NEW Switch Configuration Procedure (First Time)

Connect a PC to the device and the device enters the initial configuration mode.

Directly connect the PC to the ETH management interface to log in to the device for the first time.

The default IP address of the ETH management interface on a device is 192.168.1.253/24. Directly
connect the PC to the ETH management interface on the device using network cables.

Hold down the MODE button to log in to the device for the first time.

If all interfaces on the device are optical interfaces, you need to connect the PC to the management
interface using network cables. Press and hold down the MODE button for 6 seconds or longer. When all
indicators on the device are steady green, the device enters the initial configuration mode, and the
default IP address configured for the ETH management interface of the device is 192.168.1.253/24.

If the device has Ethernet interfaces, connect the PC to the first Ethernet interface using network cables.
Press and hold down the MODE button for 6 seconds or longer. When all indicators on the device are
steady green, the device enters the initial configuration mode, and the default IP address configured for
Vlanif1 of the device is 192.168.1.253/24.

Users can log in to a device for the first time using the web system only when the device is in factory
default state. In this case, do not log in to the device through the console interface, because any
operation on the console interface leads to the failure of the first login using the web system.

If the device has been configured when users press and hold down the MODE button for 6 seconds or
longer, all indicators blink green fast. In this case, the device is restored to the normal state after 10
seconds, without impact on existing configuration.

If the device in the factory settings has just started or has been configured through the console interface
when users press and hold down the MODE button for 6 seconds, the device may fail to enter the initial
configuration state. When all indicators blink fast for 10s, the device restores to the factory default
state.

The device automatically exits the initial configuration state and restores the factory settings if users
have not saved the settings after 10 minutes.

If you have logged in to the device for the first time by holding down the MODE button for 6 seconds or
longer and saved the configuration, default configurations of the ETH management interface are cleared
and you cannot log in to the device for the first time through the ETH management interface. You are
advised to preferentially log in to the device for the first time through the ETH management interface.

The S5720I-10X-PWH-SI-AC and S5720I-6X-PWH-SI-AC have only one PoE mode indicator, through which
the initial configuration status of the device can be determined.
Configure an IP address for the PC.

To ensure that the PC and device have reachable routes to each other, configure an IP address on the
same network segment with the device IP address for the PC.

Log in to the device through the web system.

Open the web browser on the PC, enter https://192.168.1.253 in the address bar, press Enter, and then
the web system login page is displayed, as shown in Figure 1. Enter admin and admin@huawei.com for
the default user name and default password, and select the language of the web system. Click GO or
directly press Enter. The web system configuration page is displayed.

Figure 1 First login page in the web system

The login to the device through the Web system requires that the browser on the PC must be Microsoft
Edge, Internet Explorer 10.0, Internet Explorer 11.0, Firefox61.0 to Firefox66.0, and Google Chrome 64.0
to 73.0. If the browser version or browser patch version is not within the preceding ranges, the web
page may not be properly displayed. Upgrade the browser and browser patch.

Configure the device.

As shown in Figure 2, the Web system configuration page allows users to perform the basic and optional
configurations. Table 2 describes parameters for the basic configuration. After the basic configuration is
complete, users can log in to the device through the Web system. Table 3 describes parameters for the
optional configuration. After the optional configuration is complete, users can log in to the device
through Telnet or STelnet.
A login user can create users for logging in to the device through Telnet or STelnet. The parameter
Create User is valid only when Telnet Server or Stelnet Server is On.

Figure 2 Web system configuration page

Table 2 Basic configuration

Item Description

Management IP Address Indicates the management IP address of the device. The value is
in dotted decimal notation.

Mask Indicates the mask of the IP address. Select a subnet mask from
the drop-down list box.

WEB User Level Indicates the Web user level. Select a user level from the drop-
Table 2 Basic configuration

Item Description

down list box. This parameter is optional.

Only level 3 users and higher are administrators with

management rights. Level 2 users and below are monitoring
users. Administrator users have all operation rights of a web
page, and monitoring users can only perform ping and tracert
operations.

Table 3 Optional configuration

Item Description

Device Name Specifies the device name.

The device name cannot contain question marks (?) and cannot
start with spaces.

Telnet Server Sets the Telnet function: Enable or disable the Telnet function.

Stelnet Server Sets the STelnet function: Enable or disable the STelnet function.

User Name Specifies the Telnet or STelnet login user name.

