Example for Configuring Communication Between VLANs Using VLANIF Interfaces

Huawei AR150&160&200&1200&2200&3200 Series Enterprise Routers Configuration Guide - Example for Configuring Communication Between VLANs Using VLANIF Interfaces

Networking Requirements

As shown in Figure 1, Ethernet 2/0/1 of the Router is connected to the uplink interface of SwitchA.

On SwitchA, the downlink interface Ethernet 2/0/1 is added to VLAN 10 and the downlink

interface Ethernet 2/0/2 is added to VLAN 20.

PC1 in VLAN 10 and PC2 in VLAN 20 need to communicate with each other

Figure 1 Network diagram for communication between VLANs through VLANIF interfaces

Configuration Roadmap

The configuration roadmap is as follows:

1. Add Ethernet interfaces to the VLAN.

2. Configure VLANIF interfaces.

Procedure

Step 1 Configure the Router.

# Create VLANs.

<Huawei> system-view

[Huawei] sysname Router

[Router] vlan batch 10 20

# Add interfaces to the VLANs.

[Router] interface ethernet 2/0/1

[Router-Ethernet2/0/1] port link-type trunk

[Router-Ethernet2/0/1] port trunk allow-pass vlan 10 20

[Router-Ethernet2/0/1] quit

# Assign IP addresses to the VLANIF interfaces.

[Router] interface vlanif 10

[Router-Vlanif10] ip address 10.10.10.1 24

[Router-Vlanif10] quit                   

[Router] interface vlanif 20

[Router-Vlanif20] ip address 20.20.20.1 24

[Router-Vlanif20] quit

Step 2 Configure SwitchA.

# Create VLANs.

<Huawei> system-view

[Huawei] sysname SwitchA

[SwitchA] vlan batch 10 20

# Add interfaces to the VLANs.

[SwitchA-Ethernet2/0/1] port link-type access

[SwitchA-Ethernet2/0/1] port default vlan 10

[SwitchA-Ethernet2/0/1] quit

[SwitchA] interface ethernet 2/0/2

[SwitchA-Ethernet2/0/2] port link-type access

[SwitchA-Ethernet2/0/2] port default vlan 20

[SwitchA-Ethernet2/0/2] quit

[SwitchA] interface ethernet 2/0/3

[SwitchA-Ethernet2/0/3] port link-type trunk

[SwitchA-Ethernet2/0/3] port trunk allow-pass vlan 10 20

[SwitchA-Ethernet2/0/3] quit

Step 3 Verify the configuration.

On PC1 in VLAN 10, configure the default gateway address as the IP address of VLANIF 10 (in this example: 10.10.10.1/24).

On PC2 in VLAN 20, configure the default gateway address as the IP address of VLANIF 20 (in this example: 20.20.20.1/24).

After the configuration is complete, PC1 in VLAN 10 can communicate with PC2 in VLAN 20.

----End

Configuration Files

Configuration file of the Router

#

sysname Router

#

vlan batch 10 20

#

interface Vlanif10

ip address 10.10.10.1 255.255.255.0

#

interface Vlanif20

ip address 20.20.20.1 255.255.255.0

#

interface Ethernet2/0/1

port link-type trunk

port trunk allow-pass vlan 10 20

#

return

Configuration file of SwitchA

#

sysname SwitchA

#

vlan batch 10 20

#

interface Ethernet2/0/1

port link-type access

port default vlan 10

#

interface Ethernet2/0/2

port link-type access

port default vlan 20

#

interface Ethernet2/0/3

port link-type trunk

port trunk allow-pass vlan 10 20

#

Return

More related:

Example for Outputting Logs to the Log File
Example for Configuring the PPPoE Client on Huawei AR1200
Example for Configuring Local Port Mirroring to Monitor User Behaviors
How Do I Use the Web System to Log In to the Switch?

Applications for Huawei S5300 Switches

Huawei S5300 Switches Applications 

Application on Large-Scale Enterprise Networks

The S5300HI functions as the access device and aggregation device on large-scale enterprise networks and improves network reliability by link binding, dual-homing, and ringing.

Application in Data Centers

The S5300 can be used in a data center to access the gigabit server and connect to upper-layer devices by link aggregation. If multiple servers are available, you can use the stacking technology to improve network reliability.

CPE and UPE

The S5306TP-LI can be used as a CPE switch and the S5300HI can be used as a UPE switch.

The S5306 and the S5300HI can provide high-quality leased line for enterprises by using powerful hardware OAM.

More related topics:

Huawei 5300 switch basic configuration

Huawei S5300 new software version V200R003C00 release

The applications of Huawei S5300 series switches

Huawei S2300 vs S3300 vs S5300 vs S9300

Huawei S series switches stack connection topology 

S2700/S3700/ S5700 Switch PoE Power Supply

What Are the Differences Between a PoE Power Supply Unit and a Common Power Supply Unit on a Quidway S2700/S3700/ S5700 Huawei Switch?

