Professional Documents
Culture Documents
Huawei Cisco Xref Switch CLI PDF
Huawei Cisco Xref Switch CLI PDF
contrast with
CISCO
www.huawei.com
Objectives
Upon completion of this course, you will be able to:
Understand the characteristic of Huawei CLI
Copyright 2010 Huawei Technologies Co., Ltd. All rights reserved. Page1
Huawei Enterprise USA, Inc. proprietary. Provided for use by authorized partners or by NDA.
Agenda
1 Abstract
Copyright 2010 Huawei Technologies Co., Ltd. All rights reserved. Page2
Huawei Enterprise USA, Inc. proprietary. Provided for use by authorized partners or by NDA.
Abstract
The overall mechanism of Huawei and Cisco CLI are similar.
The styles of Huawei and Cisco CLI are identical.
Copyright 2010 Huawei Technologies Co., Ltd. All rights reserved. Page3
Huawei Enterprise USA, Inc. proprietary. Provided for use by authorized partners or by NDA.
Agenda
1 Abstract
Copyright 2010 Huawei Technologies Co., Ltd. All rights reserved. Page4
Huawei Enterprise USA, Inc. proprietary. Provided for use by authorized partners or by NDA.
Huawei:
User view, use < > as prompte.g. <Huawei>
System view, use [ ] as prompt, e.g. [Huawei]
Other configuration view, use [ ] as prompt, e.g. [Huawei-XX]
You can see that Huawei never have the single configuration mode like Cisco
the system view of Huawei is equivalent to privileged mode plus configuration
mode of Cisco.
Copyright 2010 Huawei Technologies Co., Ltd. All rights reserved. Page5
Huawei Enterprise USA, Inc. proprietary. Provided for use by authorized partners or by NDA.
Cisco>show running-configuration
Huawei>display current-configuration
Copyright 2010 Huawei Technologies Co., Ltd. All rights reserved. Page6
Huawei Enterprise USA, Inc. proprietary. Provided for use by authorized partners or by NDA.
The same to use Backspace key to Deletes a character before the cursor
Huawei supports to defining hotkeys, and you can use the command display
hotkey to show the hotkeys in use
Copyright 2010 Huawei Technologies Co., Ltd. All rights reserved. Page7
Huawei Enterprise USA, Inc. proprietary. Provided for use by authorized partners or by NDA.
Agenda
1 Abstract
Copyright 2010 Huawei Technologies Co., Ltd. All rights reserved. Page8
Huawei Enterprise USA, Inc. proprietary. Provided for use by authorized partners or by NDA.
Copyright 2010 Huawei Technologies Co., Ltd. All rights reserved. Page9
Huawei Enterprise USA, Inc. proprietary. Provided for use by authorized partners or by NDA.
Huawei command display this is a convenient command to show the configuration in the
current view
Copyright 2010 Huawei Technologies Co., Ltd. All rights reserved. Page10
Common command contrast
Huawei command Cisco command
Press Enter key into the user view Enter the privileged mode
Copyright 2010 Huawei Technologies Co., Ltd. All rights reserved. Page11
Huawei Enterprise USA, Inc. proprietary. Provided for use by authorized partners or by NDA.
Agenda
1 Abstract
2 Ethernet Configuration
3 Reliability
4 QoS
5 Security
6 Device Management
7 Network Management
Copyright 2010 Huawei Technologies Co., Ltd. All rights reserved. Page12
Huawei Enterprise USA, Inc. proprietary. Provided for use by authorized partners or by NDA.
Enter the AAA view Create a local user and set the password
Create a local user and set the password Specify the local users level
[Quidway-aaa] local-user Huawei password simple 123456 Cisco (config)# username Huawei privilege 3
Copyright 2010 Huawei Technologies Co., Ltd. All rights reserved. Page13
Login by console
When login through console port ,please use the following parameter
Parameter Value
Bit per second (Baud rate) 9600
Data bits 8
Stop bits 1
Copyright 2010 Huawei Technologies Co., Ltd. All rights reserved. Page14
Huawei Enterprise USA, Inc. proprietary. Provided for use by authorized partners or by NDA.
Login by Telnet
Huawei command Cisco command
[Quidway-ui-vty0-4] authentication-mode {none | password | aaa } Cisco (config-line)# no login | login { <cr> | local | tacacs }
If you use the authentication-mode as password, you If you use the authentication-mode as login, you need
need to set the password to set the password
[Quidway-ui-vty0-4] set authentication password { cipher | simple } Cisco (config-line)# password password
password
Copyright 2010 Huawei Technologies Co., Ltd. All rights reserved. Page15
Huawei Enterprise USA, Inc. proprietary. Provided for use by authorized partners or by NDA.
Login by SSH
IP Network
Configure the SSH user and the password of the user Configure the local user and the password of the user
Copyright 2010 Huawei Technologies Co., Ltd. All rights reserved. Page16
Huawei Enterprise USA, Inc. proprietary. Provided for use by authorized partners or by NDA.
