Sie sind auf Seite 1von 9

S12700 Series Agile Switches

Typical Configuration Examples Contents

Contents

About This Document.....................................................................................................................ii


1 Use the Quick Search Tool.......................................................................................................... 1
2 Comprehensive configuration example.................................................................................... 2
2.1 Example for Configuring Egress Devices for Small- and Medium-Scale Campus or Branch Networks...................... 3
2.2 Example for Configuring the Egress of a Large-scale Campus (Firewalls Are Connected to Core Switches in In-line
Mode)..................................................................................................................................................................................25
2.3 Example for Configuring the Egress of a Large-scale Campus (Firewalls Are Connected to Core Switches in Bypass
Mode)..................................................................................................................................................................................53
2.4 Example for Configuring an Agile Campus Network.................................................................................................. 81
2.4.1 Solution Overview..................................................................................................................................................... 81
2.4.2 Networking Requirements......................................................................................................................................... 81
2.4.3 Network Planning...................................................................................................................................................... 83
2.4.4 Feature Planning........................................................................................................................................................ 85
2.4.5 Data Planning............................................................................................................................................................ 88
2.4.6 Configuration Procedure............................................................................................................................................91
2.4.7 Summary and Recommendations............................................................................................................................ 101
2.5 Example for Configuring High-Speed Self Recovery on a Subway Bearer Network................................................102
2.5.1 Service Requirements and Solution Description..................................................................................................... 102
2.5.2 Basic Configuration................................................................................................................................................. 106
2.5.2.1 Data Plan...............................................................................................................................................................106
2.5.2.2 Configuring Device Information.......................................................................................................................... 110
2.5.2.3 Configuring Interfaces.......................................................................................................................................... 111
2.5.2.4 Enabling BFD....................................................................................................................................................... 113
2.5.3 Deploying OSPF...................................................................................................................................................... 114
2.5.3.1 Configuration Roadmap........................................................................................................................................114
2.5.3.2 Deploying OSPF................................................................................................................................................... 114
2.5.4 Deploying MPLS LDP.............................................................................................................................................117
2.5.4.1 Configuration Roadmap........................................................................................................................................117
2.5.4.2 Data Plan...............................................................................................................................................................117
2.5.4.3 Enabling MPLS LDP............................................................................................................................................ 118
2.5.4.4 Configuring Synchronization Between LDP and OSPF.......................................................................................120
2.5.4.5 Configuring LDP GR............................................................................................................................................120
2.5.4.6 Configuring BFD for LSP.................................................................................................................................... 121

Issue 10 (2016-10-30) Huawei Proprietary and Confidential vii


Copyright © Huawei Technologies Co., Ltd.
S12700 Series Agile Switches
Typical Configuration Examples Contents

2.5.5 Deploying MPLS TE............................................................................................................................................... 122


2.5.5.1 Configuration Roadmap....................................................................................................................................... 122
2.5.5.2 Data Plan...............................................................................................................................................................123
2.5.5.3 Configuring MPLS TE Tunnels and Hot Standby................................................................................................126
2.5.5.4 Configuring RSVP GR......................................................................................................................................... 130
2.5.5.5 Configuring BFD for CR-LSP..............................................................................................................................131
2.5.6 Deploying L3VPN Services and Protection (HoVPN)............................................................................................133
2.5.6.1 Configuration Roadmap....................................................................................................................................... 133
2.5.6.2 Data Plan...............................................................................................................................................................135
2.5.6.3 Configuring MP-BGP...........................................................................................................................................138
2.5.6.4 Configuring an L3VPN........................................................................................................................................ 141
2.5.6.5 Configuring Reliability Protection....................................................................................................................... 143
2.5.7 Configuration Files.................................................................................................................................................. 148
2.5.7.1 Core_SPE1 Configuration File............................................................................................................................. 148
2.5.7.2 Core_SPE2 Configuration File............................................................................................................................. 154
2.5.7.3 Core_SPE3 Configuration File............................................................................................................................. 160
2.5.7.4 Site1_UPE1 Configuration File............................................................................................................................166
2.5.7.5 Site1_UPE2 Configuration File............................................................................................................................170
2.5.7.6 Site2_UPE3 Configuration File............................................................................................................................173
2.5.7.7 Site2_UPE4 Configuration File............................................................................................................................177
2.5.7.8 Site3_UPE5 Configuration File............................................................................................................................180
2.5.7.9 Site3_UPE6 Configuration File............................................................................................................................183
2.6 Example for Configuring ACU2 and NGFW on Switches........................................................................................ 187

