Professional Documents
Culture Documents
9300 Quick Start Guide
9300 Quick Start Guide
V100R006C00
01
Date
2011-09-30
Notice
The purchased products, services and features are stipulated by the contract made between Huawei and the
customer. All or part of the products, services and features described in this document may not be within the
purchase scope or the usage scope. Unless otherwise specified in the contract, all statements, information,
and recommendations in this document are provided "AS IS" without warranties, guarantees or representations
of any kind, either express or implied.
The information in this document is subject to change without notice. Every effort has been made in the
preparation of this document to ensure accuracy of the contents, but all statements, information, and
recommendations in this document do not constitute the warranty of any kind, express or implied.
Website:
http://www.huawei.com
Email:
support@huawei.com
Issue 01 (2011-09-30)
S9300
Remarks
VASP
V100R003C01
S9300 V100R006C00
Intended Audience
This document is intended for:
l
Commissioning engineers
Symbol Conventions
The symbols that may be found in this document are defined as follows.
Symbol
Description
DANGER
WARNING
Issue 01 (2011-09-30)
ii
Symbol
Description
CAUTION
TIP
NOTE
Change History
Updates between document issues are cumulative. Therefore, the latest document issue contains
all updates made in previous issues.
Issue 01 (2011-09-30)
iii
Contents
Contents
About This Document.....................................................................................................................ii
1 Overview of the SPU.....................................................................................................................1
1.1 Introduction to the SPU......................................................................................................................................2
1.2 Functions and Typical Applications of the SPU................................................................................................2
Issue 01 (2011-09-30)
iv
Issue 01 (2011-09-30)
Issue 01 (2011-09-30)
LPU
Switching Packets
MPU
Processing Packets
SPU
Service functions
IPSec VPN, firewall/NAT, load balancing, NetStream and WLAN
Data processing capability of 10 Gbit/s
Routing and addressing for packets
Traffic management, congestion control, and forwarding scheduling for packets
Line-speed forwarding of packets
Debugging functions
Configuration and alarm
Board environment monitoring
Watchdog
Hierarchical reset
Commissioning
Load Balancing
l
Issue 01 (2011-09-30)
Intranet
Intranet
User
ServerA
Switch
External
Network
ServerB
ServerC
As shown in Figure 1-2, an Intranet user accesses the internal server that is deployed in
the group of load balancing servers through the external network. The group is composed
of three servers. As the load balancing (LB) device, the Switch implements load balancing
at layers from L4 to L7. The service load varies according to servers. When one or more
servers are faulty, the system automatically switches services to normal servers so that
services are not interrupted. In this manner, network faults are reduced and the reliability
of service processing is improved.
l
External
Network
Intranet
user
Switch
RouterB
ISP2
As shown in Figure 1-3, an enterprise rents links of multiple carriers as egresses between
the Intranet and the external network. The bandwidth and delay vary according to carriers.
You can configure the Switch (SPU) to select the optimal link according to requirements
for external network access of different enterprise users. The Switch also supports the
reverse NAT function.
Issue 01 (2011-09-30)
IPSec
Figure 1-4 Networking of IPSec
SwitchA
SwitchB
Internet
Intranet
User A
Intranet
User B
As shown in Figure 1-4, an IPSec tunnel is set up between Switch A and Switch B. In this way,
data flows of intranet user A and intranet user B can be protected when being transmitted on
insecure networks. IPSec allows network users or administrators to control the granularity of
security services between peers. The Security Association (SA) can be established manually or
in IKE negotiation mode. The SA provides security protection for different data flows.
NAT
Figure 1-5 Networking of NAT
Internet
Intranet
10.1.1.1/24
PC2
PC1
10.1.2.1/24
WWW
Issue 01 (2011-09-30)
FTP
SMTP
As shown in Figure 1-5, IP addresses of PC1 and PC2 on the intranet can be mapped to the
public IP addresses on the external network through NAT. In this way, users on private networks
can access external networks, thus saving public IP addresses. The NAT mapping table is used
to limit hosts on internal networks that access hosts on external networks.
