD groups.
Otherwise, upstream PIM devices cannot know the multicast groups that users want to
join, and therefore cannot establish multicast forwarding paths.
l
Issue 11 (2016-07-22)
Receiver
Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
166
7 IP Multicast
A multicast user that receives multicast data. A receiver can be a PC, a set top box, or
any device with multicast client installed.
The "MLD Configuration" chapter mainly describes how to configure a Layer 3 device as an
MLD querier.
License Support
MLD is a basic feature of a switch and is not under license control.
Version Support
Table 7-2 Products and minimum versions supporting MLD
Series
Product Model
Minimum Version
Required
S1700
S1720
Not supported
S2700
S2700SI/S2710SI/S2700EI/
S2720EI/S2750EI
Not supported
S3700
S3700SI/S3700EI/S3700HI
Not supported
S5700
S5700S-LI/S5700LI/S5710C-LI/S5710-X-LI/S5700SI
Not supported
S5720S-SI/S5720SI
V200R008
S5700EI
S5710EI
S5700HI
S5710HI
S5720EI
V200R007
S5720HI
V200R006
S6700EI
S6720EI
V200R008
S6720S-EI
V200R009
S6700
Issue 11 (2016-07-22)
167
7 IP Multicast
MLD-capable switches support MLD configuration on physical interfaces that have been
switched to Layer 3 mode using the undo portswitch command since V200R005. This
configuration, however, is not supported on the S5720S-SI and S5720SI.
If both Layer 2 and Layer 3 multicast services are required in a VLAN, enable MLD on
the corresponding VLANIF interface first, and then enable MLD Snooping in the
VLAN. If MLD Snooping is enabled in the VLAN first, MLD cannot be enabled on the
VLANIF interface.
Multicast source
A device that sends multicast data to receiver hosts. For example, a video server is a
multicast source.
IGMP querier
A device that exchanges IGMP messages with receiver hosts to create and maintain
group memberships. On a multicast network, Layer 3 devices connected to network
segments of receivers must run the IGMP protocol or be configured with static IGMP
groups. Otherwise, upstream PIM devices cannot know the multicast groups that users
want to join, and therefore cannot establish multicast forwarding paths.
l
Issue 11 (2016-07-22)
Receiver
Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
168
7 IP Multicast
A multicast user that receives multicast data. A receiver can be a PC, a set top box, or
any device with multicast client installed.
Generally, PIM (IPv4) is configured on a device that needs to run PIM (IPv4) to monitor and
maintain multicast forwarding paths.
License Support
PIM (IPv4) is a basic feature of a switch and is not under license control.
Version Support
Table 7-3 Products and minimum versions supporting PIM (IPv4)
Series
Product Model
Minimum Version
Required
S1700
S1720
Not supported
S2700
S2700SI/S2710SI/S2700EI/
S2720EI/S2750EI
Not supported
S3700
S3700SI
Not supported
S3700EI
S3700HI
S5700S-LI/S5700LI/S5710C-LI/S5710-X-LI/S5700SI
Not supported
S5720S-SI/S5720SI
V200R008
S5700EI
S5710EI
S5700HI
S5710HI
S5720EI
V200R007
S5720HI
V200R006
S5700
Issue 11 (2016-07-22)
169
7 IP Multicast
Series
Product Model
Minimum Version
Required
S6700
S6700EI
S6720EI
V200R008
S6720S-EI
V200R009
Only the following products and versions support the PIM (IPv4) multi-instance feature:
V200R005C03: S5710HI
PIM (IPv4) can be configured in a VPN instance, but the VPN instance cannot be bound
to a physical interface that has been switched to Layer 3 mode using the undo
portswitch command.
The VLANIF interface corresponding to the super VLAN cannot be used as an inbound
interface of multicast data packets, that is, interface facing the multicast source.
If both Layer 2 and Layer 3 multicast services are required in a VLAN, enable
PIM(IPv4) on the corresponding VLANIF interface first, and then enable IGMP
snooping in the VLAN. If IGMP snooping is enabled in the VLAN first, PIM(IPv4)
cannot be enabled on the VLANIF interface.
Multicast source
Sends multicast data to receiver hosts. For example, a video server is a multicast source.
Issue 11 (2016-07-22)
170
7 IP Multicast
MLD querier
A device that exchanges MLD messages with receiver hosts to create and maintain group
memberships. On a multicast network, Layer 3 devices connected to network segments
of receivers must run the MLD protocol or be configured with static MLD groups.
Otherwise, upstream PIM devices cannot know the multicast groups that users want to
join, and therefore cannot establish multicast forwarding paths.
Receiver
A multicast user that receives multicast data. A receiver can be a PC, a set top box, or
any device with multicast client installed.
The "IPv6 PIM Configuration" chapter describes how to configure IPv6 PIMon a Layer 3
device.
License Support
IPv6 PIM is a basic feature of a switch and is not under license control.
Version Support
Table 7-4 Products and minimum versions supporting IPv6 PIM
Issue 11 (2016-07-22)
Series
Product Model
Minimum Version
Required
S1700
S1720
Not supported
S2700
S2700SI/S2710SI/S2700EI/
S2720EI/S2750EI
Not supported
S3700
S3700SI/S3700EI/S3700HI
Not supported
S5700
S5700S-LI/S5700LI/S5710C-LI/S5710-X-LI/S5700SI
Not supported
S5720S-SI/S5720SI
V200R008
S5700EI
S5710EI
S5700HI
171
Series
S6700
7 IP Multicast
Product Model
Minimum Version
Required
S5710HI
S5720EI
V200R007
S5720HI
V200R006
S6700EI
S6720EI
V200R008
S6720S-EI
V200R009
IPv6 PIM-capable switches support IPv6 PIM configuration on physical interfaces that
have been switched to Layer 3 mode using the undo portswitch command since
V200R005. This configuration, however, is not supported on the S5720S-SI and
S5720SI.
If both Layer 2 and Layer 3 multicast services are required in a VLAN, enable
PIM(IPv6) on the corresponding VLANIF interface first, and then enable MLD
Snooping in the VLAN. If MLD Snooping is enabled in the VLAN first, PIM(IPv6)
cannot be enabled on the VLANIF interface.
7.5 MSDP
Involved Network Elements
An IPv4 multicast network consists of the following network elements:
l
Multicast source
A device that sends multicast data to receiver hosts. For example, a video server is a
multicast source.
Issue 11 (2016-07-22)
172
7 IP Multicast
IGMP querier
A device that exchanges IGMP messages with receiver hosts to create and maintain
group memberships. On a multicast network, Layer 3 devices connected to network
segments of receivers must run the IGMP protocol or be configured with static IGMP
groups. Otherwise, upstream PIM devices cannot know the multicast groups that users
want to join, and therefore cannot establish multicast forwarding paths.
Receiver
A multicast user that receives multicast data. A receiver can be a PC, a set top box, or
any device with multicast client installed.
The "MSDP Configuration" chapter describes how to configure MSDP on a Layer 3 device.
License Support
MSDP is a basic feature of a switch and is not under license control.
Version Support
Table 7-5 Products and minimum versions supporting MSDP
Series
Product Model
Minimum Version
Required
S1700
S1720
Not supported
S2700
S2700SI/S2710SI/S2700EI/
S2720EI/S2750EI
Not supported
S3700
S3700SI
Not supported
S3700EI
Not supported
S3700HI
S5700S-LI/S5700LI/S5710C-LI/S5710-X-LI/S5700SI
Not supported
S5720S-SI/S5720SI
V200R008
S5700
Issue 11 (2016-07-22)
173
Series
S6700
7 IP Multicast
Product Model
Minimum Version
Required
S5700EI
S5710EI
S5700HI
S5710HI
S5720EI
V200R007
S5720HI
V200R006
S6700EI
S6720EI
V200R008
S6720S-EI
V200R009
Only the following products and versions support the MSDP multi-instance feature:
V200R005C03: S5710HI
Multicast source
A device that sends multicast data to receiver hosts. For example, a video server is a
multicast source.
Issue 11 (2016-07-22)
174
7 IP Multicast
multicast network, all Layer 3 devices must run PIM (IPv4); otherwise, multicast
forwarding paths cannot be established.
l
IGMP querier
A device that exchanges IGMP messages with receiver hosts to create and maintain
group memberships. On a multicast network, Layer 3 devices connected to network
segments of receivers must run the IGMP protocol or be configured with static IGMP
groups. Otherwise, upstream PIM devices cannot know the multicast groups that users
want to join, and therefore cannot establish multicast forwarding paths.
Receiver
A multicast user that receives multicast data. A receiver can be a PC, a set top box, or
any device with multicast client installed.
The "Multicast VPN Configuration" chapter describes how to configure multicast VPN on a
provider edge (PE) device.
License Support
Multicast VPN is a basic feature of a switch and is not under license control.
Version Support
Table 7-6 Products and minimum versions supporting multicast VPN
Issue 11 (2016-07-22)
Series
Product
S1700
S1720
Not supported
S2700
S2700SI/S2710SI/S2700EI/
S2720EI/S2750EI
Not supported
S3700
S3700SI/S3700EI/S3700HI
Not supported
175
7 IP Multicast
Series
Product
S5700
S5700S-LI/S5700LI/S5710-C-LI/
S5710-X-LI/S5700SI/S5720S-SI/
S5720SI/S5700EI/S5710EI/
S5720EI/S5720HI
Not supported
S5700HI
S5710HI
S6700EI/S6720EI/S6720S-EI
Not supported
S6700
Multicast domain (MD) based multicast VPN on the switch does not support PIM-SM in
the SSM model used on the public network.
The switch does not support multicast VPN on an inter-AS BGP/MPLS IPv4 VPN
network.
The switch does not support multicast VPN on an BGP/MPLS IPv6 VPN network.
Multicast source: sends multicast data to receiver hosts. For example, a video server is a
multicast source.
IPv4 Protocol Independent Multicast (PIM) device: uses the IPv4 PIM protocol to
generate and maintain multicast routing entries and forwards multicast data based on
multicast routing entries. On an IPv4 multicast network, all Layer 3 devices must run
IPv4 PIM; otherwise, multicast forwarding paths cannot be established.
Multicast Source Discovery Protocol (MSDP) device: forwards multicast data from one
PIM network to another. For example, if multicast data needs to be transmitted between
two autonomous systems (ASs), the devices at the borders of each AS must run the
MSDP protocol.
Multicast VPN device: enables multicast data on a private network to be transmitted over
a public network. For example, if two sites of a VPN network need to exchange
multicast data across a public network, multicast VPN must be configured on the PE
devices.
IGMP querier: exchanges IGMP messages with receiver hosts to create and maintain
group memberships. On a multicast network, Layer 3 devices connected to network
segments of receivers must run the IGMP protocol or be configured with static IGMP
groups. Otherwise, upstream PIM devices cannot know the multicast groups that users
want to join, and therefore cannot establish multicast forwarding paths.
Issue 11 (2016-07-22)
176
7 IP Multicast
IGMP snooping device: listens on IGMP messages exchanged between upstream Layer 3
multicast devices and receiver hosts to create and maintain Layer 2 multicast forwarding
entries, which are used for accurate multicast data forwarding on a Layer 2 network. To
prevent broadcasting of multicast packets on a Layer 2 network and conserve network
bandwidth, configuring IGMP snooping on Layer 2 devices is recommended.
Receiver: A receiver can be a PC, a set top box, or any device with a multicast client
installed so that users can receive multicast data.
Generally, multicast route management (IPv4) is configured on a device running PIM (IPv4)
to monitor and maintain multicast forwarding paths.
License Support
Multicast route management (IPv4) is a basic feature of a switch and is not under license
control.
Version Support
Table 7-7 Products and minimum versions supporting multicast route management (IPv4)
Series
Product Model
Minimum Version
Required
S1700
S1720
Not supported
S2700
S2700SI/S2710SI/S2700EI/
S2720EI/S2750EI
Not supported
S3700
S3700SI
Not supported
S3700EI
S3700HI
S5700S-LI/S5700LI/S5710C-LI/S5710-X-LI/S5700SI
Not supported
S5720S-SI/S5720SI
V200R008
S5700EI
S5710EI
S5700HI
S5700
Issue 11 (2016-07-22)
177
Series
S6700
7 IP Multicast
Product Model
Minimum Version
Required
S5710HI
S5720EI
V200R007
S5720HI
V200R006
S6700EI
S6720EI
V200R008
S6720S-EI
V200R009
Only the following products and versions support configuration of multicast route
management (IPv4) in a VPN instance:
V200R005C03: S5710HI
When configuring multicast route management (IPv4) in a VPN instance, ensure that the
VPN instance is not bound to a physical interface that has been switched to Layer 3
mode using the undo portswitch command.
Multicast source
Sends multicast data to receiver hosts. For example, a video server is a multicast source.
Issue 11 (2016-07-22)
178
7 IP Multicast
MLD querier
A device that exchanges MLD messages with receiver hosts to create and maintain group
memberships. On a multicast network, Layer 3 devices connected to network segments
of receivers must run the MLD protocol or be configured with static MLD groups.
Otherwise, upstream PIM devices cannot know the multicast groups that users want to
join, and therefore cannot establish multicast forwarding paths.
Receiver
A multicast user that receives multicast data. A receiver can be a PC, a set top box, or
any device with multicast client installed.
Generally, multicast route management (IPv6) is configured on a device running PIM (IPv6)
to monitor and maintain multicast forwarding paths.
License Support
Multicast route management (IPv6) is a basic feature of a switch and is not under license
control.
Version Support
Table 7-8 Products and minimum versions supporting multicast route management (IPv6)
Issue 11 (2016-07-22)
Series
Product Model
Minimum Version
Required
S1700
S1720
Not supported
S2700
S2700SI/S2710SI/S2700EI/
S2720EI/S2750EI
Not supported
S3700
S3700SI/S3700EI/S3700HI
Not supported
S5700
S5700S-LI/S5700LI/S5710C-LI/S5710-X-LI/S5700SI
Not supported
S5720S-SI/S5720SI
V200R008
S5700EI
S5710EI
179
Series
S6700
7 IP Multicast
Product Model
Minimum Version
Required
S5700HI
S5710HI
S5720EI
V200R007
S5720HI
V200R006
S6700EI
S6720EI
V200R008
S6720S-EI
V200R009
Multicast source
A device that sends multicast data to receiver hosts. For example, a video server is a
multicast source.
Issue 11 (2016-07-22)
180
7 IP Multicast
IGMP querier
A device that exchanges IGMP messages with receiver hosts to create and maintain
group memberships. On a multicast network, Layer 3 devices connected to network
segments of receivers must run the IGMP protocol or be configured with static IGMP
groups. Otherwise, upstream PIM devices cannot know the multicast groups that users
want to join, and therefore cannot establish multicast forwarding paths.
Receiver
A multicast user that receives multicast data. A receiver can be a PC, a set top box, or
any device with multicast client installed.
The "IGMP Snooping Configuration" section describes how to configure IGMP snooping on
a Layer 2 device.
License Support
IGMP snooping is a basic feature of a switch and is not under license control.
Version Support
Table 7-9 Products and minimum versions supporting controllable multicast
Issue 11 (2016-07-22)
Series
Product Model
S1700
S1720
S2700
S2700SI/S2710SI
Not supported
S2700EI
S2720EI
S2750EI
V200R003
181
7 IP Multicast
Series
Product Model
S3700
S3700SI/S3700EI
S3700HI
S5700LI/S5700S-LI
V200R001
S5710-C-LI
S5710-X-LI
V200R008
S5700SI/S5700EI
S5720SI/S5720S-SI
V200R008
S5710EI
S5700HI
S5710HI
S5720EI
V200R007
S5720HI
V200R006
S6700EI
S6720EI
V200R008
S6720S-EI
V200R009
S5700
S6700
Issue 11 (2016-07-22)
Because IGMP snooping is a Layer 2 multicast feature, all the IGMP snooping
configurations on interfaces mentioned in this chapter are performed on Layer 2 physical
interfaces, including Eth-Trunk interfaces.
Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
182
7 IP Multicast
If a switch running IGMP snooping receives IGMPv1 or IGMPv2 Report messages with
SSM group addresses (default range: 232.0.0.0/8), the switch does not create Layer 2
multicast forwarding entries.
Only the following products and versions support VSI-based IGMP snooping:
S5720EI: V200R009
S5720HI: V200R009
S6700EI: V200R005
S6720S-EI: V200R009
The VSI-based IGMP snooping feature is applicable only to Martini VPLS networking.
The switch supports only MAC address-based multicast forwarding when VSI-based
IGMP snooping is configured.
When configuring VSI-based IGMP snooping, make sure that an AC-side interface on
the VPLS network cannot be a physical Ethernet interface that has been switched to
Layer 3 mode using the undo portswitch command.
If both Layer 2 and Layer 3 multicast services are required in a VLAN, enable IGMP
and PIM(IPv4) on the corresponding VLANIF interface first, and then enable IGMP
snooping in the VLAN. If IGMP snooping is enabled in the VLAN first, IGMP and
PIM(IPv4) cannot be enabled on the VLANIF interface.
Multicast source
Sends multicast data to receiver hosts. For example, a video server is a multicast source.
Issue 11 (2016-07-22)
183
7 IP Multicast
A device that uses the IPv6 PIM protocol to generate and maintain multicast routing
entries and forwards multicast data based on multicast routing entries. On an IPv6
multicast network, all Layer 3 devices must run IPv6 PIM; otherwise, multicast
forwarding paths cannot be established.
l
MLD querier
A device that exchanges MLD messages with receiver hosts to create and maintain group
memberships. On a multicast network, Layer 3 devices connected to network segments
of receivers must run the MLD protocol or be configured with static MLD groups.
Otherwise, upstream PIM devices cannot know the multicast groups that users want to
join, and therefore cannot establish multicast forwarding paths.
Receiver
A multicast user that receives multicast data. A receiver can be a PC, a set top box, or
any device with multicast client installed.
The "MLD Snooping Configuration" chapter describes how to configure MLD snooping on a
Layer 2 device.
License Support
MLD snooping is a basic feature of a switch and is not under license control.
Version Support
Table 7-10 Products and minimum versions supporting MLD snooping
Series
Product Model
S1700
S1720
S2700
S2700EI
S2720EI
S2750EI
V200R003
S3700SI/S3700EI
S3700
Issue 11 (2016-07-22)
184
Series
S5700
S6700
7 IP Multicast
Product Model
S3700HI
S5700LI/S5700S-LI
V200R001
S5710-C-LI
S5710-X-LI
V200R008
S5700SI/S5700EI
S5720SI/S5720S-SI
V200R008
S5710EI
S5700HI
S5710HI
S5720EI
V200R007
S5720HI
V200R006
S6700EI
S6720EI
V200R008
S6720S-EI
V200R009
All the MLD snooping configurations on interfaces mentioned in this chapter are
performed on Layer 2 physical interfaces, including Eth-Trunk interfaces.
If both Layer 2 and Layer 3 multicast services are required in a VLAN, enable MLD and
PIM(IPv6) on the corresponding VLANIF interface first, and then enable MLD
Snooping in the VLAN. If MLD Snooping is enabled in the VLAN first, MLD and
PIM(IPv6) cannot be enabled on the VLANIF interface.
Issue 11 (2016-07-22)
185
7 IP Multicast
Multicast source
A device that sends multicast data to receiver hosts. For example, a video server is a
multicast source.
IGMP querier
A device that exchanges IGMP messages with receiver hosts to create and maintain
group memberships. On a multicast network, Layer 3 devices connected to network
segments of receivers must run the IGMP protocol or be configured with static IGMP
groups. Otherwise, upstream PIM devices cannot know the multicast groups that users
want to join, and therefore cannot establish multicast forwarding paths.
Receiver
A multicast user that receives multicast data. A receiver can be a PC, a set top box, or
any device with multicast client installed.
Multicast source
Sends multicast data to receiver hosts. For example, a video server is a multicast source.