Login by SSH
Generate a local key pair on the server Generate a local key pair on the server
Copyright 2010 Huawei Technologies Co., Ltd. All rights reserved. Page17
Huawei Enterprise USA, Inc. proprietary. Provided for use by authorized partners or by NDA.
Login the FTP Server, then enter the username Login the FTP Server and get the new system software
and the password on the FTP Server from the FTP Server
Copyright 2010 Huawei Technologies Co., Ltd. All rights reserved. Page18
Huawei Enterprise USA, Inc. proprietary. Provided for use by authorized partners or by NDA.
Login the TFTP Server and get the new system Login the TFTP Server and get the new system
software from the TFTP Server software from the TFTP Server
Configure the new system software as the next startup Configure the new system software as the next startup
Copyright 2010 Huawei Technologies Co., Ltd. All rights reserved. Page19
Huawei Enterprise USA, Inc. proprietary. Provided for use by authorized partners or by NDA.
NTP Function
172.16.1.1/16 NTP
Switch A Switch B
Pre-conditions:
The operating mode of NTP is client/server mode
Copyright 2010 Huawei Technologies Co., Ltd. All rights reserved. Page20
Huawei Enterprise USA, Inc. proprietary. Provided for use by authorized partners or by NDA.
NTP Function
Switch A (Server):
Configure Switch A as the NTP Server and Specify the Configure Switch A as the NTP Server and Specify the
stratum of the NTP master clock stratum of the NTP master clock
Switch B (Client):
Specify the IP address of the remote NTP server Specify the IP address of the remote NTP server
Copyright 2010 Huawei Technologies Co., Ltd. All rights reserved. Page21
Huawei Enterprise USA, Inc. proprietary. Provided for use by authorized partners or by NDA.
Agenda
1 Abstract
2 Ethernet Configuration
3 Reliability
4 QoS
5 Security
6 Device Management
7 Network Management
Copyright 2010 Huawei Technologies Co., Ltd. All rights reserved. Page22
Huawei Enterprise USA, Inc. proprietary. Provided for use by authorized partners or by NDA.
Auto-negotiation of the
Interfaces
Huawei command Cisco command
Configure the port as the auto negotiation mode, by Configure the port as the auto negotiation mode, by
default, an interface works in auto negotiation mode default, an interface works in auto negotiation mode
You can set the speed on an electrical interface work You can set the speed on an electrical interface work
in auto-negotiation mode in auto-negotiation mode
[Quidway-GigabitEthernet1/0/1] auto speed { 10 | 100 | 1000 }* Cisco(config-if)# speed auto { 10 | 100 | 1000 }*
You can set the duplex mode on an electrical interface You can set the duplex mode on an electrical interface
worked in auto negotiation mode worked in auto negotiation mode
Copyright 2010 Huawei Technologies Co., Ltd. All rights reserved. Page23
Huawei Enterprise USA, Inc. proprietary. Provided for use by authorized partners or by NDA.
Set the interface to work in non-automatic negotiation Set the interface to work in non-automatic negotiation
mode mode
You can set the speed on an electrical interface You can set the speed on an electrical interface
worked in non-automatic negotiation mode
Cisco(config-if)# speed { 10 | 100 | 1000 }
[Quidway-GigabitEthernet1/0/1] speed { 10 | 100 | 1000 }
Copyright 2010 Huawei Technologies Co., Ltd. All rights reserved. Page24
Huawei Enterprise USA, Inc. proprietary. Provided for use by authorized partners or by NDA.
Under the port view, set the maximum length of the Set the maximum length of the frames that can pass
frames that can pass through the interface through the interface
Copyright 2010 Huawei Technologies Co., Ltd. All rights reserved. Page25
Huawei Enterprise USA, Inc. proprietary. Provided for use by authorized partners or by NDA.
Enable the POE function on the interface, by default, Enable the POE function on the interface, by default,
the POE function is auto-enable on the interface the POE function is auto-enable on the interface
(Optional) Configure the maximum output power of the (Optional) Configure the maximum output power of the
interface interface
[Quidway-Ethernet0/0/1] poe max-power power_values Cisco(config-if)# power inline [auto | static] max power_values
[Quidway-Ethernet0/0/1] quit
(Optional) Configure the POE mode as manual
(Optional) Configure the POE mode as manual and
supply the power over the interface by manual Cisco(config-if)# power inline static
Copyright 2010 Huawei Technologies Co., Ltd. All rights reserved. Page26
Huawei Enterprise USA, Inc. proprietary. Provided for use by authorized partners or by NDA.
GE1/0/8
Switch A Switch B
Copyright 2010 Huawei Technologies Co., Ltd. All rights reserved. Page27
Huawei Enterprise USA, Inc. proprietary. Provided for use by authorized partners or by NDA.