Answer:

On a S2700/S3700/S5700 switch, a PoE power supply unit and a common power supply unit differ in their appearance and functions.

l Figure 1-1, Figure 1-2, and Figure 1-3 show their appearance. A PoE power supply unit

has a fan, but a common power supply unit does not.

Figure 1-1 Common power supply unit

Figure 1-2 250 W PoE power supply unit

Figure 1-3 500 W PoE power supply unit

A PoE power supply unit can provide power for both the entire device and the PDs, whereas a common power supply unit can provide power for only the entire device.

More topic about Huawei S5700:

HUAWEI QUIDWAY S5700 SWITCH CONFIGURATION

POWERFUL FUNCTION – HUAWEI SWITCH S5700-24TP-SI-AC

HOW TO RESTORE FACTORY DEFAULT S5700-24TP-PWR-SI VIA BOOTMODE

Cassette design, Huawei S5700-52C-SI USD 1512.00 on huanetwork.com

The S5700 series Gigabit enterprise switches are next-generation energy-saving switchesdeveloped by Huawei to meet the demand for high-bandwidth access and Ethernet multi-serviceaggregation

Huawei S5700, S5700-52C-SI Mainframe (48 10/100/1000Base-T, Dual Slots ofpower, Without Flexible Card and Power Module)

The Huawei S5700-52C-SI price

Huawei S5700-52C-SI is positioning in the enterprise multi task network switches, using store and forward mode, VLAN support, is the choice for many enterprises. Now best price on huanetwork.com, USD 1512.00

Customers interested in purchasing S5700-52C-SI, please refer to below links:

http://www.huanetwork.com/huawei-s5700-52c-si-price_p586.html

The Huawei S5700-52C-SI review

Huawei S5700-52C-SI adopts cassette design, chassis height is 1U, supports of the two layer and three layer. It has 48 10/100/1000Base-T, 4 100/1000Base-X Gigabit Combo support RPS 12V redundant power supplies, support USB port, 2 expansion slots, packet forwarding rate is 132Mpps, exchange capacity for 256G, performance is very strong.

S5700-52C-SI Specification and datasheet

Port	Forty-eight 10/100/1000Base-T ports
Forwarding performance	132  Mpps
Extended slot	Two extended slots, one for an uplink subcard and the other for for a stack card.
MAC address table	IEEE 802.1d compliance 16 K MAC address entries MAC address learning and aging Static, dynamic, and blackhole MAC address entries Packet filtering based on source MAC addresses
VLAN	4 K VLANs Guest VLAN and voice VLAN VLAN assignment based on MAC addresses, protocols, IP subnets, policies, and ports 1:1 and N:1 VLAN Mapping SuperVLAN
Reliability	RRPP ring topology and RRPP multi-instance Smart Link tree topology and Smart Link multi-instance, providing the millisecond-level protection switchover SEP STP, RSTP, and MSTP BPDU protection, root protection, and loop protection E-Trunk
IP routing	Static routing, ECMP RIPv1, RIPv2 and RIPng
IPv6 features	Neighbor Discovery (ND) Path MTU (PMTU) IPv6 ping, IPv6 tracert, and IPv6 Telnet ACLs based on the source IPv6 address, destination IPv6 address, Layer 4 ports, or protocol type MLD v1/v2 snooping 6to4 tunnel, ISATAP tunnel, and manually configured tunnel
Multicast	IGMP v1/v2/v3 snooping and IGMP fast leave Multicast forwarding in a VLAN and multicast replication between VLANs Multicast load balancing among member ports of a trunk Controllable multicast Port-based multicast traffic statistics
QoS/ACL	Rate limiting on packets sent and received by an interface Packet redirection Port-based traffic policing and two-rate three-color CAR Eight queues on each port WRR, DRR, SP, WRR+SP, and DRR+SP queue scheduling algorithms Re-marking of the 802.1p priority and DSCP priority Packet filtering at Layers 2 through 4, filtering out invalid frames based on the source MAC address, destination MAC address, source IP address, destination IP address, port number, protocol type, and VLAN ID Rate limiting in each queue and traffic shaping on ports
Security	User privilege management and password protection DoS attack defense, ARP attack defense, and ICMP attack defense Binding of the IP address, MAC address, interface, and VLAN Port isolation, port security, and sticky MAC Blackhole MAC address entries Limit on the number of learned MAC addresses 802.1x authentication and limit on the number of users on an interface AAA authentication, RADIUS authentication, HWTACACS authentication, and NAC SSH v2.0 Hypertext Transfer Protocol Secure (HTTPS) CPU defense Blacklist and whitelist
OAM	Supports
Management and maintenance	Stacking MAC Forced Forwarding (MFF) Virtual cable test Port mirroring and RSPAN (remote port mirroring) Remote configuration and maintenance by using Telnet SNMP v1/v2/v3 RMON Web NMS HGMP System logs and alarms of different levels GVRP MUX VLAN
Operating environment	Operating temperature: 0°C–50°C (long term); -5°C–55°C (short term) Relative humidity: 10%–90% (non-condensing)
Input voltage	AC: Rated voltage range: 100 V to 240 V AC, 50/60 Hz Maximum voltage range: 90 V to 264 V AC, 50/60 Hz DC: Rated voltage range: –48 V to –60 V, DC Maximum voltage range: –36 V to –72 V DC
Dimensions: width x depth x height	442 mm x 420 mm x 43.6 mm
Power consumption	<78W