Issue 11 (2016-07-22)
186
7 IP Multicast
multicast network, all Layer 3 devices must run IPv6 PIM; otherwise, multicast
forwarding paths cannot be established.
l
MLD querier
A device that exchanges MLD messages with receiver hosts to create and maintain group
memberships. On a multicast network, Layer 3 devices connected to network segments
of receivers must run the MLD protocol or be configured with static MLD groups.
Otherwise, upstream PIM devices cannot know the multicast groups that users want to
join, and therefore cannot establish multicast forwarding paths.
Receiver
A multicast user that receives multicast data. A receiver can be a PC, a set top box, or
any device with multicast client installed.
Static multicast MAC address binding is a Layer 2 multicast feature. Similar to IGMP/MLD
snooping, this feature is also used to reduce bandwidth consumption caused by broadcast of
multicast data packets on a Layer 2 network.
License Support
Static multicast MAC address binding is a basic feature of a switch and is not under license
control.
Version Support
Table 7-11 Products and minimum versions supporting static multicast MAC addresses
Series
Product Model
S1700
S1720
S2700
S2700SI/S2700EI
Not supported
S2720EI
S2750EI
V200R003
S3700SI/S3700EI
Not supported
S3700HI
S5700LI/S5700S-LI
V200R001
S3700
S5700
Issue 11 (2016-07-22)
187
Series
S6700
7 IP Multicast
Product Model
S5710-C-LI
Not supported
S5710-X-LI
V200R008
S5700SI
S5720S-SI/S5720SI
V200R008
S5700EI
S5710EI
S5700HI
S5710HI
S5720EI
V200R007
S5720HI
V200R006
S6700EI
S6720EI
V200R008
S6720S-EI
V200R009
Static multicast MAC address binding is a Layer 2 multicast feature, so all the static
multicast MAC address configurations on interfaces mentioned in this chapter are
performed on Layer 2 physical interfaces, including Eth-Trunk interfaces.
A static multicast MAC address you configure must be a multicast MAC address with
the rightmost bit as 1 (xxxx xxx1).
The VLAN specified in the static multicast MAC address configuration command cannot
be a super-VLAN, leased line VLAN, control VLAN of a Smart Ethernet Protocol (SEP)
segment, or control VLAN of a Rapid Ring Protection Protocol (RRPP) ring.
Issue 11 (2016-07-22)
188
7 IP Multicast
In V200R002 and later versions, IP multicast MAC addresses (IPv4 multicast MAC
addresses starting with 0x01-00-5e or IPv6 multicast MAC addresses starting with
0x3333) can be configured as static MAC addresses. When configuring an IP multicast
MAC address as a static multicast MAC address on an interface, ensure that IGMP/MLD
snooping is not enabled in the VLAN to which the interface belongs.
Before configuring static multicast MAC addresses on an interface of the S5700S-28XLI-AC, S5700S-52X-LI-AC, S5710-X-LI, S5700SI, S5720S-SI, and S5720SI, set the
multicast data forwarding mode to MAC address based mode in the VLAN to which the
interface belongs.
Multicast source
A device that sends multicast data to receiver hosts. For example, a video server is a
multicast source.
IGMP querier
A device that exchanges IGMP messages with receiver hosts to create and maintain
group memberships. On a multicast network, Layer 3 devices connected to network
segments of receivers must run the IGMP protocol or be configured with static IGMP
groups. Otherwise, upstream PIM devices cannot know the multicast groups that users
want to join, and therefore cannot establish multicast forwarding paths.
Receiver
A multicast user that receives multicast data. A receiver can be a PC, a set top box, or
any device with multicast client installed.
Issue 11 (2016-07-22)
189
7 IP Multicast
Multicast source
Sends multicast data to receiver hosts. For example, a video server is a multicast source.
MLD querier
A device that exchanges MLD messages with receiver hosts to create and maintain group
memberships. On a multicast network, Layer 3 devices connected to network segments
of receivers must run the MLD protocol or be configured with static MLD groups.
Otherwise, upstream PIM devices cannot know the multicast groups that users want to
join, and therefore cannot establish multicast forwarding paths.
Receiver
A multicast user that receives multicast data. A receiver can be a PC, a set top box, or
any device with multicast client installed.
Multicast VLAN replication is a Layer 2 multicast feature that can be configured on a device
running IGMP/MLD snooping.
License Support
Multicast VLAN replication is a basic feature of a switch and is not under license control.
Version Support
Table 7-12 Products and minimum versions supporting multicast VLAN replication
Series
Product Model
S1700
S1720
S2700
Issue 11 (2016-07-22)
S2700SI/S2710SI
Not supported
190
Series
7 IP Multicast
Product Model
S2700EI
S2720EI
S2750EI
V200R003
NOTE
The S2750EI does not support N-to-N
multicast VLAN replication based on user
VLANs.
S3700
S5700
S3700SI/S3700EI
S3700HI
S5700LI/S5700S-LI
V200R001
NOTE
The S5700LI and S5700S-LI support N-toN multicast VLAN replication based on
user VLANs since V200R005.
Issue 11 (2016-07-22)
S5710-C-LI
S5710-X-LI
V200R008
S5700SI/S5700EI
S5720SI/S5720S-SI
V200R008
S5710EI
191
Series
S6700
7 IP Multicast
Product Model
S5700HI
S5710HI
S5720EI
V200R007
S5720HI
V200R006
S6700EI
S6720EI
V200R008
S6720S-EI
V200R009
Because multicast VLAN replication is a Layer 2 multicast feature, all the configurations
on interfaces mentioned in this chapter are performed on Layer 2 physical interfaces,
including Eth-Trunk interfaces.
Set an appropriate TTL value for multicast data packets sent from a multicast source to
ensure that these multicast data packets carry a TTL value larger than 1 when arriving at
the switch through multicast VLAN. Otherwise, the multicast data packets may not be
copied to user VLANs.
On a switch, except those using MAC address-based forwarding as the default Layer 2
multicast forwarding mode, a VLAN cannot be configured as a multicast VLAN after the
multicast data forwarding mode in the VLAN is set to MAC address-based forwarding
using the l2-multicast forwarding-mode command.
Multicast source
A device that sends multicast data to receiver hosts. For example, a video server is a
multicast source.
Issue 11 (2016-07-22)
192
7 IP Multicast
IGMP querier
A device that exchanges IGMP messages with receiver hosts to create and maintain
group memberships. On a multicast network, Layer 3 devices connected to network
segments of receivers must run the IGMP protocol or be configured with static IGMP
groups. Otherwise, upstream PIM devices cannot know the multicast groups that users
want to join, and therefore cannot establish multicast forwarding paths.
Receiver
A multicast user that receives multicast data. A receiver can be a PC, a set top box, or
any device with multicast client installed.
Multicast source
Sends multicast data to receiver hosts. For example, a video server is a multicast source.
MLD querier
A device that exchanges MLD messages with receiver hosts to create and maintain group
memberships. On a multicast network, Layer 3 devices connected to network segments
of receivers must run the MLD protocol or be configured with static MLD groups.
Otherwise, upstream PIM devices cannot know the multicast groups that users want to
join, and therefore cannot establish multicast forwarding paths.
l
Issue 11 (2016-07-22)
Receiver
Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
193
7 IP Multicast
A multicast user that receives multicast data. A receiver can be a PC, a set top box, or
any device with multicast client installed.
Controllable multicast is a Layer 2 multicast feature that needs to be configured on a device
running IGMP/MLD snooping.
License Support
Controllable multicast is a basic feature of a switch and is not under license control.
Version Support
Table 7-13 Products and minimum versions supporting controllable multicast
Series
Product Model
S1700
S1720
S2700
S2700SI/S2710SI
Not supported
S2700EI
S2720EI
S2750EI
V200R003
S3700SI/S3700EI
S3700HI
S5700LI/S5700S-LI
V200R001
S5710-C-LI
S5710-X-LI
V200R008
S5700SI/S5700EI
S5720SI/S5720S-SI
V200R008
S3700
S5700
Issue 11 (2016-07-22)
194
Series
S6700
7 IP Multicast
Product Model
S5710EI
S5700HI
S5710HI
S5720EI
V200R007
S5720HI
V200R006
S6700EI
S6720EI
V200R008
S6720S-EI
V200R009
Multicast source
A device that sends multicast data to receiver hosts. For example, a video server is a
multicast source.
Issue 11 (2016-07-22)
195
7 IP Multicast
sites of a VPN network need to exchange multicast data across a public network,
multicast VPN needs to be configured on the PE devices.
l
IGMP querier
A device that exchanges IGMP messages with receiver hosts to create and maintain
group memberships. On a multicast network, Layer 3 devices connected to network
segments of receivers must run the IGMP protocol or be configured with static IGMP
groups. Otherwise, upstream PIM devices cannot know the multicast groups that users
want to join, and therefore cannot establish multicast forwarding paths.
Receiver
A multicast user that receives multicast data. A receiver can be a PC, a set top box, or
any device with multicast client installed.
Multicast source
Sends multicast data to receiver hosts. For example, a video server is a multicast source.
MLD querier
A device that exchanges MLD messages with receiver hosts to create and maintain group
memberships. On a multicast network, Layer 3 devices connected to network segments
of receivers must run the MLD protocol or be configured with static MLD groups.
Otherwise, upstream PIM devices cannot know the multicast groups that users want to
join, and therefore cannot establish multicast forwarding paths.
Receiver
A multicast user that receives multicast data. A receiver can be a PC, a set top box, or
any device with multicast client installed.
License Support
Multicast network management is a basic feature of a switch and is not under license control.
Issue 11 (2016-07-22)
196
7 IP Multicast
Version Support
Table 7-14 Products and minimum versions supporting multicast network management
Series
Product Model
S1700
S1720
S2700
S2700SI/S2710SI/S2700EI
Not supported
S2720EI
S2750EI
V200R003
S3700
S3700SI/S3700EI/S3700HI
Not supported
S5700
S5700LI/S5700S-LI
V200R002
S5710-C-LI
Not supported
S5710-X-LI
V200R008
S5700SI
S5720SI/S5720S-SI
V200R008
S5700EI
S5710EI
S5700HI
S5710HI
S5720EI
V200R007
S5720HI
V200R006
S6700EI
S6720EI
V200R008
S6700
Issue 11 (2016-07-22)
197
Series
7 IP Multicast
Product Model
S6720S-EI
V200R009
Issue 11 (2016-07-22)
198
8 MPLS
MPLS
Issue 11 (2016-07-22)
199
8 MPLS
License Support
MPLS is a basic feature of a switch and is not under license control.
Version Support
Table 8-1 Products and minimum version supporting static LSPs
Series
Product Model
Minimum Version
Required
S1700
S1720GFR
Not supported
S2700
S2700SI
Not supported
S2700EI
Not supported
S2710SI
Not supported
S2720EI
Not supported
S2750EI
Not supported
S3700SI
Not supported
S3700EI
Not supported
S3700HI
Not supported
S5700LI/S5700S-LI
Not supported
S5710-C-LI
Not supported
S5710-X-LI
Not supported
S5700SI
Not supported
S5700EI
Not supported
S5710EI
S5720EI
V200R009
S5720SI/S5720S-SI
Not supported
S3700
S5700
Issue 11 (2016-07-22)
200
Series
8 MPLS
Product Model
Minimum Version
Required
S5700HI
S5710HI
S5720HI
V200R007C10
The function is not
supported in V200R008.
S6700
S6700EI
S6720EI
V200R008
S6720S-EI
V200R009
MPLS cannot be enabled on the S5720EI switch. If the switch has been added to a stack,
MPLS cannot be enabled on the stack.
License Support
MPLS is not under license control.
Issue 11 (2016-07-22)
201
8 MPLS
Version Support
Table 8-2 Products and minimum version supporting MPLS LDP
Series
Product Model
Minimum Version
Required
S1700
S1720GFR
Not supported
S2700
S2700SI
Not supported
S2700EI
Not supported
S2710SI
Not supported
S2720EI
Not supported
S2750EI
Not supported
S3700SI
Not supported
S3700EI
Not supported
S3700HI
Not supported
S5700LI/S5700S-LI
Not supported
S5710-C-LI
Not supported
S5710-X-LI
Not supported
S5700SI
Not supported
S5700EI
Not supported
S5710EI
S5720EI
V200R009
S5720SI/S5720S-SI
Not supported
S5700HI
S5710HI
S5720HI
V200R007C10
S3700
S5700
Issue 11 (2016-07-22)
S6700EI
202
Series
8 MPLS
Product Model
Minimum Version
Required
S6720EI
V200R008
S6720S-EI
V200R009
In V200R003 and earlier versions, VLANIF interfaces on the device support MPLS
LDP.
If the command output displays NO for hardware support for MPLS when you run the
display device capability command on the S5720EI switch, the switch does not support
MPLS. In this case, you need to pay attention to the following points:
MPLS cannot be enabled on the S5720EI switch. If the switch has been added to a
stack, MPLS cannot be enabled on the stack.
License Support
MPLS QoS is a basic feature of a switch and is not under license control.
Version Support
Table 8-3 Products and minimum version supporting MPLS QoS
Series
Product Model
Minimum Version
Required
S1700
S1720GFR
Not supported
S2700
S2700SI
Not supported
S2700EI
Not supported
S2710SI
Not supported
S2720EI
Not supported
S2750EI
Not supported
S3700SI
Not supported
S3700
Issue 11 (2016-07-22)
203
Series
S5700
8 MPLS
Product Model
Minimum Version
Required
S3700EI
Not supported
S3700HI
Not supported
S5700LI/S5700S-LI
Not supported
S5710-C-LI
Not supported
S5710-X-LI
Not supported
S5700SI
Not supported
S5700EI
Not supported
S5710EI
S5720EI
V200R009
S5720SI/S5720S-SI
Not supported
S5700HI
S5710HI
S5720HI
V200R007C10
The function is not
supported in V200R008.
S6700
S6700EI
S6720EI
V200R008
S6720S-EI
V200R009
MPLS cannot be enabled on the S5720EI switch. If the switch has been added to a stack,
MPLS cannot be enabled on the stack.
Issue 11 (2016-07-22)
204
8 MPLS
8.4 MPLS TE
Involved Network Elements
Other network elements are not required.
License Support
MPLS TE is a basic feature of a switch and is not under license control.
Version Support
Table 8-4 Products and minimum version supporting MPLS TE
Series
Product Model
Minimum Version
Required
S1700
S1720GFR
Not supported
S2700
S2700SI
Not supported
S2700EI
Not supported
S2710SI
Not supported
S2720EI
Not supported
S2750EI
Not supported
S3700SI
Not supported
S3700EI
Not supported
S3700HI
Not supported
S5700LI/S5700S-LI
Not supported
S5710-C-LI
Not supported
S5710-X-LI
Not supported
S5700SI
Not supported
S5700EI
Not supported
S5710EI
S5720EI
V200R009
S5720SI/S5720S-SI
Not supported
S3700
S5700
Issue 11 (2016-07-22)
205
Series
8 MPLS
Product Model
Minimum Version
Required
S5700HI
S5710HI
S5720HI
V200R007C10
The function is unsupported
in V200R008.
S6700
S6700EI
S6720EI
V200R008
S6720S-EI
V200R009
In V200R003 and earlier versions, VLANIF interfaces on the device support MPLS TE.
If the command output displays NO for hardware support for MPLS when you run the
display device capability command on the S5720EI switch, the switch does not support
MPLS. In this case, you need to pay attention to the following points:
MPLS cannot be enabled on the S5720EI switch. If the switch has been added to a
stack, MPLS cannot be enabled on the stack.
Dynamic TE tunnels using bandwidth reserved in Shared Explicit (SE) style support TE
FRR, but static TE tunnels do not.
If TE FRR is enabled in a scenario where MPLS TE tunnels transmit VPN services, you
must configure PHP when the MP node is the egress node of the primary CR-LSP.
In V200R005 and earlier versions, TE FRR can be performed during the RSVP GR
process. This protects traffic on the primary tunnel and speeds up troubleshooting in the
situation where a traffic switchover or a reboot is triggered after a fault occurs on a PLR,
the PLR's upstream node, an MP, or the MP's downstream node, while the outbound
interface of a primary tunnel on the PLR fails.
During the RSVP GR process, FRR switching is triggered if the outbound interface of a
primary tunnel on the PLR goes Down.
When configuring tunnel protection groups on the device, pay attention to the following
points:
l
Issue 11 (2016-07-22)
206
8 MPLS
Tunnel-specific attributes in a tunnel protection group are independent from each other.
For example, a protection tunnel with the bandwidth 50 Mbit/s can protect a working
tunnel with the bandwidth 100 Mbit/s.
A tunnel protection group and TE FRR cannot be configured simultaneously on the ingress node
of a primary tunnel.
When you configure BFD for MPLS TE on the device, pay attention to the following points:
l
BFD for LSP can function properly though the forward path is an LSP and the backward
path is an IP link. The forward path and the backward path must be established over the
same link; otherwise, if a fault occurs, BFD cannot identify the faulty path. Before
deploying BFD, ensure that the forward and backward paths are over the same link so
that BFD can correctly identify the faulty path.
Issue 11 (2016-07-22)
207
9 VPN
VPN
Issue 11 (2016-07-22)
208
9 VPN
9.1 GRE
Involved Network Elements
Other network elements are not required.
License Support
GRE is a basic feature of a switch and is not under license control.
Version Support
Table 9-1 Products and minimum version supporting GRE
Series
Product Model
Minimum Version
Required
S1700
S1720GFR
Not supported
S2700
S2700SI
Not supported
S2700EI
Not supported
S2710SI
Not supported
S2720EI
Not supported
S2750EI
Not supported
S3700SI
Not supported
S3700EI
Not supported
S3700HI
Not supported
S5700LI/S5700S-LI
Not supported
S5710-C-LI
Not supported
S5710-X-LI
Not supported
S5700SI
Not supported
S5700EI
Not supported
S5710EI
S5720EI
V200R007C00 (The
S5720EI is unavailable in
V200R007C10.)
S3700
S5700
Issue 11 (2016-07-22)
209
Series
S6700
9 VPN
Product Model
Minimum Version
Required
S5700HI
S5710HI
S5720HI
V200R006
S5720SI/S5720S-SI
Not supported
S6700EI
S6720EI
V200R008
S6720S-EI
V200R009
License Support
BGP/MPLS IP VPN is a basic feature of a switch and is not under license control.
Version Support
Table 9-2 Products and minimum version supporting BGP/MPLS IP VPN
Issue 11 (2016-07-22)
Series
Product Model
Minimum Version
Required
S1700
S1720GFR
Not supported
S2700
S2700SI
Not supported
S2700EI
Not supported
S2710SI
Not supported
210
Series
S3700
9 VPN
Product Model
Minimum Version
Required
S2720EI
Not supported
S2750EI
Not supported
S3700SI
Not supported
S3700EI
S5700
S3700HI
Not supported
S5700LI/S5700S-LI
Not supported
S5710-C-LI
Not supported
S5710-X-LI
Not supported
S5700SI
Not supported
S5700EI
S5710EI
S5720EI
V200R007
NOTE
In V200R007C00, and
V200R008, only the MCE
function is supported.
S5700HI
S5710HI
Issue 11 (2016-07-22)
211
Series
9 VPN
Product Model
Minimum Version
Required
S5720HI
V200R006
NOTE
In V200R006,
V200R007C00,and
V200R008, only the MCE
function is supported.
S5720SI/S5720S-SI
V200R008
NOTE
Only the MCE function is
supported.
S6700
S6700EI
S6720EI
V200R008
S6720S-EI
V200R009
License Support
BGP/MPLS IPv6 VPN is a basic feature of a switch and is not under license control.
Issue 11 (2016-07-22)
212
9 VPN
Version Support
Table 9-3 Products and minimum version supporting BGP/MPLS IPv6 VPN
Series
Product Model
Minimum Version
Required
S1700
S1720GFR
Not supported
S2700
S2700SI
Not supported
S2700EI
Not supported
S2710SI
Not supported
S2720EI
Not supported
S2750EI
Not supported
S3700SI
Not supported
S3700EI
S3700
NOTE
Only the IPv6 MCE function
is supported.