The user name cannot contain / : * ? " < > | ' or %, and cannot
start with @.

Password Specifies the password.

A secure password should contain at least two types of the

following: lowercase letters, uppercase letters, numerals, special
characters (such as ! $ # %). In addition, the password cannot
contain spaces or single quotation marks (').

Confirm Password Confirms the password.

The format is the same as that of Password.

User Level Indicates the Telnet or STelnet user level. Select a user level from
the drop-down list box.
 Table 2 Basic configuration

Item Description

Only level 3 users and higher are administrators with

management rights. Level 2 users and below are monitoring
users. Administrator users have all operation rights of a web
page, and monitoring users can only perform ping and tracert
operations.

1. Save configuration.

Click Apply. The configuration is saved. When logging out of the Web system for the first time, the
following situations may occur based on the configured management IP address:

 When the management IP address is on the same network segment as

192.168.1.253/24, the Web system login page is displayed.

 When the management IP address is not on the same network segment as

192.168.1.253/24, users cannot log in to device through the Web system. In this case,
configure an IP address on the same network segment as the management IP address
for the PC so that the PC and device have reachable routes to each other.

Users can log in to the device through the Web system, Telnet, or STelnet for device maintenance.
Log in to the device through the web system.
After basic functions of web system login are configured, open the web browser on the PC,
enter https://IP address in the address bar, and press Enter. The web system login page then is
displayed. As shown in Figure 1, enter the configured web user name and password and select the
language of the web system.

Figure 1 Web system login page

Enable/Disable Interface

Context
You can disable an idle interface that is not connected to a cable or an optical fiber on the
GUI to prevent the idle interface from interfering other interfaces in working state.
Figure 1 shows interface status and optical/electrical interfaces.

Figure 1 Interface status and optical/electrical interfaces

If the switch does not support the MEth port, click Configuration > Basic
Services > Interface Settings to access the configuration page.

Procedure
1. Choose Configuration > Basic Services > Interface Settings > Service Interface
Setting. Click Enable/Disable Interface, as shown in Figure 2.
 Figure 2 Enable/Disable Interface

2. Select the interface that you want to configure. Perform either of the following
operations as required.
 Click an interface icon to select an interface.
 Drag the mouse to select multiple consecutive interfaces in a batch.
 Click multiple port icons to select these ports, and click a port icon again to
deselect the port.
 Click the check box before a front panel name to select all the interfaces on the
front panel.
3. Set parameters on the Configure Interface. Figure 3 shows the Configure Interface.
Figure 3 Configure Interface

4. Click Apply to complete the configuration.

VLAN

Context
 A switch supports 4094 VLANs from VLAN 1 to VLAN 4094.
 VLANs can isolate the hosts that require no communication with each other, reducing
broadcast traffic and improving network security.

Procedure
 Creating a VLAN
1. Choose Configuration > Basic Services > VLAN.
2. Click Create. The Create VLAN dialog box is displayed, as shown in Figure 1.
Figure 1 Creating a VLAN

Table 1 describes parameters in the Create VLAN dialog box.

Table 1 Parameters for creating a VLAN

Parameter Description

VLAN ID ID of the VLAN. This parameter is mandatory, and its value ranges from 1 to
4094. VLAN 1 is the default VLAN, and the system will not re-create it.

Description Description of the VLAN. This parameter is optional.

VLAN Attribute of the VLAN. This parameter is mandatory. Set VLAN

attribute attribute to Common VLAN or SVF multicast VLAN.
NOTE:

This parameter is available only when the device is enabled with SVF.
 Table 1 Parameters for creating a VLAN

Parameter Description

IPv4 IPv4 address of a VLANIF interface, such as 10.10.10.1. This parameter is

address optional and can be configured only for a VLANIF interface.

Mask Subnet mask of the IP address. This parameter is optional.

IPv6 IPv6 address, such as FC00:0:130F:0:0:9C0:876A:130B. This parameter is

address optional and can be configured only for a VLANIF interface.

Prefix Length of an address prefix. This parameter is optional and the value ranges from
length 1 to 128.

Intra- Indicates whether to enable ARP proxy in a VLAN:

VLAN  ON: Enable ARP proxy.
proxy ARP
 OFF: Disable ARP proxy.
NOTE:

In centralized forwarding, ARP proxy must be enabled in a VLAN.

