Pass all qos huawei s5300

In my example, the configuration file matched the current configuration and I was immediately offered to reload, but if the file was changed and did not match, you will be prompted to save the current configuration to a file, to which you must refuse, after Why agree to a reboot!

Actually, this is not all – these are just the commands available in this mode, now we go to the mode

It is worth noting that the command “dis th”(display this) executed on port 0/0/1 gives the same information as “dis cur int gig 0/0/1” executed in any mode and on any port, which is convenient for copying the configuration.
Here are the commands related to the port, in the same way you can see help on commands in complex functions like ACL, AAA, STP.

If you have any questions, I can tell you about other interesting functions of the switch in examples from a working network.

Huawei s5600 and s5300(s5700) config examples with MAK authorization
Both switches are similar in performance and functionality, the difference is only in the release date.

DHCP Relay on huawei s5700
Please tell me if such a feint is possible: All network 172.30.0.0/16 I want at the expense of Relay into one.

Traffic-inspect on HUAWEI S5700
Hello. Does anyone know if the S5700 has the ability to inspect traffic? (analog.

Hello, please tell me how to implement routing between vlan, there are 8 s3300 switches and one s5700,
on the same switch, two DC servers are connected in one vlan and another vlan with users. How to connect and configure everything correctly so that users in different vlans have access to the servers?

Huawei s5300 doesn’t work properly with AAA firmware version v200
I have huawei s5600, s5300 series access switches. Moreover, s5300 with different firmware in connection with.

Huawei S5700-28C-SI edit acl
Colleagues, good afternoon. There is an S5700-28C-SI switch, a common printer with an address is registered in the rule.

Huawei S5700 switch does not connect POE cameras
How can I configure the Huawei S5700 switch through the console to show POE cameras? There is no link.

HUAWEI is one of the largest Chinese telecommunications companies. Founded in 1988.

Global commands, modes of operation, similarities and differences with CLI CISCO.

1. system-view is an analogue of the cis configuration mode conf t. In this mode, the command line prompt looks like [Switch].
2. user-view is an analogue of the unprivileged cisco mode. The prompt mode looks like this: .

Main commands:

• system-view – switch from user-view to privileged system-view mode;
• save – saving the current settings to the non-volatile memory of the device;
• display current-configuration – display current configuration file
• display current-configuration configuration XXXX – displays the XXXX section settings.
• display this – current section configuration output;
• quit – exit from the current section to the parent section.

Configuring vlan interfaces, operating modes of physical ports of the switch

Create vlan

To create a vlan as an entity, run the vlan XXX command on the switch in system-view mode, where XXX is the vlan number.

Vlan created. You can also set the description or the name of the vlan with the description command. Unlike Cisco, the name is not a required attribute when creating a vlan.

To transfer the created vlan within the local network, the GVRP protocol is used. It is enabled with the gvrp command in system-view mode.

Also gvrp must be allowed on the interface:

There is no compatibility with Cisco VTP (vlan transfer protocol) and cannot be.

Creating a vlan interface.

Port Modes

Actually, nothing new. There are two main modes of port operation: access and trunk.
trunk mode
Port setting:

Unlike Cisco switches, all vlans are disabled by default and must be forced to be allowed with the port trunk allow-pass vlan command.
Untagged native vlan on the port is enabled by the command:

Setting up eth-trunk

STP Setting

Cisco 2960 and HUAWEI Quidway S5328C-EI switches were connected for STP testing.
To enable STP on the switch, enter the command in system-view mode

By default, the priority of the HUAWEI switch, as well as the Cisco switch, is 32768.
View information about the current status of ports:

It can be seen that one of the ports is blocked, because the priority of the Cisco switch turned out to be higher.
View global STP information:

Change the priority of the HUAWEI switch. Let’s make it the smallest: 4096.

Let’s see that the port is unblocked:

General information about STP:

Static Routing

Static routes are written in exactly the same way as on Cisco equipment:

View routing table:

That’s all.
If the respected community is interested in the material, I plan to continue covering the setup of HUAWEI equipment. In the next article, we will look at setting up dynamic routing.

