What is the Default BootROM Password of Huawei Switch

Question 1: What is the Default BootROM Password of Huawei Switch?

Answer 1: When the system starts the BootROM, press Ctrl+B within two seconds and then enter the default password to enter the BootROM menu. In versions earlier than V200R001, the default password is huawei. In V200R001 and later versions, the default password is

Admin@huawei.com.

Question 2: Do I Need to Upgrade the BootROM When I Run S2700-26TP-PWR-EI the

startup system-software Command on a Case-shaped

Switch to Specify the Software Package for Next Startup?

Answer 2: In V100R006 and earlier versions, the system displays the following information when you run the startup system-software command to specify the software package for next startup: "Warning: Basic BOOTROM will be upgraded. Continue?(Y/N)[N]." You must upgrade the BootROM; otherwise, the switch cannot start. Follow the instruction in the upgrade guide when you upgrade a switch.

In versions later than V100R006, the system automatically upgrades the BootROM after you run the startup system-software command to specify the software package for next startup.

Question 3: Does the Switch S2700 S2700-26TP-SI-AC Support the Remote Upgrade of the

BootROM?

Answer 3: The switch supports the remote upgrade of the BootROM.

Log in to the switch where the BootROM needs to be upgraded through Telnet, and then run the upgrade basic-bootrom system-filename command in the system view to upgrade the BootROM.

How to Configuring Local Traffic Mirroring of Huawei Router

Pre-configuration Tasks

Before configuring local traffic mirroring, complete the following task:

Ensuring that the link layer protocol status of ports is Up.

1 Configuring a Local Observing Port

Context

In local mirroring, the monitoring device is directly connected to the observing port.

Do not configure other functions on an observing port; otherwise, the mirroring function is

affected.

1 If other service packets are transmitted on the observing port besides the mirrored packets, the packet sources cannot be identified.

2 If congestion occurs on the observing port, mirrored packets may be discarded because of their low priorities.

Step 1 Run:

system-view

The system view is displayed.

Step 2 Run:

observe-port interface interface-type interface-number

A local observing port is configured.

----End

2 Configuring a Traffic Classifier

Configure complex traffic classification by selecting proper traffic classification rules. For

details, see Configuring a Traffic Classifier in the Huawei AR150&200&1200&2200&3200

Series Enterprise Routers Configuration Guide - QoS.

3 Configuring a Traffic Behavior

By configuring the traffic behavior, the device mirrors all the packets matching traffic

classification rules to the observing interface.

Procedure

Step 1 Run:

system-view

The system view is displayed.

Step 2 Run:

traffic behavior behavior-name

A traffic behavior is configured and its view is displayed.

Step 3 Run:

mirror to observe-port

Traffic matching the rules is mirrored to the specified observing port.

----End

4 Configuring a Traffic Policy

Step 1 Run:

system-view

The system view is displayed.

Step 2 Run:

traffic policy policy-name

A traffic policy is created and its view is displayed.

Step 3 Run:

classifier classifier-name behavior behavior-name

The traffic policy is associated with the traffic classifier and the traffic behavior containing traffic mirroring.

In the preceding command, classifier-name specifies a traffic classifier. The value of this

parameter must be the same as the value set in 7.5.2 Configuring a Traffic Classifier. The

behavior-name parameter specifies a traffic behavior. The value of this parameter must be the same as the value set Configuring a Traffic Behavior.

----End

5 Applying a Traffic Policy

You can apply a traffic policy bound to traffic behaviors and traffic classifiers to a mirrored port. For details, see Applying the Traffic Policy in the Huawei AR150&200&1200&2200&3200 Series Enterprise Routers Configuration Guide - QoS.

6 Checking the Configuration

1 Run the display observe-port command to check the observing port.

2 Run the display traffic behavior { system-defined | user-defined } [ behavior-name ]

command to check the traffic behavior configuration.

3 Run the display traffic classifier { system-defined | user-defined } [ classifier-name ]

command to check the traffic classifier configuration.

4 Run the display traffic policy user-defined [ policy-name [ classifier classifier-name ] ]

command to check the traffic policy configuration.

5 Run the display traffic-policy applied-record [ policy-name ] command to check the

application record of a specified mirroring policy.

