Information to Know Before SVF Deployment

Created: Feb 28, 2019 15:57:40 37 0 0 0

SVF Technical Characteristics

A traditional campus network has the following characteristics:

  • Core and aggregation devices have fixed services.

  • Access devices are widely distributed.

  • Access devices use simple, similar service configurations.

  • Access devices have many ports.

  • The trend towards wired and wireless convergence grows for access devices.

Management and configuration of access devices are time-consuming due to the preceding characteristics. Super Virtual Fabric (SVF) technology effectively simplifies management and configuration of access devices.Figure 4-32  SVF networking diagram 
imgDownload?uuid=facd2ea6cef545998628100

As shown in Figure 4-32, SVF simplifies campus network management and maintenance. According to characteristics of campus networks, SVF technology allows you to configure and maintain access devices as well as manage access users in a uniform manner.

In an SVF system, a parent manages and configures the SVF system. Client refers to all access devices, including wired access devices (ASs) and wireless access devices (APs).

SVF has the following technical characteristics:

  • Manages wired and wireless users on the parent in a uniform manner.
  • Configures services of access switches (ASs) through the parent. For the configurable services and service configuration modes, see SVF Service Deployment Limitations.
  • Maintains the status of ASs and access points (APs) through the parent, including device registration status and heartbeat, version and patch status, important alarms, port status, and user status of all ASs and APs.
  • Supports at most two levels of ASs (level-1 and level-2 ASs) and one level of APs. When eSight is used to manage the SVF system, SVF can better simplify device management.

The following table lists SVF hardware and software requirements.

Select APs whose type and version are supported by the parent, and see the version mapping of the device model for the parent to determine which APs the parent supports.Table 4-28  Supported parent and AS switch models

Parent Version

Supported Parent Switch Models

AS Version Requirements

Supported AS Switch Models

V200R007C00

  • S12708, S12712
  • S7703, S7706, S7712
  • S9703, S9706, S9712
  • S5720HI

V200R007C00

S2750EI, S5700LI, S5700S-LI, S5720EI

V200R008C00

  • S12704, S12708, S12712
  • S7703, S7706, S7712
  • S9703, S9706, S9712
  • S5720HI

V200R008C00

S2750EI, S5700LI, S5700S-LI, S5710-X-LI, S5720SI, S5720S-SI, S5720EI

V200R009C00

  • S12704, S12708, S12712
  • S7703, S7706, S7712
  • S9703, S9706, S9712
  • S5720HI
  • S6720EI, S6720S-EI

V200R009C00

S2720EI, S2750EI, S5700LI, S5700S-LI, S5710-X-LI, S5720SI, S5720S-SI, S5720EI, S6720EI, S6720S-EI

V200R010C00

  • S12704, S12708, S12710, S12712
  • S7703, S7706, S7712
  • S9703, S9706, S9712
  • S5720HI
  • S6720EI, S6720S-EI

V200R010C00

  • S2720EI, S2750EI, S5700LI, S5700S-LI, S5710-X-LI, S5720LI, S5720S-LI, S5720SI, S5720S-SI, S5720EI, S6720EI, S6720S-EI
  • S600-E

V200R011C00

  • S5720HI
  • S6720EI, S6720S-EI

V200R011C00

  • S2750EI, S5700LI, S5700S-LI, S5710-X-LI, S5720LI, S5720S-LI, S5720SI, S5720S-SI, S5720EI, S6720EI, S6720S-EI, S6720LI, S6720S-LI, S6720SI, S6720S-SI
  • S600-E

V200R011C10

  • S12704, S12708, S12710, S12712
  • S7703, S7706, S7712
  • S9703, S9706, S9712
  • S9303, S9306, S9310, S9312
  • S9303E, S9306E, S9312E
  • S9310X
  • S5720HI
  • S6720EI, S6720S-EI
  • S6720SI, S6720S-SI

V200R011C10

  • S2720EI, S2750EI, S5700LI, S5700S-LI, S5710-X-LI, S5720LI, S5720S-LI, S5720SI, S5720S-SI, S5720EI, S5730SI, S5730S-EI, S6720EI, S6720S-EI, S6720LI, S6720S-LI, S6720SI, S6720S-SI
  • S600-E