Connecting to the Switch Console

my ultrabook does not have an Ethernet port, much less a COM port, I used my QinHeng Electronics HL-340 USB-Serial adapter (Device 005: ID 1a86:7523). It pleases me with the fact that when connected via USB, it immediately gives a virtual COM port and does not require any drivers either under Windows or Linux.

I use gtkterm to connect

Configuration -> Port:
Port: /dev/ttyUSB0
Baud rate: 9600
Parity: none
Bits: 8
Stop bits: 1
Flow control: none

After the first connection, there was a problem with the fact that the console was sooooo slow. Then it turned out that it was all the fault of the console COM -> RJ45 cable. Replaced it with Cisco-vsky, and everything started up.

Setting hostname and IP address

To change the hostname, use the command:

The new address is applied immediately, and unlike CISCO, there is no need to restart the interface here.

SNMP Setup

Huawei switches have two features to keep in mind when configuring snmp. First, if you have snmp v3 enabled, then snmp v2c will not work. Secondly, for snmp v2c, when configuring on the switch in the console, the community name must be specified in quotation marks, and in the monitor (for example, Dude) it must also be specified in quotation marks (I used double quotes).

Optionally, you can add contact information to snmp.

Setting up ssh

Generating keys, adding a user, giving the user access to ssh(stelnet)+telnet services.

Launching the web interface

The file with the web interface (scripts, js, css, etc.) must be stored as an archive on the device. You can see what is there with the dir command.

In my case, the switch had two types of interface: classic (a la hello 90s) and easyOperation (more or less usable). You can visually compare them yourself.

This is a classic interface

And this is EasyOperation

Feel the difference 🙂 Although the best is still in the console.

Table of analogs of CISCO commands for HUAWEI

Links

Thank you!

If the article helped you, or if you want to support my research and blog, here is the best way to do it:

Andrey Tokarchuk:

As an option, scan the network and look at the ARP table by MAC addresses. At the beginning of the MAC address is the vendor prefix.

One of the largest Chinese companies present on the Russian telecommunications market is Huawei. This global giant produces a great variety of different models of switches and routers. In this article, we will look at the initial setup of the switch, as well as how to connect to it and what configuration software to use.

Necessary hardware and software

To perform the initial setup of network active equipment, you must have the following hardware and software:

1) laptop with “COM port” for connection to SPT equipment;

Establishing a console connection with equipment

Connecting a laptop to equipment

Connect a working laptop with a console interface cable to the “console” connector of the equipment On different types of equipment, the interface for connecting the console cable may be called differently, the possible options are “console”, “con”, “monitor”, etc. P.

Establishing a connection using the HyperTerminal software

2) Launch the HyperTerminal program. In the window that appears, in the “Name” field, enter an arbitrary name for the connection session

3) In the next window, select the serial port of the PC to which the interface cable is connected and click the “OK” button

Important! If a USB-COM adapter is used, the port number may differ from COM1. You can check this in the “Device Manager” of Windows in the “Ports (COM and LPT)” section

If the port number is different (for example, “COM6”), then change the value in the “Connect via” field from “COM1” to “COM6”.

Set the port parameters in the HyperTerminal software with the settings in accordance with the figure below and click the OK button.

General Switch Initial Setup

2) It is necessary to change the password during the first login

3) After changing the password setting, the system will prompt you to start configuration:

After entering the configuration mode, the appearance of the prompt line will change to:

5) Switcher name needs to be changed:

In this example, the name of the switch will be “SW1”, the appearance of the prompt line will change to:

7) Set password:

In this example, the password will be “Huawei”.

8) Exit console access configuration mode:

10) Set password:

In this example, the password will be “Huawei”.

11) Set user password authentication mode:

12) Exit telnet access configuration mode:

Configuring switch interfaces

where xxx.xxx.xxx.xxx – ip address, yy – subnet mask prefix.

3) Exit interface configuration mode:

4) Set default gateway:

where zzz.zzz.zzz.zzz – gateway ip address

5) Exit configuration mode:

6) Save current configuration:

Switch Trunk port setting

Trunk port is a point-to-point link between the switch and another network device. Trunk connections are used to carry traffic from multiple VLANs over a single link and provide them with access to the entire network. Trunk ports are required to carry multiple VLAN traffic between devices when connecting two switches, a switch and a router.