By configuring the internal servers, you can map the corresponding external IP addresses and
port numbers to internal servers. In this manner, users on external networks can access internal
servers. For example, an enterprise provides World Wide Web (WWW), File Transfer Protocol
(FTP), and Simple Mail Transfer Protocol (SMTP) services externally.
Firewall
l
Virtual firewall
Figure 1-6 Networking of the virtual firewall
Internet
Switch
VLAN2
Interior
Subnetwork
VLAN3
VLAN4
Interior
Subnetwork
FTP
Server
Interior
Subnetwork
WWW
Server
Telnet
Server
As shown in Figure 1-6, an intranet can be divided into multiple subnets through VLANs.
The Switch (SPU) configures a virtual firewall for each subnet. The server on each subnet
can access external networks through the Switch and provide different services externally.
l
Issue 01 (2011-09-30)
Zone A
VLAN 10
PC B
Switch
VLAN 20
Zone B
VLAN 30
PC C
Zone C
As shown in Figure 1-7, the Switch functions as the firewall in transparent mode. In this
case, all interfaces are L2 interfaces and the network is divided into multiple access zones
through different VLANs. All PCs in a zone share the same network segment. The packet
filtering, attack defense, and traffic monitoring policies are defined for different VLANs
on the Switch. For example, PC A can access Zone B and Zone C. PC B can send packets,
whereas the packets cannot pass the firewall.
l
Issue 01 (2011-09-30)
SPU1
SPU2
Internet
Switch
PC 1
PC 2
As shown in Figure 1-8, SPU 1 and SPU 2 are installed on the Switch. VRRP is enabled
on these two SPUs to provide a virtual IP address for the switch and thus to back up services.
When SPU 1 functions as the master, data flows are transmitted to the Internet through
SPU 1. At the same time, data is synchronized from SPU 1 to SPU 2. After SPU 1 becomes
faulty, data flows are transmitted to the Internet through SPU 2.
NetStream
l
Issue 01 (2011-09-30)
Web Server
Mail Server
PE
PE
PE
FTP Server
AS 100
NSC&NDA
PE
PE
PC
PC
PC
As shown in Figure 1-9, users can collect statistics on IP traffic from MPLS to IP (IPv4
or IPv6) and from IP (IPv4 or IPv6) to MPLS by deploying NetStream on user-side
interfaces of PEs. Users can also collect statistics on MPLS packets by deploying NetStream
on network-side interfaces of PEs and P devices. According to the analysis result of the
statistics, users can understand the composition and mode of the MPLS service accurately.
l
Issue 01 (2011-09-30)
Web Server
Mail Server
AS 100
FTP Server
Tunnel
AS 100
NSC&NDA
PC
PC
PC
As shown in Figure 1-10, if a user collects statistics on the traffic transmitted through a
tunnel on physical interfaces of the switch, the user cannot differentiate the traffic carried
by the tunnel. In this case, the user needs to collect traffic statistics by using NetStream
twice, that is, before the traffic enters the tunnel and after the traffic exits the tunnel. In this
way, the user can accurately analyze the traffic composition in the tunnel.
Issue 01 (2011-09-30)
10
WLAN
Figure 1-11 WLAN network
IP backbone
NMS
RADIUS server
BAS
MAN aggregate
network
Aggregate switch
AC
AC
Access switch
AP
AP
AP
Figure 1-11 shows the networking mode of (AC+fit AP). Data traffic sent from wireless stations
to the Internet is transmitted over two types of media: wireless links between the wireless stations
and APs and wired links between APs and ACs. WLAN uses the wireless technology to
implement fast Ethernet access. It allows terminals, such as computers, to access a network
through a wireless medium but not a physical cable. This facilitates network construction and
allows users to move around without interrupting communication.
Issue 01 (2011-09-30)
11
Issue 01 (2011-09-30)
12
2.1 Panel
This topic describes the appearance of the SPU, including interfaces, indicators and the colors
and blinking states of interface and board indicators.
Currently, the SPU supports only the VAMPA.