S5700
S3700HI
Not supported
S5700LI/S5700S-LI
Not supported
S5710-C-LI
Not supported
S5710-X-LI
Not supported
S5700SI
Not supported
S5700EI
Not supported
S5710EI
S5720EI
V200R007
NOTE
In V200R007C00, and
V200R008, only the IPv6
MCE function is supported.
Issue 11 (2016-07-22)
213
Series
9 VPN
Product Model
Minimum Version
Required
S5700HI
S5710HI
S5720HI
V200R006
NOTE
In V200R006,
V200R007C00,and
V200R008, only the IPv6
MCE function is supported.
S5720SI/S5720S-SI
V200R008
NOTE
Only the IPv6 MCE function
is supported.
S6700
S6700EI
S6720EI
V200R008
S6720S-EI
V200R009
9.4 VLL
Involved Network Elements
Other network elements are not required.
License Support
VLL is a basic feature of a switch and is not under license control.
Issue 11 (2016-07-22)
214
9 VPN
Version Support
Table 9-4 Products and minimum version supporting VLL
Series
Product Model
Minimum Version
Required
S1700
S1720GFR
Not supported
S2700
S2700SI
Not supported
S2700EI
Not supported
S2710SI
Not supported
S2720EI
Not supported
S2750EI
Not supported
S3700SI
Not supported
S3700EI
Not supported
S3700HI
Not supported
S5700LI/S5700S-LI
Not supported
S5710-C-LI
Not supported
S5710-X-LI
Not supported
S5700SI
Not supported
S5700EI
Not supported
S5710EI
S5720EI
V200R009
S5700HI
S5710HI
S5720HI
V200R007C10
S3700
S5700
NOTE
The function is unsupported in
V200R008.
S6700
Issue 11 (2016-07-22)
S5720SI/S5720S-SI
Not supported
S6700EI
215
Series
9 VPN
Product Model
Minimum Version
Required
S6720EI
V200R008
S6720S-EI
V200R009
Do not add the PW to VLAN 1. If the PW is added to VLAN 1, the AC joins VLAN 1 in
untagged mode and VLAN tags of packets are removed.
After receiving Layer 2 protocol packets such as STP, VBST, SMLK, LBT/LBDT,
LACP, 3AH, 1AG, Y.1731, HGMP, LLDP, DLDP, GVRP, HVRP, DAD, LNP, VCMP,
and BFD packets from an AC interface, a PE device determines whether it needs to
process the packets. If not (for example, Layer 2 protocols are disabled), the PE device
transparently transmits the Layer 2 protocol packets through the VLL.
If L2VPN is configured on the device, the AC-side outbound interface does not support
IP address-based load balancing when the interface is an Eth-Trunk interface.
9.5 PWE3
Involved Network Elements
Other network elements are not required.
License Support
PWE3 is a basic feature of a switch and is not under license control.
Version Support
Table 9-5 Products and minimum version supporting PWE3
Issue 11 (2016-07-22)
Series
Product Model
Minimum Version
Required
S1700
S1720GFR
Not supported
S2700
S2700SI
Not supported
216
Series
S3700
S5700
9 VPN
Product Model
Minimum Version
Required
S2700EI
Not supported
S2710SI
Not supported
S2720EI
Not supported
S2750EI
Not supported
S3700SI
Not supported
S3700EI
Not supported
S3700HI
Not supported
S5700LI/S5700S-LI
Not supported
S5710-C-LI
Not supported
S5710-X-LI
Not supported
S5700SI
Not supported
S5700EI
Not supported
S5710EI
S5720EI
V200R009
S5700HI
S5710HI
S5720HI
V200R007C10
NOTE
The function is not supported
in V200R008.
S6700
Issue 11 (2016-07-22)
S5720SI/S5720S-SI
Not supported
S6700EI
S6720EI
V200R008
S6720S-EI
V200R009
217
9 VPN
Do not add the PW to VLAN 1. If the PW is added to VLAN 1, the AC-side interface
joins VLAN 1 in untagged mode and VLAN tags of packets are removed.
If L2VPN is configured on the device, the AC-side outbound interface does not support
IP address-based load balancing when the interface is an Eth-Trunk interface.
9.6 VPLS
Involved Network Elements
Other network elements are not required.
License Support
VPLS is a basic feature of a switch and is not under license control.
Version Support
Table 9-6 Products and minimum version supporting VPLS
Series
Product Model
Minimum Version
Required
S1700
S1720GFR
Not supported
S2700
S2700SI
Not supported
S2700EI
Not supported
S2710SI
Not supported
S2720EI
Not supported
S2750EI
Not supported
S3700SI
Not supported
S3700EI
Not supported
S3700HI
Not supported
S5700LI/S5700S-LI
Not supported
S3700
S5700
Issue 11 (2016-07-22)
218
Series
9 VPN
Product Model
Minimum Version
Required
S5710-C-LI
Not supported
S5710-X-LI
Not supported
S5700SI
Not supported
S5700EI
Not supported
S5710EI
S5720EI
V200R009
S5700HI
S5710HI
S5720HI
V200R007C10
NOTE
The function is unsupported in
V200R008.
S6700
S5720SI/S5720S-SI
Not supported
S6700EI
S6720EI
V200R008
S6720S-EI
V200R009
Do not add the PW to VLAN 1. If the PW is added to VLAN 1, the AC joins VLAN 1 in
untagged mode and VLAN tags of packets are removed.
After receiving Layer 2 protocol packets such as STP, VBST, SMLK, LBT/LBDT,
LACP, 3AH, 1AG, Y.1731, HGMP, LLDP, DLDP, GVRP, HVRP, DAD, LNP, VCMP,
and BFD packets from an AC interface, a PE device determines whether it needs to
process the packets. If not (for example, Layer 2 protocols are disabled), the PE device
transparently transmits the Layer 2 protocol packets through the VPLS.
If L2VPN is configured on the device, the AC-side outbound interface does not support
IP address-based load balancing when the interface is an Eth-Trunk interface.
Issue 11 (2016-07-22)
219
Issue 11 (2016-07-22)
9 VPN
220
10 WLAN-AC
10
WLAN-AC
Issue 11 (2016-07-22)
221
10 WLAN-AC
APs mentioned in this document are Huawei AP products. You are advised to use
Huawei APs to connect to the AC.
You can run the display ap-type command to check the default AP types supported by
the device.
AP Software Version
V200R009C00
V200R007C00
V200R006C20
V200R006C10
V200R008C00
V200R005C30
V200R005C20
V200R005C10
V200R007
V200R005C20
V200R005C10
V200R006
V200R005C00
License Support
When the device is used as a WLAN AC, the number of online APs supported by the device
is controlled by licenses. The device supports a maximum of 16 online APs. To increase the
number of online APs supported by the device, apply for and purchase a license from the
agent.
l
Version Support
Table 10-1 Products and minimum version supporting the WLAN service
Issue 11 (2016-07-22)
Series
Product Model
Minimum Version
Required
Not supported
Not supported
222
10 WLAN-AC
Series
Product Model
Minimum Version
Required
Not supported
S5720HI
V200R006
NOTE
Among all S5700 series
switches, only the S5720HI
supports WLAN features.
Not supported
It is recommended that you use different VLANs for the management VLAN and service
VLAN.
You are not advised to use VLAN 1 as the management VLAN or service VLAN.
In tunnel forwarding mode, management VLAN and service VLAN must be different.
In actual WLAN networking, management VLANs and service VLANs must be properly
planned. The following example assumes that an AP connects to an AC through a Layer 2
network.
l
In direct forwarding mode, ensure that the AP can exchange management VLAN packets
with the AC and exchange service VLAN packets with upstream devices.
In tunnel forwarding mode, ensure that the AP can exchange management VLAN
packets with the AC and the AC can exchange service VLAN packets with upstream
devices.
Networking restrictions
l
The AC cannot manage APs through VPNs. That is, the source interface does not need to
be added to a VPN.
223
10 WLAN-AC
APs mentioned in this document are Huawei AP products. You are advised to use
Huawei APs to connect to the AC.
You can run the display ap-type command to check the default AP types supported by
the device.
AP Software Version
V200R009C00
V200R007C00
V200R006C20
V200R006C10
V200R008C00
V200R005C30
V200R005C20
V200R005C10
V200R007
V200R005C20
V200R005C10
V200R006
V200R005C00
AAA server
l
Huawei servers such as the Policy Center and Agile Controller or third-party AAA
servers perform authentication, accounting, and authorization on users.
Portal server
l
Huawei servers such as the Policy Center and Agile Controller or third-party Portal
servers, receive authentication requests from Portal clients, provide free Portal services
and a web authentication interface, and exchange authentication information of the
authentication clients with access devices. This component is required only in Portal
authentication mode.
License Support
When the device is used as a WLAN AC, the number of online APs supported by the device
is controlled by licenses. The device supports a maximum of 16 online APs. To increase the
number of online APs supported by the device, apply for and purchase a license from the
agent.
l
Issue 11 (2016-07-22)
224
10 WLAN-AC
Version Support
Table 10-2 Products and minimum version supporting WLAN security
Series
Product Model
Minimum Version
Required
Not supported
Not supported
Not supported
S5720HI
V200R006
NOTE
Among all S5700 series
switches, only the S5720HI
supports WLAN features.
Not supported
APs that have WDS or Mesh services configured cannot work in monitor mode.
Security Policy
l
225
10 WLAN-AC
APs mentioned in this document are Huawei AP products. You are advised to use
Huawei APs to connect to the AC.
You can run the display ap-type command to check the default AP types supported by
the device.
AP Software Version
V200R009C00
V200R007C00
V200R006C20
V200R006C10
V200R008C00
V200R005C30
V200R005C20
V200R005C10
V200R007
V200R005C20
V200R005C10
V200R006
V200R005C00
License Support
When the device is used as a WLAN AC, the number of online APs supported by the device
is controlled by licenses. The device supports a maximum of 16 online APs. To increase the
number of online APs supported by the device, apply for and purchase a license from the
agent.
l
Version Support
Table 10-3 Products and minimum version supporting the WLAN service
Series
Product Model
Minimum Version
Required
Not supported
Not supported
Not supported
S5720HI
V200R006
NOTE
Among all S5700 series
switches, only the S5720HI
supports WLAN features.
Issue 11 (2016-07-22)
226
10 WLAN-AC
Series
Product Model
Minimum Version
Required
Not supported
Radio calibration does not take effect on radios enabled with WDS or Mesh functions.
To ensure a good calibration effect, you are advised to configure at least three calibration
channels.
If dual-band APs are used, traffic is load balanced among APs working on the same
frequency band.
To allow an STA to preferentially associate with the 5 GHz radio and achieve a better
access effect, configure larger power for the 5 GHz radio than the 2.4 GHz radio.
227
10 WLAN-AC
The smart antenna function cannot take effect if beamforming or MU-MIMO has been
configured.
APs mentioned in this document are Huawei AP products. You are advised to use
Huawei APs to connect to the AC.
You can run the display ap-type command to check the default AP types supported by
the device.
AP Software Version
V200R009C00
V200R007C00
V200R006C20
V200R006C10
V200R008C00
V200R005C30
V200R005C20
V200R005C10
V200R007
V200R005C20
V200R005C10
V200R006
V200R005C00
License Support
When the device is used as a WLAN AC, the number of online APs supported by the device
is controlled by licenses. The device supports a maximum of 16 online APs. To increase the
number of online APs supported by the device, apply for and purchase a license from the
agent.
l
Issue 11 (2016-07-22)
228
10 WLAN-AC
Version Support
Table 10-4 Products and minimum version supporting the WLAN service
Series
Product Model
Minimum Version
Required
Not supported
Not supported
Not supported
S5720HI
V200R006
NOTE
Among all S5700 series
switches, only the S5720HI
supports WLAN features.
Not supported
If WDS and Mesh services are configured on an AP radio, WIDS, spectrum analysis, or
WLAN location on the radio does not take effect.
10.5 Roaming
Involved Network Element
AP
l
APs mentioned in this document are Huawei AP products. You are advised to use
Huawei APs to connect to the AC.
You can run the display ap-type command to check the default AP types supported by
the device.
AP Software Version
V200R009C00
V200R007C00
V200R006C20
V200R006C10
V200R008C00
V200R005C30
V200R005C20
V200R005C10
Issue 11 (2016-07-22)
229
10 WLAN-AC
AP Software Version
V200R007
V200R005C20
V200R005C10
V200R006
V200R005C00
Client
l
To implement the fast roaming feature, the client must support fast roaming technology.
License Support
When the device is used as a WLAN AC, the number of online APs supported by the device
is controlled by licenses. The device supports a maximum of 16 online APs. To increase the
number of online APs supported by the device, apply for and purchase a license from the
agent.
l
Version Support
Table 10-5 Products and minimum version supporting roaming
Series
Product Model
Minimum Version
Required
Not supported
Not supported
Not supported
S5720HI
V200R006
NOTE
Among all S5700 series
switches, only the S5720HI
supports WLAN features.
Not supported
The APs on which WLAN roaming is implemented must use the same SSID and security
profiles, and the security profiles must have the same configurations.
In direct forwarding mode, if the ARP entry of a user is not aged out in time on the
access device connected to the AP after the user roams, services of the user will be
temporarily interrupted. You are advised to enable STA address learning on the AC.
Issue 11 (2016-07-22)
230
10 WLAN-AC
After the function is enabled, the AP will send a gratuitous ARP packet to the access
device so that the access device can update ARP entries in a timely manner. This ensures
nonstop service transmission during user roaming.
You can use either of the following methods to enable STA address learning according to
the version of your product:
run the learn client ip-address enable command in the service set view.
APs mentioned in this document are Huawei AP products. You are advised to use
Huawei APs to connect to the AC.
You can run the display ap-type command to check the default AP types supported by
the device.
AP Software Version
V200R009C00
V200R007C00
V200R006C20
V200R006C10
V200R008C00
V200R005C30
V200R005C20
V200R005C10
V200R007
V200R005C20
V200R005C10
V200R006
V200R005C00
License Support
When the device is used as a WLAN AC, the number of online APs supported by the device
is controlled by licenses. The device supports a maximum of 16 online APs. To increase the
number of online APs supported by the device, apply for and purchase a license from the
agent.
l
Issue 11 (2016-07-22)
231
10 WLAN-AC
Version Support
Table 10-6 Products and minimum version supporting WLAN QoS
Series
Product Model
Minimum Version
Required
Not supported
Not supported
Not supported
S5720HI
V200R006
NOTE
Among all S5700 series
switches, only the S5720HI
supports WLAN features.
Not supported
10.7 WDS
Involved Network Element
AP
l
APs mentioned in this document are Huawei AP products. You are advised to use
Huawei APs to connect to the AC.
You can run the display ap-type command to check the default AP types supported by
the device.
AP Software Version
V200R009C00
V200R007C00
V200R006C20
V200R006C10
Issue 11 (2016-07-22)
232
10 WLAN-AC
AP Software Version
V200R008C00
V200R005C30
V200R005C20
V200R005C10
V200R007
V200R005C20
V200R005C10
V200R006
V200R005C00
License Support
When the device is used as a WLAN AC, the number of online APs supported by the device
is controlled by licenses. The device supports a maximum of 16 online APs. To increase the
number of online APs supported by the device, apply for and purchase a license from the
agent.
l
Version Support
Table 10-7 Products and minimum version supporting WDS
Series
Product Model
Minimum Version
Required
Not supported
Not supported
Not supported
S5720HI
V200R006
NOTE
Among all S5700 series
switches, only the S5720HI
supports WLAN features.
Not supported
Issue 11 (2016-07-22)
233
10 WLAN-AC
Among all WDS- or Mesh-capable APs, the AP5030DN, AP5130DN, AP8130DN, AP8030DN,
AP4030DN, AP4130DN, AP9131DN, AP9132DN, AP6050DN, AP6150DN, AP7050DE, AP7050DNE, AP4030TN, AP4050DN-E, and AP4050DN-HD are 802.11ac APs.
If radio 0 of the AP8130DN is configured to work on the 5 GHz frequency band and
used for WDS or Mesh services, the software version of the AP connected to the
AP8130DN must be V200R005C10 or a later version.
A middle node sets up WDS links only with the leaf node and root node. Middle
nodes do not set up WDS links between each other.
Each WDS link allows a maximum of three hops (a 3-hop WDS link includes a root
node, a middle node, and a leaf node).
This section provides only WDS configurations. After the WDS configuration is
complete, APs can connect to an AC through wireless bridges. To use WLAN services,
you still need to configure basic WLAN services. For details, see WLAN Service
Configuration.
When WDS is configured on dual-band APs, the root AP and leaf AP cannot use radio 0
or radio 1 simultaneously to establish a WDS link.
Ensure that the root, middle, and leaf nodes are bound to the same bridge profile;
otherwise, WDS links cannot be set up or the existing WDS links get disconnected.
When configuring the WDS function, ensure that WDS nodes use the same channel.
The security profile used by WDS or Mesh links supports only the security policy
WPA2+PSK+CCMP.
You are advised to configure different names for the profiles used to configure the WDS
function than the profiles used to configure the WLAN service. These profiles are the
WMM profile, radio profile, and security profile. This configuration facilitates
maintenance on wireless bridges and WLAN service.
Avoid using radar channels to configure WDS links; otherwise, the following problems
may occur:
Establishing WDS links on radar channels takes several minutes or several ten
minutes longer than establishing WDS links on non-radar channels.
The WLAN Mesh function and WLAN WDS function are mutually exclusive. If the
WLAN WDS function has been configured, the WLAN Mesh function cannot be
configured.
During WDS network planning, if dual-band APs function as WDS nodes, AP radios
bound to WDS bridge profiles cannot be configured to work in monitor mode; if singleband APs function as WDS nodes, AP radios cannot work in monitor mode.
Issue 11 (2016-07-22)
234
10 WLAN-AC
Radio calibration does not take effect on radios enabled with WDS or Mesh functions.
In V200R006, if you set the CAPWAP heartbeat interval or the number of heartbeat
packet transmissions to a small value using the capwap keep-alive interval intervalvalue or capwap keep-alive times times-value command, WDS or Mesh links may fail
to be established. Therefore, you are advised to use the default values.
In V200R007 and later versions, if you set the CAPWAP heartbeat interval or the
number of heartbeat packet transmissions to a small value using the capwap echo
interval interval-value or capwap echo times times-value command, WDS or Mesh
links may fail to be established. Therefore, you are advised to use the default values.
In V200R007 and later versions, if WDS or Mesh is enabled simultaneously with duallink backup, the AC sends CAPWAP heartbeat packets three times at an interval of 25
seconds by default. This may cause unstable WDS or Mesh links and result in user
access failures. You are advised to run the capwap echo times times-value command to
set the number of heartbeat packet transmissions to 6 or a larger value.
10.8 Mesh
Involved Network Element
AP
l
APs mentioned in this document are Huawei AP products. You are advised to use
Huawei APs to connect to the AC.
You can run the display ap-type command to check the default AP types supported by
the device.
AP Software Version
V200R009C00
V200R007C00
V200R006C20
V200R006C10
V200R008C00
V200R005C30
V200R005C20
V200R005C10
V200R007
V200R005C20
V200R005C10
V200R006
V200R005C00
License Support
When the device is used as a WLAN AC, the number of online APs supported by the device
is controlled by licenses. The device supports a maximum of 16 online APs. To increase the
Issue 11 (2016-07-22)
235
10 WLAN-AC
number of online APs supported by the device, apply for and purchase a license from the
agent.
l
Version Support
Table 10-8 Products and minimum version supporting Mesh
Series
Product Model
Minimum Version
Required
Not supported
Not supported
Not supported
S5720HI
V200R006
NOTE
Among all S5700 series
switches, only the S5720HI
supports WLAN features.
