Managed Switch: Confs
shortcuts:
c-w: delete word before
c-a: move to first char
c-y: delete everything after cursor
c-z: exit to user-view
c-n, c-p: trivial
c-b, c-f: backward, forward a char
c-h: delete char before
Differences between Huawei and Cisco:
enter system/config mode: sys<tab><cr>/config t
configuring ports: interface TYPE PORTID/interface TYPE PORTID
create vlanif using: vlan id
uncreate vlanif: undo vlan id..
what differes Huawei and Cisco is undo/no to undo certain jobs..
also note..: display/show ..
cisco add port to vlan: switchport mode access/trunk
cisco set port to vlan id: switchport access vlan 1/ switchport trunk allowed vlan 1-99
common commands:
display vlan
display vlan summary
display port
display ip interface brief
display ip interface vlanif 100
--Quote:
[SW2]vlan batch 10 12 to 25 //连续创建vlan
[SW2]dsi
[SW2]dis
[SW2]display int
[SW2]display interface brief
[SW2]display interface brief
PHY: Physical
*down: administratively down
^down: standby
(l): loopback
(s): spoofing
(b): BFD down
(d): Dampening Suppressed
InUti/OutUti: input utility/output utility
Interface PHY Protocol InUti OutUti inErrors outErrors
Ethernet0/0/0 up -- 0% 0% 0 0
Ethernet0/0/1 up -- 0% 0% 0 0
NULL0 up up(s) 0% 0% 0 0
Vlanif1 up up -- -- 0 0
Vlanif2 up up -- -- 0 0
Vlanif3 up up -- -- 0 0
[SW2]int ethernet 0/0/0
[SW2-Ethernet0/0/0]port link-ty
[SW2-Ethernet0/0/0]port link-type trunk
Error: The port cannot be configured with the trunk link-type VLAN and default VLAN simultaneously. 端口之前已经为Trunk模式了
[SW2-Ethernet0/0/0]port trunk allow-pass vlan all
[SW2-Ethernet0/0/0]quit
[SW2]vlan 10
[SW2-vlan10]port ethernet 0/0/0 //Trunk模式的端口可以加入vlan 10
[SW2-vlan10]quit
[SW2]user-
[SW2]user-interface vty 0 4
[SW2-ui-vty0-4]authen
[SW2-ui-vty0-4]authentication-mode aaa //认证模式aaa 本地认证用户名和密码 password 认证密码 none 不需要密码
[SW2-ui-vty0-4]quit
[SW2]aaa ///进入aaa 模式
[SW2-aaa]local
[SW2-aaa]local-user zhangsan //创建本地用户
^
Error: Incomplete command found at '^' position.
[SW2-aaa]local-user zhangsan ?
access-limit Access limit
ftp-directory Set user FTP directory permitted
idle-cut Configure idle cut
level Configure user privilege
password String of plain text password
service-type Service types for authorized users
state Activate/block the user(s)
user-type The Type of authorized Users
[SW2-aaa]local-user zhangsan ps
[SW2-aaa]local-user zhangsan pa
[SW2-aaa]local-user zhangsan password ?
cipher Display the current password with cipher text
simple Display the current password with plain text
[SW2-aaa]local-user zhangsan password si
[SW2-aaa]local-user zhangsan password simple zhangsan123 ?
<cr>
[SW2-aaa]local-user zhangsan password simple zhangsan123
[SW2-aaa]local-user zhangsan ?
access-limit Access limit
ftp-directory Set user FTP directory permitted
idle-cut Configure idle cut
level Configure user privilege
password String of plain text password
service-type Service types for authorized users
state Activate/block the user(s)
user-type The Type of authorized Users
[SW2-aaa]local-user zhangsan se
[SW2-aaa]local-user zhangsan service-type ?
ftp FTP user
ppp PPP user
ssh SSH user
telnet Telnet user
terminal Terminal user
[SW2-aaa]local-user zhangsan service-type tel
[SW2-aaa]local-user zhangsan service-type telnet
--------------original article above, here are the notes to be carefully read--------
Do not connect 2 ports on single switch together, even they are on differenct vlans, otherwise either port will be blocked due to STP.
It is not suggested to blocke STP to enable connection directly between 2 vlans. According to cisco, they should be connected through Layer 3 routing, means they should have a vlanif to route.
But in my case, the 2 ports are on the same subnet.. Thus cannot create 2 vlanifs on the 2 vlans(vlanifs cannot be on the same subnet), thus cannot communicate as suggested by cisco, thus only block STP can work.
----configure rouring on L3 switch---------
The L3 switch is this:
setup : (can set like below, also we can set vlanif ip address)
Switch(config)#interface fastEthernet 0/1 Switch(config-if)#no switchport Switch(config-if)#ip address 192.168.2.1 255.255.255.0 Switch(config-if)#no shut Switch(config-if)#exit Switch(config)#ip routing
-------------Learning Switch/Rtr with tools---------
We have cisco packet tracer/gns3 (Graphical Network Simulator). The former is light and easy to use, and the latter works on linux, and is more powerful.
Using gns3's router sometimes shall calculate an idle-pc value to lower down CPU usage, but what is IDLE-PC and what does it do? Check here.
<Quote>
Firstly let me say thanks to Jeremy Grossmann (principal programmer for GNS3) for helping me finally get my head around this concept. I have to admit that I’d I had only a vague idea of what was happening when I wrote this post on the GNS3 forum, but recently I decided I had to nail it.
In a nutshell:
Without an Idle-PC set, dynamips attempts to emulate instructions one at a time as fast as it can, consuming up to 100% of the available CPU.