The VAMPA is installed horizontally. A serial interface (identified as CON) and an FE electrical
interface (identified as ETH) are located on the panel. Figure 2-1 shows the panel.
Figure 2-1 VAMPA panel
1. ACT indicator
2. LINK indicator
The board indicator RUN/ALM and interface indicators ACT and LINK are located on the
VAMPA panel. Table 2-1 describes the colors and blinking states of the indicators.
Table 2-1 Buttons and indicators on the VAMPA panel
Indicator/Button
Color
Description
RUN/ALM
Green
ACT
Red
Orange
Amber
LINK
Green-yellow
Issue 01 (2011-09-30)
13
NOTE
Quantity
Description
Console interface
Ethernet interface
Description
Connector type
RJ45
Interface attribute
RS232
Compliance standard
EIA/TIA-232
Issue 01 (2011-09-30)
Attribute
Description
Connector type
RJ45
14
Attribute
Description
Interface attribute
10BASE-T/100BASE-TX
Operation mode
Full duplex
Compliance standard
IEEE 802.3
Issue 01 (2011-09-30)
Parameter
Description
Board dimensions
153.27 w
Board weight
2.6 kg
15
Issue 01 (2011-09-30)
16
Networking Requirements
When logging in to the SPU through the console interface, a user needs to connect the console
interface on the SPU to the RS232 interface on the host through a serial cable, as shown in
Figure 3-1.
Figure 3-1 Logging in to the SPU through the console interface
RS232
interface
Console Cable
Console
interface
Procedure
Step 1 Connect the PC with the SPU through a serial cable according to Figure 3-1.
Step 2 Enable the HyperTerminal on the PC.
Choose Start > All Programs > Accessories > Communications > HyperTerminal to start
the HyperTerminal.
Step 3 Set up a new connection.
As shown in Figure 3-2, enter the name of the new connection in the Name text box and choose
an icon. Click OK.
Issue 01 (2011-09-30)
17
18
NOTE
In the Windows operating systems of some versions, Bit per second may be called Baud rate and Flow
control may be called Traffic control.
Value
9600
Data bit
Parity check
None
Stop bit
None
Step 6 After starting the HyperTerminal, choose File > Attributes to display the COMM1
Properties dialog box, as shown in Figure 3-5. Click the Settings tab, and select Auto detect
or VT100 from the Emulation drop-down list box. Click OK to complete the settings.
Issue 01 (2011-09-30)
19
After the preceding settings, press Enter. If the <Quidway> prompt is displayed, it indicates
that you have logged in to the SPU. In this case, you can enter commands to configure or manage
the SPU.
----End
Networking Requirements
A user can log in to the MPU of the S9300 through a serial interface or through Telnet, and then
run the corresponding command for redirection. Then the user redirects the login process to the
console interface of the SPU as prompted and logs in to the SPU through the console interface,
as shown in Figure 3-6.
Issue 01 (2011-09-30)
20
Figure 3-6 Networking of redirecting to the console interface of the SPU through the MPU of
the S9300
Login
PC
Redirection
Console
interface of
the SPU
S9300
Procedure
Step 1 Log in to the MPU of the S9300.
Step 2 Run the following command in the user view: spu connect slot slot-num.
slot-num indicates the number of the slot where the SPU is installed on the S9300.
The following message is displayed:
******************************************************
*
Slot 2 output to mainboard
*
******************************************************
Press Ctrl+D to quit
Press Ctrl+Y. The system redirects you to the serial interface of the SPU so that you can log in
to the SPU.
NOTE
----End
Networking Requirements
Telnet supports local and remote login, facilitating maintenance. After setting the Telnet user
of the SPU, a user can log in to the SPU through Telnet from the Ethernet interface or service
interfaces such as XGE sub-interface or the Eth-Trunk sub-interface whose member interfaces
are XGE interfaces, as shown in Figure 3-7.