Specify the channel group mode as LACP Assign the port to the channel group, and specify the
port as LACP mode
[Quidway-Eth-Trunk1] mode lacp-static
[Quidway-Eth-Trunk1] bpdu enable Cisco(config)# interface GigabitEthernet1/0/1
[Quidway-Eth-Trunk1] quit Cisco(config-if)# channel-group 1 mode active
Cisco(config-if)# channel-protocol lacp
Assign the port to the channel group
Specify the LACP port priority
[Quidway] interface GigabitEthernet1/0/1
[Quidway-GigabitEthernet1/0/1] eth-trunk 1
Cisco(config-if)# lacp port-priority priority-value
Cisco(config-if)# exit
Specify the LACP port priority
Copyright 2010 Huawei Technologies Co., Ltd. All rights reserved. Page28
VLAN Configuration Based on
Port
Huawei command Cisco command
Vlan can be Created singly or batch: Vlan can be Created singly or batch:
Configure the VLAN on the access port Configure the VLAN on the access port
OR
Configure the VLAN on the trunk Port
[Quidway] interface GigabitEthernet1/0/1
[Quidway-GigabitEthernet1/0/1] port link-type access Cisco(config)# interface GigabitEthernet1/0/1
[Quidway-GigabitEthernet1/0/1] port default vlan 2 Cisco(config-if)# switchport trunk encapsulation dot1q
Cisco(config-if)# switchport mode trunk
Cisco(config-if)# switchport trunk allowed vlan 2-10
Configure the VLAN on the trunk Port
Copyright 2010 Huawei Technologies Co., Ltd. All rights reserved. Page29
Huawei Enterprise USA, Inc. proprietary. Provided for use by authorized partners or by NDA.
VLANID=8 (COS =0) Voice data VLANID=8 (COS =6) Voice data
WAN
VLAN-ID =8 LLDP data
Switch AR
Copyright 2010 Huawei Technologies Co., Ltd. All rights reserved. Page30
Huawei Enterprise USA, Inc. proprietary. Provided for use by authorized partners or by NDA.
Create a VLAN as voice VLAN on the system view Create a VLAN as voice-vlan on the configuration mode
Set the OUI of the voice VLAN Enable QoS for the entire switch
Copyright 2010 Huawei Technologies Co., Ltd. All rights reserved. Page31
Huawei Enterprise USA, Inc. proprietary. Provided for use by authorized partners or by NDA.
Globally enable LLDP on the system view Globally enable LLDP on the configuration mode
Enable BPDU on the interface connected IP phone Enable LLD-MED on the interface connected IP phone
Copyright 2010 Huawei Technologies Co., Ltd. All rights reserved. Page32
Huawei Enterprise USA, Inc. proprietary. Provided for use by authorized partners or by NDA.
GE1/0/1 GE1/0/2
GE1/0/2 GE1/0/1
Switch C
All switches:
Configure the spanning tree mode as STP and enable Configure the spanning tree mode as PVST on the
stp on the system view configuration mode
Copyright 2010 Huawei Technologies Co., Ltd. All rights reserved. Page33
Huawei Enterprise USA, Inc. proprietary. Provided for use by authorized partners or by NDA.
Enable BPDU on the interfaces on the ring Configure the spanning-tree link-type as point-to-point
on the interfaces on the ring
[Quidway] interface GigabitEthernet1/0/1
[Quidway-GigabitEthernet1/0/1] bpdu enable Cisco(config)# interface GigabitEthernet1/0/1
[Quidway-GigabitEthernet1/0/1] quit Cisco(config-if)# spanning-tree link-type point-to-point
[Quidway] interface GigabitEthernet1/0/2 Cisco(config-if)# exit
[Quidway-GigabitEthernet1/0/2] bpdu enable Cisco(config)# interface GigabitEthernet1/0/2
Cisco(config-if)# spanning-tree link-type point-to-point
Switch A (root):
Configure Switch A as the root of the ring Configure Switch A as the root of the ring
[Quidway] stp root primary Cisco(config)# spanning-tree vlan vlan-id root primary
OR OR
[Quidway] stp priority 0 Cisco(config)# spanning-tree vlan vlan-id priority 0
Copyright 2010 Huawei Technologies Co., Ltd. All rights reserved. Page34
Huawei Enterprise USA, Inc. proprietary. Provided for use by authorized partners or by NDA.
Switch C
All switches:
Configure the spanning tree mode as RSTP and Configure the spanning tree mode as Rapid-PVST on
enable stp on the system view the configuration mode
Copyright 2010 Huawei Technologies Co., Ltd. All rights reserved. Page35
Huawei Enterprise USA, Inc. proprietary. Provided for use by authorized partners or by NDA.