Not supported
Among all WDS- or Mesh-capable APs, the AP5030DN, AP5130DN, AP8130DN, AP8030DN,
AP4030DN, AP4130DN, AP9131DN, AP9132DN, AP6050DN, AP6150DN, AP7050DE, AP7050DNE, AP4030TN, AP4050DN-E, and AP4050DN-HD are 802.11ac APs.
If radio 0 of the AP8130DN is configured to work on the 5 GHz frequency band and
used for WDS or Mesh services, the software version of the AP connected to the
AP8130DN must be V200R005C10 or a later version.
This section provides only Mesh configurations. After the Mesh configuration is
complete, APs can connect to an AC through Mesh links. To use WLAN services, you
still need to configure basic WLAN services. For details, see WLAN Service
Configuration.
When Mesh is configured on dual-band APs, any two adjacent APs cannot use radio 0 or
radio 1 simultaneously to establish a Mesh link.
When configuring the Mesh function, ensure that Mesh nodes use the same bandwidth
and channel.
Issue 11 (2016-07-22)
236
10 WLAN-AC
The security profile used by WDS or Mesh links supports only the security policy
WPA2+PSK+CCMP.
You are advised to configure different names for the profiles used to configure the Mesh
function than the profiles used to configure the WLAN service. These profiles are the
WMM profile, radio profile, and security profile. This configuration facilitates
maintenance on the Mesh network and WLAN service.
The WLAN Mesh function and WLAN WDS function are mutually exclusive. If the
WLAN WDS function has been configured, the WLAN Mesh function cannot be
configured.
During Mesh network planning, if dual-band APs function as Mesh nodes, AP radios
bound to Mesh profiles cannot be configured to work in monitor mode; if single-band
APs function as Mesh nodes, AP radios cannot work in monitor mode.
Avoid using radar channels to configure Mesh links; otherwise, the following problems
may occur:
Establishing Mesh links on radar channels takes several minutes or several ten
minutes longer than establishing Mesh links on non-radar channels.
Radio calibration does not take effect on radios enabled with WDS or Mesh functions.
In V200R006, if you set the CAPWAP heartbeat interval or the number of heartbeat
packet transmissions to a small value using the capwap keep-alive interval intervalvalue or capwap keep-alive times times-value command, WDS or Mesh links may fail
to be established. Therefore, you are advised to use the default values.
In V200R007 and later versions, if you set the CAPWAP heartbeat interval or the
number of heartbeat packet transmissions to a small value using the capwap echo
interval interval-value or capwap echo times times-value command, WDS or Mesh
links may fail to be established. Therefore, you are advised to use the default values.
In V200R007 and later versions, if WDS or Mesh is enabled simultaneously with duallink backup, the AC sends CAPWAP heartbeat packets three times at an interval of 25
seconds by default. This may cause unstable WDS or Mesh links and result in user
access failures. You are advised to run the capwap echo times times-value command to
set the number of heartbeat packet transmissions to 6 or a larger value.
If an MP connects to a wired network, ensure that the MP does not communicate with
MPPs at Layer 2 through the wired network; otherwise, the MP connects to MPPs
through both Mesh links and wired links, which causes a network loop.
Starting from V200R007, the Mesh profile supports FWA and vehicle-ground fast link
handover, which are mutually exclusive.
Issue 11 (2016-07-22)
237
10 WLAN-AC
APs mentioned in this document are Huawei AP products. You are advised to use
Huawei APs to connect to the AC.
You can run the display ap-type command to check the default AP types supported by
the device.
AP Software Version
V200R009C00
V200R007C00
V200R006C20
V200R006C10
V200R008C00
V200R005C30
V200R005C20
V200R005C10
V200R007
V200R005C10
V200R005C20
License Support
When the device is used as a WLAN AC, the number of online APs supported by the device
is controlled by licenses. The device supports a maximum of 16 online APs. To increase the
number of online APs supported by the device, apply for and purchase a license from the
agent.
l
Version Support
Table 10-9 Products and minimum version supporting the WLAN service
Issue 11 (2016-07-22)
Series
Product Model
Minimum Version
Required
Not supported
Not supported
Not supported
238
Series
S5700 series switches
10 WLAN-AC
Product Model
Minimum Version
Required
S5720HI
V200R007
NOTE
Among all S5700 series
switches, only the S5720HI
supports WLAN features.
Not supported
The vehicle-ground fast link handover network is a single-hop Layer 2 Mesh network
composed of the AC, trackside APs, and vehicle-mounted APs.
The AC is deployed on the ground network to manage and control trackside APs.
Trackside APs are Fit APs deployed along the track. They function as MPPs and
communicate with the AC in wired mode at Layer 2.
Vehicle-mounted APs: are Fat APs deployed in the front and rear of a train. They
function as MPs to set up Mesh links with trackside APs.
Each vehicle-mounted AP can only use one radio for vehicle-ground communications at
one time.
On a vehicle-ground fast link handover network, the AP9131DN (Fit AP) or AP9132DN
(Fit AP) is usually used as the trackside AP and the AP9131DN (Fat AP) or AP9132DN
(Fat AP) as the vehicle-mounted AP. If other AP models are used as the vehicle-mounted
and trackside APs, they must comply with the same 802.11 standards, for example, both
802.11ac APs or 802.11n APs.
APs mentioned in this document are Huawei AP products. You are advised to use
Huawei APs to connect to the AC.
You can run the display ap-type command to check the default AP types supported by
the device.
AP Software Version
V200R009C00
V200R007C00
V200R006C20
V200R006C10
V200R008C00
V200R005C30
V200R005C20
V200R005C10
Issue 11 (2016-07-22)
239
10 WLAN-AC
AP Software Version
V200R007
V200R005C20
V200R005C10
V200R006
V200R005C00
Location server
l
Computes the RFID tag location using a location algorithm (for example, three-point
positioning) after receiving the location information and provides the computed data to
user systems, including the system management software and image software.
License Support
When the device is used as a WLAN AC, the number of online APs supported by the device
is controlled by licenses. The device supports a maximum of 16 online APs. To increase the
number of online APs supported by the device, apply for and purchase a license from the
agent.
l
Version Support
Table 10-10 Products and minimum version supporting WLAN location
Series
Product Model
Minimum Version
Required
Not supported
Not supported
Not supported
S5720HI
V200R006
NOTE
Among all S5700 series
switches, only the S5720HI
supports WLAN features.
Not supported
240
10 WLAN-AC
Configure the port number used by the AC to communicate with the AeroScout
location server.
Ensure that the port number configured on the AeroScout location server is the
same as that used by AC to communicate with the AeroScout location server.
When configuring the AeroScout location server as the destination to which the AP
reports location information, ensure that the port number used by the AP to report
location information is the same as that configured on the AeroScout location server.
The port number used by the AP to report location information cannot be the same as
that used by the AC to communicate with the location server.
If the location server runs the Linux system and has URPF enabled, the server must be
able to successfully ping the source IP address that the AC uses to send packets.
Configure the port number used by the AC to communicate with the Ekahau
location server and the IP address of the Ekahau location server on the AC.
Ensure that the port number configured on the Ekahau location server is the same as
that used by AC to communicate with the Ekahau location server.
When configuring the Ekahau location server as the destination to which the AP reports
location information, ensure that the port number used by the AP to report location
information is the same as that configured on the Ekahau location server.
The port number used by the AP to report location information cannot be the same as
that used by the AC to communicate with the location server.
If the location server runs the Linux system and has URPF enabled, the server must be
able to successfully ping the source IP address that the AC uses to send packets.
APs mentioned in this document are Huawei AP products. You are advised to use
Huawei APs to connect to the AC.
You can run the display ap-type command to check the default AP types supported by
the device.
AP Software Version
V200R009C00
V200R007C00
V200R006C20
V200R006C10
Issue 11 (2016-07-22)
241
10 WLAN-AC
AP Software Version
V200R008C00
V200R005C30
V200R005C20
V200R005C10
V200R007
V200R005C20
V200R005C10
V200R006
V200R005C00
eSight
l
Functions as the location server and display terminal in the location system. The location
server computes the signal transmission model according to locations of APs and
obstacles, and calculates locations of terminals, rogue APs, or Wi-Fi interference sources
based on the RSSI information collected by each AP. The display terminal draws maps
and displays locations of the devices on the map.
App server
l
An app server obtains location results from a location server and pushes information to
Bluetooth terminals based on the location results.
License Support
When the device is used as a WLAN AC, the number of online APs supported by the device
is controlled by licenses. The device supports a maximum of 16 online APs. To increase the
number of online APs supported by the device, apply for and purchase a license from the
agent.
l
Version Support
Table 10-11 Products and minimum version supporting WLAN location
Issue 11 (2016-07-22)
Series
Product Model
Minimum Version
Required
Not supported
Not supported
Not supported
242
Series
S5700 series switches
10 WLAN-AC
Product Model
Minimum Version
Required
S5720HI
V200R006
NOTE
Among all S5700 series
switches, only the S5720HI
supports WLAN features.
Not supported
Locating a terminal requires at least three APs to scan signals on the WLAN.
To use the terminal location function to locate unauthorized STAs, rogue APs and
bridges, and ad-hoc devices, you need to enable WIDS. To use the terminal location
function to locate authorized STAs, you do not need to enable WIDS.
APs mentioned in this document are Huawei AP products. You are advised to use
Huawei APs to connect to the AC.
You can run the display ap-type command to check the default AP types supported by
the device.
AP Software Version
V200R009C00
V200R007C00
BLE device
l
A BLE device is a Bluetooth signal generator that periodically sends BLE broadcast
frames to surrounding devices. The frame content complies with the iBeacon protocol.
Currently, only BLE devices from Xuntong Technology Co., Ltd are supported.
eSight
l
Issue 11 (2016-07-22)
Functions as the location server and display terminal in the location system. The location
server computes the signal transmission model according to locations of APs and
obstacles, and calculates locations of terminals, rogue APs, or Wi-Fi interference sources
based on the RSSI information collected by each AP. The display terminal draws maps
and displays locations of the devices on the map.
Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
243
10 WLAN-AC
License Support
When the device is used as a WLAN AC, the number of online APs supported by the device
is controlled by licenses. The device supports a maximum of 16 online APs. To increase the
number of online APs supported by the device, apply for and purchase a license from the
agent.
l
Version Support
Table 10-12 Products and minimum version supporting WLAN location
Series
Product Model
Minimum Version
Required
Not supported
Not supported
Not supported
S5720HI
V200R006
NOTE
Among all S5700 series
switches, only the S5720HI
supports WLAN features.
Not supported
Currently, only the AP4050DN-E and AP7050DE support the Bluetooth location
function, while only the AP4050DN-E supports the Bluetooth broadcast function.
Bluetooth terminals must support BLE 4.0 or later versions and can properly report
received RSSI information to the location server through apps.
After the Bluetooth monitoring function is enabled, APs will obtain battery power
information about surrounding BLE devices at 02:00 of the AC system time, which is
off-peak hours of WLAN services. If the system time is different from the actual time,
obtaining battery power information may interrupt WLAN services. To prevent such an
issue, configure the system time correctly on the AC.
Issue 11 (2016-07-22)
244
10 WLAN-AC
APs mentioned in this document are Huawei AP products. You are advised to use
Huawei APs to connect to the AC.
You can run the display ap-type command to check the default AP types supported by
the device.
AP Software Version
V200R009C00
V200R007C00
V200R006C20
V200R006C10
V200R008C00
V200R005C30
V200R005C20
V200R005C10
V200R007
V200R005C20
V200R005C10
V200R006
V200R005C00
License Support
When the device is used as a WLAN AC, the number of online APs supported by the device
is controlled by licenses. The device supports a maximum of 16 online APs. To increase the
number of online APs supported by the device, apply for and purchase a license from the
agent.
l
Version Support
Table 10-13 Products and minimum version supporting dual-link backup
Issue 11 (2016-07-22)
Series
Product Model
Minimum Version
Required
Not supported
Not supported
245
10 WLAN-AC
Series
Product Model
Minimum Version
Required
Not supported
S5720HI
V200R006
NOTE
Among all S5700 series
switches, only the S5720HI
supports WLAN features.
Not supported
WLAN service configurations (for example, WMM profile, radio profile, radio, traffic
profile, security profile, and security policies) of the same AP must be consistent on the
active and standby ACs; otherwise, the AP cannot work properly after an active/standby
AC switchover.
When an active/standby switchover is implemented between two ACs, STAs using open
system authentication remain connected to APs while STAs using other authentication
modes are disconnected and need to go online again.
APs mentioned in this document are Huawei AP products. You are advised to use
Huawei APs to connect to the AC.
You can run the display ap-type command to check the default AP types supported by
the device.
AP Software Version
V200R009C00
V200R007C00
V200R006C20
V200R006C10
V200R008C00
V200R005C30
V200R005C20
V200R005C10
V200R007
V200R005C20
V200R005C10
V200R006
Issue 11 (2016-07-22)
V200R005C00
246
10 WLAN-AC
License Support
When the device is used as a WLAN AC, the number of online APs supported by the device
is controlled by licenses. The device supports a maximum of 16 online APs. To increase the
number of online APs supported by the device, apply for and purchase a license from the
agent.
l
Version Support
Table 10-14 Products and minimum version supporting N+1 backup
Series
Product Model
Minimum Version
Required
Not supported
Not supported
Not supported
S5720HI
V200R006
NOTE
Among all S5700 series
switches, only the S5720HI
supports WLAN features.
Not supported
WLAN service configurations (for example, radio profile, radio, traffic profile, security
profile, and security policies) of the same AP must be consistent on the active and
standby ACs; otherwise, the AP cannot work properly after an active/standby AC
switchover.
All WLAN service configurations on the active AC must also be performed on the
standby AC.
Issue 11 (2016-07-22)
247
11 Reliability
11
Reliability
Issue 11 (2016-07-22)
248
11 Reliability
11.1 BFD
Involved Network Elements
Other network elements are required to support BFD functions.
License Support
BFD is a basic feature of a switch and is not under license control.
Version Support
Table 11-1 Products and minimum version supporting BFD
Series
Product
Minimum Version
Required
S1700
S1720
Not supported
S2700
S2700SI
Not supported
S2700EI
Not supported
S2710SI
Not supported
S2720EI
Not supported
S2750EI
Not supported
S3700SI
Not supported
S3700EI
S3700HI
S5700LI/S5700S-LI
Not supported
S5710-C-LI
Not supported
S5710-X-LI
Not supported
S5700SI
Not supported
S5700EI
S5710EI
S3700
S5700
Issue 11 (2016-07-22)
249
Series
S6700
11 Reliability
Product
Minimum Version
Required
S5720EI
V200R007
S5700HI
S5710HI
S5720HI
V200R006
S5720SI/S5720S-SI
V200R008
S6700EI
S6720EI
V200R008
S6720S-EI
V200R009
11.2 VRRP
Involved Network Elements
Other network elements are required to support VRRP functions.
License Support
VRRP is a basic feature of a switch and is not under license control.
Version Support
Table 11-2 Products and minimum version supporting VRRP
Issue 11 (2016-07-22)
Series
Product
Minimum Version
Required
S1700
S1720
Not supported
S2700
S2700SI
Not supported
250
Series
S3700
S5700
S6700
Issue 11 (2016-07-22)
11 Reliability
Product
Minimum Version
Required
S2700EI
Not supported
S2710SI
Not supported
S2720EI
Not supported
S2750EI
Not supported
S3700SI
Not supported
S3700EI
S3700HI
S5700LI/S5700S-LI
Not supported
S5710-C-LI
Not supported
S5710-X-LI
Not supported
S5700SI
Not supported
S5700EI
S5710EI
S5720EI
V200R007
S5700HI
S5710HI
S5720HI
V200R006
S5720SI/S5720S-SI
V200R008
S6700EI
S6720EI
V200R008
S6720S-EI
V200R009
251
11 Reliability
In V200R003 and earlier versions, VRRP can be only configured on the VLANIF
interface.
Starting from V200R005, VRRP can be configured on the VLANIF interface and Layer
3 Ethernet interface.
VRRP groups must use different virtual IP addresses. The virtual IP address of a VRRP
group must be on the same network segment as the IP address of the interface where the
VRRP group is configured.
If devices in a VRRP group use different VRRP versions, VRRP packets may fail to be
forwarded.
If both VRRP and static ARP are configured on a VLANIF interface, a Dot1q
termination sub-interface, a QinQ termination sub-interface, or an Ethernet interface on a
device, an IP address mapped to a static ARP entry cannot be used as a virtual IP
address. If a VRRP virtual IP address is an IP address mapped to a static ARP entry on
the device, the device generates incorrect host routes, affecting traffic forwarding.
The virtual MAC address of a VRRP group cannot be configured as a static or blackhole
MAC address.
11.3 DLDP
Involved Network Elements
Other network elements are required to support DLDP functions.
License Support
DLDP is a basic feature of a switch and is not under license control.
Version Support
Table 11-3 Products and minimum version supporting DLDP
Issue 11 (2016-07-22)
Series
Product
Minimum Version
Required
S1700
S1720
252
Series
Product
Minimum Version
Required
S2700
S2700SI
Not supported
S2700EI
Not supported
S2710SI
Not supported
S2720EI
S2750EI
V200R003
S3700SI
S3700EI
S3700HI
S5700LI/S5700S-LI
V200R001
S5710-C-LI
S5710-X-LI
V200R008
S5700SI
S5700EI
S5710EI
S5720EI
V200R007
S5700HI
S5710HI
S3700
S5700
Issue 11 (2016-07-22)
11 Reliability
253
Series
S6700
11 Reliability
Product
Minimum Version
Required
S5720HI
V200R006
S5720SI/S5720S-SI
V200R008
S6700EI
S6720EI
V200R008
S6720S-EI
V200R009
License Support
Smart Link and Monitor Link are basic features of a switch and are not under license control.
Version Support
Table 11-4 Products and minimum version supporting Smart Link and Monitor Link
Issue 11 (2016-07-22)
Series
Product
Minimum Version
Required
S1700
S1720
Not supported
S2700
S2700SI
Not supported
S2700EI
Not supported
S2710SI
Not supported
254
Series
S3700
S5700
Issue 11 (2016-07-22)
11 Reliability
Product
Minimum Version
Required
S2720EI
S2750EI
V200R003
S3700SI
S3700EI
S3700HI
S5700LI/S5700S-LI
V200R001
S5710-C-LI
S5710-X-LI
V200R008
S5700SI
S5700EI
S5710EI
S5720EI
V200R007
S5700HI
S5710HI
S5720HI
V200R006
S5720SI/S5720S-SI
V200R008
255
11 Reliability
Series
Product
Minimum Version
Required
S6700
S6700EI
S6720EI
V200R008
S6720S-EI
V200R009
License Support
MAC swap loopback is a basic feature of a switch and is not under license control.
Version Support
Table 11-5 Products and minimum version supporting MAC swap loopback
Series
Product
Minimum Version
Required
S1700
S1720
S2700
S2700SI
Not supported
S2700EI
Not supported
S2710SI
Not supported
S2720EI
S2750EI
V200R003
S3700SI
S3700
Issue 11 (2016-07-22)
256
Series
S5700
S6700
Issue 11 (2016-07-22)
11 Reliability
Product
Minimum Version
Required
S3700EI
S3700HI
S5700LI/S5700S-LI
V200R003
S5710-C-LI
S5710-X-LI
V200R008
S5700SI
S5700EI
S5710EI
S5720EI
V200R007
S5700HI
S5710HI
S5720HI
V200R006
S5720SI/S5720S-SI
V200R008
S6700EI
S6720EI
V200R008
S6720S-EI
V200R009
257
11 Reliability
The MAC swap loopback test cannot be used with the ACL (including the ACL used in
CAR, traffic statistics, and 802.1p priority re-marking) that matches the source and
destination MAC addresses of loopback test packets.