V200R012C00

  • S12704, S12708, S12710, S12712
  • S7703, S7706, S7712
  • S9703, S9706, S9712
  • S9303, S9306, S9310, S9312
  • S9303E, S9306E, S9312E
  • S9310X
  • S5720HI, S5730HI
  • S6720HI
  • S6720EI, S6720S-EI
  • S6720SI, S6720S-SI

V200R011C10

V200R012C00

  • S2720EI, S2750EI, S5700LI, S5700S-LI, S5710-X-LI, S5720LI, S5720S-LI, S5720SI, S5720S-SI, S5720I-SI, S5720EI, S5730SI, S5730S-EI, S5730HI, S6720EI, S6720S-EI, S6720LI, S6720S-LI, S6720SI, S6720S-SI
  • S600-E

V200R013C00

  • S12704, S12708, S12710, S12712
  • S7703, S7703 PoE, S7706, S7706 PoE, S7712
  • S9703, S9706, S9712
  • S9303, S9306, S9310, S9312
  • S9303E, S9306E, S9312E
  • S9310X
  • S5720HI, S5730HI
  • S6720HI
  • S6720EI, S6720S-EI
  • S6720SI, S6720S-SI

V200R011C10

V200R012C00

V200R013C00

  • S2720EI, S5720LI, S5720S-LI, S5720SI, S5720S-SI, S5720I-SI, S5720EI, S5730SI, S5730S-EI, S5730HI, S6720EI, S6720S-EI, S6720LI, S6720S-LI, S6720SI, S6720S-SI
  • S2750EI, S5700LI, S5700S-LI, S5710-X-LI (running only V200R011C10 or V200R012C00)
  • S600-E

Application Scenarios for SVF

Based on SVF technical characteristics, the parent must be connected to ASs and APs across a Layer 2 network and ASs must be deployed at the access layer of a campus network and directly connected to users. ASs cannot be used as aggregation devices. In versions earlier than V200R011C10, user-side ports of ASs cannot be added to an Eth-Trunk. In V200R011C10 or later versions, user-side ports of ASs can be added to an Eth-Trunk. Due to these limitations, SVF applies to the following scenarios. If your network does not meet the following SVF networking requirements, SVF cannot be deployed on your network. You are advised to log in to each device to configure services.

Scenario 1: Wired Campus Network Access

In a wired campus network access scenario, all user terminals access a campus network through wired links. In such a scenario, user terminals are directly connected to ASs, and the parent functions as the access gateway of users. SVF supports two types of networking, depending on whether the parent and ASs are directly connected or connected across an intermediate network:

  • Networking in which the parent and ASs are directly connected, as shown in Figure 4-33
    1. The parent can be a standalone device, a cluster switch system (CSS) of two modular devices, or a stack of multiple member devices.
    2. At most two levels of ASs are supported in an SVF system. Each AS can be a standalone device or a stack of multiple member devices. In V200R008C00 and earlier versions, each AS can be a stack of up to three member devices that are the same model and provide the same number of ports. From V200R009C00, each AS can be a stack of up to five member devices that are the same model and provide the same number or different numbers of ports.
    3. User terminals can access the network through level-1 or level-2 ASs. The parent functions as the access gateway of users.
    If a new campus network is built with unconfigured devices, this networking is recommended.Figure 4-33  Networking in which the parent and ASs are directly connected on a wired campus network 
    imgDownload?uuid=f937c4a662664a55a035d69
  • Networking in which the parent and ASs are connected across an intermediate network, as shown in Figure 4-34
    1. The parent can be a standalone device, a cluster switch system (CSS) of two modular devices, or a stack of multiple member devices.
    2. An SVF system supports at most one level of ASs. Each AS can be a standalone device or a stack of multiple member devices. In V200R008C00 and earlier versions, each AS can be a stack of up to three member devices that are the same model and provide the same number of ports. From V200R009C00, each AS can be a stack of up to five member devices that are the same model and provide the same number or different numbers of ports.
    3. User terminals can access the network through ASs. The parent functions as the access gateway of users.
    If a campus network is reconstructed and devices of different vendors are deployed on the campus network, this networking is recommended.Figure 4-34  Networking in which the parent and ASs are connected across an intermediate network on a wired campus network 
    imgDownload?uuid=59c02a53f2b64d42a2cd248

Scenario 2: Wired and Wireless Converged Campus Network Access

On a wired and wireless converged campus network, some user terminals access the network wiredly, while others access the network wirelessly. In the scenario, the parent functions as the access gateway of users. SVF supports two types of networking, depending on whether the parent and ASs&APs are connected across an intermediate network:

  • Networking in which the parent and ASs&APs are directly connected, as shown in Figure 4-35
    1. The parent can be a standalone device, a cluster switch system (CSS) of two modular devices, or a stack of multiple member devices.
    2. An SVF system supports at most two levels of ASs (level-1 and level-2 ASs). Each AS can be a standalone device or a stack of multiple member devices. In V200R008C00 and earlier versions, each AS can be a stack of up to three member devices that are the same model and provide the same number of ports. From V200R009C00, each AS can be a stack of up to five member devices that are the same model and provide the same number or different numbers of ports.
    3. APs can be connected to level-1 or level-2 ASs.
    4. Wired user terminals access the network through level-1 or level-2 ASs. Wireless user terminals access the network through APs. The parent functions as the access gateway of users.
    If a new campus network is built with unconfigured devices, this networking is recommended.Figure 4-35  Networking in which the parent and ASs&APs are directly connected on a wired and wireless converged campus network 
    imgDownload?uuid=66a86a34731d4ab6a168b2b
  • Networking in which the parent and ASs&APs are connected across an intermediate network, as shown in Figure 4-36
    1. The parent can be a standalone device, a cluster switch system (CSS) of two modular devices, or a stack of multiple member devices.
    2. An SVF system supports at most one level of ASs. Each AS can be a standalone device or a stack of multiple member devices. In V200R008C00 and earlier versions, each AS can be a stack of up to three member devices that are the same model and provide the same number of ports. From V200R009C00, each AS can be a stack of up to five member devices that are the same model and provide the same number or different numbers of ports.
    3. APs are connected to ASs.
    4. Wired user terminals access the network through ASs. Wireless user terminals access the network through APs. The parent functions as the access gateway of users.
    If a campus network is reconstructed and devices of different vendors are deployed on the campus network, this networking is recommended.Figure 4-36  Networking in which the parent and ASs&APs are connected across an intermediate network on a wired and wireless converged campus network 
    imgDownload?uuid=2e67972861a34cae95775fa

Scenario 3: Campus Network of Multiple SVF Systems

On a campus network with more than 200 access devices, you can set up multiple SVF systems to simplify campus network management, as shown in Figure 4-37.Figure 4-37  Campus network of multiple SVF systems 
imgDownload?uuid=ab678f54831b499f8bf1e34

SVF Service Deployment Limitations

SVF supports two service configuration modes: centralized mode and independent mode.

  • In centralized mode, all service configurations for ASs are performed on the parent. Therefore, the services that can be configured on ASs depend on the services that can be configured on the parent, but not on the services supported by a standalone access switch. AS-supported services apply to most access switches.

    In centralized mode, you can deliver service configurations to multiple ASs using profiles or global batch configuration or configure a single AS directly.

  • Since V200R010C00, in independent mode, you can log in to an AS to configure it using commands.

    The independent mode supports more service configurations than the centralized mode. When services cannot be batch configured on the parent for an AS, log in to the AS to configure it independently. After the AS changes from the centralized mode to independent mode, the configuration file generated using profiles or directly configured before the mode switchover will be retained.

The following describes the configurable functions in different service configuration modes.

Centralized Mode (Batch Configuration: Functions Globally Delivered)

Function

Description

Configure the SVF forwarding mode.

An SVF system supports two forwarding modes: centralized forwarding and distributed forwarding.

  • In centralized forwarding mode, traffic forwarded by the local AS and forwarded between ASs is sent to the parent for forwarding.

  • In distributed forwarding mode, an AS directly forwards local traffic and the parent forwards traffic between ASs.

NOTE:
  • In centralized forwarding mode, ports of the ASs connected to the same fabric port of the parent are isolated and so cannot communicate at Layer 2, and need to have proxy ARP in the corresponding VLAN configured using the arp-proxy inner-sub-vlan-proxy enablecommand to communicate at Layer 3.
  • In centralized forwarding mode, after an AS goes offline, traffic of its attached network cannot be forwarded by the parent and will be interrupted.
  • In distributed forwarding mode, after an AS goes offline, in versions earlier than V200R012C00, downlink ports of the AS are automatically shut down. As a result, traffic of the AS attached network will be interrupted. In V200R012C00 and later versions, downlink ports of the AS will not be shut down, and traffic of the AS attached network will be forwarded as usual.

By default, the forwarding mode of an SVF system is distributed forwarding.