Enable BPDU on the interfaces on the ring Configure the spanning-tree link-type as point-to-point
on the interfaces on the ring
[Quidway] interface GigabitEthernet1/0/1
[Quidway-GigabitEthernet1/0/1] bpdu enable Cisco(config)# interface GigabitEthernet1/0/1
[Quidway-GigabitEthernet1/0/1] quit Cisco(config-if)# spanning-tree link-type point-to-point
[Quidway] interface GigabitEthernet1/0/2 Cisco(config-if)# exit
[Quidway-GigabitEthernet1/0/2] bpdu enable Cisco(config)# interface GigabitEthernet1/0/2
Cisco(config-if)# spanning-tree link-type point-to-point
Switch A (root):
Configure Switch A as the root of the ring Configure Switch A as the root of the ring
[Quidway_A] stp root primary Cisco_A(config)# spanning-tree vlan vlan-id root primary
OR OR
Copyright 2010 Huawei Technologies Co., Ltd. All rights reserved. Page36
Huawei Enterprise USA, Inc. proprietary. Provided for use by authorized partners or by NDA.
GE1/0/2 GE1/0/1
Switch C
Copyright 2010 Huawei Technologies Co., Ltd. All rights reserved. Page37
Huawei Enterprise USA, Inc. proprietary. Provided for use by authorized partners or by NDA.
Configure the spanning tree mode as MSTP and Configure the spanning tree mode as MSTP on the
enable STP on the system view configuration mode
<Quidway> system-view Cisco# configure terminal
[Quidway] stp mode mstp Cisco(config)# spanning-tree mode mst
[Quidway] stp enable
Configure the MST region
Configure the MST region
Cisco(config)#spanning-tree mst configuration
[Quidway] stp region-configuration
Cisco(config-mst)#name Huawei
[Quidway--mst-region] region-name Huawei
Cisco(config-mst)#instance 1 vlan 1-10
[Quidway--mst-region] instance 1 vlan 1 to 10
Cisco(config-mst)#instance 2 vlan 11-20
[Quidway--mst-region] instance 2 vlan 11 to 20
[Quidway--mst-region] active region-configuration
Copyright 2010 Huawei Technologies Co., Ltd. All rights reserved. Page38
Huawei Enterprise USA, Inc. proprietary. Provided for use by authorized partners or by NDA.
Configure Switch A as the root of the instance 1 Configure Switch A as the root of the instance 1
[Quidway_A] stp instance 1 root primary Cisco_A(config)# spanning-tree mst 1 root primary
OR OR
Configure Switch C as the root of the instance 2 Configure Switch C as the root of the instance 2
[Quidway_C] stp instance 2 root primary Cisco_C(config)# spanning-tree mst 2 root primary
OR OR
Copyright 2010 Huawei Technologies Co., Ltd. All rights reserved. Page39
Huawei Enterprise USA, Inc. proprietary. Provided for use by authorized partners or by NDA.
BPDU Guard
Huawei command Cisco command
Globally enable STP and BPDU guard Globally enable BPDU guard
Configure the interface as the edge interface and Enable the Port Fast feature
enable BPDU on the interface
Cisco(config)# interface GigabitEthernet1/0/1
[Quidway] interface GigabitEthernet1/0/1 Cisco(config-if)# spanning-tree portfast
[Quidway-GigabitEthernet1/0/1] stp edged-port enable
[Quidway-GigabitEthernet1/0/1] bpdu enable
OR
Copyright 2010 Huawei Technologies Co., Ltd. All rights reserved. Page40
Huawei Enterprise USA, Inc. proprietary. Provided for use by authorized partners or by NDA.
Agenda
1 Abstract
2 Ethernet Configuration
3 Reliability
4 QoS
5 Security
6 Device Management
7 Network Management
Copyright 2010 Huawei Technologies Co., Ltd. All rights reserved. Page41
Huawei Enterprise USA, Inc. proprietary. Provided for use by authorized partners or by NDA.
DLDP/UDLD function
Huawei command Cisco command
Enable DLDP on the system view Enable UDLD on the configuration mode
Copyright 2010 Huawei Technologies Co., Ltd. All rights reserved. Page42
Huawei Enterprise USA, Inc. proprietary. Provided for use by authorized partners or by NDA.
VLANIF 20 VLANIF 30
192.168.1.1/2 192.168.2.1/2
4 4
Area 1 Area 2
VLANIF 20 VLANIF 30
192.168.1.2/2 192.168.2.2/2
4 4
Switch C Switch D
Pre-conditions:
Copyright 2010 Huawei Technologies Co., Ltd. All rights reserved. Page43
Huawei Enterprise USA, Inc. proprietary. Provided for use by authorized partners or by NDA.
On the all Switches, configure IP addresses on the On the all Switches, configure IP addresses on the
virtual layer 3 interfaces (e.g. with Switch A) virtual layer 3 interfaces (e.g. with Switch A)
Configure OSPF (e.g. with Switch A) Configure OSPF (e.g. with Switch A)
Copyright 2010 Huawei Technologies Co., Ltd. All rights reserved. Page44
Huawei Enterprise USA, Inc. proprietary. Provided for use by authorized partners or by NDA.