1) Change port to trunk state:

2) Exit interface configuration mode:

3) Save current configuration:

Factory Reset Huawei Switch Without System Access

1) Connect a working laptop to the switch and run the telecommunications software according to.

2) Power up the switch. After waiting for the line “Press Ctrl + B to break auto startup” when loading the switch, press the key combination “Ctrl + B” on the keyboard (this is given no more than 3 seconds, after which the device continues loading).

4) In the opened submenu “FILESYSTEM SUBMENU” on the keyboard, press the button “3” (“Delete file from Flash”), then the “Enter” key, a list of files that are in the file system is displayed.

5) Find the cfg file in the list

and enter his name in the prompt “Please choose the file you want to delete:”. In this example, this is “test-sw.cfg”. Confirm the deletion of the file by pressing the “y” button on the keyboard.

6) After deleting the configuration file in the “FILESYSTEM SUBMENU”, press the “6” button and then the “Enter” key to return to the “BOOTROM MENU”.
7) Press the “7” (“Reboot”) button on the keyboard and then the “Enter” key.
8) After the reboot, the initial setup is carried out from paragraph 3 of this manual.

In my example, the configuration file matched the current configuration and I was immediately offered to reload, but if the file was changed and did not match, you will be offered to save the current configuration to a file, to which you must refuse , then agree to reboot.

Actually, this is not all – these are only commands available in this mode, now we go to the mode

It is worth noting that the command “dis th”(display this) executed on port 0/0/1 gives the same information as “dis cur int gig 0/0/1” executed in any mode and on any port, which is convenient for copying the configuration.
Here are the commands related to the port, in the same way you can see help on commands in complex functions like ACL, AAA, STP.

If you have any questions, I can tell you about other interesting functions of the switch in examples from a working network.

Huawei s5600 and s5300(s5700) config examples with MAK authorization
Both switches are similar in performance and functionality, the difference is only in the release date.

DHCP Relay on huawei s5700
Please tell me if such a feint is possible: All network 172.30.0.0/16 I want at the expense of Relay into one.

Traffic-inspect on HUAWEI S5700
Hello. Does anyone know if the S5700 has the ability to inspect traffic? (analog.

Hello, please tell me how to implement routing between vlan, there are 8 s3300 switches and one s5700,
on the same switch, two DC servers are connected in one vlan and another vlan with users. How to connect and configure everything correctly so that users in different vlans have access to the servers?

Huawei s5300 doesn’t work properly with AAA firmware version v200
I have huawei s5600, s5300 series access switches. Moreover, s5300 with different firmware in connection with.

Huawei S5700-28C-SI edit acl
Colleagues, good afternoon. There is an S5700-28C-SI switch, a common printer with an address is registered in the rule.

POE cameras are not connected on the Huawei S5700 switch
How can I configure the Huawei S5700 switch through the console to show POE cameras? There is no link.

Huawei traffic access list and basic Qos configuration

QoS (Quality of Service) refers to the network’s ability to use various underlying technologies to provide better service capabilities for certain network communications. It is a security mechanism for the network that is used to deal with problems such as network latency and congestion. Technology. Under normal circumstances, if the network is used only for certain application systems without a time limit, QoS is not required, such as web applications or email settings. But it is very necessary for key applications and multimedia applications. When the network is congested or congested, QoS can ensure that important services are not delayed or rejected while still keeping the network running efficiently.

