How to Configure Validity Time Range of a Rule on Huawei S5700?

Questions:
How to configure Validity Time Range of a Rule on S5700 Huawei?

Answer:
Procedure
Run:system-view,The system view is displayed.
Run:time-range time-name { start-time to end-time days | from time1 date1 [ to time2 date2 ] },A time range is created.To configure multiple time ranges with the same name on the Switch, run the preceding command with the same value of time-name repeatedly.

 NOTE:
If multiple time ranges are configured using the same time-name value, the system takes the union of periodic time ranges and the union of absolute time ranges, and then takes the intersection of the two unions as the final time range. In this example, the name test is used to configure the following time ranges:
-Time range 1: 01.01.2010 00:00 to 31.12.2010 23:59 (absolute time range)
-Time range 2: 8:00 to 18:00 from Monday to Friday (periodic time range)
-Time range 3: 14:00 to 18:00 on Saturday and Sunday (periodic time range)
-The time range test includes 8:00-18:00 on Monday to Friday and 14:00-18:00 on Saturday and Sunday in 2010.
You are advised to configure the Network Time Protocol (NTP) to ensure that devices on the network use the same system time.

Huawei S5700 Price and Specification: http://www.huanetwork.com/huawei-switch-s5700-series-price_c79

How to Configure NTP Access Control Authority on Huawei S2700?

Questions:
How to configure NTP Access Control Authority on Huawei Quidway S2700 Quidway Switch?

Answer:
Procedure
Run:system-view,The system view is displayed.
Run:acl acl-number,A basic ACL is created.
Run:rule [ rule-id ] { deny | permit } [ source { source-ip-address source-wildcard | any } ],An ACL rule is configured.
Run:quit,Return to the system view.
Run:ntp-service access { peer | query | server | synchronization } acl-number,The access control authority of the NTP service is configured.By default, no access control authority is set.

 NOTE:
Check the configuration of the ACL rule before configuring the NTP access control authority in the ACL. When the ACL rule is permit, the peer device with the source IP address specified in this rule can access the NTP service on the local device. The access right of the peer device is configured using the ntp-service access command. When the ACL rule is deny, the peer device with the source IP address specified in this rule cannot access the NTP service on the local device.

Huawei S2700 Huawei Price and Specification: http://www.huanetwork.com/huawei-switch-s2700-series-price_c77

How to Configure Auto-Negotiation Function on Huawei S2700?

Questions:
How to configure Auto-Negotiation Function on Huawei Quidway S2700?

Answer:
Procedure
Run:system-view,The system view is displayed.
Run:interface interface-type interface-number,The interface view is displayed.
Run:negotiation auto,The Ethernet interface is configured to work in auto-negotiation mode.
Run:undo negotiation auto,The Ethernet interface is configured to work in non-auto negotiation mode.

NOTE:
-By default, the auto-negotiation function of GE interfaces does not support the flow control auto-negotiation. To configure flow control auto-negotiation, run the flow-control negotiation command.
-The interfaces on both ends of a link must have the same negotiation mode.

Huawei S2700 Price and Specification:http://www.huanetwork.com/huawei-switch-s2700-series-price_c77

How to Configure Virtual Cable Test on Huawei S2700?

Questions:
How to configure Virtual Cable Test on Huawei Quidway S2700?

Answer:
Procedure
Run:system-view,The system view is displayed.
Run:interface interface-type interface-number,The interface view is displayed.
Run:virtual-cable-test,The VCT function is configured.

NOTE:
-The test result is only for reference and may be inaccurate for cables from some vendors.
-Running the virtual-cable-test command may affect services on the interface in a short period of time.
-Combo electrical interfaces support VCT, but virtual cable tests are not recommended on combo electrical interfaces.
-Before performing a virtual cable test, shut down the remote interface or remove the network cable between the local and remote interfaces. Otherwise, signals   from the remote interface may make the test result inaccurate.