Maste Standby
r
VLANIF 10 VLANIF 10
209.0.0.2/24 VRRP 209.0.0.3/2
4
Copyright 2010 Huawei Technologies Co., Ltd. All rights reserved. Page45
Huawei Enterprise USA, Inc. proprietary. Provided for use by authorized partners or by NDA.
Configure a virtual layer 3 interface and assign a IP Configure a virtual layer 3 interface and assign a IP
address to the virtual layer 3 interface address to the virtual layer 3 interface
Create a VRPP group and assign a virtual IP address Create a VRPP group and assign a virtual IP address
to the VRRP group to the VRRP group
Assign the VRRP group priority, and assign the Assign the VRRP group priority, and assign the
priority of the master of VRRP backup group is higher priority of the master of VRRP backup group is higher
than the standby one than the standby one
Copyright 2010 Huawei Technologies Co., Ltd. All rights reserved. Page46
Huawei Enterprise USA, Inc. proprietary. Provided for use by authorized partners or by NDA.
Configure a virtual layer 3 interface and assign another Configure a virtual layer 3 interface and assign another
IP address to virtual layer 3 interface IP address to the virtual layer 3 interface
Create the same VRPP group and assign the same Create the same VRPP group and assign the same
virtual IP address to the VRRP group which configured virtual IP address to the VRRP group which configured
on the Switch A on the Switch A
Assign the VRRP group priority, and assign the Assign the VRRP group priority, and assign the
priority of the standby of VRRP backup group is lower priority of the standby of VRRP backup group is lower
than the master one than the master one
Copyright 2010 Huawei Technologies Co., Ltd. All rights reserved. Page47
Huawei Enterprise USA, Inc. proprietary. Provided for use by authorized partners or by NDA.
VLANIF 10 VLANIF 20
10.0.0.1/2 20.0.0.1/24
4
VLANIF 10 VLANIF 20
10.0.0.2/24 20.0.0.2/24
PIM-SM
VLANIF 30 VLANIF 30
Switch B 30.0.0.1/24 30.0.0.2/24 Switch C
VLANIF 40 VLANIF 40
40.0.0.1/24 40.0.0.2/24
IGMP
Switch D Switch E
Pre-conditions:
Copyright 2010 Huawei Technologies Co., Ltd. All rights reserved. Page48
Huawei Enterprise USA, Inc. proprietary. Provided for use by authorized partners or by NDA.
Multicast-PIM SM
Switch A to C:
Globally enable multicast routing function (e.g. with Globally enable multicast routing function (e.g. with
Switch B) Switch B)
Cisco_B# configure terminal
<Quidway_B> system-view
Cisco_B(config)# ip multicast-routing
[Quidway_B] multicast routing-enable
Enable the PIM-SM function on the virtual layer 3 Enable the PIM-SM function on the virtual layer 3
interface (e.g. with Switch B) interface (e.g. with Switch B)
Copyright 2010 Huawei Technologies Co., Ltd. All rights reserved. Page49
Huawei Enterprise USA, Inc. proprietary. Provided for use by authorized partners or by NDA.
Multicast-PIM SM
Switch A (RP):
Switch B to C:
Enable IGMP on the on the virtual layer 3 interface
connected to the layer 2 multicast device (e.g. with
Switch B)
Copyright 2010 Huawei Technologies Co., Ltd. All rights reserved. Page50
Huawei Enterprise USA, Inc. proprietary. Provided for use by authorized partners or by NDA.
Multicast-IGMP Snooping
Switch D to E:
Globally enable IGMP snooping function Globally enable IGMP snooping function
Enable IGMP snooping on the VLAN Enable IGMP snooping on the VLAN
Copyright 2010 Huawei Technologies Co., Ltd. All rights reserved. Page51
Huawei Enterprise USA, Inc. proprietary. Provided for use by authorized partners or by NDA.
Agenda
1 Abstract
2 Ethernet Configuration
3 Reliability
4 QoS
5 Security
6 Device Management
7 Network Management
Copyright 2010 Huawei Technologies Co., Ltd. All rights reserved. Page52
QoS marking and remarking
IP Network
Switch
Marking source IP value 10.0.0.1
to be remarked DSCP 60 on the
inbound direction of the interface
Copyright 2010 Huawei Technologies Co., Ltd. All rights reserved. Page53
Huawei Enterprise USA, Inc. proprietary. Provided for use by authorized partners or by NDA.
Configure an access list (e.g. IP standard access list) Configure an access list (e.g. IP standard access list)
Copyright 2010 Huawei Technologies Co., Ltd. All rights reserved. Page54
Huawei Enterprise USA, Inc. proprietary. Provided for use by authorized partners or by NDA.