Issue 01 (2011-09-30)
21
PC
STC
SPU
PC
Crossover
cable
STC
HUB
PC
STC
Crossover
cable or
optical fiber
SPU
SPU
L2 Switch
NOTE
The SPU is a board installed on the S9300. Generally, the ETH port of the SPU is not used to connect to
the network; therefore, the service interface of the SPU is usually used for logging in to the SPU through
Telnet.
In this way, you can configure the user name and password of the Telnet user on the SPU. The
method for configuring a Telnet user on the SPU is the same as that for configuring a Telnet
user on the S9300. For details, see the Quidway S9300 Terabit Routing Switch Configuration
Guide - Basic Configuration.
If you do not configure the Telnet user on the SPU, the user name and password are absent for
the first login through Telnet.
Procedure
Step 1 Set the IP address of the Ethernet interface of the SPU.
You can log in to the SPU by using the following methods:
l Using the console port of the SPU
l Redirecting to the SPU from the S9300
After logging in to the SPU, do as follows:
l Assign an IP address to the ETH port.
1.
2.
Run the interface interface-type interface-number command to enter the interface view.
Here, Ethernet 0/0/0 is used.
3.
Run the ip address ip-address { mask | mask-length } command to set the IP address
of the interface.
22
The service interface of the SPU is the Eth-Trunk sub-interface whose member interfaces
are XGE interfaces or the XGE sub-interface. The configuration methods of the Eth-Trunk
interface and the XGE sub-interface are different. The details are as follows:
Assign an IP address to the XGE sub-interface.
1.
2.
3.
Assign an IP address to the Eth-Trunk sub-interface whose member interfaces are XGE
interfaces.
1.
2.
Run the interface eth-trunk trunk-id command to enter the Eth-Trunk interface
view.
3.
Run the trunkport xgigabitethernet { interface-number1 [ to interfacenumber2 ] } &<1-8> command to add two virtual interfaces of the SPU to the EthTrunk interface to complete link aggregation.
4.
5.
6.
2.
Press Enter to access the Telnet client. The Command Prompt window displays the
following messages:
Welcome to use Microsoft Telnet Client
Escape character is CTRL+]
Microsoft Telnet>
3.
Issue 01 (2011-09-30)
23
At the prompt Microsoft Telnet>, enter the following command to connect to the Telnet
server. The format is as follows:
open { ip-address | host-name } [ port ]
ip-address: specifies the IP address of a Telnet server.
host-name: specifies the host name of a Telnet server.
port: specifies the number of the interface for the Telnet service on a Telnet server. The
default value is 23.
Exampe:
# Connect to the SPU whose IP address is 1.1.1.1. The default port number is 23.
Welcome to use Microsoft Telnet Client
Escape character is '[CTRL+]'
Microsoft Telnet> open 1.1.1.1
Trying 1.1.1.1 ...
Press CTRL+K to abort
Connected to 1.1.1.1 ...
Info: The max number of VTY users is 20, and the number
of current VTY users on line is 1.
<Quidway>
----End
Issue 01 (2011-09-30)
24
This topic describes all the features supported by the SPU according to the feature description
in each volume (basic configuration, Ethernet, IP service, IP routing, QoS, security, reliability,
device management, network management, and VPN).
Basic Configuration
Feature
Remarks
File system
The feature of the SPU is the same as that of the S9300. For details, see
Management of Configuration Files in the Quidway S9300 Terabit
Routing Switch Configuration Guide - Basic Configuration.
NOTE
The configuration file needs to be backed up on both S9300 and SPU.
Login through
the Console
interface
The feature of the SPU is the same as that of the S9300. To log in to the
SPU through the console interface, see 3.1 Logging In to the SPU
Through the Console Interface.
Login through
Telnet
The feature of the SPU is the same as that of the S9300 in some aspects.
The difference is as follows: A user can configure the IP address of the
Ethernet interface on the SPU by logging in to the MPU of the S9300. To
log in to the SPU through Telnet, see 3.3 Logging In to the SPU Through
Telnet.
SSH login
The feature of the SPU is the same as that of the S9300. For details, see
Configuration of the SSH Server and Client in the Quidway S9300 Terabit
Routing Switch Configuration Guide - Basic Configuration.
