We have been using Huawei equipment for a long time in . Recently we and when adding new devices, there was an idea to share a certain checklist or a collection of basic settings with examples.
There are many similar instructions on the web for users of Cisco equipment. However, there are few such articles for Huawei and sometimes you have to look for information in the documentation or collect it from several articles. We hope it will be useful, let's go!
The article will describe the following points:
First connection
Connecting to the switch via the console interface
By default, Huawei switches are shipped without preconfiguration. Without a configuration file in the switch's memory, the ZTP (Zero Touch Provisioning) protocol starts when it is turned on. We will not describe this mechanism in detail, we only note that it is convenient when working with a large number of devices or for remote configuration. Overview of ZTP .
For initial setup without using ZTP, a console connection is required.
Connection options (quite standard)
Transmission rate: 9600
Data bit (B): 8
Parity bit: None
Stop bit (S): 1
Flow control mode: None
After connecting, you will see a request to set a password for the console connection.
Set a password for the console connection
An initial password is required for the first login via the console.
Continue to set it? [Y/N]: y
Set a password and keep it safe!
Otherwise you will not be able to login via the console.
Please configure the login password (8-16)
Enter Password:
Confirm Password:
Just enter a password, confirm it and you're done! You can then change the password and other authentication parameters on the console port using the following commands:
Password change example
system view
[~HUAWEI] user interface console 0
[~HUAWEI-ui-console0] authentication-mode password
[~HUAWEI-ui-console0] set authentication password cipher <password>
[*HUAWEI-ui-console0] c
Stacking setup (iStack)
After gaining access to the switches, you can optionally configure the stack. Huawei CE uses iStack technology to combine multiple switches into a single logical device. The stack topology is a ring, i.e. It is recommended to use at least 2 ports on each switch. The number of ports depends on the desired communication speed of the switches in the stack.
It is advisable to use uplinks when stacking, the speed of which is usually higher than that of ports for connecting end devices. Thus, you can get more bandwidth with fewer ports. Also, for most models there are restrictions on the use of gigabit ports for stacking. It is recommended to use at least 10G ports.
There are two configuration options that differ slightly in the sequence of steps:
Preliminary configuration of switches with their subsequent physical connection.
First, installing and connecting switches to each other, then configuring them to work in a stack.
The sequence of actions for these options is as follows:
Steps for Two Switch Stacking Options
Consider the second (longer) option for setting up the stack. To do this, follow these steps:
We plan work taking into account the probable downtime. We compose a sequence of actions.
We carry out installation and cable connection of switches.
We configure the basic stack parameters for the master switch:
[~HUAWEI] stack
3.1. We set the parameters we need
#
stack member 1 renumber X — where X is the new switch ID in the stack. By default, ID = 1
and you can leave the default ID for the master switch.
#
stack member 1 priority 150 - Specify the priority. The switch with the largest
priority will be assigned by the stack master switch. Priority value
default: 100.
#
stack member { member-id | all } domain — assign a Domain ID for the stack.
By default, domain ID is not set.
#
Example:
system view
[~HUAWEI] sysname SwitchA
[Huawei] c
[~SwitchA] stack
[~SwitchA-stack] stack member 1 priority 150
[SwitchA-stack] stack member 1 domain 10
[SwitchA-stack] quit
[SwitchA] c
3.2 Configuring the stacking port interface (example)
[~SwitchA] interface stack port 1/1
[SwitchA-Stack-Port1/1] port member-group interface 10ge 1/0/1 to 1/0/4
Warning: After the configuration is complete,
1.The interface(s) (10GE1/0/1-1/0/4) will be converted to stack mode and be configured with the
port crc-statistics trigger error-down command if the configuration does not exist.
2.The interface(s) may go Error-Down (crc-statistics) because there is no shutdown configuration on the interfaces.Continue? [Y/N]: y
[SwitchA-Stack-Port1/1] c
[~SwitchA-Stack-Port1/1] return
Next, you need to save the configuration and reboot the switch:
save
Warning: The current configuration will be written to the device. continue? [Y/N]: y
reboot
Warning: The system will reboot. continue? [Y/N]: y
4. Disable Stacking Ports on the Master Switch (Example)
[~SwitchA] interface stack port 1/1
[*SwitchA-Stack-Port1/1] shutdown
[*SwitchA-Stack-Port1/1] c
5. We configure the second switch in the stack by analogy with the first:
system view
[~HUAWEI] sysname SwitchB
[*HUAWEI] c
[~SwitchB] stack
[~SwitchB-stack] stack member 1 priority 120
[*SwitchB-stack] stack member 1 domain 10
[*SwitchB-stack] stack member 1 renumber 2 inherit-config
Warning: The stack configuration of member ID 1 will be inherited to member ID 2
after the device resets. continue? [Y/N]: y
[*SwitchB-stack] quit
[*SwitchB] c
Set up ports for stacking. Note that even though the command “stack member 1 renumber 2 inherit-config”, member-id in the configuration is used with the value “1” for SwitchB.