3 Typical Login Configuration...................................................................................................201


3.1 Example for Configuring Switch Login Through a Console Port..............................................................................202
3.2 Example for Configuring Telnet Login (Based on ACL Rules and RADIUS Authentication)................................. 207
3.3 Example for Configuring STelnet Login (Based on RADIUS Authentication)......................................................... 211
3.4 Example for Configuring Switch Login Through the Web System........................................................................... 215
3.4.1 Factory Settings of Web Page Files for S Series Switches...................................................................................... 215
3.4.2 Example for Configuring Switch Login Through the Web System (V200R005)................................................... 216
3.4.3 Example for Configuring Switch Login Through the Web System........................................................................ 221

4 Typical File Management Configuration............................................................................. 225


4.1 Example for Logging In to the Device to Manage Files............................................................................................ 226
4.2 Example for Managing Files Using FTP.................................................................................................................... 227
4.3 Example for Managing Files Using SFTP..................................................................................................................230
4.4 Example for Accessing Files on Other Devices Using TFTP.................................................................................... 233
4.5 Example for Accessing Files on Other Devices Using FTP.......................................................................................235
4.6 Example for Accessing Files on Other Devices Using SFTP.................................................................................... 237

5 Typical Ethernet Interface Configuration.............................................................................249


5.1 Example for Configuring a Combo Interface............................................................................................................. 250
5.2 Example for Configuring the Rate and Duplex Mode of an Ethernet Interface.........................................................252

Issue 10 (2016-10-30) Huawei Proprietary and Confidential viii


Copyright © Huawei Technologies Co., Ltd.
S12700 Series Agile Switches
Typical Configuration Examples Contents

5.3 Example for Switching an Interface Between Layer 2 and Layer 3 Modes...............................................................257
5.4 Example for Configuring Port Isolation..................................................................................................................... 259

6 Typical Ethernet Switching Configuration.......................................................................... 263


6.1 Typical MAC Configuration.......................................................................................................................................264
6.1.1 Example for Configuring MAC Address Limiting in a VLAN...............................................................................264
6.1.2 Example for Configuring MAC Address Limiting on an Interface.........................................................................266
6.2 Link Aggregation Configuration................................................................................................................................ 268
6.2.1 Example for Configuring Link Aggregation in Manual Mode When Switches Are Directly Connected.............. 268
6.2.2 Example for Configuring Link Aggregation in LACP Mode When Switches Are Directly Connected................ 271
6.2.3 Example for Connecting an E-Trunk to a VPLS Network...................................................................................... 274
6.2.4 Example for Configuring an Eth-Trunk Interface to Preferentially Forward Local Traffic....................................286
6.2.5 Example for Configuring an Eth-Trunk and Association Between VRRP and the Interface Status.......................291
6.3 Typical VLAN Configuration.....................................................................................................................................302
6.3.1 Example for Configuring Interface-based VLAN Assignment............................................................................... 302
6.3.2 Example for Configuring Interface-based VLAN Assignment (Access Device Used as the Gateway)................. 309
6.3.3 Example for Configuring Interface-based VLAN Assignment (Aggregation Device Used as the Gateway)........ 313
6.3.4 Example for Configuring MAC Address-based VLAN Assignment...................................................................... 317
6.3.5 Example for Configuring IP Subnet-based VLAN Assignment............................................................................. 323
6.3.6 Example for Directly Connecting a Terminal to a Layer 3 Gateway to Implement Inter-VLAN Communication
.......................................................................................................................................................................................... 330
6.3.7 Example for Connecting a Terminal to a Layer 3 Gateway Through a Layer 2 Switch......................................... 332
6.3.8 Example for Configuring Communication Between Different Network Segments Through Static Routes........... 336
6.3.9 Example for Configuring the Super-VLAN............................................................................................................ 341
6.3.10 Example for Configuring MUX VLAN to Isolate Users in the Same VLAN.......................................................345
6.4 Typical QinQ Configuration....................................................................................................................................... 350
6.4.1 Example for Configuring Basic QinQ..................................................................................................................... 350
6.4.2 Example for Configuring VLAN ID-based Selective QinQ....................................................................................353
6.4.3 Example for Configuring Flow-based Selective QinQ............................................................................................356
6.5 Typical Loopback Detection Configuration............................................................................................................... 360
6.5.1 Example for Configuring LDT to Detect Loops on the Downstream Network...................................................... 360
6.5.2 Example for Configuring LDT to Detect Loops on the Local Network..................................................................364
6.5.3 Example for Configuring LBDT to Detect Loopbacks on an Interface.................................................................. 369
6.5.4 Example for Configuring LBDT to Detect Loops on the Downstream Network....................................................373
6.5.5 Example for Configuring LBDT to Detect Loops on the Local Network...............................................................376