1.1 How to distinguish data

1. IP packets including IP priority (8 types in total), differentiated services defined in the IP packet header; dscp priority
2. Mac frame: 802.1p

1.2 Three Qos modes

1. Best-Effort service (Best-Effort service model)
2. Integrated Service Model (Int-Serv for short)
3. Differentiated Services (differentiated service model, abbreviated as Diff-Serv) (commonly used)

1.3 Qos setting process

1. Traffic Classification (Use ACL to separate rules first, then proceed to next step setup)
2. Customize traffic behavior
3. Develop a Qos strategy and link previously defined classes and behaviors together
4. Application strategy (UI or PVC based application strategy, online user based application strategy, Vlan based application strategy)

1.4 Three QoS Service Models

1. Best-Effort service (Best-Effort service model referred to as Best-Effort ）

2. Integrated service (integrated service model called Int-Serv ）

Int-Serv Service Model Int-Serv is a comprehensive service model that can meet various QoS requirements. This model uses the Resource Reservation Protocol (RSVP). R SVP runs on every device from source to destination and can monitor every flow to prevent too many resources from being consumed. This system can clearly distinguish and guarantee the quality of service of each business flow, and provide the network with the highest quality of service.
However, the Inter-Serv model places very high demands on the hardware. When the number of data streams in the network is large, the capacity of the data storage and processing equipment will be greatly challenged. The Inter-Serv model has poor scalability and is difficult to implement in the underlying Internet.

3. Differentiated service (differentiated service model, called Diff-Serv ）

Diff-Serv service model Diff-Serv is a multi-service model that can meet different QoS requirements. Unlike Int-Serv, it does not need to inform the network about resource reservations for each service. Differentiated services are easy to implement and highly scalable.

2.1 Experimental environment and topology scheme

2.2 Configuring OSPF on R1, R2 and R3 Routers

Check if the entire network is compatible

2.3 Setting up traffic access control

Trace the path from PC2 to ftp. Server2

Route from PC1 to ftp. Server2 was originally PC1->R1->R2->R3->ftp. Server2 changed to PC1->R1->R3->ftp. Server2

The token bucket algorithm is the most commonly used algorithm for network traffic shaping (Traffic Shaping) and rate limiting (Rate Limiting). Typically, the token bucket algorithm is used to manage the amount of data sent to the network and allows packet data to be sent. This can be compared to issuing cards (tokens) for motorways. The more maps issued, the busier the highway. Therefore, it is necessary to introduce some speed limits, that is, to issue fewer cards (tokens).

It is necessary to understand the following concepts of nouns:

PIR and PBS parameters are only available in the switch.

green (successful) <CIR <yellow (waiting queue) <PIR <red (clear)

3.1 traffic configuration

Required speed limit: 10M for CIR, 2000000 for CBS, 4000000 for PBS.
It should be noted here that only one policy can be configured for one device interface, that is, only one strategy can be reserved for the GE0 / 0/0 interface of R1, so you need to cancel the previous policy.

A traffic behavior is created and the traffic behavior view is displayed, or the view of an existing traffic behavior is displayed.

In the same traffic behavior, the deny action cannot be used together with other traffic actions except for traffic statistics collection and traffic mirroring.

For details on how to configure packet filtering, see Packet Filtering Configuration.

Re-marking the IP precedence of packets: remark ip-precedence ip-precedence

For details on how to configure MQC-based priority re-marking on the S2720-EI, S5720-LI, S5720S-LI, S5720-SI, S5720S-SI, S5720I-SI, S5730-SI, S5730S-EI , S6720-LI, S6720S-LI, S6720-SI, and S6720S-SI , see Configuring MQC-based Priority Re-marking.

For details on how to configure MQC-based priority re-marking on the S5720-EI, S5720-HI, S5730-HI, S5731-H, S5731-S, S5731S-S, S5731S-H, S5732-H , S5735-L, S5735S-L, S5735S-L-M, S5735-S, S5735S-S, S6720-EI, S6720S-EI, S6720-HI, S6730-H, S6730-S, and S6730S-S based Priority Re-marking.

Destination MAC address re-marking

remark destination-mac mac-address

Only the S5720-EI, S6720-EI, and S6720S-EI support this action.

For details on how to configure MQC-based destination MAC address re-marking, see Configuring Re-marking of Destination MAC Addresses in “MAC Address Table Configuration” in the S2720, S5700, and S6700 V200R019C00 Configuration Guide – Ethernet Switching Configuration Guide
.