Configure the URL encoding function for an AS (This function is supported in V200R009 and later versions).

To improve web application security, data from untrustworthy sources must be encoded before being sent to clients. URL encoding is most commonly used in web applications. After URL encoding is enabled for ASs, special characters in redirected URLs are converted to secure formats, preventing clients from mistaking them for syntax signs or instructions and unexpectedly modifying the original syntax. In this way, cross-site scripting attacks and injection attacks are prevented. By default, URL encoding is enabled in ASs. This function can be disabled using the portal url-encode disable command.

Configure authentication-free rules.

In addition to the configurations in service profiles, the parent delivers the configured Portal authentication-free rules to ASs. Authentication-free rules 0 to 127 can be delivered to ASs of the S5720EI model; authentication-free rules 0 to 31 can be delivered to ASs of other models;authentication-free rules outside the two ranges will not be delivered to ASs.

Enable IGMP snooping for a service VLAN on an AS (This function is supported in V200R010 and later versions).

By default, IGMP snooping is disabled for service VLANs on an AS.

Centralized Mode (Batch Configuration: Functions Delivered Using Profiles)

Function

Sub-function

Service

Device managementAdministratorUser name and password of the local administrator
Traffic policingRate limit for outgoing ARP and DHCP packets on an uplink fabric port
BPDU protectionBPDU protection on ASs (supported only in V200R013C00 and later versions)
Basic network serviceVLAN managementAddition and removal of ports to or from a VLAN
Configuration of the port that connects an AS to an AP
Voice VLAN based on LLDP or CDP negotiation
Enhanced network serviceBasic QoSTrust 802.1p (This function is not supported in V200R011C10 and later versions)NOTE:

In V200R011C10 and later versions, the priority-trust enablecommand cannot be executed in the network enhanced profile view to configure the priority trust function. When the S2720EI, S2750EI, S5700LI, S5700S-LI, S5710-X-LI, S5720LI, S5720S-LI, S5720SI, S5720I-SI, or S5720S-SIswitches go online as ASs, the parent delivers the default trust 8021p configuration. When other switches go online as ASs, by default, they use the default trust 8021p configuration. Therefore, the parent does not need to deliver the configuration.

Port securityBroadcast, multicast, and unknown unicast traffic suppression on a port
Port rate limiting
STP edge port
Access securityDHCP snooping, IPSG, and DAI
MAC management

(supported only in V200R013C00 and later versions)

Action taken on an interface in case of MAC address flapping
Alarm function for MAC address learning and aging
Access serviceAccess authentication802.1x authentication, MAC address authentication, and Portal authentication
Access controlMAC address limiting
Maximum number of access users on an AS port (This function is supported in V200R010 and later versions)
Traffic policingRate limit for incoming ARP and DHCP packets on an AS port
QoS service

supported only in V200R013C00 and later versions

Priority mappingTo configure priority mapping based on DSCP priorities, run the trust dscpcommand.
Queue scheduling modeTo configure a queue scheduling mode, run the qos { pq | wrr | drr } command.
Queue scheduling weightTo configure a queue scheduling weight, run the qos queue command.
Centralized Mode (Single Configuration: Functions Delivered Using the direct-command Command)

imgDownload?uuid=628d3feba9c74fa68974caa NOTE:

The interface view cannot be the Eth-Trunk interface view.

Service Category

Format

View

Function

Configuration Dependency and Restriction

Energy-saving management

port-auto-sleep enable

Interface view

Enables the port sleeping function on an electrical interface.

This command cannot be configured on combo interfaces.

PoE

poe force-power

Interface view

Enables forcible PoE power supply on an interface.

-

poe legacy enable

Interface view

Enables an interface to check compatibility of PDs.

-

poe priority { critical | high | low }

Interface view

Sets the power supply priority of a PoE interface.

-

poe af-inrush enable slot slot-id

System view

Configures the IEEE 802.3at-compliant device to provide power in accordance with IEEE 802.3af.

-

poe high-inrush enable slot slot-id

System view

Configures a device to allow high inrush current during power-on.

-

undo poe enable (supported in V200R011C10 and later versions)

Interface view

Disables the PoE function on an interface.

-

Ethernet interfaces

undo negotiation auto

Interface view

Configures an interface to work in non-auto negotiation mode.

After you run the undo direct-commandcommand, the interface works in auto negotiation mode.