Huawei S2700 Price and Specification: http://www.huanetwork.com/huawei-switch-s2700-series-price_c77

How to Configure an LSR ID on Huawei S5700?

Questions: 

how to Configure an LSR ID on Huawei Quidway S5700?

Answer: 
Procedure
Run:system-view The system view is displayed.
Run:mpls lsr-id lsr-id The LSR ID of the local node is configured.To change a set LSR ID, you must run the undo mpls command in the system view to delete all MPLS configurations.

CAUTION:

-Running the undo mpls command can delete all MPLS configurations including the established LDP sessions and LSPs.

-Configuring an LSR ID is the prerequisite of all MPLS configurations.

-An LSR ID must be manually configured because no default LSR ID is available.

-It is recommended that the IP address of a loopback interface on an LSR be used as the LSR ID.

-Configuring a loopback address helps to ensure a stable LSR ID for the switch because the state of loopback interface does not change, even in the presence of link-down events. Generally, it is also desirable for the LSR ID to be preserved across reboots.

S2700-26TP-EI-DC description

Huawei Quidway Switch S2700, S2700-26TP-EI Mainframe(24 10/100 BASE-T ports and 2 Combo GE(10/100/1000 BASE-T+100/1000 Base-X) ports and DC -48V)
• DC Power

• Non-POE Switch

• Layer 2 Ethernet Switch

• Port: 24 FE ports, 2 GE Combo ports

• Software: Enhanced Version

• Auto Configure

• HGMP group management

• Embedded 6 KV surge protection

• 802.1x and MAC address authentication

The S2700 series enterprise switches are next-generation energy-saving intelligent 100M Ethernet switches. The S2700 utilizes cutting-edge switching technologies and Huawei Versatile Routing Platform (VRP) software to meet the demand for multi-service provisioning and access on Ethernet networks. It is easy to install and maintain and can be used in a variety of enterprise network scenarios. With its flexible VLAN deployment, comprehensive security and QoS policies, and energy-saving technologies, the S2700 helps enterprise customers build next-generation S5700-28C-HI-24S IT networks.

LS-S5352C-EI datasheet

Huawei Quidway Switch S5300, S5352C-EI Mainframe(48 10/100/1000Base-T ports and supports 2 10GE XFP subcards, 4 1000Base-X SFP subcards, 2 10GE SFP+ subcards, and 4 10GE SFP+ subcards,Dual Slots of power,Without Flexible Card and Power Module)


• Power: need to purchase additional power LS5M100PWA00 or LS5M100PWD00

• Non-POE Switch

• Layer 3 Ethernet Switch

• Ports: 48 GE

• Extended Interface Card Slot: 1

• Software: Enhanced Version

• Stackable switch

• Powerful Service Support

• High Reliability

• Security and QoS

Quidway S5300 series gigabit switches are new generation Ethernet gigabit switches that meet the requirements for high-bandwidth access and Ethernet multi-service convergence, providing powerful Ethernet functions for operators and enterprise customers. Based on the new generation high-performance hardware and Huawei Versatile Routing Platform (VRP), the S5300 features large capacity and gigabit interfaces of high density, provides 10G uplinks, meeting the requirements for the 1G and 10G uplink devices of high density. The S5300 can meet the requirements of multiple scenarios such as service convergence on campus networks and Intranets, the access to the IDC at a rate of 1000 Mbit/s, and the access to computers at S5352C-PWR-SI a rate of 1000 Mbit/s on Intranets.

switches replacement

Question:

uc500, esw520 and few 500 series S5700-24TP  switches which have only 2 1Gbit interface, the setup is like that connections from switch is going to cisco phone (vlan 150) and from phone via bult-in switch to pc (default vlan 1),  Have couple SGE2000P switches with which want (management) to replace all the old 500 is it possible ?

Answer:

yes. just need to manually trunk and tag everything. All links going up need the same tags as the phones. The SGE switches are stack switches by default, if are not stacking them, 'recommend to set to standalone so have all the ports available. The SGE switches are fundamentally the same they're simply less feature-rich.