Flow ID re-marking

remark flow-id flow-id

Only the S5720-EI, S5720-HI, S5730-HI, S5731-H, S5731-S, S5731S-S, S5731S-H, S5732-H, S5735-L, S5735S-L, S5735S-L-M, S5735-S, S5735S-S, S6720-EI, S6720-HI, S6730-H, S6730-S, S6730S-S, and S6720S-EI support this action.

Redirecting packets to the CPU: redirect cpu

Redirecting packets to a VPN instance: redirect vpn-instance vpn-instance-name

Only the S5720-EI, S5720-HI, S5730-HI, S5731-H, S5731-S, S5731S-H, S5731S-S, S5732-H, S6720-EI, S6720-HI, S6720S-EI, S6730-H, S6730-S, and S6730S-S support redirect cpu .

A traffic policy containing redirect interface and redirect cpu can only be applied to the inbound direction.

The S5735-L, S5735-S, S5735S-L, S5735S-L-M, and S5735S-L-M do not support redirect vpn-instance .

For details on how to configure redirection, see Redirection Configuration.

For details on how to configure MQC-based traffic policing, see Configuring MQC to Implement Traffic Policing.

Hierarchical traffic policing

Only the S5720-EI, S5720-HI, S5730-HI, S5731-H, S5731-S, S5731S-H, S5731S-S, S5732-H, S6720-HI, S6730-H, S6730-S, and S6730S-S support this action.

mirroring to observe-port observe-port-index

The S2720-EI, S5720I-SI, S5720-LI, S5720S-LI, S5720S-SI, S5720-SI, S5730S-EI, S5730-SI, S5735-L, S5735S-L, S5735S-L-M, S5735-S, S5735S-S, S6720-LI, S6720S-LI, S6720S-SI, and S6720-SI support traffic mirroring only in the inbound direction.

For details on how to configure MQC-based traffic mirroring, see Configuring Mirroring in “Mirroring Configuration” in the S2720, S5700, and S6700 V200R019C00 Configuration Guide – Network Management and Monitoring
.

Redirecting packets to a next hop IP address: redirect ip-nexthop

Redirecting packets to a next hop IPv6 address: redirect ipv6-nexthop

Redirecting packets to multiple next hop IP addresses: redirect ip-multihop

Redirecting packets to multiple next hop IPv6 addresses: redirect ipv6-multihop

A traffic policy containing PBR takes effect only for IP packets.

For details on how to configure PBR, see Configuring PBR in “PBR Configuration” in the S2720, S5700, and S6700 V200R019C00 Configuration Guide – IP Unicast Routing
.

Disabling MAC address learning

mac-address learning disable

Only the S5720-EI, S5720-HI, S5730-HI, S5731-H, S5731-S, S5731S-H, S5731S-S, S5732-H, S5735-L, S5735S-L, S5735S-L-M, S5735-S, S5735S-S, S6720-EI, S6720-HI, S6720S-EI, S6730-H, S6730-S, and S6730S-S support this action.

Re-marking the VLAN tag in VLAN packets: remark vlan-id vlan-id

Re-marking the inner VLAN tag in QinQ packets: remark cvlan-id cvlan-id

Only the S5720-EI, S5720-HI, S5730-HI, S5731-H, S5731-S, S5731S-H, S5731S-S, S5732-H, S6720-EI, S6720-HI, S6720S-EI, S6730-H, S6730-S, and S6730S-S support the action of re-marking the inner VLAN tag in QinQ packets (specified by remark cvlan-id ) in a traffic behavior.

When a traffic classifier defines if-match outbound-interface interface-type
interface-number
, VLAN mapping cannot be defined in the bound traffic behaviors.

For details on how to configure MQC-based VLAN mapping, see Configuring MQC-based VLAN Mapping in “VLAN Mapping Configuration” in the S2720, S5700, and S6700 V200R019C00 Configuration Guide – Ethernet Switching Configuration Guide
.

add-tag vlan-id vlan-id

Only the S5730-SI, S5730S-EI, S6720-LI, S6720S-LI, S6720-SI, and S6720S-SI support this action.