----End

Customers interested in purchasing huawei router or the price, please refer to below links:

AR2240

AR2200

Contact information:

Telephone: +852-30501940(Hong Kong)

Fax: +852-30501941

Email:   sales@huanetwork.com(Sales Inquiries)

Address: 3/F, China Fen Hin Bld., 5 Cheung Yue St., Cheung Sha Wan, KLN., Hong Kong

Website: http://www.huanetwork.com

How to Configure Remote Port Mirroring of Huawei Router

Before configuring remote port mirroring on Huawei router, complete the following tasks:

Configuring routing protocols to ensure reachable routes between the mirrored device and

the monitoring device

Configuring a GRE over IPv4 Tunnel

Configuration overview

Configuring the Observing Server (taking the AR3200 and AR1200 as the example)

Step 1 Run:

system-view

The system view is displayed.

Step 2 Run:

observe-server destination-ip destination-ip-address source-ip source-ip-address

[ dscp dscp-value ]

An observing server is configured for remote mirroring.

NOTE

1 In the preceding command, destination-ip-address specifies the IP address of the monitored device, and source-ip-address specifies the IP address of a mirrored port.

2 If the monitoring device and mirrored port use private IP addresses, perform the task in Configuring a GRE over IPv4 Tunnel before configuring the monitoring device.

----End

Configuring a Remote Mirrored Port

Context

A mirrored port can be an Ethernet port or an Eth-Trunk port. If you want to configure an Eth-Trunk as a mirrored port, run the interface eth-trunk trunk-id command to create an Eth-Trunk first.

1 If an Eth-Trunk is configured as a mirrored port, its member ports cannot be configured as mirrored ports. To configure a member port as a mirrored port, delete it from the Eth-Trunk first.

2 If a member port of an Eth-Trunk is configured as a mirrored port, the Eth-Trunk cannot

be configured as a mirrored port. To configure the Eth-Trunk as a mirrored port, delete the

member port from it first.

Step 1 Run:

system-view

The system view is displayed.

Step 2 Run:

interface interface-type interface-number

The interface view is displayed.

Step 3 Run:

mirror to observe-server{ both | inbound | outbound }

A remote mirrored port is configured.

----End

Checking the Configuration

1 Run the display observe-server command to check the observing server.

2 Run the display mirror-port command to check the port mirroring configuration.

----End

How to Configure Basic SNMPv3 Functions on Huawei S5700

Note:

The security levels from the highest to the lowest must be trap host security, user security, and user group security.

The security level description is as follows:

Level 1: privacy (authentication and encryption)

Level 2: authentication (only authentication)

Level 3: none (no authentication and no encryption)

If the security level of a user group is level 1, the security levels of user and trap host must be level 1. If the security level of a user group is level 2, the security levels of user and trap host can be level 1 or level 2.

Configure Basic SNMPv3 Functions on Huawei S5700.

Procedure

Step 1 Run:

system-view

The system view is displayed.

Step 2 (Optional) Run:

snmp-agent

The SNMP agent function is enabled.

By default, the SNMP agent function is disabled. By executing the snmp-agent command with any parameter enables the SNMP agent function.

Step 3 (Optional) Run:

snmp-agent udp-port port-num

The listening port number of the SNMP agent is changed.

The default listening port number of the SNMP agent is 161.

To enhance device security, run the snmp-agent udp-port command to change the listening port number of the SNMP agent.

Step 4 (Optional) Run:

snmp-agent sys-info version v3

The SNMP version is configured.

SNMPv3 is enabled by default; therefore, this step is optional.

Step 5 (Optional) Run:

snmp-agent local-engineid engineid

An engine ID is set for the local SNMP entity.

By default, the device automatically generates an engine ID using the internal algorithm. The engine ID is composed of enterprise ID+device information.

If the local engine ID is set or changed, the existing SNMPv3 user will be deleted.

Step 6 Run:

snmp-agent group v3 group-name [ authentication | privacy ]

An SNMPv3 user group is configured.

If the network or network devices are in an insecure environment (for example, the network is vulnerable to attacks), authentication or privacy can be configured in the command to enable data authentication or privacy. By default, the created SNMP group is neither authenticated nor encrypted.

Step 7 Run:

snmp-agent usm-user v3 user-name [ group group-name | acl acl-name ] *

A user is added to the SNMPv3 user group.

Step 8 Run:

snmp-agent usm-user v3 user-name authentication-mode { md5 | sha } [ cipher password ]

The authentication password of the SNMPv3 user is added.

Step 9 Run:

snmp-agent usm-user v3 user-name privacy-mode { des56 | aes128 | aes192 | aes256 | 3des } [ cipher password ]

The password of the SNMPv3 user is added.

AES128 and AES256 algorithm are recommended to improve data transmission security.

After a user is added to the user group, the NMS that uses the name of the user can access the objects in the ViewDefault view (OID: 1.3.6.1). If the local engine ID is set or changed, the existing SNMPv3 user will be deleted.