Copyright 2010 Huawei Technologies Co., Ltd. All rights reserved. Page55
PQ+DRR Scheduling
10M Internet
10M (COS=5)
Switch
250M(COS=3)
70M Soft Switch
IP Network
200M(COS=0)
20M
IPTV
Copyright 2010 Huawei Technologies Co., Ltd. All rights reserved. Page56
Huawei Enterprise USA, Inc. proprietary. Provided for use by authorized partners or by NDA.
PQ+DRR Scheduling
Huawei command Cisco command
Configure the Up-link and Down-link interfaces to trust Configure the Up-link and Down-link interfaces to trust
COS of the packets COS of the packets
Copyright 2010 Huawei Technologies Co., Ltd. All rights reserved. Page57
Huawei Enterprise USA, Inc. proprietary. Provided for use by authorized partners or by NDA.
PQ+DRR Scheduling
Configure the queue 3 of the fast Ethernet interface as Configure a traffic classifier to match COS value 3
DRR scheduling, and set the weights of queue 3 to 70
Cisco(config)# class-map match-any cisco-queue-3
[Quidway-Ethernet1/0/1]qos queue 3 drr weight 70 Cisco(config-cmap)# match cos 3
Cisco(config-cmap)# exit
Configure the queue 0 of the Ethernet interface as Configure a traffic classifier to match COS value 0
DRR scheduling, and set the weights of queue 0 to 20
Cisco(config)# class-map match-any cisco-queue-0
[Quidway-Ethernet1/0/1]qos queue 0 drr weight 20 Cisco(config-cmap)# match cos 0
Cisco(config-cmap)# exit
Copyright 2010 Huawei Technologies Co., Ltd. All rights reserved. Page58
Huawei Enterprise USA, Inc. proprietary. Provided for use by authorized partners or by NDA.
PQ+DRR Scheduling
Cisco command
Copyright 2010 Huawei Technologies Co., Ltd. All rights reserved. Page59
Huawei Enterprise USA, Inc. proprietary. Provided for use by authorized partners or by NDA.
Agenda
1 Abstract
2 Ethernet Configuration
3 Reliability
4 QoS
5 Security
6 Device Management
7 Network Management
Copyright 2010 Huawei Technologies Co., Ltd. All rights reserved. Page60
Huawei Enterprise USA, Inc. proprietary. Provided for use by authorized partners or by NDA.
Perform storm control on the interface Perform storm control on the interface
Specify the action when a storm is detected Specify the action when a storm is detected
If you want to generate an SNMP trap when a storm is If you want to generate an SNMP trap when a storm is
detected detected
Copyright 2010 Huawei Technologies Co., Ltd. All rights reserved. Page61
802.1x authentication
Huawei Enterprise USA, Inc. proprietary. Provided for use by authorized partners or by NDA.
function
Invalid Username
Invalid Password
802.1x
Intranet
Stop Radius
Server
Valid Username
Valid Password
Permit
Pre-conditions:
IP routing between Switch and Radius Server is normal
Copyright 2010 Huawei Technologies Co., Ltd. All rights reserved. Page62
802.1x authentication
Huawei Enterprise USA, Inc. proprietary. Provided for use by authorized partners or by NDA.
function
Huawei command Cisco command
Globally enable 802.1x authentication function Globally enable 802.1x authentication function
Specify the port connected to the client that is to be Specify the port connected to the client that is to be
enabled for 802.1x authentication enabled for 802.1x authentication
Configure 802.1x authentication method as radius Configure 802.1x authentication method as radius
(commonly the domain default used to authenticate (commonly the domain default used to authenticate
the access user) the access user)
Copyright 2010 Huawei Technologies Co., Ltd. All rights reserved. Page63
Huawei Enterprise USA, Inc. proprietary. Provided for use by authorized partners or by NDA.
Copyright 2010 Huawei Technologies Co., Ltd. All rights reserved. Page64
Huawei Enterprise USA, Inc. proprietary. Provided for use by authorized partners or by NDA.
Copyright 2010 Huawei Technologies Co., Ltd. All rights reserved. Page65
Huawei Enterprise USA, Inc. proprietary. Provided for use by authorized partners or by NDA.
Agenda
1 Abstract
2 Ethernet Configuration
3 Reliability
4 QoS
5 Security
6 Device Management
7 Network Management
Copyright 2010 Huawei Technologies Co., Ltd. All rights reserved. Page66
Huawei Enterprise USA, Inc. proprietary. Provided for use by authorized partners or by NDA.