Feature
Remarks
MAC
The feature of the SPU is the same as that of the S9300. For details, see
MAC Address Table Configuration in the Quidway S9300 Terabit
Routing Switch Configuration Guide - Ethernet.
Ethernet
Issue 01 (2011-09-30)
25
Feature
Remarks
ARP
The feature of the SPU is the same as that of the S9300. For details, see
ARP Configuration in the Quidway S9300 Terabit Routing Switch
Configuration Guide - Ethernet.
Link
aggregation
The feature of the SPU is the same as that of the S9300. The difference is
that each Eth-Trunk on the SPU contains a maximum of 2 member
interfaces and the upper limit of link aggregation bandwidth is 2. For
details, see Link Aggregation Configuration in the Quidway S9300
Terabit Routing Switch Configuration Guide - Ethernet.
Feature
Remarks
IP address
setting
Feature
Remarks
IPv4 unicast
static routes,
RIP, OSPF, ISIS, and BGP
The feature of the SPU is similar to that of the S9300. For details, see the
Quidway S9300 Terabit Routing Switch Configuration Guide - IP
Routing.
Routing policies
and policybased routing
The feature of the SPU is the same as that of the S9300. For details, see
the Quidway S9300 Terabit Routing Switch Configuration Guide - IP
Routing.
Route iteration
The feature of the SPU is the same as that of the S9300. For details, see
the Quidway S9300 Terabit Routing Switch Configuration Guide - IP
Routing.
Feature
Remarks
Names of the
traffic
classification,
traffic behavior,
and traffic
policy
The feature of the SPU is similar to that of the S9300. The difference is
that the SPU does not support URPF. For details, see the Quidway
S9300 Terabit Routing Switch Configuration Guide - QoS.
IP Services
IP Routing
QoS
Issue 01 (2011-09-30)
26
Feature
Remarks
Priority
mapping
The feature of the SPU is the same as that of the S9300. For details, see
the Quidway S9300 Terabit Routing Switch Configuration Guide QoS.
Feature
Remarks
ACL
The feature of the SPU is similar to that of the S9300. The difference is
that the SPU does not support named ACL or user-defined ACL. For
details, see the Quidway S9300 Terabit Routing Switch Configuration
Guide - Security.
URPF
The feature of the SPU is the same as that of the S9300. For details, see
the Quidway S9300 Terabit Routing Switch Configuration Guide Security.
Feature
Remarks
BFD
The feature of the SPU is similar to that of the S9300. The difference is
that the SPU does not support static BFD6 session with automatically
negotiated discriminators or multi-hop packet TTL. For details, see the
Quidway S9300 Terabit Routing Switch Configuration Guide Reliability.
VRRP
The feature of the SPU is the same as that of the S9300. For details, see
the Quidway S9300 Terabit Routing Switch Configuration Guide Reliability.
Security
Reliability
Device Management
Issue 01 (2011-09-30)
Feature
Remarks
Interface
mirroring
The feature of the SPU is the same as that of the S9300. For details, see
the Quidway S9300 Terabit Routing Switch Configuration Guide - Device
Management.
27
Network Management
Feature
Remarks
The feature of the SPU is the same as that of the S9300. For details, see
the Quidway S9300 Terabit Routing Switch Configuration Guide Network Management.
SNMP
No
The feature of the SPU is the same as that of the S9300. For details, see
the Quidway S9300 Terabit Routing Switch Configuration Guide Network Management.
VPN
Issue 01 (2011-09-30)
Feature
Remarks
GRE
The feature of the SPU is similar to that of the S9300. The difference is
that the tunnel destination address on the SPU cannot be a VPN instance
address. For details, see the Quidway S9300 Terabit Routing Switch
Configuration Guide - VPN.
28
5 Replacing an SPU
Replacing an SPU
Precautions
Before replacing an SPU, pay attention to the following points:
Before replacing an SPU, prepare an SPU with the same specifications of the SPU to be replaced.
Tools
l
ESD-preventive bag
Procedure
Step 1 Check the position of the SPU to be replaced.