If authentication and privacy have been enabled for the user group, the following authentication and privacy modes can be configured for the data transmitted on the network.

Step 10 Configure the destination IP address for receiving traps and error codes.On an IPv4 network, run:

snmp-agent target-host trap address udp-domain ip-address [ udp-port port-number | source interface-type interface-number | [ public-net | vpn-instance

Issue 01 (2013-11-05) Huawei Proprietary and Confidential

Copyright © Huawei Technologies Co., Ltd.

30 vpn-instance-name ] ] * params securityname security-name [ v3 [ authentication | privacy ] | private-netmanager | notify-filter-profile profile-name | ext-vb ] * On an IPv6 network, run:

snmp-agent target-host trap ipv6 address udp-domain ipv6-address [ udp-port port-number ] params securityname security-name [ v3 [ authentication | privacy ] | private-netmanager | notify-filter-profile profile-name | ext-vb ] *

Note the following when running the command:

The default destination UDP port number is 162. To ensure secure communication between the NMS and managed devices, run the udp-port command to change the UDP port number to a non-well-known port number. The parameter security-name identifies devices that send traps on the NMS. If the NMS and managed device are both Huawei products, the parameter private-netmanager can be configured to add more information to trap messages, such as the alarm type, alarm serial number, and alarm sending time. The information will help you locate and solve problems more quickly.

The value of security-name must be the same as the created user name. Otherwise, the NMS cannot access the managed device.

Step 11 (Optional) Run:

snmp-agent sys-info { contact contact | location location }

The equipment administrators contact information or location is configured.

By default, the vendor's contact information is "R&D Beijing, Huawei Technologies co.,Ltd.". The default location is "Beijing China".

This step is required for the NMS administrator to view contact information and locations of the equipment administrator when the NMS manages many devices. This helps the NMS administrator to contact the equipment administrators for fault location and rectification.

Step 12 (Optional) Run:

snmp-agent packet max-size byte-count

The maximum size of SNMP messages that the device can receive and send is set.

By default, the maximum size of SNMP messages is 12000 bytes.

When the size of an SNMP message is larger than the configured value, the device discards the SNMP message. To ensure that NMS can process SNMP packets properly, set the parameter byte-count based on the maximum size of an SNMP packet that the NMS can process.

----End

How to Configure Basic SNMPv3 Functions on Huawei S5700

Note:

The security levels from the highest to the lowest must be trap host security, user security, and user group security.

The security level description is as follows:

Level 1: privacy (authentication and encryption)

Level 2: authentication (only authentication)

Level 3: none (no authentication and no encryption)

If the security level of a user group is level 1, the security levels of user and trap host must be level 1. If the security level of a user group is level 2, the security levels of user and trap host can be level 1 or level 2.

Configure Basic SNMPv3 Functions on Huawei S5700.

Procedure

Step 1 Run:

system-view

The system view is displayed.

Step 2 (Optional) Run:

snmp-agent

The SNMP agent function is enabled.

By default, the SNMP agent function is disabled. By executing the snmp-agent command with any parameter enables the SNMP agent function.

Step 3 (Optional) Run:

snmp-agent udp-port port-num

The listening port number of the SNMP agent is changed.

The default listening port number of the SNMP agent is 161.

To enhance device security, run the snmp-agent udp-port command to change the listening port number of the SNMP agent.

Step 4 (Optional) Run:

snmp-agent sys-info version v3

The SNMP version is configured.

SNMPv3 is enabled by default; therefore, this step is optional.

Step 5 (Optional) Run:

snmp-agent local-engineid engineid

An engine ID is set for the local SNMP entity.

By default, the device automatically generates an engine ID using the internal algorithm. The engine ID is composed of enterprise ID+device information.

If the local engine ID is set or changed, the existing SNMPv3 user will be deleted.

Step 6 Run:

snmp-agent group v3 group-name [ authentication | privacy ]

An SNMPv3 user group is configured.

If the network or network devices are in an insecure environment (for example, the network is vulnerable to attacks), authentication or privacy can be configured in the command to enable data authentication or privacy. By default, the created SNMP group is neither authenticated nor encrypted.

Step 7 Run:

snmp-agent usm-user v3 user-name [ group group-name | acl acl-name ] *

A user is added to the SNMPv3 user group.

Step 8 Run:

snmp-agent usm-user v3 user-name authentication-mode { md5 | sha } [ cipher password ]

The authentication password of the SNMPv3 user is added.

Step 9 Run:

snmp-agent usm-user v3 user-name privacy-mode { des56 | aes128 | aes192 | aes256 | 3des } [ cipher password ]

The password of the SNMPv3 user is added.