Huawei S9300: Example for Logging In to the Device Through a Console Port

Huawei S9300: Example for Logging In to the Device Through a Console Port

Networking Requirements

When you cannot remotely log in to the device, you can perform local login through a console port. If you log in to the device through a console port, only password authentication is required. To improve security, use AAA on the console user interface.

Configuration Roadmap

The configuration roadmap is as follows:

1. Use the terminal simulation software to log in to the device through a console port.

2. Configure the authentication mode of the console user interface.

Procedure

Step 1 Use the terminal simulation software to log in to the device through a console port.

1. Insert the DB9 connector of the console cable delivered with the product to the 9-pin serial port on the PC, and insert the RJ45 connector to the console port of the device, as shown in Figure 2.

2. Start the terminal simulation software on the PC. Establish a connection, and set the

connected port and communication parameters.

NOTE

A PC may have multiple connection ports; therefore, the port connected through the console cable is selected in this example. Generally, COM1 is selected.

If the serial port communication parameters of the device are modified, modify the communication parameters on the PC accordingly (ensure that the parameter values are the same) and re-establish the connection.

3. Press Enter until the system prompts you to enter the password. (The system will prompt you to enter the user name and password in AAA authentication. The following information is only for reference.)

Login authentication

Password:

You can run commands to configure the device. Enter a question mark (?) whenever you

need help.

Step 2 Configure the authentication mode of the console user interface.

<Quidway> system-view

[Quidway] user-interface console 0

[Quidway-ui-console0] authentication-mode aaa

[Quidway-ui-console0] user privilege level 15

[Quidway-ui-console0] quit

[Quidway] aaa

[Quidway-aaa] local-user huawei password cipher Huawei@123

[Quidway-aaa] local-user huawei privilege level 3

[Quidway-aaa] local-user huawei service-type terminal

After the preceding operations, you can re-log in to the device on the console user interface only

by entering the user name huawei and password Huawei@123.

----End

Configuration Files

#

aaa

local-user huawei password cipher %$%$]*6iWr7EVM|uc:"B/A=FF}tk%$%$

local-user huawei privilege level 3

local-user huawei service-type terminal

#

user-interface con 0

authentication-mode aaa

user privilege level 15

#

return

The popular huawei S9300 switch, please click the below links:

Huawei 9306

Huawei 9303

Huawei S9312

The switch failure troubleshooting steps (3)

3, general troubleshooting steps for switch failure: such as S5700-28P-PWR-LI-AC and S3700-52P-EI-24S-AC, as I use them most time.

Fault switch diversity, different faults have different forms. Failure analysis to the various phenomena of flexibility in the use of elimination method (such as the exclusion of hair,comparative method, substitution method), locate the faults, and excluded in a timely manner.

(1) elimination method:

When we face failure phenomena and analyze problems, inadvertently will have learned to use exclusion method to determine the fault direction. This method refers to the fault phenomenonon the basis of the observed, as comprehensive as possible to enumerate all possible faults,and then analyzed, excluding. In the rule to follow is simplicity to complexity, improve the efficiency of. Fault using this method can deal with all kinds of maintenance personnel, but needstrong logical thinking, have a comprehensive understanding to exchange knowledge.

(2) contrast method:

The so-called contrast method, is to use existing, the same model and to the normal operation of the switch as a reference object, make the comparison between the switch and fault, so as tofind the point of failure. The method is simple and effective, especially the fault systemconfiguration, simply compare can identify different point configuration, but sometimes to findmodels of the same configuration, the same switch is not an easy thing.

(3) the replacement method:

This is the most commonly used method, method is used frequently in the repair of computer.Replacement method refers to replace faulty components use may switch components of normal, to find the fault point. It is mainly used for hardware diagnostics, but need to pay attention to is, replacement parts must be the same brand, same type of similar switch caixing.

Of course, in order to make the pilot work of rule-based, we can in the fault analysis, in accordance with the following principles to analyze.