  • This command cannot be configured on combo interfaces.
  • Do not cancel the undo negotiation auto command when speed 10 | 100 | 1000 } or duplex { full | half } is specified.

speed 10 | 100 | 1000 }

Interface view

Sets the rate in non-auto negotiation mode.

  • This command cannot be configured on combo interfaces.

  • Ensure that the interface works in non-auto negotiation mode before configuring this command.

speed auto-negotiation

Interface view

Enables auto-negotiation on a GE optical interface.

  • Support for this command varies depending on switch models. For details, see the speed auto-negotiationcommand in the Command Reference - Interface Management Commands - Ethernet Interface Configuration Commands.

  • Ensure that the interface works in auto-negotiation mode before configuring this command.

duplex { full | half }

Interface view

Sets the duplex mode for an electrical interface in non-auto negotiation mode.

  • This command cannot be configured on combo interfaces.

  • Ensure that the interface works in non-auto negotiation mode before configuring this command.

  • When the working rate of a GE electrical interface is 1000 Mbit/s, the interface supports only the full duplex mode.

loopback internal

Interface view

Configures a loopback detection mode on an interface.

-

description description (supported in V200R011C10 and later versions)

Interface view

Configures the description for an interface.

The description contains a maximum of 52 characters in V200R011C10, and the description contains a maximum of 116 characters in V200R012C00 and later versions.

Port bridge

port bridge enable

Interface view

Enables the bridging function on an interface.

-

Voice VLAN

voice-vlan mac-address mac-address maskmask (supported in V200R011C10 and later versions)

System view

Configures the OUI address of the voice VLAN.

-

LBDT

loopback-detect enable

Interface view

Enables loopback detection on an interface.

-

loopback-detect packet vlan vlan-id

Interface view

Enables loopback detection for a specified VLAN.

If you configure this command multiple times, loopback detection is enabled for multiple VLANs.

ARP rate limiting

arp speed-limit source-mac maximummaximum

System view

Configures ARP rate limiting based on source MAC addresses.

  • Only the S5720EI, S6720S-EI, and S6720EI support this command.

  • This function takes effect only for ARP packets sent to the CPU.

arp speed-limit source-ip maximum maximum

System view

Configures ARP rate limiting based on source IP addresses.

This function takes effect only for ARP packets sent to the CPU.

Stack

port interface { interface-type interface-number1 [ to interface-type interface-number2 ] } enable (supported in V200R010 and later versions)

Stack interface view:

stack-portmember-id/port-id

Configures a service interface as a stack member port and adds it to a stack port.

Before restoring the stack member ports that are added to a stack port in direct configuration mode as common service interfaces, you do not need to run the shutdown interfacecommand in the stack interface view.

stack slot slot-id priority priority (supported in V200R010 and later versions)

System view

Sets a stack priority for a member switch in a stack.

-

stack slot slot-id renumber new-slot-id(supported in V200R011C10 and later versions)

System view

Changes the stack ID of a specified member switch in a stack.

NOTICE:If there are services running, delivering this command may cause service interruptions and configuration loss. Therefore, you are advised to deliver this command when an AS is unconfigured.
A stack ID cannot be changed in the following situations:
  • The switch is a standalone switch that does not join any stack.
  • The newly configured stack ID is an existing stack ID of a specified member switch in a stack.
  • Ports with the specified slot-idhave been configured as member ports of an uplink fabric port.
  • Ports with the specified slot-idhave been configured as member ports of a downlink fabric port.

User Access and Authentication (supported in V200R012C00 and later versions)

access-user arp-detect vlan vlan-id ip-addressip-address mac-address mac-address

System view

Sets the source IP address and source MAC address of offline detection packets in a VLAN.

In V200R012C00SPC710 and later versions,when vlanip-address, and mac-address are all different, multiple configurations of this command can be generated. If any one of vlanip-address, and mac-address has been configured, delete the existing configuration before reconfiguring them.

In other V200R012C00 versions except V200R012C00SPC710,this command can be configured only one. If you want to modify the configuration, delete the existing configuration and then perform the configuration again.

access-user arp-detect default ip-address ip-address

System view

Sets the default source IP address of offline detection packets.

-

undo user-detect

System view

Disables the online user detection function.

-

authentication speed-limit max-num max-num-value interval interval-value (supported in V200R013C00 and later versions)

System view

Configures the rate limit for an access device to send user association and disassociation request messages.