The Idle-PC is a guess at where the Program Counter might be pointing to an idle-loop in the emulated router.
When emulator has visits this PC value Idle-Max times, it suspends itself for Idle-Sleep ms to allow other processes to get on their tasks.
Details
To understand the dynamips/GNS3 Idle-PC concept, you have to start by looking at the way software operates.
A normal piece of software generally has one or more places in the code where the program just sits in an “idle” loop – say waiting for a key press. Or a message to arrive. Or for a timer to expire to remind it to send a message.
However dynamips is a different kind of program. It is an emulator. It takes a binary image of MIPS machine code and interprets each instruction one at a time and then executes that instruction on the host computer. The basic logic is something like this:
Set the program counter (PC) to 1
Repeat forever {
Fetch MIPS instruction number PC
Emulate it on the host computer
Increment the Program Counter (PC++)
}
So there are no idle states – dynamips just screams through those instructions one at a time around and around – except that there will be many, many places where the instruction that is executed is one that changes the program counter, causing dynamips to extract the instructions in a non-linear sequence.
And some of those instructions will be be in little groups where the emulated router is sitting in an idle state – as in waiting for a packet to arrive or a key to be pressed at the console. The problem is, dynamips has no idea whether the current Program Counter (PC) is pointing to an instruction that is doing something important, or one that is just part of the few instructions that get repeated over and over in an idle loop.
Now if dynamips could somehow know that when the Program Counter (PC) was pointing to a certain pice of code that was just an idle loop, it could suspend itself for a while, so the logic would change to:
Repeat forever {
Fetch MIPS instruction number PC
Emulate it on the host computer
Increment the Program Counter (PC++)
IF the new PC is pointing to an idle loop {
THEN have a sleep and let the host computer get on with something else
ELSE continue
}
}
But dynamips has no way of knowing “IF the new PC is pointing to an idle loop” – because dynamips cannot predict future instructions nor understand them. This makes it impossible to optimise the executed code like compilers do or to know if the instructions are worth being executed.
So we make some guesses at when the Program Counter MIGHT be executing an idle loop. We call this value the Idle-PC value.
If we guess at a place where the emulated router spends a lot of idle time, then the host computer gets lots of chances to get on with other stuff. If we guess a PC (remember PC=Program Counter) where the code is only executed rarely, then the host computer will spend 100% of its CPU executing the dynamips simple loop.
Since every Cisco router image has a different set of instructions, these idle lops will be in different places on different images. But once a good Idle-PC has been found for one image, it should be good for all emulations of that image – no matter whether you are running your dynamips on a Windows computer, and OS X Macintosh, a Linux box or an iPad :J
The only other issue then, is how long and low often should dynamips sleep for when it has found the PC for the idle loop? This is where the Idle-Max and Idle-Sleep values found under the Advanced settings of the GNS3 IOS images and hypervisors dialogue come in. (Note: This feature was added to GNS3 in version 0.8.4)
Dynamips doesn’t go to sleep EVERY time the PC hits the Idle-PC. It waits until it has hit the Idle-PC Idle-Max times before sleeping for Idle-Sleep ms. That way the router still gets a chance to do the things it needs to do between visits to the Idle-PC value. If you adjust the Idle-Max too low or the Idle-Sleep too high, your emulated routers will slow to a crawl, they will loose connections with their neighbours and bad things will happen. However some folk have had good success at playing with these numbers.
To summarise:
Without an Idle-PC set, dynamips attempts to emulate instructions one at a time as fast as it can, consuming up to 100% of the available CPU.
The Idle-PC is a guess at where the Program Counter might be pointing to an idle-loop in the emulated router.
When emulator has visits this PC value Idle-Max times, it suspends itself for Idle-Sleep ms to allow other processes to get on their tasks.
Remember, if you found this post helpful, you can make it easier for others to find by giving it a good rating, or by clicking on one of the sharing options.
</Quote>
How to check traffic policy on huawei switch?
<Quote>
Procedure
- If no problem is detected in the preceding steps but the ping operation still fails, configure traffic statistics collection on the interfaces to check statistics on sent and received packets and locate the fault.
- Check traffic statistics.
Clear the existing statistics.
<HUAWEI> reset traffic policy statistics interface GigabitEthernet 0/0/10 inbound <HUAWEI> reset traffic policy statistics interface GigabitEthernet 0/0/10 outbound
Perform a ping operation and run the display command to view packet statistics.<HUAWEI> display traffic policy statistics interface GigabitEthernet 0/0/10 inbound/outbound <HUAWEI> display traffic policy statistics interface GigabitEthernet 0/0/10 inbound/outbound verbose rule-based
NOTE:
inbound indicates received packets and outbound indicates sent packets.Perform the following steps to check statistics on sent and received packets:
For example, device A pings device B.- Check whether the number of ping packets sent by device A's port is the same as the number of packets displayed. If not, the ping packets are discarded by device A.
- Check whether the number of packets sent by device A's port is the same as the number of packets received by device B's port. If not, the ping packets are discarded on the link.
- Check whether the number of packets sent by device B's port is the same as the number of packets received by device A's port. If not, the ping packets are discarded by device B.
- Check whether the number of packets returned by device B is the same as the number of packets sent by device A. If not, the ping packets are discarded on the link.
If the packets are discarded on the link, replace the link. If the packets are discarded by the PC or non-Huawei device, locate the fault on them. If the packets are discarded by Huawei switch, locate the packet loss reason or contact Huawei engineers.
- Check traffic statistics.
</Quote>