Specify the observe-port on which you can observe Specify the observe-port on which you can observe
the packets from the mirrored interface the packets from the mirrored interface
Copyright 2010 Huawei Technologies Co., Ltd. All rights reserved. Page67
Remote port-mirroring
Huawei Enterprise USA, Inc. proprietary. Provided for use by authorized partners or by NDA.
function
Source Intermediate Destination
switch switch switch
RSPAN
VLAN
GE1/0/2 GE1/0/1 GE1/0/2 GE1/0/1
RSPAN
GE1/0/1 GE1/0/2
VLAN
RSPAN RSPAN
source port destination port
Source switch:
Create RSPAN VLAN on the system view Configure RSPAN VLAN on the configuration mode
Copyright 2010 Huawei Technologies Co., Ltd. All rights reserved. Page68
Remote port-mirroring
Huawei Enterprise USA, Inc. proprietary. Provided for use by authorized partners or by NDA.
function
Source switch:
Configure the RSPAN VLAN on the Up-link Port Configure the RSPAN VLAN on the Up-link Port
Copyright 2010 Huawei Technologies Co., Ltd. All rights reserved. Page69
Remote port-mirroring
Huawei Enterprise USA, Inc. proprietary. Provided for use by authorized partners or by NDA.
function
Intermediate switch:
Create RSPAN VLAN on the system view Configure RSPAN VLAN on the configuration view
Copyright 2010 Huawei Technologies Co., Ltd. All rights reserved. Page70
Remote port-mirroring
Huawei Enterprise USA, Inc. proprietary. Provided for use by authorized partners or by NDA.
function
Destination switch :
Create RSPAN VLAN on the system view Configure RSPAN VLAN on the configuration mode
Cisco# configure terminal
<Quidway> system-view Cisco(config)# vlan 900
[Quidway] vlan 900 Cisco(config-vlan)# remote span
Cisco(config-vlan)# exit
Add the port connected with the Intermediate switch to
the RSPAN VLAN in trunk mode, and add the RSPAN Add the port connected with the Intermediate switch to
destination port to the RSPAN VLAN in access mode the RSPAN VLAN in trunk mode
Cisco(config)# interface GigabitEthernet1/0/1
[Quidway] interface GigabitEthernet1/0/1 Cisco(config-if)# switchport trunk encapsulation dot1q
[Quidway-GigabitEthernet1/0/1] port link-type trunk Cisco(config-if)# switchport mode trunk
[Quidway-GigabitEthernet1/0/1] port trunk allow vlan 900 Cisco(config-if)# switchport trunk allowed vlan 900
[Quidway-GigabitEthernet1/0/1] quit Cisco(config-if)# exit
[Quidway] interface GigabitEthernet1/0/2
[Quidway-GigabitEthernet1/0/2] port link-type access Specify the RSPAN session and the RSPAN
[Quidway-GigabitEthernet1/0/2] port default vlan 900
destination port
Cisco(config)# monitor session 1 destination interface
GigabitEthernet1/0/2
Copyright 2010 Huawei Technologies Co., Ltd. All rights reserved. Page71
Huawei Enterprise USA, Inc. proprietary. Provided for use by authorized partners or by NDA.
Agenda
1 Abstract
2 Ethernet Configuration
3 Reliability
4 QoS
5 Security
6 Device Management
7 Network Management
Copyright 2010 Huawei Technologies Co., Ltd. All rights reserved. Page72
Huawei Enterprise USA, Inc. proprietary. Provided for use by authorized partners or by NDA.
Radius function
Huawei command Cisco command
Configure a Radius template, set the Authentication Set the Authentication key
key and Identify the radius Server
Cisco(config)# radius-server host 200.0.0.1 key 123456
[Quidway] radius-server template Huawei
[Quidway-radius-Huawei] radius-server shared-key 123456 Enter AAA-configuration mode
[Quidway-radius-Huawei] radius-server authentication 200.0.0.1
[Quidway-radius-Huawei] radius-server accounting 200.0.0.1 Cisco(config)# aaa new-model
Copyright 2010 Huawei Technologies Co., Ltd. All rights reserved. Page73
Huawei Enterprise USA, Inc. proprietary. Provided for use by authorized partners or by NDA.
Radius function
Configure authentication and accounting schemes, Identify the authentication, authorization and
then Identify authentication and accounting mode as accounting mode as radius to the radius Server group
radius to the schemes
Cisco(config)# aaa authentication login default group Huawei
[Quidway-aaa] authentication-scheme Huawei Cisco(config)# aaa authorization network default group Huawei
[Quidway-aaa-authen-Huawei] authentication-mode radius Cisco(config)# aaa authorization exec default group Huawei
[Quidway-aaa-authen-Huawei] quit Cisco(config)# aaa accounting exec default start-stop group
[Quidway-aaa] accounting-scheme Huawei Huawei
[Quidway-aaa-accounting-Huawei] accounting-mode radius Cisco(config)# aaa accounting network default start-stop group
[Quidway-aaa-accounting-Huawei] quit Huawei
Configure a domain, Identify the authentication and Configure authentication-mode of the VTY as AAA
accounting mode of the domain as radius, and specify
Cisco(config)# line vty 0 4
the server template
Cisco(config-line)# login authentication default
Copyright 2010 Huawei Technologies Co., Ltd. All rights reserved. Page74
Huawei Enterprise USA, Inc. proprietary. Provided for use by authorized partners or by NDA.