3. Set parameters.
4. Click Add Interface. The Add Interface area is unfolded, as shown in Figure 2.
 Figure 2 Adding ports to the VLAN

5. Click Select Interface. The Add Interface page is displayed, as shown in Figure 3.
 Figure 3 Selecting ports to be added to the VLAN

6. Click OK. The Create VLAN dialog box is displayed.

7. Click OK.
 Creating VLANs in a batch
1. Choose Configuration > Basic Services > VLAN.
2. Click Batch Create. The Batch Create VLAN dialog box is displayed, as shown
in Figure 4. Set parameters.
Figure 4 Creating VLANs in a batch

3. Click OK.
 Querying a VLAN
1. Choose Configuration > Basic Services > VLAN.
2. Enter the VLAN ID in the search box. If you do not enter any VLAN ID, all created
VLANs are displayed.
3. Click . The VLAN is displayed, as shown in Figure 5.
 Figure 5 VLAN list

4. Click View Interface. The interfaces added to VLANs are displayed, as shown
in Figure 6.
Figure 6 View Interface

 Modifying a VLAN
1. Choose Configuration > Basic Services > VLAN.
2. Click a VLAN ID. The Modify VLAN dialog box is displayed, as shown in Figure
7. Table 1 describes parameters in the Modify VLAN dialog box.
 Figure 7 Modifying a VLAN

3. Change the values of parameters as required.

4. Click OK.
 Deleting a VLAN
1. Choose Configuration > Basic Services > VLAN.
2. Select a VLAN to be deleted and click Delete. The system asks you whether to
delete the VLAN.

VLAN 1 is the default VLAN and cannot be deleted.

3. Click OK.
 Deleting VLANs in a batch
1. Choose Configuration > Basic Services > VLAN.
2. Click Batch Delete. The Batch Delete VLAN dialog box is displayed, as shown
in Figure 8. Set parameters.
 Figure 8 Deleting VLANs in a batch

3. Click Delete. The system asks you whether to delete the VLAN.
4. Click OK.

Local User Creation Procedurre

 Create a local user.

1. Choose Configuration > Security Services > AAA and click the Local User tab, as shown
in Figure 1.

Figure 1 Local user

2. Click Create to open the Create User page, as shown in Figure 2.

Figure 2 Create User page

Table 1 describes the parameters on the page.

 Table 1 Parameters for creating a user

Parameter Description

User name Local user name.

Password User password.

Expiration time Password validity period.

User type User type. Users at different levels have different access rights.

User status State of a local user.

 Activate: The device accepts and processes the

authentication request from the user.

 Block: The device rejects the authentication request

from the user.

NOTE:

If a user has established a connection with the device, when the user is set in
blocking state, the connection still takes effect but the device rejects
subsequent authentication requests from the user.

Access mode Access type. After you specify the access type of a user, only the users of the
specified access type can log in.

3. Set parameters for the local user.

4. Click OK.

 Modify a local user.

1. Choose Configuration > Security Services > AAA and click the Local User tab.

2. Click the name of the user that you want to modify.

3. Set parameters for modifying the user. Indicates whether a user is forcibly disconnected
from the network. Table 1 describes the parameters for modifying a local user.

4. Click OK.

 Delete a local user.

1. Choose Configuration > Security Services > AAA and click the Local User tab.
 2. Select a record that you want to delete and click Delete. The system asks you whether
to delete the record.

 Click OK.

Configuring port security

1. Click Configuration in the function area and choose MAC from the navigation tree in the
left. The MAC page is displayed.

2. Click the MAC Security tab. The MAC Security tab page is displayed.

3. Select a port, as shown in Figure 2-47.

Figure 2-47 Configuring port security

Table 2-17 describes parameters on the MAC Security tab page.

Table 2-17 Configuring port security

Parameter Description Value

Interface - -
Name

Interface If a network requires high access security, you The value can
Security can configure port security on specified ports. be Enable or Disable.
MAC addresses learned by these ports are
changed to dynamic secure MAC addresses or
sticky MAC addresses. When the number of
learned MAC addresses reaches the limit, the
ports do not learn new MAC addresses. This
prevents devices with untrusted MAC
addresses from connecting to these ports,
improving security of the devices and the
network.
 Parameter Description Value

MAC Maximum number of MAC addresses that can The value ranges
Address be learned by a port. from 1 to 1024.
Limit

Sticky MAC Sticky MAC addresses will not be aged out The value can
and will exist after the device restarts. be Enable or Disable.

4. Set parameters.

5. Click Apply.