7 Typical Examples of MSTP/RRPP/SEP/VBST..................................................................... 381


7.1 Example for Configuring STP.................................................................................................................................... 382
7.2 Example for Configuring RSTP................................................................................................................................. 386
7.3 Example for Configuring MSTP................................................................................................................................ 391
7.4 Example for Configuring MSTP and VRRP.............................................................................................................. 400
7.5 Example for Configuring a Single RRPP Ring with a Single Instance...................................................................... 411
7.6 Example for Configuring Tangent RRPP Rings.........................................................................................................416
7.7 Example for Configuring RRPP Snooping on a VPLS Network............................................................................... 424

Issue 10 (2016-10-30) Huawei Proprietary and Confidential ix


Copyright © Huawei Technologies Co., Ltd.
S12700 Series Agile Switches
Typical Configuration Examples Contents

7.8 Example for Configuring SEP and MSTP on a Network........................................................................................... 431


7.9 Example for Configuring SEP and RRPP on a Network............................................................................................440
7.10 Example for Configuring VBST...............................................................................................................................452

8 Typical IP Service Configuration........................................................................................... 463


8.1 Typical DHCP Configuration..................................................................................................................................... 464
8.1.1 Example for Configuring the Device as a DHCP Server (Based on the Interface Address Pool).......................... 464
8.1.2 Example for Configuring a Device as the DHCP Server (Based on the Global Address Pool)..............................468
8.1.3 Example for Configuring a DHCP Server to Allocate Different Network Parameters from the Global Address Pool
to Dynamic and Static Clients.......................................................................................................................................... 472
8.1.4 Example for Configuring the Device as a DHCP Relay (on the Same Network)................................................... 475
8.1.5 Example for Configuring the Device as a DHCP Relay (Across a GRE Tunnel)...................................................480
8.1.6 Example for Configuring a DHCP Client................................................................................................................488
8.1.7 Example for Configuring DHCP Servers Based on the Global Address Pool on the Same Network Segment in
VRRP Networking............................................................................................................................................................492

9 Typical Routing Configuration.............................................................................................. 499