This happens because the member-id of the switch will be changed only after a reboot, and before it the switch still has a member-id equal to 1. The parameter “inherit-config” is just needed so that after the switch is rebooted, all stack settings are saved for member 2, which will be the switch, because its member ID has been changed from value 1 to value 2.
[~SwitchB] interface stack port 1/1
[*SwitchB-Stack-Port1/1] port member-group interface 10ge 1/0/1 to 1/0/4
Warning: After the configuration is complete,
1.The interface(s) (10GE1/0/1-1/0/4) will be converted to stack
mode and be configured with the port crc-statistics trigger error-down command if the configuration does
doesn't exist.
2.The interface(s) may go Error-Down (crc-statistics) because there is no shutdown configuration on the
interfaces.
continue? [Y/N]: y
[*SwitchB-Stack-Port1/1] c
[~SwitchB-Stack-Port1/1] return
Reboot SwitchB
save
Warning: The current configuration will be written to the device. continue? [Y/N]: y
reboot
Warning: The system will reboot. continue? [Y/N]: y
6. Enable stacking ports on the master switch. It is important to have time to enable the ports before the reboot of Switch B is completed, because. if you turn them on after, switch B will go into reboot again.
[~SwitchA] interface stack port 1/1
[~SwitchA-Stack-Port1/1] undo shutdown
[*SwitchA-Stack-Port1/1] c
[~SwitchA-Stack-Port1/1] return
7. Check the operation of the stack with the command “display stack"
Example of command output after correct configuration
display stack
---------------------------
MemberID Role MAC Priority DeviceType Description
---------------------------
+1 Master 0004-9f31-d520 150 CE6850-48T4Q-EI
2 Standby 0004-9f62-1f40 120 CE6850-48T4Q-EI
---------------------------
+ indicates the device where the activated management interface resides.
8. Save the stack configuration with the command “save". Setup completed.
и can also be viewed on the Huawei website.
Access settings
Above we worked through a console connection. Now we need to somehow connect to our switch (stack) over the network. To do this, it needs an interface (one or more) with an IP address. Typically, for a switch, the address is assigned to an interface in the management VLAN or to a dedicated management port. But here, of course, it all depends on the connection topology and the functional purpose of the switch.
Example of address setting for VLAN interface 1:
[~HUAWEI] interface vlan 1
[~HUAWEI-Vlanif1] ip address 10.10.10.1 255.255.255.0
[~HUAWEI-Vlanif1] c
You can first explicitly create a Vlan and assign a name to it, for example:
[~Switch] vlan 1
[*Switch-vlan1] name TEST_VLAN (VLAN name is optional)
There is a little life hack in terms of naming - write the names of logical structures in capital letters (ACL, Route-map, sometimes VLAN names) to make it easier to find them in the configuration file. You can take "armament" 😉
So, we have a VLAN, now we “land” it on some port. For the option described in the example, this is not necessary, because. all switch ports are by default in VLAN 1. If we want to configure a port in another VLAN, we use the appropriate commands:
Port setting in access mode:
[~Switch] interface 25GE 1/0/20
[~Switch-25GE1/0/20] link-type access port
[~Switch-25GE1/0/20] port access vlan 10
[~Switch-25GE1/0/20] c
Port configuration in trunk mode:
[~Switch] interface 25GE 1/0/20
[~Switch-25GE1/0/20] link-type trunk port
[~Switch-25GE1/0/20] port trunk pvid vlan 10 specify native VLAN (frames in this VLAN will not have a tag in the header)
[~Switch-25GE1/0/20] port trunk allow-pass vlan 1 to 20 allow only VLAN tagged from 1 to 20 (for example)
[~Switch-25GE1/0/20] c
We figured out the interface settings. Let's move on to the SSH configuration.
We give only the required set of commands:
Assigning a name to the switch
system view
[~HUAWEI] sysname SSH Server
[*HUAWEI] c
Generating keys
[~SSH Server] rsa local-key-pair create //Generate the local RSA host and server key pairs.