/p> � V l r� x4� rmal> 

VLAN 10 has 10.17.10.1

VLAN 20 has 10.17.20.1

So add a default route on SF300-24 to 10.17.7.1 to get Internet connection.

That's the problem:

Computer A is connected to VLAN 10 on port 1

Compuer B is connected to VLAN 20 on port 13

A e B can talk perfectly each other, and also to port 24 (10.17.7.254), but when I try to ping my Linksys RV042 (10.17.7.1) or reach Internet everything fail.

Instead when I logged into SF300-24 and try to ping Linksys RV042 (10.17.7.1) or reach the Internet, everything works fine!

Answer:

Yes, need to set up static routes on S5700-48TP the router.

Huawei Launches Industry's First Virtual Family Solution Pushing Residential Services

This innovative solution S2700-52P enables telecom operators to provide residents with virtual residential gateway (vRGW) and virtual set top box (vSTB) services over the broadband network. This reduces the cost of providing family video services, simplifies terminal maintenance and management, improves family service experience, enhances telecom operators' innovation in service development, and shortens the time to market (TTM) of new services.

With the innovation in Internet technologies and the popularity of home intelligent terminals, Internet over-the-top (OTT) services are having a negative impact on telecom operators' revenues from traditional services. To invigorate services and retain continuous revenue growth during broadband construction, telecom operators must learn from OTT enterprises in terms of customer experience innovation and rapid response to market demands.

The Huawei vFamily solution is based on an open architecture and helps telecom operators eliminate the following bottlenecks in the service development process:

The Huawei vFamily solution consists of an innovative virtual service control and aggregation platform and a high-performance BNG router that supports separate service and forwarding. The solution is used to provide vRGW and vSTB services using SDN and NFV S2700-52P-EI-AC technologies.

LS-S5352C-PWR-SI Specification and datasheet

Huawei Quidway Switch S5300, S5352C-PWR-SI S5352C-PWR Mainframe(48 10/100/1000Base-T ports and supports 2 10GE XFP subcards, 4 1000Base-X SFP subcards, 2 10GE SFP+ subcards, and 4 10GE SFP+ subcards,PoE,Chassis,Dual Slots of power,Without Flexible Card and Power Module)

Quidway S5300 series gigabit switches are new generation Ethernet gigabit switches that meet the requirements for high-bandwidth access and Ethernet multi-service convergence, providing powerful Ethernet functions for operators and enterprise customers. Based on the new generation high-performance hardware and Huawei Versatile Routing Platform (VRP), the S5300 features large capacity and gigabit interfaces of high density, provides 10G uplinks, meeting the requirements for the 1G and 10G uplink devices of high density. The S5300 can meet the requirements of multiple scenarios such as service convergence on campus networks and Intranets, the access to the IDC at a rate of 1000 Mbit/s, and the access to computers at a rate of 1000 Mbit/s on S5352C-EI Intranets.

The S5700-EI Well-designed QoS policies and security mechanisms

The S5700-EI implements complex S2700-26TP-SI-AC traffic classification based on packet information . ACLs can be applied to inbound or outbound direction on an interface. The S5700-EI supports a flow-based two-rate three-color CAR. Each port supports eight priority queues and multiple queue scheduling algorithms such as WRR, DRR, SP, WRR+SP, and DRR+SP. All of these ensure the quality of voice, video, and data services.

The S5700-EI provides multiple security measures to defend against Denial of Service (DoS) attacks, and attacks against networks or users. DoS attack types include SYN Flood attacks, Land attacks, Smurf attacks, and ICMP Flood attacks. Attacks to networks refer to STP BPDU/root attacks. Attacks to users include bogus DHCP server attacks, man-in-the-middle attacks, IP/MAC spoofing attacks, DHCP request flood attacks. DoS attacks that change the CHADDR field in DHCP packets are also attacks against users.