-

access-user arp-detect fallback ip-addressmask-length (supported in V200R013C00 and later versions)

System view

Configures an IP address required for calculating the source address of offline detection packets.

If you run this command multiple times, only the latest configuration takes effect.

access-user arp-detect delay delay (supported in V200R013C00 and later versions)

System view

Configures the delay for sending offline detection packets.

-

Centralized Mode (Configurable Commands After Logins to ASs Using the attach-as Command or Console Port)

Commands that can be configured after you log in to an AS in centralized configuration mode are mainly used for fault diagnosis.

  • In the user view and diagnostic view, all commands are supported except the commands listed in Table 4-29. Additionally, in V200R009 and earlier versions, the diagnostic view can be displayed only after the diagnose-command command is executed in the user view.

    Table 4-29  Commands not supported in the user view and diagnostic view of ASs

    Command

    View

    configuration copy file file-name to running

    User view

    configuration copy startup to file file-name

    User view

    configuration exclusive

    User view

    format drive

    User view

    lldp clear neighbor [ interface interface-type interface-number ]

    User view

    local-user change-password

    User view

    lock

    User view

    startup patch patch-name [ slave-board | slot slot-id ]

    User view

    startup saved-configuration configuration-file [ slot slot-id ]

    User view

    startup system-software system-file [ all | slave-board | slot slot-id ]

    User view

    save [ all ] [ configuration-file ]

    User view

    save logfile [ all ]

    User view

    reboot [ fast | save diagnostic-information ]

    User view

    schedule reboot { at time | delay interval [ force ] }

    User view

    rollback

    User view

    cli enable-config

    Diagnostic view

    configuration datasync start script-file script-file { result-file result-file }

    Diagnostic view

    test-device port loopback slot { slot-id | interface { interface-typeinterface-number1 [ to interface-type interface-number2 ] } &<1-10> }

    Diagnostic view

    stack enable

    undo stack enable

    Diagnostic view

    undo startup system-software

    Diagnostic view

  • Commands that are supported in other views are used for service diagnosis and fault location. In V200R009 and earlier versions, the uni-mng diag-mode enable command must be executed first to enable the diagnostic mode.

    Table 4-30  Commands supported in other views

    Command

    Function

    Configuration Notes

    port-mirroring

    undo port-mirroring

    Binds a mirrored port to an observing port.

    You are not advised to perform service configurations on Eth-Trunk member ports of an AS that are bound to a fabric port, as doing so may cause a failure of SVF system setup.

    traffic-mirror

    undo traffic-mirror

    Configures the traffic mirroring function.

    You are not advised to perform service configurations on Eth-Trunk member ports of an AS that are bound to a fabric port, as doing so may cause a failure of SVF system setup.

    observe-port

    undo observe-port

    Configures an observing port.

    Generally, an observing port is dedicated to monitoring forwarding of mirrored traffic. Therefore, configuring an AS port with service configurations as an observing port is not recommended. If a port has been configured as an observing port, do not deliver service configurations to this port through service profiles or the direct-command command.

    You are not advised to perform service configurations on Eth-Trunk member ports of an AS that are bound to a fabric port, as doing so may cause a failure of SVF system setup.

    traffic-statistic

    undo traffic-statistic

    Enables the traffic statistics collection function.

    If you delete the traffic-statistic command that is delivered by the parent to an AS, you will fail to obtain traffic statistics about the AS on the parent.

    You are not advised to perform service configurations on Eth-Trunk member ports of an AS that are bound to a fabric port, as doing so may cause a failure of SVF system setup.

    capture-packet

    Configures the packet header obtaining function.

    You are not advised to perform service configurations on Eth-Trunk member ports of an AS that are bound to a fabric port, as doing so may cause a failure of SVF system setup.

    acl 2000-2999

    undo acl 2000-2999

    Creates or deletes an ACL rule.

    If the number of traffic policies on an AS reaches the upper limit, the parent fails to deliver the IPSG or DAI configurations. Run the display uni-mng commit-result profile command on the parent to check the configuration delivery result. If the command output shows that the configuration delivery fails, run the display uni-mng execute-failed-record profile as name as-name command to check execution failure records after the configuration is delivered to an AS. The command output provides detailed information about the delivery failure. You can log in to the AS to check whether the ACL resources are used up.

    acl 3000-3998

    undo acl 3000-3998

    acl 4000-4997

    undo acl 4000-4997

    rule

    undo rule

    Creates an ACL rule.