9.1 Typical Static Route Configuration............................................................................................................................ 500
9.1.1 Example for Configuring Static Routes for Interworking Between Different Network Segments......................... 500
9.1.2 Example for Configuring Static Routes for Load Balancing...................................................................................504
9.1.3 Example for Configuring Static Routes for Link Backup....................................................................................... 509
9.1.4 Example for Configuring NQA for IPv4 Static Routes...........................................................................................514
9.1.5 Example for Configuring EFM for IPv4 Static Routes........................................................................................... 523
9.2 Typical OSPF Configuration...................................................................................................................................... 527
9.2.1 Example for Configuring Basic OSPF Functions....................................................................................................527
9.2.2 Example for Configuring an OSPF Stub Area........................................................................................................ 532
9.2.3 Example for Configuring an OSPF NSSA.............................................................................................................. 537
9.2.4 Example for Configuring OSPF Load Balancing....................................................................................................542
9.2.5 Example for Configuring BFD for OSPF................................................................................................................548
9.3 Typical PBR Configuration........................................................................................................................................ 554
9.3.1 Example for Configuring Traffic Policies to Implement Policy-based Routing (Redirection to Different Next
Hops)................................................................................................................................................................................ 554

10 Typical User Access and Authentication Configuration................................................. 561


10.1 Typical AAA Configuration..................................................................................................................................... 562
10.1.1 Notice to Be Taken When the Device Connects to Non-Huawei RADIUS Servers............................................. 562
10.1.2 Example for Configuring Authentication for Telnet Login Users (AAA Local Authentication)..........................563
10.1.3 Example for Configuring Authentication for Telnet Login Users (RADIUS Authentication)............................. 565
10.1.4 Example for Configuring Authentication for Telnet Login Users (Using the Secure ACS as a RADIUS
Authentication Server)......................................................................................................................................................569
10.1.5 Example for Configuring Authentication for Telnet Login Users (HWTACACS and Local Authentication)..... 589
10.1.6 Example for Configuring Default Domain-based User Management................................................................... 592
10.2 Typical NAC Configuration (Common Mode).........................................................................................................598
10.2.1 Example for Configuring 802.1x Authentication to Control Internal User Access.............................................. 598
10.2.2 Example for Configuring MAC Address Authentication to Control Internal User Access.................................. 602

Issue 10 (2016-10-30) Huawei Proprietary and Confidential x


Copyright © Huawei Technologies Co., Ltd.
S12700 Series Agile Switches
Typical Configuration Examples Contents

10.2.3 Example for Configuring Portal Authentication to Control Internal User Access................................................606
10.3 Typical NAC Configuration (Unified Mode) (V200R007C00 and Earlier Versions, V200R008C00)....................610
10.3.1 Example for Configuring 802.1x Authentication to Control Internal User Access...............................................611
10.3.2 Example for Configuring MAC Address Authentication to Control Internal User Access.................................. 615
10.3.3 Example for Configuring Portal Authentication to Control Internal User Access................................................619
10.3.4 Example for Configuring Multiple Authentication Modes to Control Internal User Access................................623
10.4 Typical NAC Configuration (Unified Mode) (V200R007C20, V200R009C00 and Later Versions)...................... 627
10.4.1 Example for Configuring 802.1x Authentication to Control Internal User Access.............................................. 627
10.4.2 Example for Configuring MAC Address Authentication to Control Internal User Access.................................. 632
10.4.3 Example for Configuring Portal Authentication to Control Internal User Access................................................636
10.5 Typical NAC Configuration (Unified Mode) (the Agile Controller as the Authentication Server) (V200R007C00
and Earlier Versions, V200R008C00).............................................................................................................................. 641
10.5.1 Example for Configuring Portal Authentication to Control Internal User Access to the Enterprise Network
(Authentication Point on Core Switch)............................................................................................................................ 642
10.5.2 Example for Configuring Portal Authentication to Control Internal User Access to the Enterprise Network
(Authentication Point on Aggregation Switch) (V200R007C00 and Earlier Versions, V200R008C00).........................662
10.5.3 Example for Configuring 802.1x and MAC Address Authentication to Control Internal User Access to the
Enterprise Network (Authentication Point on Access Switch).........................................................................................680
10.5.4 Example for Configuring 802.1x and MAC Address Authentication to Control Internal User Access to the
Enterprise Network (Authentication Point on Aggregation Switch)................................................................................696
10.6 Typical NAC Configuration (Unified Mode) (the Agile Controller as the Authentication Server) (V200R007C20,
V200R009C00 and Later Versions)..................................................................................................................................714
10.6.1 Example for Configuring Portal Authentication to Control Internal User Access to the Enterprise Network
(Authentication Point on Core Switch)............................................................................................................................ 714
10.6.2 Example for Configuring Portal Authentication to Control Internal User Access to the Enterprise Network
(Authentication Point on Aggregation Switch) (V200R007C20, V200R009C00 and Later Versions)........................... 734
10.6.3 Example for Configuring 802.1x and MAC Address Authentication to Control Internal User Access to the
Enterprise Network (Authentication Point on Aggregation Switch)................................................................................753
10.6.4 Example for Configuring User Authorization Based on ACL or Dynamic VLAN Delivery............................... 771
10.6.5 Example for Configuring Guest Access Using Social Media Accounts (GooglePlus, Facebook, or Twitter
Accounts) (V200R007C20, V200R009C00 and Later Versions).....................................................................................785