For details on how to configure MQC-based selective QinQ, see Configuring MQC-based Selective QinQ in “QinQ Configuration” in the S2720, S5700, and S6700 V200R019C00 Configuration Guide – Ethernet Switching Configuration Guide
.

Traffic statistics collection

For details on how to configure traffic statistics collection, see Traffic Statistics Collection Configuration.

Making the deny rule in an ACL or ACL6 ineffective

A traffic behavior configured with this action must be bound to a traffic classifier configured with the ACL or ACL6 rule.

Подключение к консоли коммутатора

Т.к. в моем ультрабуке нет ни Ethernet порта, ни тем более COM порта я использовал свой адаптер QinHeng Electronics HL-340 USB-Serial adapter (Device 005: ID 1a86:7523). Радует он меня тем, что при подключении по USB сразу даёт вирутуальный COM-порт и не требует никаких драйверов ни под Windows, ни под Linux.

I use gtkterm to connect

Configuration -> Port:
Port: /dev/ttyUSB0
Baud rate: 9600
Parity: none
Bits: 8
Stop bits: 1
Flow control: none

After the first connection, there was a problem with the fact that the console was sooooo slow. Then it turned out that it was all the fault of the console COM -> RJ45 cable. Replaced it with Cisco-vsky, and everything started up.

Setting hostname and IP address

To change the hostname, use the command:

The new address is applied immediately, and unlike CISCO, there is no need to restart the interface here.

SNMP Setup

Huawei switches have two features to keep in mind when configuring snmp. First, if you have snmp v3 enabled, then snmp v2c will not work. Secondly, for snmp v2c, when configuring on the switch in the console, the community name must be specified in quotation marks, and in the monitor (for example, Dude) it must also be specified in quotation marks (I used double quotes).

Optionally, you can add contact information to snmp.

Setting up ssh

Generating keys, adding a user, giving the user access to ssh(stelnet)+telnet services.

Launching the web interface

The file with the web interface (scripts, js, css, etc.) must be stored as an archive on the device. You can see what is there with the dir command.

In my case, the switch had two types of interface: classic (a la hello 90s) and easyOperation (more or less usable). You can visually compare them yourself.

This is a classic interface

And this is EasyOperation

Feel the difference 🙂 Although the best is still in the console.

Table of analogs of CISCO commands for HUAWEI

Links

Thank you!

If the article helped you, or if you want to support my research and blog, here is the best way to do it:

Andrey Tokarchuk:

As an option, scan the network and look at the ARP table by MAC addresses. At the beginning of the MAC address is the vendor prefix.

> Are the experts on this topic gone?

And why not mark traffic not on the outgoing interface, but on the incoming one?
Those. you are on the outgoing interface at the same time cutting the strip and coloring the traffic. And IChO, it would be better to downlink to the aggregation level, mark all incoming traffic. But on the uplink, already cut the strips according to the marking.
As long as you have one uplink, there will be no difference, when there are more of them, such a scheme will be more flexible.

>> Are the experts on this topic dead?
> Why not mark traffic not on the outgoing interface, but on
> incoming?
> I.e. you are on the outgoing interface at the same time cutting the strip and coloring the traffic.
> IMHO, it will be better on a downlink to the aggregation level, all incoming traffic
> mark. But on the uplink, already cut the strips according to the marking.
> As long as you have one uplink, it won’t make a difference when you have them
> more, such a scheme will be more flexible.

Hmm, can I have a small example? Something I do not understand how it will work.

> Thank you so much for the science! I will review my rules.
> And in essence, the correspondence of my policies between ciscos and huawei is nothing
> can you suggest?

Not at all, it’s better for someone from the experienced to check it, because I don’t have a lot of practical skills either (I just left the qos course and now I’m implementing it myself)
Didn’t work with Huawei)

I have a question about this policy
policy-map OUT-QOS
class class default
shape average percent 90
service-policy WAN-EDGE

Why are you doing this?
You hang up parent policy on the physical interface on which width is specified. After that, shape everything up to 90 percent.
Regarding the effectiveness of the policies themselves – here you need to look at real traffic under load. + MISSION-CRITICAL-DATA enabled RED. What kind of traffic is there, does it make sense to include it there?