1, from far to near

Because of the general applause switch (such as: port fault) are discovered by the connectionfrom the client computer, so often to check. We can follow the client computer - > port module - > horizontal cable - > jumper - > switch such a route, inspect, first remove the remote fault may.

2, from outside to inside

If the switch faults exist, we can first light from the various external, then according to the fault indicator, then check whether the corresponding components of internal problems. For example,the POWER LED light indicates the power supply is normal, put out that no power supply; LINKLEDs yellow said it the connection in 10Mb/s, green is 100 Mb/s, extinguished said there was noconnection, flashes that port is closed manually administrator RDP LED said; redundant power supply; MGMT LED said the administrator module. Whether from the outside of the fault lies,must log switch to determine the specific problem, and troubleshooting measures.

3, from soft to hard

Failure, who do not want to touch the screwdriver to open the switch again, so at the time of the inspection, always start with the system configuration or system software to check. If the software does not solve the problem, and that is hardware problem. For example, a port is notgood, we can check the user connection port is not in the corresponding VLAN, or whether the port is to shut down the rest of the administrator, or configuration for other reasons. If theexclusion of various system and configuration may be, it can be suspected that the real problem-- a hardware failure.

4, from easy to difficult

In the face of failure analysis is more complex, must start from the simple operation or configuration to exclude. This can speed up the speed of troubleshooting, improve efficiency.

Summary:

As a result of a variety of switch failure phenomenon of diversity, there is no fixed rule steps,and some failures tend to have a clear direction, can identify. So can only be based on theconcrete analysis of concrete conditions. So need to improve yourself, to complete the task of network management better.

The switch failure troubleshooting steps (2)

2, software failure for switch:

Software fault switch is refers to the fault system and its configuration, it can be divided into the following categories.

(1) the system error:

Switch system is the combination of hardware and software. There is a refresh read only memory in the switch, it is necessary to save the software system which switches. This kind ofmistake and our common Windows, like Linux, due to the design, there are some loopholes, inthe right conditions, can cause packet loss, packet switch, load fault conditions. So the switch system provides such as Web, TFTP to download and update system. In the course of theupgrade of the system, it may cause an error.

For such problems, we need to develop the habit of often browse equipment manufacturers website habits, if a new system or new patch, please update.

(2) improper configuration:

Beginners are not familiar with the switch, or because of various kinds of switch configuration is not the same, administrators often occurs in configuring the switch configuration error. For example, VLAN partition due to incorrect network impassability, port is mistakenly closed model,configure the switch and network card does not match. This kind of fault is sometimes hard tofind, need certain experience accumulation. If you can't ensure user configuration problem,please restore factory default configuration, and then configure the step by step. The bestbefore configuration, first read the instruction, one of which is to develop the habit of network management. Each switch has the installation manual, detailed user manual, into each modulehas a detailed explanation. Because a lot of switch manual is written by English, so English bad user can show the supplier engineer after the Advisory specific configuration.

(3) lost password:

This may be each administrator has ever experienced. If you forget your password, can through the operation of certain steps to recover or reset the system password. Some are relativelysimple, press a button on the switch can be. While others need to be resolved by the steps to a certain.

This kind of situation in general artificial forgotten or switch failure cause data loss occurs.

(4) external factors:

Because the virus or hacker attack conditions exist, there may be a host to send the connectionport number is not in conformity with the encapsulation rules packet switch processor, cause too busy, the data packet not forwarding, which led to the emergence of packet loss phenomenon of buffer overflow. There is a situation in which the broadcast storm, it will not only occupy a large amount of network bandwidth, but also will occupy the CPU a lot of processing time. Network iflong time is occupied by a large number of broadcast packets, the normal point ofcommunication can not be normal, network speed will be slow or paralysis.

A card or a port failure, are likely to cause broadcast storm. Because the switch can onlyseparate collision domains, but can not break up broadcast domains (no division in the case of VLAN), so when the number of broadcast packets accounted for 30% of the totalcommunication, network transmission efficiency will be decreased.

Rather than hardware failure is difficult to find in general software fault, problem solving, may not need to spend too much money, but need more time. It is best to develop the habit of recordinglog in daily work. Whenever fault occurs, completes the fault phenomenon, fault analysis, faultrecording process solutions, fault classified summary of work in a timely manner, to accumulatetheir experience. For example, sometimes in the configuration, due to various reasons, there was no influence on network or found no problem, but perhaps a few days later the problem willgradually appear. If the log records, you can associate a few days before the configurationerror. Because a lot of time will ignore this point, thought is the problem on the other hand, whenafter many detours, to find the problem. So the log records and the maintenance of informationis very necessary.

The switches S5700-52C-PWR-EI, S5700-52C-EI are on sale for huanetwork.com.