11 Typical Reliability Configuration........................................................................................798


11.1 Typical VRRP Configuration....................................................................................................................................799
11.1.1 Example for Configuring a VRRP Group in Active/Standby Mode..................................................................... 799
11.1.2 Example for Configuring a VRRP Group in Load Balancing Mode.....................................................................806
11.1.3 Example for Configuring Association Between VRRP and BFD to Implement a Rapid Active/Standby
Switchover........................................................................................................................................................................ 812
11.1.4 Example for Configuring an Eth-Trunk and Association Between VRRP and the Interface Status..................... 818
11.1.5 Example for Configuring VRRP to Ensure Reliable Multicast Data Transmission..............................................829
11.2 Typical BFD Configuration...................................................................................................................................... 844
11.2.1 Example for Associating the BFD Session Status with the Interface Status......................................................... 844

12 Typical Security Configuration............................................................................................ 850


12.1 Typical ACL Configuration......................................................................................................................................851
12.1.1 Example for Using an ACL to Restrict FTP Access Rights..................................................................................851

Issue 10 (2016-10-30) Huawei Proprietary and Confidential xi


Copyright © Huawei Technologies Co., Ltd.
S12700 Series Agile Switches
Typical Configuration Examples Contents

12.1.2 Example for Using ACLs to Control Access to the Specified Server in the Specified Time Range.................... 853
12.1.3 Example for Using an ACL to Block Network Access of the Specified Users.....................................................859
12.1.4 Example for Using Reflective ACL to Implement Unidirectional Access Control.............................................. 862
12.1.5 Example for Allowing Certain Users to Access the Internet in the Specified Time Range.................................. 864
12.1.6 Example for Using ACLs to Restrict Mutual Access Between Network Segments............................................. 868
12.1.7 Example for Using an ACL to Prevent Internal Hosts from Accessing the Internet.............................................872
12.1.8 Example for Using an ACL to Prevent External Hosts from Accessing Internal Servers.................................... 875
12.1.9 Example for Applying ACLs to SNMP to Filter NMSs........................................................................................880
12.2 Example for Configuring Port Security....................................................................................................................882

13 Typical CSS Configuration of Modular Switches............................................................ 885


13.1 Example for Setting Up a CSS................................................................................................................................. 886

14 Typical MPLS&VPN Configuration....................................................................................896


14.1 Typical BGP/MPLS IP VPN Configuration............................................................................................................. 897
14.1.1 Example for Configuring BGP/MPLS IP VPN..................................................................................................... 897
14.1.2 Example for Configuring an MCE........................................................................................................................ 910
14.1.3 Example for Configuring Multicast VPN Access Through MCE Devices........................................................... 923
14.1.4 Example for Configuring L3VPN and VRRP....................................................................................................... 945
14.1.5 Example for Configuring Routing Policies to Control Mutual Access Between L3VPN Users.......................... 958
14.2 Example for Connecting QinQ Termination Sub-interfaces to a VLL Network......................................................966
14.3 Example for Deploying BGP/MPLS IP VPN and VPLS on One ISP Network.......................................................977