HWTACACS function
Huawei command Cisco command
Configure a TACACS template, set the authentication Identify the TACACS Server and set the authentication
key and Identify the HWTACACS Server key
[Quidway] hwtacacs-server template Huawei Cisco(config)# tacacs-server host 10.0.0.1 key 123456
[Quidway-hwtacacs-Huawei] hwtacacs-server shared-key 123456
[Quidway-hwtacacs-Huawei] hwtacacs-server authentication
10.0.0.1 Enter AAA-configuration mode
[Quidway-hwtacacs-Huawei] hwtacacs-server authorization
10.0.0.1 Cisco(config)# aaa new-model
[Quidway-hwtacacs-Huawei] hwtacacs-server accounting
10.0.0.1 configure the TACACS Server group
Copyright 2010 Huawei Technologies Co., Ltd. All rights reserved. Page75
Huawei Enterprise USA, Inc. proprietary. Provided for use by authorized partners or by NDA.
HWTACACS function
Configure authentication, authorization and accounting Configure the authentication, authorization and
schemes, then Identify authentication, authorization accounting mode as TACACS to the TACACS Server
and accounting mode as HWTACAS to the schemes
Cisco(config)# aaa authentication login default group Huawei
[Quidway-aaa] authentication-scheme Huawei Cisco(config)# aaa authorization network default group Huawei
[Quidway-aaa-authen-Huawei] authentication-mode hwtacacs Cisco(config)# aaa authorization exec default group Huawei
[Quidway-aaa-authen-Huawei] quit Cisco(config)# aaa accounting exec default start-stop group
[Quidway-aaa] authorization-scheme Huawei Huawei
[Quidway-aaa-author-Huawei] authorization-mode hwtacacs Cisco(config)# aaa accounting network default start-stop group
[Quidway-aaa-author-Huawei] quit Huawei
[Quidway-aaa] accounting-scheme Huawei
[Quidway-aaa-accounting-Huawei] accounting-mode hwtacacs Configure authentication-mode of the VTY as AAA
[Quidway-aaa-accounting-Huawei] quit
Cisco(config)# line vty 0 4
Configure a domain, Identify the authentication, Cisco(config-line)# login authentication default
authorization and accounting mode of the domain as
HWTACACS, and specify the server template
Copyright 2010 Huawei Technologies Co., Ltd. All rights reserved. Page76
Huawei Enterprise USA, Inc. proprietary. Provided for use by authorized partners or by NDA.
Web management
Intranet
Web
Server
Pre-conditions:
IP routing between Switch and Web management Server is normal
Copyright 2010 Huawei Technologies Co., Ltd. All rights reserved. Page77
Huawei Enterprise USA, Inc. proprietary. Provided for use by authorized partners or by NDA.
Web management
Huawei command Cisco command
Globally enable HTTP Server function Globally enable HTTP Server function
Configure the HTTP user and the password of the user Configure the local user and the password of the user
Copyright 2010 Huawei Technologies Co., Ltd. All rights reserved. Page78
Huawei Enterprise USA, Inc. proprietary. Provided for use by authorized partners or by NDA.
Copyright 2010 Huawei Technologies Co., Ltd. All rights reserved. Page79
Huawei Enterprise USA, Inc. proprietary. Provided for use by authorized partners or by NDA.
SNMP v3 function
Huawei command Cisco command
Enable SNMP agent function on the system view Enter the configuration mode
Configuring an SNMPv3 User Group Cisco(config)# snmp-server group Huawei v3 {auth | noauth }
[Quidway] snmp-agent group v3 Huawei [authentication] Add an user into the SNMPv3 user group and need to
authenticate (e.g. with MD5)
Add an user into the SNMPv3 user group and need to
authenticate (e.g. with MD5) Cisco(config)# snmp-server user 8031 Huawei V3 auth md5
123456
[Quidway] snmp-agent usm-user v3 8031 Huawei authentication-
mode md5 123456
Copyright 2010 Huawei Technologies Co., Ltd. All rights reserved. Page80
Huawei Enterprise USA, Inc. proprietary. Provided for use by authorized partners or by NDA.
SNMP Trap
Specify hosts to receive SNMP notifications Specify hosts to receive SNMP notifications
[Quidway] snmp-agent target-host trap address udp-domain Cisco(config)# snmp-server host 192.180.1.27 version 2c public
192.180.1.27 params securityname public v2c
Enable the switch to send traps or specify the type of
Enable the switch to send traps or specify the type of notifications to be sent
notifications to be sent
Cisco(config)# snmp-server enable traps [ trap-type ]
[Quidway] snmp-agent trap enable [ trap-type ]
Copyright 2010 Huawei Technologies Co., Ltd. All rights reserved. Page81
Thank you
www.huawei.com