Before removing the SPU that you need to replace, check the position of the cabinet, chassis,
and slot where the SPU is installed.
l An S9312 has 12 LPU slots, which are numbered from 1 to 12.
l An S9306 has 6 LPU slots, which are numbered from 1 to 6.
l An S9303 has 3 LPU slots, which are numbered from 1 to 3.
Find out the SPU to be replaced in the chassis and attach a label to identify the SPU.
Step 2 Check whether there is any bent pin in the connector of the new SPU.
Step 3 Remove the cable from the SPU.
Step 4 Remove the SPU to be replaced from the chassis.
1.
Wear ESD-preventive wrist straps and connect the grounding terminal to the ESD jack on
the chassis.
2.
Hold the left and right ejector levers of the board with your hands. Press the springs of the
ejector levers to loosen the ejector levers. Turn the ejector levers of the SPU outwards.
When the ejector levers and the panel form a 45-degree angle, the SPU is removed from
the backplane, as shown in (2) of Figure 5-1.
Issue 01 (2011-09-30)
29
5 Replacing an SPU
CAUTION
l During the operation, remove the SPU slowly and smoothly to prevent it from colliding
with other boards and causing failures of the running boards.
l When swapping an SPU, do not touch the parts on the SPU to prevent it from being
damaged.
3.
Hold the two ejector levers and pull out the SPU smoothly from the chassis along the guide
rail of the slot, as shown in (2) of Figure 5-1.
4.
CAUTION
l During the operation, install the SPU slowly and smoothly to prevent it from colliding
with other boards and causing failures of the running boards.
l When swapping an SPU, do not touch the parts on the SPU to prevent it from being
damaged.
2.
Hold the two ejector levers and insert the SPU smoothly into the chassis along the guide
rail of the slot, as shown in (1) of Figure 5-2. Push the SPU until the bayonets of the ejector
levers touch the edges of the chassis.
3.
Secure the bayonets of the ejector levers on the edges of the chassis, and then push the
ejector levers inwards until you hear a click, as shown in (2) of Figure 5-2.
Issue 01 (2011-09-30)
30
5 Replacing an SPU
Step 6 Connect the cables to the corresponding interfaces in the original sequence.
Step 7 Check the running status of the new SPU.
In normal situations, after the new SPU is installed into the chassis, the SPU automatically
communicates with the MPU. In this case, check the running status of the new SPU as follows:
l If the RUN/ALM indicator on the panel of the SPU is green and blinks at the frequency of
0.5 Hz, it indicates that the SPU is running normally.
l You can check the alarms. In normal situations, the system does not generate any alarm
related to the new SPU.
l Run the display device command on the client after logging in to the SPU to view the running
status of the new SPU. If the output is displayed as follows, it indicates that the SPUs in the
corresponding slots are running normally.
<Quidway> display device
S9300 SPU's Device status:
Slot Sub Type
Online
Power
Register
Alarm
Primary
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 13
VAMPA
Present
PowerOn
Registered
Normal
Master
Follow-up Procedure
After finishing the replacement, put all the tools away. If an SPU that is replaced is confirmed
to be faulty, maintainers should fill in the Faulty Card for Repair, and mail the card and the
faulty SPU together to Huawei local office for timely maintenance.
Issue 01 (2011-09-30)
31
Issue 01 (2011-09-30)
32
Example
Remarks
Processor
Two CPUs
DDR2 DRAM
Flash
64 MB
CF card
512 MB
Forwarding capability
10 Gbit/s
Service Feature
Technical Specification
Ethernet service
performance
128,000
3000 addresses/second
Number of ARPs
16,000
CAR
8 kbit/s
QoS performance
Issue 01 (2011-09-30)
33
Attribute
Service Feature
Technical Specification
ACL
ACLv4
Global: 32 thousand
VPN
VRF
1000
VPN route
230,000
Routing entries
230 thousand
IPv4 FIB
144 thousand
BFD
IP unicast
Reliability
service
Issue 01 (2011-09-30)
34