15 Typical WLAN-AC Configuration (Applicable to Versions V200R005 to V200R008)


.......................................................................................................................................................... 995
15.1 Common Misconfigurations..................................................................................................................................... 996
15.1.1 Multicast Packet Suppression Is Not Configured, and A Large Number of Low-Rate Multicast Packets Affect the
Wireless Network............................................................................................................................................................. 996
15.2 Example for Configuring WLAN Services on a Small-Scale Network................................................................... 997
15.3 Example for Configuring the WLAN Service on Medium- and Large-Scale Campus Networks......................... 1006
15.4 Example for Configuring Unified Access for Wired and Wireless Users.............................................................. 1016
15.5 Example for Configuring WLAN Services for a Wireless City Project (AC Bypass Deployment, Portal
Authentication)............................................................................................................................................................... 1035
15.6 Example for Configuring MAC Address Authentication on the Wireless Side..................................................... 1055
15.7 Example for Configuring Portal Authentication on the Wireless Side...................................................................1064
15.8 Configuring Radio Calibration............................................................................................................................... 1075
15.8.1 Example for Configuring Radio Calibration....................................................................................................... 1075
15.8.2 Example for Configuring Session-based Static Load Balancing.........................................................................1085
15.8.3 Example for Configuring Traffic-based Dynamic Load Balancing.................................................................... 1094
15.9 Configuring WLAN Roaming................................................................................................................................ 1104
15.9.1 Example for Configuring Non-Fast Roaming Between APs in the Same Service VLAN..................................1104
15.9.2 Example for Configuring Fast Roaming Between APs in the Same Service VLAN.......................................... 1113
15.9.3 Example for Configuring Non-Fast Roaming Between APs in Different Service VLANs................................ 1124
15.9.4 Example for Configuring Fast Roaming Between APs in Different Service VLANs.........................................1134
15.10 Example for Configuring the WLAN Service Using WDS Technology..............................................................1146

Issue 10 (2016-10-30) Huawei Proprietary and Confidential xii


Copyright © Huawei Technologies Co., Ltd.
S12700 Series Agile Switches
Typical Configuration Examples Contents

15.11 Example for Configuring the WLAN Service Using Mesh Technology.............................................................. 1159

16 Typical WLAN-AC Configuration (Applicable to Versions V200R009).................... 1171


16.1 Common Misconfigurations................................................................................................................................... 1172
16.1.1 Multicast Packet Suppression Is Not Configured, and A Large Number of Low-Rate Multicast Packets Affect the
Wireless Network............................................................................................................................................................1172
16.2 Example for Configuring WLAN Services on a Small-Scale Network................................................................. 1173
16.3 Example for Configuring the WLAN Service on Medium- and Large-Scale Campus Networks..........................1181
16.4 Example for Configuring Unified Access for Wired and Wireless Users.............................................................. 1190
16.5 Example for Configuring WLAN Services for a Wireless City Project (AC Bypass Deployment, Portal
Authentication)............................................................................................................................................................... 1210
16.6 Example for Configuring MAC Address Authentication on the Wireless Side..................................................... 1231
16.7 Example for Configuring Portal Authentication on the Wireless Side...................................................................1240
16.8 Example for Configuring MAC Address-prioritized Portal Authentication.......................................................... 1255
16.9 Configuring Radio Calibration............................................................................................................................... 1266
16.9.1 Example for Configuring Radio Calibration....................................................................................................... 1266
16.9.2 Example for Configuring Static Load Balancing................................................................................................ 1276
16.9.3 Example for Configuring Dynamic Load Balancing...........................................................................................1286
16.10 Configuring WLAN Roaming.............................................................................................................................. 1296
16.10.1 Example for Configuring Intra-AC Roaming....................................................................................................1296
16.11 Example for Configuring the WLAN Service Using WDS Technology..............................................................1305
16.12 Example for Configuring the WLAN Service Using Mesh Technology..............................................................1319

17 Typical QoS Configuration................................................................................................. 1329