After ALS is configured on the S6700, MAC swap loopback becomes ineffective. When
MAC swap loopback needs to be configured on the S6700, do not configure ALS.
11.6 EFM
Involved Network Elements
Other network elements are required to support EFM functions.
License Support
EFM is a basic feature of a switch and is not under license control.
Version Support
Table 11-6 Products and minimum version supporting EFM
Series
Product
Minimum Version
Required
S1700
S1720
Not supported
S2700
S2700SI
Not supported
S2700EI
S2710SI
Not supported
S2720EI
S2750EI
V200R003
S3700SI
S3700EI
S3700HI
S3700
Issue 11 (2016-07-22)
258
11 Reliability
Series
Product
Minimum Version
Required
S5700
S5700LI/S5700S-LI
V200R001
S5710-C-LI
S5710-X-LI
V200R008
S5700SI
S5700EI
S5710EI
S5720EI
V200R007
S5700HI
S5710HI
S5720HI
V200R006
S5720SI/S5720S-SI
V200R008
S6700EI
S6720EI
V200R008
S6720S-EI
V200R009
S6700
The S6720EI and S6720S-EI can only initiate EFM OAM remote loopback requests.
Issue 11 (2016-07-22)
259
11 Reliability
11.7 CFM
Involved Network Elements
Other network elements are required to support CFM functions.
License Support
CFM is a basic feature of a switch and is not under license control.
Version Support
Table 11-7 Products and minimum version supporting CFM
Series
Product
Minimum Version
Required
S1700
S1720
Not supported
S2700
S2700SI
Not supported
S2700EI
S2710SI
Not supported
S2720EI
S2750EI
V200R003
S3700SI
S3700EI
S3700HI
S5700LI/S5700S-LI
V200R001
S5710-C-LI
S5710-X-LI
V200R008
S3700
S5700
Issue 11 (2016-07-22)
260
Series
S6700
11 Reliability
Product
Minimum Version
Required
S5700SI
S5700EI
S5710EI
S5720EI
V200R007
S5700HI
S5710HI
S5720HI
V200R006
S5720SI/S5720S-SI
V200R008
S6700EI
Not supported
S6720EI
V200R008
S6720S-EI
V200R009
11.8 Y.1731
Involved Network Elements
Other network elements are required to support Y.1731 functions.
License Support
Y.1731 is a basic feature of a switch and is not under license control.
Issue 11 (2016-07-22)
261
11 Reliability
Version Support
Table 11-8 Products and minimum version supporting Y.1731
Series
Product
Minimum Version
Required
S1700
S1720
Not supported
S2700
S2700SI
Not supported
S2700EI
Not supported
S2710SI
Not supported
S2720EI
S2750EI
V200R003
S3700SI
Not supported
S3700EI
S3700HI
S5700LI/S5700S-LI
V200R003
S5710-C-LI
Not supported
S5710-X-LI
V200R008
S5700SI
S5700EI
S5710EI
S5720EI
V200R007
S5700HI
S5710HI
S3700
S5700
Issue 11 (2016-07-22)
262
Series
S6700
11 Reliability
Product
Minimum Version
Required
S5720HI
V200R006
S5720SI/S5720S-SI
V200R008
S6700EI
Not supported
S6720EI
V200R008
S6720S-EI
V200R009
The device supports AIS only when CFM is configured to work in standard mode.
The S5700SI does not support proactive one-way or two-way frame delay measurement.
If there are high requirements for Y.1731 performance, the S5700HI series is
recommended.
Issue 11 (2016-07-22)
263
12
Issue 11 (2016-07-22)
264
12.1 AAA
Involved Network Elements
Table 12-1 Components involved in AAA networking
Role
Product Model
Description
AAA server
Performs authentication,
accounting, and
authorization on users.
License Support
AAA is a basic feature of a switch and is not under license control.
Version Support
Table 12-2 Products and minimum version supporting AAA
Series
Product
Minimum Version
Required
S1700
S1720GFR
S2700
S2700SI/S2700EI
S2710SI
S2720EI
S2750EI
V200R003
S3700SI/S3700EI
S3700HI
S3700
Issue 11 (2016-07-22)
265
Series
Product
Minimum Version
Required
S5700
S5700LI/S5700S-LI
V200R001
S5710-C-LI
S5710-X-LI
V200R008
S5700EI/S5700SI
S5710EI
S5720EI
V200R007
S5700HI
S5710HI
S5720HI
V200R006
S5720SI/S5720S-SI
V200R008
S6700EI
S6720EI
V200R008
S6720S-EI
V200R009
S6700
Issue 11 (2016-07-22)
266
Product Model
Description
AAA server
Performs authentication,
accounting, and
authorization on users.
Portal server
Receives authentication
requests from Portal clients,
provides free portal services
and an interface based on
web authentication, and
exchanges authentication
information of the
authentication clients with
access devices.
This component is required
only in external Portal
authentication mode.
NOTE
When Huawei's Agile Controller functions as the server, the minimum version required is V100R001C00.
If a Huawei switch needs to function as a DHCP server and assign IP addresses to terminals based on the
static MAC-IP binding relationship delivered by the Agile Controller, the switch must run V200R009C00 or a
later version, and the Agile Controller must run V100R002C00SPC105 or a later version.
License Support
NAC is a basic feature of the device and is not under license control.
Version Support
Table 12-4 Products and minimum version supporting NAC
Issue 11 (2016-07-22)
Series
Product Model
Minimum Version
Required
S1700
S1720
S2700
S2700SI
Not supported
S2700EI
267
Series
S3700
S5700
S6700
Issue 11 (2016-07-22)
Product Model
Minimum Version
Required
S2720EI
S2750EI
V200R003
S3700SI/S3700EI
S3700HI
S5700LI/S5700S-LI
V200R001
S5710-C-LI
S5710-X-LI
V200R008
S5700EI/S5700SI
S5710EI
S5720EI
V200R007
S5700HI
S5710HI
S5720HI
V200R006
S5720SI/S5720S-SI
V200R008
S6700EI
S6720EI
V200R008
S6720S-EI
V200R009
268
The common NAC mode does not apply to wireless users. To use NAC to control
wireless user access, switch the NAC configuration mode to unified mode.
NAC can be implemented for users in a VPN, but not for users with the same IP
addresses in different VPNs.
NAC authentication cannot be enabled both on a Layer 2 Ethernet interface and the
VLANIF interface of the VLAN to which the Layer 2 Ethernet interface belongs.
It is recommended that you do not enable authentication and configure authenticationrelated parameters on a Layer 2 Ethernet interface and the VLANIF interface of the
VLAN to which the Layer 2 Ethernet interface belongs, respectively.
In V200R005, when NAC is configured on the main interface, service functions on its
sub-interface are affected.
During LNP negotiation, NAC users cannot go online before the interface link type
becomes stable. If the interface link type is negotiated again and the negotiation result
changes, the online NAC users are forced to go offline.
In the current version, terminals using MAC address authentication do not support
switching between IPv4 and IPv6. To ensure that a terminal can normally obtain an IP
address after passing the authentication, you are advised to enable either IPv4 or IPv6 on
the terminal.
If a terminal obtains an IP address using DHCP, you need to manually trigger the DHCP
process to request an IP address after VLAN-based authorization is successful or the
authorization VLAN changes.
When the remark (user group view) and voice-vlan remark commands are used
together to modify the user packet priority in V200R008, if the services conflict:
For S5720HI, the priority configured using the remark (user group view)
command takes effect.
For S5720EI and S6720EI, the priority configured using the voice-vlan remark
command takes effect.
Only MAC address authentication users who send packets with double VLAN tags
support ISP VLAN authorization in the Layer 2 BNG scenario. MAC address
Issue 11 (2016-07-22)
269
authentication users who send packets with single VLAN tags do not support ISP VLAN
authorization in the Layer 2 BNG scenario.
l
The number of NAC users cannot exceed the maximum number of MAC address entries
supported by the switch.
Product Model
Description
AAA server
Performs authentication,
accounting, and
authorization on users.
Portal server
Receives authentication
requests from Portal clients,
provides free portal services
and an interface based on
web authentication, and
exchanges authentication
information of the
authentication clients with
access devices.
This component is required
only in external Portal
authentication mode.
NOTE
When Huawei's Agile Controller functions as the server, the minimum version required is V100R001C00.
If a Huawei switch needs to function as a DHCP server and assign IP addresses to terminals based on the
static MAC-IP binding relationship delivered by the Agile Controller, the switch must run V200R009C00 or a
later version, and the Agile Controller must run V100R002C00SPC105 or a later version.
License Support
NAC is a basic feature of the device and is not under license control.
Issue 11 (2016-07-22)
270
Version Support
Table 12-6 Products and minimum version supporting NAC
Series
Product Model
Minimum Version
Required
S1700
S1720
S2700
S2700SI
Not supported
S2700EI
Not supported
S2710SI
Not supported
S2720EI
S2750EI
V200R005
S3700SI
Not supported
S3700EI
Not supported
S3700HI
Not supported
S5700LI/S5700S-LI
V200R005
S5710-C-LI
Not supported
S5710-X-LI
V200R008
S5700EI/S5700SI
S5710EI
S5720EI
V200R007
S5700HI
S5710HI
S5720HI
V200R006
S5720SI/S5720S-SI
V200R008
S3700
S5700
Issue 11 (2016-07-22)
271
Series
Product Model
Minimum Version
Required
S6700
S6700EI
S6720EI
V200R008
S6720S-EI
V200R009
If a terminal has both IPv4 and IPv6 addresses, only the IPv4 address can be used for
user detection and update of the user entry corresponding to the IPv6 address. The IPv6
address cannot be used for update of the user entry corresponding to the IPv4 address.
NAC can be implemented for users in a VPN, but not for users with the same IP
addresses in different VPNs.
NAC authentication cannot be enabled both on a Layer 2 Ethernet interface (or WLANESS interface or VAP profile) and the VLANIF interface of the VLAN to which the
Layer 2 Ethernet interface (or WLAN-ESS interface or VAP profile) belongs.
In versions earlier than V200R009C00 (that is, before NAC modular configuration is
supported), it is recommended that you do not enable authentication and configure
authentication-related parameters on a Layer 2 Ethernet interface (or WLAN-ESS
interface) and the VLANIF interface of the VLAN to which the Layer 2 Ethernet
interface (or WLAN-ESS interface) belongs, respectively.
In V200R005, when NAC is configured on the main interface, service functions on its
sub-interface are affected.
During LNP negotiation, NAC users cannot go online before the interface link type
becomes stable. If the interface link type is negotiated again and the negotiation result
changes, the online NAC users are forced to go offline.
In V200R007 and later versions, the authorization VLAN function is not supported after
users join pre-connections in policy association and SVF scenarios.
In versions earlier than V200R007, the switch can directly process protocol packets sent
to it before a user is successfully authenticated, and no authentication-free rule is
required. In V200R007 and later versions, an authentication-free rule must be configured
only when DNS protocol packets are sent to the S5720HI for processing.
If the user ACL specified in the traffic-filter inbound acl acl-number command or the
user ACL delivered by the authentication server is incorrectly configured to block all
user traffic, the switch cannot be connected and network-side protocols such as OSPF
and BGP are interrupted.
Issue 11 (2016-07-22)
If the authentication server authorizes multiple attributes to the device and the
attributes overlap, the authorized attributes take effect based on the minimum
authorization rule.
Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
272
For example, the authentication server authorizes a VLAN and a service scheme to
the device, and VLAN parameters are configured in the service scheme on the
device, the VLAN authorized by the authentication server takes effect.
The authorization priority of the authentication server is higher than that in the
authentication domain. If the attribute authorized by the authentication server and
that authorized by the authentication domain conflict, the attribute authorized by the
authentication server takes effect. If the attribute authorized by the authentication
server and that authorized by the authentication domain do not conflict, both
attributes take effect.
For example, user VLAN 20 is configured in service scheme A on the device, and
service scheme A is bound to the user authentication domain. After the user
authentication succeeds, the authentication server authorizes VLAN 10 to the
device. In this scenario, the attribute authorized by the authentication server takes
effect preferentially. Assume that traffic policing is configured in service scheme A
on the device, and service scheme A is bound to the user authentication domain.
After the user authentication succeeds, the authentication server authorizes VLAN
10 to the device. In this scenario, both the attribute authorized by the authentication
server and that authorized by the authentication domain take effect.
If a terminal obtains an IP address using DHCP, you need to manually trigger the
DHCP process to request an IP address after VLAN-based authorization is
successful or the authorization VLAN changes.
If the direct forwarding mode is used, the device does not support UCL group-based
authorization for wireless users.
In the current version, terminals using MAC address authentication do not support
switching between IPv4 and IPv6. To ensure that a terminal can normally obtain an IP
address after passing the authentication, you are advised to enable either IPv4 or IPv6 on
the terminal.
Only MAC address authentication users who send packets with double VLAN tags
support ISP VLAN authorization in the Layer 2 BNG scenario. MAC address
authentication users who send packets with single VLAN tags do not support ISP VLAN
authorization in the Layer 2 BNG scenario.
The number of NAC users cannot exceed the maximum number of MAC address entries
supported by the switch.
In an inter-AC roaming scenario, the NAC configurations of the two ACs must be the
same.
On the S5720HI, you must configure a terminal with one MAC address and multiple IP
addresses as a static user and enable the function of identifying static users through IP
addresses so that the terminal can go online and obtain authorization information.
Models excluding the S5720HI do not support authentication for terminals with one
MAC address and multiple IP addresses.
Issue 11 (2016-07-22)
273
Product Model
Description
AAA server
Performs authentication,
accounting, and
authorization on users.
Portal server
Receives authentication
requests from Portal clients,
provides free portal services
and an interface based on
web authentication, and
exchanges authentication
information of the
authentication clients with
access devices.
This component is required
only in external Portal
authentication mode.
NOTE
When Huawei's Agile Controller functions as the server, the minimum version required is V100R001C00.
If a Huawei switch needs to function as a DHCP server and assign IP addresses to terminals based on the
static MAC-IP binding relationship delivered by the Agile Controller, the switch must run V200R009C00 or a
later version, and the Agile Controller must run V100R002C00SPC105 or a later version.
License Support
Policy association is a basic feature of a switch and is not under license control.
Version Support
Table 12-8 Products and minimum version supporting policy association
Issue 11 (2016-07-22)
Series
Product
Minimum Version
Required
S1700
S1720GFR
Not supported
S2700
S2700SI
Not supported
274
Series
S3700
S5700
S6700
Product
Minimum Version
Required
S2700EI
Not supported
S2710SI
Not supported
S2720EI
V200R009
S2750EI
V200R007
S3700SI
Not supported
S3700EI
Not supported
S3700HI
Not supported
S5700LI/S5700S-LI
V200R007
S5710-C-LI
Not supported
S5710-X-LI
V200R008
S5700SI
Not supported
S5700EI
Not supported
S5710EI
Not supported
S5720EI
V200R007
S5700HI
Not supported
S5710HI
Not supported
S5720HI
V200R007
S5720SI/S5720S-SI
V200R008
S6700EI
Not supported
S6720EI/S6720S-EI
V200R009
Issue 11 (2016-07-22)
Before deploying the policy association solution, you need to understand hardware
requirements such as models of control devices and access devices. Table 12-9 describes
the hardware requirements of policy association.
275
Model
Remarks
Control device
l S12700
l S9700
l S7700
l S6720EI
l S6720S-EI
l S5720HI
Access device
l S2720EI
l S2750EI
l S5700LI
l S5700S-LI
l S5710-X-LI
l S5720EI
l S5720SI
l S5720S-SI
l S6720EI
l S6720S-EI
l E600
Policy association allows a user gateway to function as the control device. In addition,
only policy association between the control device and access devices is supported, and
configuration association is not supported.
Policy association is applicable only to wired users and does not allow online users to
switch from one access device or access interface to another.
Issue 11 (2016-07-22)
Policy association does not support internal Portal, PPPoE authentication, Layer 3
Portal authentication, and access mode multi-share.
Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
276
Issue 11 (2016-07-22)
The actual name of an access device may differ from the name displayed on the
control device (using the display as all command). When an access device goes
online, its name is processed as follows:
n
If the access device uses the default name, its name is changed to default
name-MAC address of the access device on the control device.
If the access device name contains spaces or double quotation masks ("), the
spaces are changed to en dashes and the double quotation masks (") are
changed to single quotation masks (') on the control device.
The name of an access device is case-insensitive. The access device names viewed
on the control device are in lowercase letters. If the name of an access device is not
changed on the control device when the access device attempts to go online, the
access device fails to go online and a name conflict alarm is generated. If the name
of an access device is set to be the same as the actual access device name when the
access device is properly running, a name conflict alarm is generated and the access
device will not go offline.
277
13 Security
13
Security
Issue 11 (2016-07-22)
278
13 Security
13.1 ACL
Involved Network Elements
Other network elements are not required.
License Support
ACL is a basic feature of a switch and is not under license control.
Version Support
Table 13-1 Products and minimum version supporting ACL
Series
Product
Minimum Version
Required
S1700
S1720
S2700
S2700SI
Not supported
S2700EI
S2710SI
S2720EI
S2750EI
V200R003
S3700SI
S3700EI
S3700HI
S5700LI/S5700S-LI
V200R001
S3700
S5700
Issue 11 (2016-07-22)
279
Series
S6700
13 Security
Product
Minimum Version
Required
S5710-C-LI
S5710-X-LI
V200R008
S5700SI
S5700EI
S5710EI
S5720EI
V200R007
S5720SI/S5720S-SI
V200R008
S5700HI
S5710HI
S5720HI
V200R006
S6700EI
S6720EI
V200R008
S6720S-EI
V200R009
If an ACL rule that you want to create already exists, the system does not create the rule
again.
Repeated ACL names can only be used between basic ACL and basic ACL6, and
between advanced ACL and advanced ACL6.
The match order of an ACL affects packet matching results. Therefore, consider the
match order when configuring rules. If the match-order parameter is not specified when
you create an ACL, the default match order config is used.
When the first rule of an ACL is created without the rule-id parameter specified, the
device uses the step value as the rule ID. If an ACL has the rules with manually
Issue 11 (2016-07-22)
280
13 Security
configured IDs and a new rule is added without the rule-id parameter specified, the
system allocates the minimum multiple of the step value which is greater than the largest
rule ID in the ACL to this new rule. In addition, a rule ID must be an integer. This rule is
located at the bottom of the ACL. For example, an ACL contains rule 5 and rule 12, and
the default step is 5. When a new rule needs to be added to the ACL, the system allocates
ID 15 to this new rule (15 is greater than 12 and is the minimum multiple of 5).
l
If the rule-id parameter is not specified when you configure an ACL6, the device
automatically allocates rule IDs. The allocated rule IDs start from 0 and increase by 1
each time a rule is created. If a rule ID is in use, the next one is allocated. For example, if
an ACL6 contains rule 0, rule 1, and rule 3, the system allocates 2 to a new rule when the
rule-id is not manually specified.
To associate a time range with an ACL rule, ensure that the system time of the device is
the same as that of other devices on the network; otherwise, the rule cannot take effect.
If the vpn-instance vpn-instance-name parameter is not specified for an ACL rule, the
device matches the packets of both public and private networks.
If the specified rule ID already exists and the new rule conflicts with the original rule,
the new rule replaces the original rule.
When you use the undo rule command to delete an ACL rule, the rule ID must exist. If
the rule ID is unknown, use the display acl command to view the rule ID.
The undo rule command deletes an ACL rule even if the ACL rule is referenced. (If a
simplified traffic policy references a specified rule in an ACL, this command does not
take effect.) Exercise caution when you run the undo rule command.
To configure the ACL resource allocation mode for an S5720HI, run the assign
resource-template acl-mode command.