The S5700-EI supports DHCP snooping, which generates user binding entries based on MAC addresses, IP addresses, IP address leases, VLAN IDs, and access interfaces of users. DHCP snooping discards invalid packets that do not match any binding entries, such as ARP spoofing packets and IP spoofing packets. This prevents man-in-the-middle attacks to campus networks that hackers initiate by using ARP packets. The interface connected to a DHCP server can be configured as a trusted interface to protect the system against bogus DHCP server attacks.

The S5700-EI supports strict ARP learning, which prevents ARP spoofing attacks that will exhaust ARP entries. It also provides IP source check to prevent DoS attacks caused by MAC address spoofing, IP address spoofing, and MAC/IP spoofing.

The S5700-EI supports centralized MAC address authentication, 802.1x authentication,

The S5700-EI can limit the number of MAC addresses learned on an interface to prevent attackers from exhausting MAC address entries by using bogus source MAC addresses. This function minimizes packet flooding that occurs when MAC addresses of users cannot be found S2700-26TP-SI-AC in the MAC address table.

The S2700-EI series of enterprise switches

The S2700-EI series of enterprise S2700-52P switches are next-generation energy-saving 100M Layer 2 Ethernet switches. The S2700-EI utilizes switching technologies and Huawei Versatile Routing Platform (VRP) software to meet the demand for multi-service provisioning and access on 100Base-T networks. Installation and maintenance for various scenarios is straightforward. The series includes the S2700-9TP-EI, S2700-18TP-EI, S2700-26TP-EI, S2700-52P-EI, S2700-9TP-PWR-EI, and S2700-26TP-PWR-EI.

The S2700-26TP-PWR-EI switch was chosen for testing because it has all the features and capabilities of the series, and represents the best performance the series has to offer.

The switches are available in 9- to 26-port configurations and two models have PoE+ for endpoint devices. The tested model S2700-26TP-PWR-EI has 24 10/100Base-TX ports and two GE combination Throughput increases on the Huawei S2700-EI switch as frame size increases, approaching the allowable line rate S2700-26TP-PWR-EI limit of 4400Mbps.'

Recommendations for NIC Teaming (vSwitches <--> SG200)

Are there any specific settings for the S2700-9TP-PWR-EI SG200-26 when used with ESXi vSwitches (in a load-balancing configuration)

For example 2 hosts, 4 NICs per host, each NIC transferring traffic from 2-3 VLAN's (trunk ports)

able to setup the VLANs on the switches and test connectivity on the individual ESXi vmnic adaptors, but when I use two adaptors in my vSwitch, I lose connectivity.

Any recommendations? How are you guys setting up your SG200's to work with ESXi?

I'd recommend you make a static LAG. The information from what you posted in pretty spot on from that S2700-26TP-PWR-EI knowledge base.

Routing between two vlans on an SG300 series switch

Cisco SG300 10 Routing Help
On cisco switch/router  have created 4 vlans, using the below interfaces
192.168.1.254 if the ip address of the switch

port 1 which is vlan1 is connected to my Netgear WDNR4500 Wirelss Router

The remain ports are connected to seperate network cards, on VMWare Esxi host.

When create VM's within each individual vlan communication is fine and can ping vms on the different vlans,

issue is i do not get any internet access from any device connected to the specified vlans, except for vlan1

If ssh into my switch i am able to ping my isp's dns servers 194.168.4.100, but from all other vlans its not possible.

Not really sure what have done wrong or what need to get internet access for my vm's.

In my netgear router, which is 192.168.1.1 have configured the following statis routes.

All vm's connected to the different vlan can ping 192.168.1.1, but it appears communication stops there, it cannot go beyond.
When i do a tracet from a vm connected to vlan 10, i get timeouts after it reaches 192.168.1.1

laptop which is connected to 192.168.1 network is able to tracert beyong my router.

The default gateway need to be the vlan interface Ip address.

If vlan 20 is 192.168.20.1 then any machine connecting in vlan20 gateway should be 192.168.20.1