17.1 Example for Configuring Priority Re-marking and Queue Scheduling................................................................. 1330
17.2 Example for Configuring Interface-based Rate Limiting.......................................................................................1334
17.3 Example for Configuring a Traffic Policy to Implement Rate Limiting................................................................ 1337
17.4 Example for Configuring Rate Limiting in a Specified Time Range..................................................................... 1342
17.5 Example for Configuring Rate Limiting Based on VLAN IDs..............................................................................1345
17.6 Example for Configuring Traffic Shaping..............................................................................................................1350
17.7 Example for Configuring Congestion Avoidance and Congestion Management...................................................1354
17.8 Example for Configuring a Traffic Policy to Prevent Some Users from Accessing the Internet at the Specified Time
........................................................................................................................................................................................ 1359
17.9 Example for Configuring a Traffic Policy to Collect Statistics on Ping Packets................................................... 1364
17.10 Example for Configuring a Traffic Policy to Implement Traffic Statistics.......................................................... 1370
17.11 Example for Limiting Access Based on the Flow ID........................................................................................... 1375
17.12 Example for Configuring a Traffic Policy to Limit Access Between Network Segments................................... 1385
17.13 Example for Configuring HQoS...........................................................................................................................1390

18 Typical Network Management and Monitoring Configuration.................................. 1402


18.1 Typical SNMP Configuration................................................................................................................................. 1403
18.1.1 Example for Configuring a Device to Communicate with the NMS Using SNMPv1........................................ 1403
18.1.2 Example for Configuring a Device to Communicate with the NMS Using SNMPv2c...................................... 1405
18.1.3 Example for Configuring a Device to Communicate with the NMS Using SNMPv3........................................ 1408
18.1.4 Example for Configuring eSight and Switches to Communicate Through SNMPv2c........................................1411

Issue 10 (2016-10-30) Huawei Proprietary and Confidential xiii


Copyright © Huawei Technologies Co., Ltd.
S12700 Series Agile Switches
Typical Configuration Examples Contents

18.2 Typical NetStream Configuration...........................................................................................................................1418


18.2.1 Example for Configuring Original Flow Statistics Exporting.............................................................................1418
18.2.2 Example for Configuring Aggregation Flow Statistics Exporting...................................................................... 1423
18.2.3 Example for Configuring Flexible Flow Statistics Exporting............................................................................. 1426
18.3 Typical Mirroring Configuration............................................................................................................................ 1431
18.3.1 Example for Configuring Local Port Mirroring (1:1 Mirroring).........................................................................1431
18.3.2 Example for Configuring Local Port Mirroring (1:N Mirroring in Which Observing Ports Are Configured One by
One)................................................................................................................................................................................ 1433
18.3.3 Example for Configuring Local Port Mirroring (1:N Mirroring in Which Observing Ports Are Configured in a
Batch)..............................................................................................................................................................................1437
18.3.4 Example for Configuring Local Port Mirroring (N:1 Mirroring)........................................................................1440
18.3.5 Example for Configuring Local Port Mirroring (M:N Mirroring)...................................................................... 1443
18.3.6 Example for Configuring Layer 2 Remote Port Mirroring..................................................................................1446
18.3.7 Example for Configuring MQC-based Local Traffic Mirroring......................................................................... 1449
18.3.8 Example for Configuring ACL-based Local Traffic Mirroring...........................................................................1453
18.3.9 Example for Configuring MQC-based Remote Traffic Mirroring...................................................................... 1456
18.3.10 Example for Configuring ACL-based Remote Traffic Mirroring..................................................................... 1460
18.4 Typical iPCA Configuration................................................................................................................................... 1465
18.4.1 Example for Configuring iPCA to Implement End-to-End Packet Loss Measurement......................................1465
18.4.2 Example for Configuring iPCA to Implement Regional Network Packet Loss Measurement........................... 1469
18.4.3 Example for Configuring iPCA to Implement Hop-by-Hop Packet Loss Measurement.................................... 1475
18.4.4 Example for Configuring iPCA to Implement Packet Loss Measurement on a Direct Link.............................. 1480
18.4.5 Example for Configuring iPCA to Implement Packet Loss Measurement on a Device..................................... 1483