Table 13-2 ACL specifications in different resource allocation modes
Issue 11 (2016-07-22)
Resource
Allocation Mode
Number of IPv4
ACLs
Number of IPv6
ACLs
Number of Layer
2 ACLs
dual-ipv4-ipv6
16K
8K
16K
l2-ipv4
32K
32K
l2-ipv6
16K
16K
l2
64K
ipv4
64K
281
13 Security
License Support
Local attack defense is a basic feature of a switch and is not under license control.
Version Support
Table 13-3 Products and minimum version supporting local attack defense
Series
Product
Minimum Version
Required
S1700
S1720
S2700
S2700SI
S2700EI
S2710SI
S2720EI
S2750EI
V200R003
S3700SI
S3700EI
S3700HI
S5700LI/S5700S-LI
V200R001
S3700
S5700
Issue 11 (2016-07-22)
282
Series
S6700
13 Security
Product
Minimum Version
Required
S5710-C-LI
S5710-X-LI
V200R008
S5700SI
S5700EI
S5710EI
S5720EI
V200R007
S5720SI/S5720S-SI
V200R008
S5700HI
S5710HI
S5720HI
V200R006
S6700EI
S6720EI
V200R008
S6720S-EI
V200R009
Issue 11 (2016-07-22)
283
13 Security
13.3 MFF
Involved Network Elements
Other network elements are not required.
License Support
MFF is a basic feature of a switch and is not under license control.
Version Support
Table 13-4 Products and minimum version supporting MFF
Series
Product
Minimum Version
Required
S1700
S1720
S2700
S2700SI
Not supported
S2700EI
S2710SI
S2720EI
S2750EI
V200R003
S3700SI
S3700EI
S3700HI
S5700LI/S5700S-LI
V200R001
S3700
S5700
Issue 11 (2016-07-22)
284
Series
S6700
13 Security
Product
Minimum Version
Required
S5710-C-LI
S5710-X-LI
V200R008
S5700SI
S5700EI
S5710EI
S5720EI
V200R007
S5720SI/S5720S-SI
V200R008
S5700HI
S5710HI
S5720HI
V200R006
S6700EI
S6720EI
V200R008
S6720S-EI
V200R009
285
13 Security
License Support
Attack defense is a basic feature of a switch and is not under license control.
Version Support
Table 13-5 Products and minimum version supporting attack defense
Series
Product
Minimum Version
Required
S1700
S1720
S2700
S2700SI
Not supported
S2700EI
Not supported
S2710SI
Not supported
S2720EI
S2750EI
V200R003
S3700SI
Not supported
S3700EI
Not supported
S3700HI
S5700LI/S5700S-LI
V200R001
S5710-C-LI
S5710-X-LI
V200R008
S5700SI
S5700EI
S3700
S5700
Issue 11 (2016-07-22)
286
Series
S6700
13 Security
Product
Minimum Version
Required
S5710EI
S5720EI
V200R007
S5720SI/S5720S-SI
V200R008
S5700HI
S5710HI
S5720HI
V200R006
S6700EI
S6720EI
V200R008
S6720S-EI
V200R009
License Support
Traffic suppression and storm control are basic features of a switch and are not under license
control.
Issue 11 (2016-07-22)
287
13 Security
Version Support
Table 13-6 Products and minimum version supporting traffic suppression and storm control
Series
Product
Minimum Version
Required
S1700
S1720
S2700
S2700SI
S2700EI
S2710SI
S2720EI
S2750EI
V200R003
S3700SI
S3700EI
S3700HI
S5700LI/S5700S-LI
V200R001
S5710-C-LI
S5710-X-LI
V200R008
S5700SI
S5700EI
S3700
S5700
Issue 11 (2016-07-22)
288
Series
S6700
13 Security
Product
Minimum Version
Required
S5710EI
S5720EI
V200R007
S5720SI/S5720S-SI
V200R008
S5700HI
S5710HI
S5720HI
V200R006
S6700EI
S6720EI
V200R008
S6720S-EI
V200R009
Interface view
VLAN view
289
13 Security
Traffic suppression and storm control prevent broadcast storms caused by broadcast, unknown
multicast, and unknown unicast packets. However, they use different methods to control
traffic:
l
In traffic suppression, rate thresholds are configured for three types of incoming packets
on interfaces. The system discards the traffic exceeding the threshold and forwards the
traffic within the threshold. In this way, the system limits the traffic rate in an acceptable
range. In addition, traffic suppression can block outgoing packets on interfaces.
In storm control, rate thresholds are configured for three types of incoming packets only
on interfaces. When the traffic exceeds the threshold, the system rejects the packets of
this particular type on the interface or shuts down the interface.
NOTE
For incoming packets of the same type on an interface, you can configure either traffic suppression or
storm control.
License Support
ARP security is a basic feature of a switch and is not under license control.
Version Support
Table 13-8 Products and minimum version supporting ARP security
Issue 11 (2016-07-22)
Series
Product
Minimum Version
Required
S1700
S1720
S2700
S2700SI
Not supported
S2700EI
S2710SI
S2720EI
S2750EI
V200R003
290
Series
Product
Minimum Version
Required
S3700
S3700SI
S3700EI
S3700HI
S5700LI/S5700S-LI
V200R001
S5710-C-LI
S5710-X-LI
V200R008
S5700SI
S5700EI
S5710EI
S5720EI
V200R007
S5720SI/S5720S-SI
V200R008
S5700HI
S5710HI
S5720HI
V200R006
S6700EI
S6720EI
V200R008
S6720S-EI
V200R009
S5700
S6700
Issue 11 (2016-07-22)
13 Security
291
13 Security
License Support
Port security is a basic feature of a switch and is not under license control.
Version Support
Table 13-9 Products and minimum version supporting port security
Series
Product
Minimum Version
Required
S1700
S1720
S2700
S2700SI
Not supported
S2700EI
S2710SI
Not supported
S2720EI
S2750EI
V200R003
S3700SI
S3700EI
S3700HI
S3700
Issue 11 (2016-07-22)
292
13 Security
Series
Product
Minimum Version
Required
S5700
S5700LI/S5700S-LI
V200R001
S5710-C-LI
S5710-X-LI
V200R008
S5700EI
S5700SI
S5710EI
S5720EI
V200R007
S5720SI/S5720S-SI
V200R008
S5700HI
S5710HI
S5720HI
V200R006
S6700EI
S6720EI
V200R008
S6720S-EI
V200R009
S6700
An interface can learn only one secure MAC address by default. Set the maximum
number of secure MAC addresses according to actual networking.
Port security cannot be used with RRPP, Smart Link, SEP, or ERPS on the same
interface; otherwise, RRPP, Smart Link, SEP, or ERPS cannot eliminate loops.
Issue 11 (2016-07-22)
293
13 Security
License Support
DHCP snooping is a basic feature of a switch and is not under license control.
Version Support
Table 13-10 Products and minimum version supporting DHCP snooping
Series
Product
Minimum Version
Required
S1700
S1720
S2700
S2700SI
Not supported
S2700EI
S2710SI
S2720EI
S2750EI
V200R003
S3700SI
S3700EI
S3700HI
S5700LI/S5700S-LI
V200R001
S3700
S5700
Issue 11 (2016-07-22)
294
Series
S6700
13 Security
Product
Minimum Version
Required
S5710-C-LI
S5710-X-LI
V200R008
S5700SI
S5700EI
S5710EI
S5720EI
V200R007
S5720SI/S5720S-SI
V200R008
S5700HI
S5710HI
S5720HI
V200R006
S6700EI
S6720EI
V200R008
S6720S-EI
V200R009
If the number of online users on the device reaches the maximum number of entries in
the DHCP snooping binding table, the offline users cannot go online.
13.9 ND Snooping
Issue 11 (2016-07-22)
295
13 Security
License Support
ND snooping is a basic feature of a switch and is not under license control.
Version Support
Table 13-11 Products and minimum version supporting ND snooping
Series
Product
Minimum Version
Required
S1700
S1720
S2700
S2700SI
Not supported
S2700EI
S2710SI
Not supported
S2720EI
S2750EI
V200R003
S3700SI
S3700EI
S3700HI
S5700LI/S5700S-LI
V200R001
S5710-C-LI
S5710-X-LI
V200R008
S3700
S5700
Issue 11 (2016-07-22)
296
Series
S6700
13 Security
Product
Minimum Version
Required
S5700SI
S5700EI
S5710EI
S5720EI
V200R007
S5720SI/S5720S-SI
V200R008
S5700HI
S5710HI
S5720HI
V200R006
S6700EI
S6720EI
V200R008
S6720S-EI
V200R009
13.10 PPPoE+
Involved Network Elements
Other network elements are not required.
License Support
PPPoE+ is a basic feature of a switch and is not under license control.
Issue 11 (2016-07-22)
297
13 Security
Version Support
Table 13-12 Products and minimum version supporting PPPoE+
Series
Product
Minimum Version
Required
S1700
S1720
S2700
S2700SI
Not supported
S2700EI
S2710SI
Not supported
S2720EI
S2750EI
V200R003
S3700SI
S3700EI
S3700HI
S5700LI/S5700S-LI
V200R001
S5710-C-LI
S5710-X-LI
V200R008
S5700SI
S5700EI
S5710EI
S3700
S5700
Issue 11 (2016-07-22)
298
Series
S6700
13 Security
Product
Minimum Version
Required
S5720EI
V200R007
S5720SI/S5720S-SI
V200R008
S5700HI
S5710HI
S5720HI
V200R006
S6700EI
S6720EI
V200R008
S6720S-EI
V200R009
13.11 IPSG
Involved Network Elements
Other network elements are not required.
License Support
IPSG is a basic feature of a switch and is not under license control.
Version Support
Table 13-13 Products and minimum version supporting IPSG
Issue 11 (2016-07-22)
Series
Product
Minimum Version
Required
S1700
S1720
S2700
S2700SI
Not supported
299
Series
S3700
S5700
Issue 11 (2016-07-22)
13 Security
Product
Minimum Version
Required
S2700EI
S2710SI
S2720EI
S2750EI
V200R003
S3700SI
S3700EI
S3700HI
S5700LI/S5700S-LI
V200R001
S5710-C-LI
S5710-X-LI
V200R008
S5700SI
S5700EI
S5710EI
S5720EI
V200R007
S5720SI/S5720S-SI
V200R008
S5700HI
300
Series
S6700
13 Security
Product
Minimum Version
Required
S5710HI
S5720HI
V200R006
S6700EI
S6720EI
V200R008
S6720S-EI
V200R009
13.12 SAVI
Involved Network Elements
Other network elements are not required.
License Support
SAVI is a basic feature of a switch and is not under license control.
Version Support
Table 13-14 Products and minimum version supporting SAVI
Issue 11 (2016-07-22)
Series
Product
Minimum Version
Required
S1700
S1720
S2700
S2700SI
Not supported
S2700EI
Not supported
301
Series
S3700
S5700
S6700
Issue 11 (2016-07-22)
13 Security
Product
Minimum Version
Required
S2710SI
Not supported
S2720EI
S2750EI
V200R003
S3700SI
Not supported
S3700EI
Not supported
S3700HI
Not supported
S5700LI/S5700S-LI
V200R002
S5710-C-LI
Not supported
S5710-X-LI
V200R008
S5700SI
S5700EI
S5710EI
S5720EI
V200R007
S5720SI/S5720S-SI
V200R008
S5700HI
S5710HI
S5720HI
V200R006
S6700EI
S6720EI
V200R008
S6720S-EI
V200R009
302
13 Security
Enable ND snooping, DHCPv6 snooping, and IP source guard if invalid IPv6 data
packets need to be filtered out.
13.13 URPF
Involved Network Elements
Other network elements are not required.
License Support
Unicast Reverse Path Forwarding (URPF) is a basic feature of a switch and is not under
license control.
Version Support
Table 13-15 Products and minimum version supporting URPF
Series
Product
Minimum Version
Required
S1700
S1720
Not supported
S2700
S2700SI
Not supported
S2700EI
Not supported
S2710SI
Not supported
S2720EI
Not supported
S2750EI
Not supported
S3700SI
Not supported
S3700EI
Not supported
S3700HI
S5700LI/S5700S-LI
Not supported
S3700
S5700
Issue 11 (2016-07-22)
303
Series
S6700
13 Security
Product
Minimum Version
Required
S5710-C-LI
Not supported
S5710-X-LI
Not supported
S5700SI
S5700EI
S5710EI
S5720EI
V200R007
S5720SI/S5720S-SI
V200R008
S5700HI
S5710HI
S5720HI
V200R006
S6700EI
S6720EI
V200R008
S6720S-EI
V200R009
13.14 Keychain
Involved Network Elements
Other network elements are not required.
Issue 11 (2016-07-22)
304
13 Security
License Support
Keychain is a basic feature of a switch and is not under license control.
Version Support
Table 13-16 Products and minimum version supporting Keychain
Series
Product
Minimum Version
Required
S1700
S1720
Not supported
S2700
S2700SI
Not supported
S2700EI
Not supported
S2710SI
Not supported
S2720EI
Not supported
S2750EI
Not supported
S3700SI
Not supported
S3700EI
Not supported
S3700HI
Not supported
S5700LI/S5700S-LI
Not supported
S5710-C-LI
Not supported
S5710-X-LI
Not supported
S5700SI
Not supported
S5700EI
Not supported
S5710EI
S5720EI
V200R007
S5720SI/S5720S-SI
Not supported
S5700HI
S5710HI
S5720HI
V200R006
S3700
S5700
Issue 11 (2016-07-22)
305
13 Security
Series
Product
Minimum Version
Required
S6700
S6700EI
S6720EI
V200R008
S6720S-EI
V200R009
13.15 MPAC
Involved Network Elements
Other network elements are not required.
License Support
MPAC is a basic feature of a switch and is not under license control.
Version Support
Table 13-17 Products and minimum version supporting MPAC
Series
Product
Minimum Version
Required
S1700
S1720
Not supported
S2700
S2700SI
Not supported
S2700EI
Not supported
S2710SI
Not supported
S2720EI
Not supported
S2750EI
Not supported
S3700SI
Not supported
S3700EI
Not supported
S3700HI
Not supported
S5700LI/S5700S-LI
Not supported
S3700
S5700
Issue 11 (2016-07-22)
306
Series
S6700
13 Security
Product
Minimum Version
Required
S5710-C-LI
Not supported
S5710-X-LI
Not supported
S5700SI
Not supported
S5700EI
Not supported
S5710EI
Not supported
S5720EI
V200R009
S5720SI/S5720S-SI
Not supported
S5700HI
Not supported
S5710HI
Not supported
S5720HI
V200R009
S6700EI
Not supported
S6720EI
V200R009
S6720S-EI
V200R009
Issue 11 (2016-07-22)
307
14 QoS
14
QoS
Issue 11 (2016-07-22)
308
14 QoS
14.1 MQC
Involved Network Elements
Other network elements are not required.
License Support
MQC is a basic feature of a switch and is not under license control.
Version Support
Table 14-1 describes the products and minimum version supporting MQC.
Table 14-1 Products and minimum version supporting MQC
Series
Product
Minimum Version
Required
S1700
S1720GFR
S2700
S2700SI
Not supported
S2700EI
S2710SI
S2720EI
S2750EI
V200R003
S3700SI
S3700EI
S3700HI
S5700LI/S5700S-LI
V200R001
S3700
S5700
Issue 11 (2016-07-22)
309
Series
S6700
14 QoS
Product
Minimum Version
Required
S5710-C-LI
S5710-X-LI
V200R008
S5700SI
S5700EI
S5710EI
S5720EI
V200R007
S5720SI/S5720S-SI
V200R008
S5700HI
S5710HI
S5720HI
V200R006
S6700EI
S6720EI
V200R008
S6720S-EI
V200R009
Issue 11 (2016-07-22)
310
14 QoS
Specification
1024
256
256
256
If the ACL rule matches the VPN instance name of packets, the ACL-based traffic policy
fails to be delivered.
When permit and other actions are configured in a traffic behavior, these actions are
performed in sequence. The deny action conflicts with other actions in a traffic behavior.
When deny is configured, other configured actions, except traffic statistics collection
and flow mirroring, do not take effect.
If you specify a packet filtering action for packets matching an ACL rule, the system first
checks the action defined in the ACL rule. If the ACL rule defines permit, the action
taken for the packets depends on whether deny or permit is specified in the traffic
behavior. If the ACL rule defines deny, the packets are discarded regardless of whether
deny or permit is configured in the traffic behavior. If a non-packet-filtering action is
specified for packets matching an ACL rule that defines deny, the packets are discarded,
and the action specified in the traffic classifier, except disabling MAC address learning,
traffic statistics collection and flow mirroring, does not take effect.
The remark 8021p inner-8021p command applies only to the inbound direction.
The MAC address specified in a destination MAC address re-marking action must be a
unicast MAC address.
In V200R005 and later versions, a traffic policy containing redirect cpu allows the
device to redirect the traffic matching traffic classification rules to the CPU, affecting
system performance. Exercise caution when you apply such a traffic policy.
In V200R007 and later versions, if traffic is redirected to an interface in Down state and
forced is specified in the redirection command, traffic is dropped on the interface and
cannot be switched to the original forwarding path. If forced is not specified, the
redirection action does not take effect.
Issue 11 (2016-07-22)
311
14 QoS
A traffic policy can be applied to the system, a VLAN, or an interface. When a traffic
policy needs to be applied in multiple views, apply the traffic policy in the interface
view, VLAN view, and system view in sequence.
When packets match multiple traffic policies, the following rules apply:
If traffic classification rules in the traffic policies are of the same type (all userdefined ACL rules, Layer 2 rules, or Layer 3 rules), only one traffic policy takes
effect. The precedence of the traffic policies depends on the objects to which they
are applied: interface > VLAN > global. That is, the traffic policy applied to an
interface has the highest priority, whereas the traffic policy applied to the system
has the lowest priority. When different traffic policies are applied in the same view,
the precedence of the policies depends on the configuration sequence.
Applying traffic policies consumes ACL resources. If there are no sufficient ACL
resources, some traffic policies may fail to be applied. For example, if an if-match rule in
a traffic policy occupies one ACL, M ACL resources will be used to apply the traffic
policy to M interfaces. When a traffic policy is applied to L VLANs, L ACLs are
occupied. When a traffic policy is applied to the system, one ACL is occupied. Table
14-3 describes the ACL resource usage of if-match rules.
Table 14-3 ACLs occupied by traffic classification rules
Traffic Classification Rule
if-match vlan-id start-vlan-id [ to endvlan-id ] (S5720SI, S5720S-SI, S5710-XLI, S5710-C-LI, S5700SI, S5700EI,
S5700LI, S5700S-LI, S2750EI, S2720EI,
and S1720GFR)
Issue 11 (2016-07-22)
312
14 QoS
License Support
Priority mapping is a basic feature of a switch and is not under license control.
Version Support
Table 14-4 describes the products and minimum version supporting priority mapping.
Table 14-4 Products and minimum version supporting priority mapping
Issue 11 (2016-07-22)
Series
Product
Minimum Version
Required
S1700
S1720GFR
S2700
S2700SI
313
Series
S3700
S5700
Issue 11 (2016-07-22)
14 QoS
Product
Minimum Version
Required
S2700EI
S2710SI
S2720EI
S2750EI
V200R003
S3700SI
S3700EI
S3700HI
S5700LI/S5700S-LI
V200R001
S5710-C-LI
S5710-X-LI
V200R008
S5700SI
S5700EI
S5710EI
S5720EI
V200R007
S5720SI/S5720S-SI
V200R008
S5700HI
314
Series
S6700
14 QoS
Product
Minimum Version
Required
S5710HI
S5720HI
V200R006
S6700EI
S6720EI
V200R008
S6720S-EI
V200R009
License Support
Traffic policing, traffic shaping, and interface-based rate limiting are basic features of the
switch, and are not under license control.
Version Support
Table 14-5 describes the products and minimum version supporting traffic policing and traffic
shaping.