AES128 and AES256 algorithm are recommended to improve data transmission security.

After a user is added to the user group, the NMS that uses the name of the user can access the objects in the ViewDefault view (OID: 1.3.6.1). If the local engine ID is set or changed, the existing SNMPv3 user will be deleted.

If authentication and privacy have been enabled for the user group, the following authentication and privacy modes can be configured for the data transmitted on the network.

Step 10 Configure the destination IP address for receiving traps and error codes.On an IPv4 network, run:

snmp-agent target-host trap address udp-domain ip-address [ udp-port port-number | source interface-type interface-number | [ public-net | vpn-instance

Issue 01 (2013-11-05) Huawei Proprietary and Confidential

Copyright © Huawei Technologies Co., Ltd.

30 vpn-instance-name ] ] * params securityname security-name [ v3 [ authentication | privacy ] | private-netmanager | notify-filter-profile profile-name | ext-vb ] * On an IPv6 network, run:

snmp-agent target-host trap ipv6 address udp-domain ipv6-address [ udp-port port-number ] params securityname security-name [ v3 [ authentication | privacy ] | private-netmanager | notify-filter-profile profile-name | ext-vb ] *

Note the following when running the command:

The default destination UDP port number is 162. To ensure secure communication between the NMS and managed devices, run the udp-port command to change the UDP port number to a non-well-known port number. The parameter security-name identifies devices that send traps on the NMS. If the NMS and managed device are both Huawei products, the parameter private-netmanager can be configured to add more information to trap messages, such as the alarm type, alarm serial number, and alarm sending time. The information will help you locate and solve problems more quickly.

The value of security-name must be the same as the created user name. Otherwise, the NMS cannot access the managed device.

Step 11 (Optional) Run:

snmp-agent sys-info { contact contact | location location }

The equipment administrators contact information or location is configured.

By default, the vendor's contact information is "R&D Beijing, Huawei Technologies co.,Ltd.". The default location is "Beijing China".

This step is required for the NMS administrator to view contact information and locations of the equipment administrator when the NMS manages many devices. This helps the NMS administrator to contact the equipment administrators for fault location and rectification.

Step 12 (Optional) Run:

snmp-agent packet max-size byte-count

The maximum size of SNMP messages that the device can receive and send is set.

By default, the maximum size of SNMP messages is 12000 bytes.

When the size of an SNMP message is larger than the configured value, the device discards the SNMP message. To ensure that NMS can process SNMP packets properly, set the parameter byte-count based on the maximum size of an SNMP packet that the NMS can process.

----End

Can the OSN 1500 Support 3G/LTE Mobile Backhaul

Yes, the OSN 1500 Support 3G/LTE Mobile Backhaul.

To address 3G/LTE mobile backhauling requirements, Huawei's equipment provides complete transmission solutions in the packet domain, converging and grooming services at the core layer of a wireless network.

And the OSN 1500 has this feature: Universal Switch Architecture, Multi-Service Transmission
With a universal switch architecture, Huawei SDH the OptiX OSN equipment meets requirements for bearing conventional services and the growing number of packet services.

Does the DHCP Server Support Super VLAN?

Question 1 : Does the DHCP Server Support Super VLAN?

Answer1 : The DHCP server supports super VLAN on the S3700/S5700/S6700 (from V100R006C00).

Question 2 : Does the DHCP Relay Support Gateway Failover?

cThe DHCP relay on the S3700/S5700/S6700 (from V100R006C00) supports gateway failover.Not the Huawei S2700.

When the master gateway fails to obtain IP addresses, the slave gateways take over and obtain IP addresses.

Question 3 : Does the DHCPv6 Relay Support PD-Relay?

Question 3 : The DHCPv6 relay supports the Prefix Delegation with DHCP (DHCPv6-PD) on the S3700/S5700/S6700 (from V100R006C00). You can view, automatically generate, or manually configure routing information in the DHCPv6-PD table. The routing information in the

DHCPv6-PD table does not get lost after the S3700/S5700/S6700 restarts.

Question 4: Does the DHCP Relay Support Round Robin on the S3700/S5700/S6700?

Question 4 : The S3700/S5700/S6700 supports round robin from the V100R006C00 version. By default, round robin is disabled. You can enable the round robin function by configuring ip relay address cycle in the system view.

Question 5 : When Should the DHCP Server Start to Ping the DHCP Client?

Question 5: From V100R006C00, upon receiving the discover packet, the S3700/S5700/S6700 starts to ping the IP addresses that the DHCP server will assign to the client. The details are in the command of dhcp server ping.