19 Typical Configuration for Interconnection Between Switches and IP Phones.........1486


19.1 Basic Concepts....................................................................................................................................................... 1488
19.2 IP Phone Deployment............................................................................................................................................. 1489
19.3 Typical Configuration Methods for Interconnection Between Switches and IP Phones........................................1490
19.4 Example for Connecting IP Phones to Switches Through LLDP.......................................................................... 1491
19.5 Example for Connecting IP Phones to Switches Through the MED TLV............................................................. 1502
19.6 Example for Connecting Cisco IP Phones to Switches Using HDP.......................................................................1510
19.7 Example for Connecting an IP Phone to a Switch Through the DHCP Server......................................................1521
19.8 Example for Connecting IP Phones to Switches Through MAC Address-based Assignment...............................1524
19.9 Example for Connecting IP Phones to Switches Through the OUI-based voice VLAN....................................... 1528
19.10 Example for Connecting IP Phones to Switches Through the PVID of the Voice VLAN ID..............................1541
19.11 Example for Connecting IP Phones to Switches Through an ACL......................................................................1552
19.12 Example for Connecting IP Phones to Switches Through a Simplified ACL......................................................1564
19.13 Example for Connecting IP Phones to Switches Through NAC Authentication and Voice VLAN.................... 1577

20 Typical Free Mobility and Service Chaining Configuration........................................ 1582


20.1 Example for Configuring a Service Chain to Guide Data Flow Forwarding......................................................... 1583
20.2 Example for Deploying the Free Mobility Function for Users' Physical Location Change(V200R006C00,
V200R007C00, V200R008C00).................................................................................................................................... 1594
20.3 Example for Deploying the Free Mobility Function for Users' Physical Location Change (V200R007C20,
andV200R009C00)......................................................................................................................................................... 1611

Issue 10 (2016-10-30) Huawei Proprietary and Confidential xiv


Copyright © Huawei Technologies Co., Ltd.
S12700 Series Agile Switches
Typical Configuration Examples Contents

21 Typical SVF Configuration .................................................................................................1629


21.1 Information to Know Before You Deploy an SVF System.................................................................................... 1630
21.1.1 SVF Technical Characteristics.............................................................................................................................1630
21.1.2 SVF Application Scenarios................................................................................................................................. 1631
21.1.3 SVF Service Deployment Limitations.................................................................................................................1635
21.2 SVF System Planning............................................................................................................................................. 1637
21.2.1 Planning SVF System Networking......................................................................................................................1637
21.2.2 Planning Member Devices of an SVF System.................................................................................................... 1641
21.3 AS Service Configuration.......................................................................................................................................1643
21.3.1 Access User Network Partitioning Configuration............................................................................................... 1645
21.3.2 Access User Authentication Configuration......................................................................................................... 1645
21.3.3 Security Configuration........................................................................................................................................ 1651
21.4 Example for Configuring SVF............................................................................................................................... 1654
21.5 Example for Configuring the Access Layer for a Wired Campus Network Using eSight..................................... 1668

22 Typical NGFW Module Configuration............................................................................. 1679


22.1 Layer-2 Dual-NGFW Module Deployment, Switch CSS, and Redirection-based Traffic Diversion....................1680
22.2 Layer-3 Dual-NGFW Module Deployment, Switch CSS, and Static Route Traffic Diversion............................. 1692
22.3 Layer-3 Dual-NGFW Module Deployment, Switch CSS, and PBR-based Traffic Diversion............................... 1707
22.4 Layer-3 Dual-NGFW Module Deployment, Switch CSS, and VLAN-based Traffic Diversion........................... 1721

Issue 10 (2016-10-30) Huawei Proprietary and Confidential xv


Copyright © Huawei Technologies Co., Ltd.