Table 14-5 Products and minimum version supporting traffic policing and traffic shaping
Issue 11 (2016-07-22)
Series
Product
Minimum Version
Required
S1700
S1720GFR
S2700
S2700SI
Not supported
315
Series
14 QoS
Product
Minimum Version
Required
S2700EI
S2710SI
S3700
S5700
Issue 11 (2016-07-22)
S2720EI
S2750EI
V200R003
S3700SI
S3700EI
S3700HI
S5700LI/S5700S-LI
V200R001
S5710-C-LI
S5710-X-LI
V200R008
S5700SI
S5700EI
S5710EI
S5720EI
V200R007
S5720SI/S5720S-SI
V200R008
316
Series
S6700
14 QoS
Product
Minimum Version
Required
S5700HI
S5710HI
S5720HI
V200R006
S6700EI
S6720EI
V200R008
S6720S-EI
V200R009
Table 14-6 describes the products and minimum version supporting interface-based rate
limiting.
Table 14-6 Products and minimum version supporting interface-based rate limiting
Series
Product
Minimum Version
Required
S1700
S1720GFR
S2700
S2700SI
S2700EI
S2710SI
Issue 11 (2016-07-22)
317
Series
S3700
S5700
Issue 11 (2016-07-22)
14 QoS
Product
Minimum Version
Required
S2720EI
S2750EI
V200R003
S3700SI
S3700EI
S3700HI
S5700LI/S5700S-LI
V200R001
S5710-C-LI
S5710-X-LI
V200R008
S5700SI
S5700EI
S5710EI
S5720EI
V200R007
S5720SI/S5720S-SI
V200R008
S5700HI
S5710HI
S5720HI
V200R006
318
14 QoS
Series
Product
Minimum Version
Required
S6700
S6700EI
S6720EI
V200R008
S6720S-EI
V200R009
Table 14-7 describes traffic policing, traffic shaping, and interface-based rate limiting
supported by different switch models.
Table 14-7 Traffic policing, traffic shaping, and interface-based rate limiting supported
by different switch models
Issue 11 (2016-07-22)
Device
Model
MQCbased
Traffic
Policing
Hierarchic
al Traffic
Policing
Queuebased
Traffic
Shaping
Inbound
Interfacebased
Rate
Limiting
Outbound
Interfacebased
Rate
Limiting
S1720GFR
Supported
Not
supported
Supported
Supported
Supported
S2720EI
Supported
Not
supported
Supported
Supported
Supported
S2750EI
Supported
Not
supported
Supported
Supported
Supported
S5700LI/
S5700S-LI
Supported
Not
supported
Supported
Supported
Supported
S5710-X-LI
Supported
Not
supported
Supported
Supported
Supported
S5720HI
Supported
Supported
Supported
Supported
Supported
S5720EI
Supported
Supported
Supported
Supported
Supported
S5720SI/
S5720S-SI
Supported
Not
supported
Supported
Supported
Supported
S6720EI
Supported
Supported
Supported
Supported
Supported
S6720S-EI
Supported
Supported
Supported
Supported
Supported
To limit the rate of packets from different VLANs, configure rate limiting based on
VLAN IDs. When a traffic policy is applied to a VLAN, the traffic policy is valid for all
interfaces in the VLAN.
Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
319
14 QoS
After rate limiting is configured on the device, the Internet access may be slow or packet
loss may occur on the downstream device. The rate limit needs to be set properly.
Traffic policing, traffic shaping, and interface-based rate limiting are valid only for data
packets and are invalid for protocol packets, so that the device performance is not
affected.
The inbound traffic statistics takes effect before interface-based rate limiting. That is,
you cannot check whether interface-based rate limiting takes effect according to the
traffic statistics. Run the display qos statistics interface interface-type interface-number
inbound command on the S5720EI, S5720HI, S6720EI, and S6720S-EI to view traffic
statistics after rate limiting is configured.
When traffic policing and another flow action are defined in different traffic behaviors of
the same traffic policy and priorities of matching traffic classifiers are different, if
packets match multiple traffic classifiers, only the action corresponding to the highpriority traffic classifier takes effect. In this case, rate limiting may fail.
License Support
Congestion management and congestion avoidance are basic features of a switch and are not
under license control.
Version Support
Table 14-8 describes the products and minimum version supporting congestion management
and congestion avoidance.
Table 14-8 Products and minimum version supporting congestion management and
congestion avoidance
Issue 11 (2016-07-22)
Series
Product
Minimum Version
Required
S1700
S1720GFR
320
14 QoS
Series
Product
Minimum Version
Required
S2700
S2700SI
Congestion management:
Not supported
Congestion avoidance:
V100R006
NOTE
The S2700SI is unavailable in
V200R001 and later versions.
S3700
S5700
Issue 11 (2016-07-22)
S2700EI
S2710SI
S2720EI
S2750EI
V200R003
S3700SI
S3700EI
S3700HI
S5700LI/S5700S-LI
V200R001
S5710-C-LI
S5710-X-LI
V200R008
S5700SI
S5700EI
321
Series
S6700
14 QoS
Product
Minimum Version
Required
S5710EI
S5720EI
V200R007
S5720SI/S5720S-SI
V200R008
S5700HI
S5710HI
S5720HI
V200R006
S6700EI
S6720EI
V200R008
S6720S-EI
V200R009
Issue 11 (2016-07-22)
Table 14-9 lists the specifications of congestion management and congestion avoidance.
322
14 QoS
Specification
l S1720GFR in V200R006C10: 7
l S1720GFR in V200R009: 6
l S2720EI: 6
l S2750EI in V200R005 and later
versions: 6
l S5700SI in V200R005: 7
l S5700-10P-LI: 6
l Other S5700LI models except the
S5700-10P-LI in earlier versions than
V200R009: 7
l Other S5700LI models except the
S5700-10P-LI in V200R009: 6
l S5700S-LI in earlier versions than
V200R009: 7
l S5700S-LI in V200R009: 6
l S5710-X-LI in V200R008: 7
l S5710-X-LI in V200R009: 6
l S5720SI/S5720S-SI: 6
License Support
The ACL-based simplified traffic policy is a basic feature of a switch and is not under license
control.
Version Support
Table 14-10 describes the products and minimum version supporting the ACL-based
simplified traffic policy.
Issue 11 (2016-07-22)
323
14 QoS
Table 14-10 Products and minimum version supporting the ACL-based simplified traffic
policy
Series
Product
Minimum Version
Required
S1700
S1720GFR
S2700
S2700SI
Not supported
S2700EI
S2710SI
S2720EI
S2750EI
V200R003
S3700SI
S3700EI
S3700HI
S5700LI/S5700S-LI
V200R001
S5710-C-LI
S5710-X-LI
V200R008
S5700SI
S5700EI
S3700
S5700
Issue 11 (2016-07-22)
324
Series
S6700
14 QoS
Product
Minimum Version
Required
S5710EI
S5720EI
V200R007
S5720SI/S5720S-SI
V200R008
S5700HI
S5710HI
S5720HI
V200R006
S6700EI
S6720EI
V200R008
S6720S-EI
V200R009
VLAN mapping is also configured on the interface, and the mapped VLAN ID is
the same as the VLAN ID in the ACL.
The S5720HI does not support simplified traffic policies based on user-defined ACLs.
If the ACL rule matches the VPN instance name of packets, the simplified ACL-based
traffic policy fails to be delivered.
14.6 HQoS
Issue 11 (2016-07-22)
325
14 QoS
License Support
HQoS is a basic feature of a switch and is not under license control.
Version Support
Only the S5720HI in V200R006 and later versions supports HQoS.
Specifications
65528
8191
16376
128
128
When each service flow of different users has the same priority, the device cannot
provide congestion management for service flows based on users.
Issue 11 (2016-07-22)
326
15
Issue 11 (2016-07-22)
327
15.1 SNMP
Involved Network Elements
The switch needs to work with a network management system.
License Support
SNMP is a basic feature of a switch and is not under license control.
Version Support
Table 15-1 Products and minimum version supporting SNMP
Series
Product
Minimum Version
Required
S1700
S1720
S2700
S2700SI
S2700EI
S2710SI
S2720EI
S2750EI
V200R003
S3700SI
S3700EI
S3700HI
S5700LI/S5700S-LI
V200R001
S3700
S5700
Issue 11 (2016-07-22)
328
Series
S6700
Product
Minimum Version
Required
S5710-C-LI
S5710-X-LI
V200R008
S5700SI
S5700EI
S5710EI
S5720EI
V200R007
S5720SI/S5720S-SI
V200R008
S5700HI
S5710HI
S5720HI
V200R006
S6700EI
S6720EI
V200R008
S6720S-EI
V200R009
15.2 RMON
Involved Network Elements
The switch needs to work with a network management system.
Issue 11 (2016-07-22)
329
License Support
RMON is a basic feature of a switch and is not under license control.
Version Support
Table 15-2 Products and minimum version supporting RMON
Series
Product
Minimum Version
Required
S1700
S1720
S2700
S2700SI
S2700EI
S2710SI
S2720EI
S2750EI
V200R003
S3700SI
S3700EI
S3700HI
S5700LI/S5700S-LI
V200R001
S5710-C-LI
S5710-X-LI
V200R008
S3700
S5700
Issue 11 (2016-07-22)
330
Series
S6700
Product
Minimum Version
Required
S5700SI
S5700EI
S5710EI
S5720EI
V200R007
S5720SI/S5720S-SI
V200R008
S5700HI
S5710HI
S5720HI
V200R006
S6700EI
S6720EI
V200R008
S6720S-EI
V200R009
15.3 LLDP
Involved Network Elements
Other network elements are not required.
License Support
LLDP is a basic feature of a switch and is not under license control.
Issue 11 (2016-07-22)
331
Version Support
Table 15-3 Products and minimum version supporting LLDP
Series
Product
Minimum Version
Required
S1700
S1720
S2700
S2700SI
S2700EI
S2710SI
S2720EI
S2750EI
V200R003
S3700SI
S3700EI
S3700HI
S5700LI/S5700S-LI
V200R001
S5710-C-LI
S5710-X-LI
V200R008
S5700SI
S5700EI
S3700
S5700
Issue 11 (2016-07-22)
332
Series
S6700
Product
Minimum Version
Required
S5710EI
S5720EI
V200R007
S5720SI/S5720S-SI
V200R008
S5700HI
S5710HI
S5720HI
V200R006
S6700EI
S6720EI
V200R008
S6720S-EI
V200R009
License Support
Performance management is not under license control.
Issue 11 (2016-07-22)
333
Version Support
Table 15-4 Products and minimum version supporting performance management
Series
Product
Minimum Version
Required
S1700
S1720
Not supported
S2700
S2700SI/S2700EI
Not supported
S2710SI
Not supported
S2720EI
Not supported
S2750EI
Not supported
S3700SI/S3700EI
Not supported
S3700HI
Not supported
S5700LI/S5700S-LI
Not supported
S5710-C-LI
Not supported
S5710-X-LI
Not supported
S5700EI/S5700SI
Not supported
S5710EI
Not supported
S5720EI
Not supported
S5720SI/S5720S-SI
Not supported
S5700HI
Not supported
S5710HI
Not supported
S5720HI
V200R006
S6700EI
Not supported
S6720EI
Not supported
S6720S-EI
Not supported
S3700
S5700
S6700
15.5 iPCA
Involved Network Elements
Other network elements also need to support iPCA.
Issue 11 (2016-07-22)
334
License Support
iPCA is a basic feature of a switch and is not under license control.
Version Support
Only the S5720HI in V200R006 or a later version supports iPCA.
You can specify target flows in network-level packet loss measurement, but not in
device-level packet loss measurement.
In the current version, the network-level packet loss measurement can take effect for
only known IP unicast packets but not unknown IP unicast packets. The measurement
result involving unknown IP unicast packets is inaccurate.
In the current version, packet loss measurement for direct links supports only IP unicast
packets.
In the current version, packet loss measurement for a device supports only IP unicast
packets.
Network-level packet loss measurement is based on target flows. If the packet content is
modified (for example, NAT is performed on packets, packets are encapsulated in
tunnels, and packet priority is changed), the device cannot precisely match the packets,
so the measurement result may be inaccurate.
15.6 NQA
Involved Network Elements
Other network elements are not required.
License Support
NQA is a basic feature of a switch and is not under license control.
Issue 11 (2016-07-22)
335
Version Support
Table 15-5 Products and minimum version supporting NQA
Series
Product
Minimum Version
Required
S1700
S1720
S2700
S2700SI
S2700EI
S2710SI
S2720EI
S2750EI
V200R003
S3700SI
S3700EI
S3700HI
S5700LI/S5700S-LI
V200R001
S5710-C-LI
S5710-X-LI
V200R008
S5700SI
S5700EI
S3700
S5700
Issue 11 (2016-07-22)
336
Series
S6700
Product
Minimum Version
Required
S5710EI
S5720EI
V200R007
S5720SI/S5720S-SI
V200R008
S5700HI
S5710HI
S5720HI
V200R006
S6700EI
S6720EI
V200R008
S6720S-EI
V200R009
If the number of running test instances reaches the maximum number supported by the
system, the start command will fail.
If you need to run the start now command for a test instance again, ensure that the last
operation has been complete.
If you specify that a test instance starts to run on schedule, ensure that the specified time
is later than the current system time; otherwise, the configuration is invalid.
License Support
Service diagnosis is a basic feature of the device and is not under license control.
Issue 11 (2016-07-22)
337
Version Support
Table 15-6 Products and minimum version supporting service diagnosis
Series
Product
Minimum Version
Required
S1700
S1720
S2700
S2700SI
Not supported
S2700EI
Not supported
S2710SI
Not supported
S2720EI
S2750EI
V200R003
S3700SI
Not supported
S3700EI
Not supported
S3700HI
Not supported
S5700LI/S5700S-LI
V200R003
S5710-C-LI
Not supported
S5710-X-LI
V200R008
S5700SI
S5700EI
S5710EI
S5720EI
V200R007
S5720SI/S5720S-SI
V200R008
S5700HI
S5710HI
S3700
S5700
Issue 11 (2016-07-22)
338
Series
S6700
Product
Minimum Version
Required
S5720HI
V200R006
S6700EI
S6720EI
V200R008
S6720S-EI
V200R009
AAA and NAC services: based on the MAC address, IP address, user name, user VLAN
ID, access mode, or interface number.
15.8 Mirroring
15.8.1 Involved Network Elements
The switch needs to work with a monitoring server. The mirroring server analyzes the
mirrored packets sent to it.
Issue 11 (2016-07-22)
Series
Product
S1700
S1720
339
Series
Product
S2700
S2700SI
S2700EI
S2710SI
S2720EI
S2750EI
S3700SI/S3700EI
S3700HI
S5700LI/S5700S-LI
S3700
S5700
Issue 11 (2016-07-22)
340
Series
Issue 11 (2016-07-22)
Product
S5710-C-LI
S5710-X-LI
S5700SI
S5720SI/S5720S-SI
S5700EI
S5710EI
S5700HI
S5710HI
S5720EI
V200R007
S5720HI
341
Series
Product
S6700
S6700EI
S6720EI
V200R008
S6720S-EI
V200R009
Configuration Modes
Observing ports can be configured one by one or in a batch since V200R005. The single
configuration and batch configuration modes can be used simultaneously. If multiple
observing ports are configured in a batch, these observing ports are bound to the same
mirrored port. Therefore, batch configuration simplifies the configuration of 1:N
mirroring. Figure 15-1 shows batch configuration of observing ports.
Figure 15-1 Configuring observing ports in a batch
Mirrored port
If multiple observing
ports are configured in a
batch, these observing
ports are bound to the
same mirrored port.
Observing ports
Issue 11 (2016-07-22)
342
Inbound and
outbound packets on
mirrored ports are
copied to the same
observing port.
Inbound packets
on mirrored ports can
be copied to another
three observing ports.
Outbound packets
are copied to the
same observing port.
Outbound packets
on mirrored ports can
be copied to another
three observing ports.
Specifications
The following tables list the observing port specifications for different devices.
Issue 11 (2016-07-22)
343
Table 15-8 Observing port specifications for different devices in V200R003 versions
Device
Number of
Observing Ports to
Which Incoming
Packets on
Mirrored Ports
Can Be Copied
Number of
Observing
Ports to
Which
Outgoing
Packets on
Mirrored
Ports Can
Be Copied
Maximum
of
Observing
Ports
Supported
S2700SI
1
NOTE
Incoming
and
outgoing
packets on a
mirrored
port can
only be
copied to
the same
observing
port.
S2710SI
S2700EI
1
NOTE
Incoming
and
outgoing
packets on a
mirrored
port can
only be
copied to
the same
observing
port.
Issue 11 (2016-07-22)
S3700SI
S3700EI
S3700HI
344
Device
Number of
Observing Ports to
Which Incoming
Packets on
Mirrored Ports
Can Be Copied
Number of
Observing
Ports to
Which
Outgoing
Packets on
Mirrored
Ports Can
Be Copied
Maximum
of
Observing
Ports
Supported
1
NOTE
Incoming
and
outgoing
packets on a
mirrored
port can
only be
copied to
the same
observing
port.
S5710-C-LI
1
NOTE
Incoming
and
outgoing
packets on a
mirrored
port can
only be
copied to
the same
observing
port.
S5700SI
1
NOTE
Incoming
and
outgoing
packets on a
mirrored
port can
only be
copied to
the same
observing
port.
Issue 11 (2016-07-22)
S5700EI
S5710EI
S5700HI
345
Device
Number of
Observing Ports to
Which Incoming
Packets on
Mirrored Ports
Can Be Copied
Number of
Observing
Ports to
Which
Outgoing
Packets on
Mirrored
Ports Can
Be Copied
Maximum
of
Observing
Ports
Supported
S5710HI
S6700EI
1
NOTE
Incoming
and
outgoing
packets on a
mirrored
port can
only be
copied to
the same
observing
port.
Device
Number of
Observing Ports to
Which Incoming
Packets on
Mirrored Ports
Can Be Copied
Number of
Observing
Ports to
Which
Outgoing
Packets on
Mirrored
Ports Can
Be Copied
Maximum
of
Observing
Ports
Supported
S1720GFR
1
NOTE
Incoming
and
outgoing
packets on a
mirrored
port can
only be
copied to
the same
observing
port.
Issue 11 (2016-07-22)
346
Device
Number of
Observing Ports to
Which Incoming
Packets on
Mirrored Ports
Can Be Copied
Number of
Observing
Ports to
Which
Outgoing
Packets on
Mirrored
Ports Can
Be Copied
Maximum
of
Observing
Ports
Supported
S2720
1
NOTE
Incoming
and
outgoing
packets on a
mirrored
port can
only be
copied to
the same
observing
port.
S2750
1
NOTE
Incoming
and
outgoing
packets on a
mirrored
port can
only be
copied to
the same
observing
port.
S5700LI, S5700S-LI
1
NOTE
Incoming
and
outgoing
packets on a
mirrored
port can
only be
copied to
the same
observing
port.
Issue 11 (2016-07-22)
347
Device
Number of
Observing Ports to
Which Incoming
Packets on
Mirrored Ports
Can Be Copied
Number of
Observing
Ports to
Which
Outgoing
Packets on
Mirrored
Ports Can
Be Copied
Maximum
of
Observing
Ports
Supported
S5710-X-LI
1
NOTE
Incoming
and
outgoing
packets on a
mirrored
port can
only be
copied to
the same
observing
port.
S5700SI
1
NOTE
Incoming
and
outgoing
packets on a
mirrored
port can
only be
copied to
the same
observing
port.
S5720SI, S5720S-SI
1
NOTE
Incoming
and
outgoing
packets on a
mirrored
port can
only be
copied to
the same
observing
port.