The key name will be: SSH Server_Host
The range of public key size is (512 ~ 2048).
NOTE: Key pair generation will take a short while.
Input the bits in the modulus [default = 2048] : 2048
[*SSH Server] c
Setting up the VTY interface
[~SSH Server] user interface vty 0 4
[~SSH Server-ui-vty0-4] authentication-mode aaa
[SSH Server-ui-vty0-4] user privilege level 3
[SSH Server-ui-vty0-4] protocol inbound ssh
[*SSH Server-ui-vty0-4] quit
Create a local user "client001" and set up password authentication for it
[SSH Server] aaa
[SSH Server-aaa] local-user client001 password irreversible-cipher
[SSH Server-aaa] local-user client001 level 3
[SSH Server-aaa] local-user client001 service-type ssh
[SSH Server-aaa] quit
[SSH Server] ssh user client001 authentication-type password
Activate the SSH service on the switch
[~SSH Server] stenet server enable
[*SSH Server] c
Final touch: setting up service-tupe for user client001
[~SSH Server] ssh user client001 service-type stelnet
[*SSH Server] c
Setup completed. If you did everything right, then you can connect to the switch via the local network and continue working.
More details on setting up SSH can be found in the Huawei documentation - и .
Configuring Basic System Settings
In this block, we will consider a small number of different command blocks for configuring the most popular features.
1. Setting the system time and its synchronization via NTP.
You can use the following commands to set the time locally on the switch:
clock time zone { add | minus}
clock datetime [ utc ] HH:MM:SS YYYY-MM-DD
Example of setting the time locally
clock time zone MSK add 03:00:00
clock datetime 10:10:00 2020-10-08
To synchronize time via NTP with the server, enter the following command:
ntp unicast server [ version number | authentication-keyid key-id | source-interface interface-type
Example command for time synchronization via NTP
ntp unicast-server 88.212.196.95
c
2. To work with the switch, sometimes you need to configure at least one route - the default route or default route. The following command is used to create routes:
ip route-static ip-address { mask | mask-length } { nexthop-address | interface-type interface-number [nexthop-address] }
An example command for creating routes:
system view
ip route-static 0.0.0.0 0.0.0.0 192.168.0.1
c
3. Setting the operating mode of the Spanning-Tree protocol.
For the correct use of a new switch in an existing network, it is important to pay attention to the choice of the STP operating mode. Also, it would be nice to immediately set it up. We will not stop here for a long time, because. the topic is quite broad. Let us describe only the modes of operation of the protocol:
stp mode { stp | rstp | mstp | vbst } - in this command, select the mode we need. Default mode: MSTP. It is also the recommended mode for working on Huawei switches. Backwards compatible with RSTP is available.
Example
system view
stp mode mstp
c
4. An example of setting up a switch port for connecting an end device.
Consider an example of configuring an access port to process traffic in VLAN10
[SW] interface 10ge 1/0/3
[SW-10GE1/0/3] link-type access port
[SW-10GE1/0/3] default port vlan 10
[SW-10GE1/0/3] stp edged-port enable
[*SW-10GE1/0/3] quit
Pay attention to the commandstp edged-port enable” - it allows you to speed up the process of transitioning the port to the forwarding state. However, this command should not be used on ports to which other switches are connected.
Also, the command “stp bpdu-filter enable".
5. An example of configuring a Port-Channel in LACP mode for connecting to other switches or servers.
Example
[SW] interface eth-trunk 1
[SW-Eth-Trunk1] link-type trunk port
[SW-Eth-Trunk1] port trunk allow-pass vlan 10
[SW-Eth-Trunk1] mode lacp-static (or you can use lacp-dynamic)
[SW-Eth-Trunk1] quit
[SW] interface 10ge 1/0/1
[SW-10GE1/0/1] eth-Trunk 1
[SW-10GE1/0/1] quit
[SW] interface 10ge 1/0/2
[SW-10GE1/0/2] eth-Trunk 1
[*SW-10GE1/0/2] quit
Don't forget about "c” and further we are already working with the interface eth trunk 1.
You can check the status of the aggregated link with the command “display eth-trunk".
We have described the main points of configuring Huawei switches. Of course, you can dive even deeper into the topic and a number of points are not described, but we tried to show the main, most popular commands for initial setup.
We hope that this “manual” will help you set up the switches a little faster.
It will also be great if you write in the comments the commands that you think are missing in the article, but they can also simplify the configuration of the switches. Well, as usual, we will be happy to answer your questions.
Source: habr.com