Issue 11 (2016-07-22)
S5700EI
S5710EI
S5720EI
348
Issue 11 (2016-07-22)
Device
Number of
Observing Ports to
Which Incoming
Packets on
Mirrored Ports
Can Be Copied
Number of
Observing
Ports to
Which
Outgoing
Packets on
Mirrored
Ports Can
Be Copied
Maximum
of
Observing
Ports
Supported
S5700HI
S5710HI
349
Device
S5720HI
Number of
Observing Ports to
Which Incoming
Packets on
Mirrored Ports
Can Be Copied
l A maximum of
64 observing
ports can be
configured in a
batch, and you
can configure a
maximum of
eight batches.
Theoretically,
incoming packets
on mirrored ports
can be copied to a
maximum of 512
(8 x 64)
observing ports.
l If one observing
port is configured
each time, the
observing port
configuration can
be performed a
maximum of
eight times, and
incoming packets
on mirrored ports
can be copied to a
maximum of
eight observing
ports.
l When single
configuration and
batch
configuration are
both used, the
observing port
configuration can
be performed a
maximum of
eight times, and
the maximum
number of
Issue 11 (2016-07-22)
Number of
Observing
Ports to
Which
Outgoing
Packets on
Mirrored
Ports Can
Be Copied
l A
maximu
m of 64
observin
g ports
can be
configure
d in a
batch,
and you
can
configure
a
maximu
m of
eight
batches.
Theoretic
ally,
outgoing
packets
on
mirrored
ports can
be
copied to
a
maximu
m of 512
(8 x 64)
observin
g ports.
l If one
observin
g port is
configure
d each
time, the
observin
g port
configura
tion can
Maximum
of
Observing
Ports
Supported
l A
maximu
m of 64
observin
g ports
can be
configure
d in a
batch,
and you
can
configure
a
maximu
m of
eight
batches.
Theoretic
ally, a
maximu
m of 512
(8 x 64)
observin
g ports
can be
configure
d.
l If one
observin
g port is
configure
d each
time, the
observin
g port
configura
tion can
be
performe
da
maximu
m of
350
Device
Number of
Observing Ports to
Which Incoming
Packets on
Mirrored Ports
Can Be Copied
observing ports to
which incoming
packets on
mirrored ports
can be copied
ranges between 8
and 512.
Number of
Observing
Ports to
Which
Outgoing
Packets on
Mirrored
Ports Can
Be Copied
be
performe
da
maximu
m of
eight
times,
and
outgoing
packets
on
mirrored
ports can
be
copied to
a
maximu
m of
eight
observin
g ports.
l When
single
configura
tion and
batch
configura
tion are
both
used, the
observin
g port
configura
tion can
be
performe
da
maximu
m of
eight
times,
and the
Issue 11 (2016-07-22)
Maximum
of
Observing
Ports
Supported
eight
times,
and a
maximu
m of
eight
observin
g ports
can be
configure
d.
l When
single
configura
tion and
batch
configura
tion are
both
used, the
observin
g port
configura
tion can
be
performe
da
maximu
m of
eight
times,
and the
maximu
m
number
of
observin
g ports
ranges
between
8 and
512.
351
Number of
Observing Ports to
Which Incoming
Packets on
Mirrored Ports
Can Be Copied
Device
Number of
Observing
Ports to
Which
Outgoing
Packets on
Mirrored
Ports Can
Be Copied
Maximum
of
Observing
Ports
Supported
maximu
m
number
of
observin
g ports to
which
outgoing
packets
on
mirrored
ports can
be
copied
ranges
between
8 and
512.
Issue 11 (2016-07-22)
S6700EI
X (X 4)
4-X (X 4)
S6720EI, S6720S-EI
X (X 4)
4-X (X 4)
352
Table 15-10 Observing port specifications for different devices in V200R010 and later
versions
Device
Number of
Observing Ports to
Which Incoming
Packets on
Mirrored Ports
Can Be Copied
Number of
Observing
Ports to
Which
Outgoing
Packets on
Mirrored
Ports Can
Be Copied
Maximum
of
Observing
Ports
Supported
S1720GFR
6
NOTE
Incoming
and
outgoing
packets on a
mirrored
port can
only be
copied to
the same
observing
port.
S2720
6
NOTE
Incoming
and
outgoing
packets on a
mirrored
port can
only be
copied to
the same
observing
port.
S2750
6
NOTE
Incoming
and
outgoing
packets on a
mirrored
port can
only be
copied to
the same
observing
port.
Issue 11 (2016-07-22)
353
Number of
Observing Ports to
Which Incoming
Packets on
Mirrored Ports
Can Be Copied
Number of
Observing
Ports to
Which
Outgoing
Packets on
Mirrored
Ports Can
Be Copied
Maximum
of
Observing
Ports
Supported
S5710-X-LI
Device
NOTE
Incoming
and
outgoing
packets on a
mirrored
port can
only be
copied to
the same
observing
port.
6
NOTE
Incoming
and
outgoing
packets on a
mirrored
port can
only be
copied to
the same
observing
port.
S5720SI, S5720S-SI
6
NOTE
Incoming
and
outgoing
packets on a
mirrored
port can
only be
copied to
the same
observing
port.
S5720EI
Issue 11 (2016-07-22)
354
Device
S5720HI
Number of
Observing Ports to
Which Incoming
Packets on
Mirrored Ports
Can Be Copied
l A maximum of
64 observing
ports can be
configured in a
batch, and you
can configure a
maximum of
eight batches.
Theoretically,
incoming packets
on mirrored ports
can be copied to a
maximum of 512
(8 x 64)
observing ports.
l If one observing
port is configured
each time, the
observing port
configuration can
be performed a
maximum of
eight times, and
incoming packets
on mirrored ports
can be copied to a
maximum of
eight observing
ports.
l When single
configuration and
batch
configuration are
both used, the
observing port
configuration can
be performed a
maximum of
eight times, and
the maximum
number of
Issue 11 (2016-07-22)
Number of
Observing
Ports to
Which
Outgoing
Packets on
Mirrored
Ports Can
Be Copied
l A
maximu
m of 64
observin
g ports
can be
configure
d in a
batch,
and you
can
configure
a
maximu
m of
eight
batches.
Theoretic
ally,
outgoing
packets
on
mirrored
ports can
be
copied to
a
maximu
m of 512
(8 x 64)
observin
g ports.
l If one
observin
g port is
configure
d each
time, the
observin
g port
configura
tion can
Maximum
of
Observing
Ports
Supported
l A
maximu
m of 64
observin
g ports
can be
configure
d in a
batch,
and you
can
configure
a
maximu
m of
eight
batches.
Theoretic
ally, a
maximu
m of 512
(8 x 64)
observin
g ports
can be
configure
d.
l If one
observin
g port is
configure
d each
time, the
observin
g port
configura
tion can
be
performe
da
maximu
m of
355
Device
Number of
Observing Ports to
Which Incoming
Packets on
Mirrored Ports
Can Be Copied
observing ports to
which incoming
packets on
mirrored ports
can be copied
ranges between 8
and 512.
Number of
Observing
Ports to
Which
Outgoing
Packets on
Mirrored
Ports Can
Be Copied
be
performe
da
maximu
m of
eight
times,
and
outgoing
packets
on
mirrored
ports can
be
copied to
a
maximu
m of
eight
observin
g ports.
l When
single
configura
tion and
batch
configura
tion are
both
used, the
observin
g port
configura
tion can
be
performe
da
maximu
m of
eight
times,
and the
Issue 11 (2016-07-22)
Maximum
of
Observing
Ports
Supported
eight
times,
and a
maximu
m of
eight
observin
g ports
can be
configure
d.
l When
single
configura
tion and
batch
configura
tion are
both
used, the
observin
g port
configura
tion can
be
performe
da
maximu
m of
eight
times,
and the
maximu
m
number
of
observin
g ports
ranges
between
8 and
512.
356
Number of
Observing Ports to
Which Incoming
Packets on
Mirrored Ports
Can Be Copied
Device
Number of
Observing
Ports to
Which
Outgoing
Packets on
Mirrored
Ports Can
Be Copied
Maximum
of
Observing
Ports
Supported
maximu
m
number
of
observin
g ports to
which
outgoing
packets
on
mirrored
ports can
be
copied
ranges
between
8 and
512.
S6720EI, S6720S-EI
X (X 4)
4-X (X 4)
Concept
1:N mirroring copies packets on one mirrored port to N observing ports, as shown in
Figure 15-3.
Figure 15-3 1:N mirroring
Mirrored port
Observing ports
Issue 11 (2016-07-22)
357
NOTE
For 1:N port mirroring, N means that packets in each direction (inbound or outbound) on a mirrored
port can be mirrored to N observing ports.
For 1:N traffic mirroring, N means that a traffic mirroring behavior bound to a traffic classifier contains
N observing ports that are configured in a batch. That is, to implement 1:N traffic mirroring, the traffic
behavior must specify an observing port group.
For 1:N VLAN mirroring or MAC address mirroring, N means that the observing port group bound to
the inbound direction of a VLAN contains N observing ports. That is, to implement 1:N VLAN
mirroring or MAC address mirroring, you must bind an observing port group to the inbound direction
of a VLAN.
This section provides the specifications of 1:N port mirroring. The N values of other 1:N mirroring
features are the same as those of 1:N port mirroring.
Specifications
Huawei S series fixed switches of V200R003 and earlier versions do not support 1:N
mirroring.
Table 15-11 lists the 1:N mirroring specifications in the inbound and outbound directions
for different devices in V200R005 and later versions. The 1:N mirroring specifications
include the numbers of observing ports to which incoming and outgoing packets on a
mirrored port can be copied.
Table 15-11 1:N mirroring specifications in the inbound and outbound directions of
different devices in V200R005 and later versions
Device
Issue 11 (2016-07-22)
Number of Observing
Ports for Incoming
Packets on a Mirrored
Port
Number of
Observing
Ports for
Outgoing
Packets on a
Mirrored Port
S1720
NA (Incoming packets on
a mirrored port can only
be copied to one
observing port.)
NA (Outgoing
packets on a
mirrored port
can only be
copied to one
observing port.)
S2720
NA (Incoming packets on
a mirrored port can only
be copied to one
observing port.)
NA (Outgoing
packets on a
mirrored port
can only be
copied to one
observing port.)
S2750
NA (Incoming packets on
a mirrored port can only
be copied to one
observing port.)
NA (Outgoing
packets on a
mirrored port
can only be
copied to one
observing port.)
358
Number of Observing
Ports for Incoming
Packets on a Mirrored
Port
Device
Issue 11 (2016-07-22)
Number of
Observing
Ports for
Outgoing
Packets on a
Mirrored Port
S5700LI, S5700S-LI
NA (Incoming packets on
a mirrored port can only
be copied to one
observing port.)
NA (Outgoing
packets on a
mirrored port
can only be
copied to one
observing port.)
S5710-X-LI
NA (Incoming packets on
a mirrored port can only
be copied to one
observing port.)
NA (Outgoing
packets on a
mirrored port
can only be
copied to one
observing port.)
S5700SI
NA (Incoming packets on
a mirrored port can only
be copied to one
observing port.)
NA (Outgoing
packets on a
mirrored port
can only be
copied to one
observing port.)
S5720SI, S5720S-SI
NA (Incoming packets on
a mirrored port can only
be copied to one
observing port.)
NA (Outgoing
packets on a
mirrored port
can only be
copied to one
observing port.)
S5700EI
NA (Incoming packets on
a mirrored port can only
be copied to one
observing port.)
NA (Outgoing
packets on a
mirrored port
can only be
copied to one
observing port.)
S5710EI
S5720EI
S5700HI
S5710HI
359
Device
S5720HI
Number of Observing
Ports for Incoming
Packets on a Mirrored
Port
l A maximum of 64
observing ports can be
configured in a batch,
you can configure a
maximum of eight
batches, and the
observing ports
configured in a batch
cannot be used for the
packets in the same
direction (inbound or
outbound) on the same
mirrored port.
Theoretically,
incoming packets on a
mirrored port can be
copied to a maximum
of 64 observing ports.
l Each port can be
configured as an
observing port for a
maximum of eight
times, and observing
ports cannot be used
for the packets in the
same direction
(inbound or outbound)
on the same mirrored
port. Therefore,
incoming packets on a
mirrored port can be
copied to a maximum
of one observing port.
l When observing ports
are configured one by
one and in a batch
simultaneously, the
configured observing
ports cannot be used
for the packets in the
same direction
(inbound or outbound)
on the same mirrored
port.
Issue 11 (2016-07-22)
Number of
Observing
Ports for
Outgoing
Packets on a
Mirrored Port
l A maximum
of 64
observing
ports can be
configured
in a batch,
you can
configure a
maximum of
eight
batches, and
the
observing
ports
configured
in a batch
cannot be
used for the
packets in
the same
direction
(inbound or
outbound)
on the same
mirrored
port.
Theoreticall
y, outgoing
packets on a
mirrored
port can be
copied to a
maximum of
64
observing
ports.
l Each port
can be
configured
as an
observing
port for a
maximum of
eight times,
and
360
Number of Observing
Ports for Incoming
Packets on a Mirrored
Port
Device
Number of
Observing
Ports for
Outgoing
Packets on a
Mirrored Port
observing
ports cannot
be used for
the packets
in the same
direction
(inbound or
outbound)
on the same
mirrored
port.
Therefore,
outgoing
packets on a
mirrored
port can be
copied to a
maximum of
one
observing
port.
l When
observing
ports are
configured
one by one
and in a
batch
simultaneou
sly, the
configured
observing
ports cannot
be used for
the packets
in the same
direction
(inbound or
outbound)
on the same
mirrored
port.
Issue 11 (2016-07-22)
S6700EI
Y (Y 4)
4-Y (Y 4)
S6720EI, S6720S-EI
Y (Y 4)
4-Y (Y 4)
361
NOTE
In 1:N mirroring, if you configure either incoming or outgoing packets to be copied from a
mirrored port to multiple observing ports in batches, the packets cannot be copied to other
observing ports.
Mirrored ports
Observing port
In N:1 mirroring, the number of mirrored ports is not limited. For example, N:1 port mirroring
allows incoming or outgoing packets on multiple mirrored ports to be copied to the same
observing port.
Mirrored ports
Observing ports
Issue 11 (2016-07-22)
362
15.8.8 Limitations
l
Issue 11 (2016-07-22)
Packets mirrored to an observing port cannot be mirrored again in the same device.
The S5720HI does not support VLAN mirroring or MAC address mirroring. You
can configure traffic mirroring with traffic classification rules VLAN ID and MAC
address.
Since V200R005, all the models, except S1720, S2720, S2750, S5700S-LI,
S5700LI, S5710-C-LI, S5710-X-LI, S5700SI, S5720S-SI, S5720SI, and S5700EI,
allow Eth-Trunk interfaces to be configured as observing ports.
VLAN mirroring and MAC address mirroring do not apply to outgoing packets.
Observing ports are only used to forward mirrored traffic, so you are advised not to
configure other services on observing ports. If other services are configured on
observing ports, mirrored traffic and other service traffic on the observing ports
may affect each other.
When configuring Layer 2 remote port mirroring, you are not advised to perform
other service configuration in the VLAN associated with the observing port, that is,
the VLAN used to transmit mirrored packets to the monitoring device.
Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
363
During the traffic mirroring configuration, the deny parameter cannot be configured
in the ACL referenced in a traffic classifier. To mirror only specified service
packets, configure the permit parameter in the ACL.
License Support
Packet capture is a basic feature of a switch and is not under license control.
Version Support
Table 15-12 Products and minimum version supporting packet capture
Series
Product
Minimum Version
Required
S1700
S1720
S2700
S2700SI
S2700EI
S2710SI
S2720EI
S2750EI
V200R003
S3700SI
S3700
Issue 11 (2016-07-22)
364
Series
S5700
S6700
Issue 11 (2016-07-22)
Product
Minimum Version
Required
S3700EI
S3700HI
S5700LI/S5700S-LI
V200R001
S5710-C-LI
S5710-X-LI
V200R008
S5700SI
S5700EI
S5710EI
S5720EI
V200R007
S5720SI/S5720S-SI
V200R008
S5700HI
S5710HI
S5720HI
V200R006
S6700EI
S6720EI
V200R008
S6720S-EI
V200R009
365
The packet capture configuration is not saved in the configuration file, and becomes
invalid after a packet capture instance is complete.
Different packet capture instances cannot be executed simultaneously. That is, a new
packet capture instance can be executed only when the previous one is complete.
15.10 NetStream
Involved Network Elements
The switch needs to work with a NetStream server.
License Support
NetStream is a basic feature of a switch and is not under license control.
Version Support
Table 15-13 Products and minimum version supporting NetStream
Series
Product
Minimum Version
Required
S1700
S1720
Not supported
S2700
S2700SI
Not supported
S2700EI
Not supported
S2710SI
Not supported
S2720EI
Not supported
S2750EI
Not supported
S3700SI
Not supported
S3700EI
Not supported
S3700HI
Not supported
S5700LI/S5700S-LI
Not supported
S5710-C-LI
Not supported
S5710-X-LI
Not supported
S5700SI
Not supported
S5700EI
Not supported
S3700
S5700
Issue 11 (2016-07-22)
366
Series
S6700
Product
Minimum Version
Required
S5710EI
S5720EI
Not supported
S5720SI/S5720S-SI
Not supported
S5700HI
S5710HI
S5720HI
V200R006
S6700EI
Not supported
S6720EI
Not supported
S6720S-EI
Not supported
15.11 sFlow
Involved Network Elements
The switch needs to work with an sFlow server.
License Support
sFlow is a basic feature of a switch and is not under license control.
Version Support
Table 15-14 Products and minimum version supporting sFlow
Issue 11 (2016-07-22)
Series
Product
Minimum Version
Required
S1700
S1720
Not supported
S2700
S2700SI
Not supported
367
Series
S3700
S5700
S6700
Issue 11 (2016-07-22)
Product
Minimum Version
Required
S2700EI
Not supported
S2710SI
Not supported
S2720EI
S2750EI
V200R003
S3700SI
Not supported
S3700EI
Not supported
S3700HI
Not supported
S5700LI/S5700S-LI
V200R003
S5710-C-LI
Not supported
S5710-X-LI
V200R008
S5700SI
Not supported
S5700EI
S5710EI
S5720EI
V200R007
S5720SI/S5720S-SI
V200R008
S5700HI
S5710HI
S5720HI
Not supported
S6700EI
S6720EI
V200R008
S6720S-EI
V200R009
368
Issue 11 (2016-07-22)
369
16 Free Mobility
16
Free Mobility
Issue 11 (2016-07-22)
370
16 Free Mobility
Switch Version
V200R006C00&V200R007
C00
V100R001C00
NOTE
To use the free mobility function on a VPN, connect switches in V200R008C00 and later versions to the
Agile Controller in V100R002C00 and later versions.
If a Huawei switch needs to function as a DHCP server and assign IP addresses to terminals based on the
static MAC-IP binding relationship delivered by the Agile Controller, the switch must run V200R009C00 or a
later version, and the Agile Controller must run V100R002C00SPC105 or a later version.
License Support
Free mobility is a basic feature of the switch and is not under license control.
Version Support
NOTE
To use the free mobility function on a VPN, connect switches in V200R008C00 and later versions to the
Agile Controller in V100R002C00 and later versions.
If a Huawei switch needs to function as a DHCP server and assign IP addresses to terminals based on the
static MAC-IP binding relationship delivered by the Agile Controller, the switch must run V200R009C00 or a
later version, and the Agile Controller must run V100R002C00SPC105 or a later version.
Product
Minimum Version
Required
S5700
S5720HI
V200R006C00
Issue 11 (2016-07-22)
Before configuring free mobility on the switch, configure one or more combinations of
802.1x authentication, MAC address authentication, or Portal authentication in NAC
unified mode. For details, see NAC Configuration (Unified Mode) in the
Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
371
16 Free Mobility
Issue 11 (2016-07-22)
When the controller delivers a UCL group name that is not supported by the switch, the
switch cannot parse the group name. A UCL group name that can be supported by the
switch must be consistent with the value of group-name in the ucl-group group-index
[ name group-name ] command.
372