    -

    interface Eth-Trunk

    undo interface Eth-Trunk

    Creates or deletes an Eth-Trunk interface or displays the Eth-Trunk interface view.

    In V200R011C10 and later versions, you can only enter the Eth-Trunk interface view and cannot create or delete Eth-Trunk interfaces.

    Do not delete Eth-Trunk0 or Eth-Trunk interfaces that are bound to the downlink fabric port from an AS.

    interface GigabitEthernet

    Displays the GE interface view.

    -

    interface XGigabitEthernet

    Displays the XGE interface view.

    -

    interface Ethernet

    Displays the Ethernet interface view.

    -

    interface MultiGE

    Displays the MultiGE interface view.

    This command is only supported by S5720-14X-PWH-SI-AC, S5720-28X-PWH-LI-AC, and S6720SI.

    display

    Displays the device status or configurations.

    -

    quit

    Returns to the upper-level view.

    -

    return

    Returns to the user view.

    -

    interface stack-port

    Displays the stack port view.

    -

    shutdown interface

    undo shutdown interface

    Shuts down/restores a stack member port.

    This command is configured in the stack port view.

    mad restore

    Restores all the blocked interfaces of a standby switch that enters the Recovery state after its stack splits.

    -

    reset trace instance(supported in V200R010 and later versions)

    Clears all the diagnosis instances on a device.

    -

    save trace information(supported in V200R010 and later versions)

    Saves diagnosis information in the buffer area as a file.

    -

    Commands starting with the trace keyword (supported in V200R010 and later versions)

    Commands starting with the undo trace keyword(supported in V200R010 and later versions)

    Used for service diagnosis and executed in the system view.

    -

Independent Mode (Configurable Commands After Logins to ASs Using the attach-as Command or Console Port)

The independent mode has been supported since V200R010. In independent mode, the commands listed in the following table can be configured on ASs. When configuring these commands, pay attention to the following points:

  • These commands vary depending on the AS device type. For details, see the command reference of these devices.
  • In independent mode, configuring some commands may cause an AS's failure to go online. To prevent this problem, some commands listed in the following table are not supported. If an unsupported command is executed on an AS, an error message is displayed.

Function

Command

Basic ConfigurationCLI Overview Commands
File Management Commands
System Startup Commands
Device ManagementHardware Configuration Commands
Energy-saving Configuration Commands
PoE Configuration Commands
Stack Configuration Commands
Interface ManagementBasic Interface Configuration Commands
Ethernet Interface Configuration Commands
Logical Interface Configuration Commands
Ethernet SwitchingMAC Address Table Configuration Commands
Link Aggregation Commands
VLAN Configuration Commands
VLAN Aggregation Configuration Commands
MUX VLAN Configuration Commands
Voice VLAN Configuration Commands
QinQ Configuration Commands
VLAN Mapping Configuration Commands
Loopback Detection Configuration Commands
Bpdu Protection Configuration Command (supported in V200R012C00 and later versions)
Layer 2 Protocol Transparent Transmission Commands
IP ServiceIPv4 Configuration Commands
ARP Configuration Commands
DHCP Policy VLAN Configuration Commands
ReliabilityDLDP Configuration Commands
MAC Swap Loopback Configuration Commands
User Access and AuthenticationAAA Configuration Commands
NAC Configuration Commands (Unified Mode)
Policy Association Configuration Commands
SecurityACL Configuration Commands
Local Attack Defense Configuration Commands
Attack Defense Configuration Commands
MFF Configuration Commands
Traffic Suppression and Storm Control Configuration Commands
ARP Security Configuration Commands
Port Security Configuration Commands
DHCP Snooping Configuration Commands
ND Snooping Configuration Commands
PPPoE+ Configuration Commands
IP Source Guard Configuration Commands
SAVI Configuration Commands
MPAC Configuration Commands
QoSMQC Configuration Commands
Priority Mapping Commands
Traffic Policing, Traffic Shaping, and Interface-based Rate Limiting Commands
Congestion Avoidance and Congestion Management Commands
Filtering Configuration Commands
Redirection Configuration Commands
Statistics Configuration Commands
ACL-based Simplified Traffic Policy Commands
Network Management and MonitoringSNMP Configuration Commands
LLDP Configuration Commands
Service Diagnosis Configuration Commands
Mirroring Configuration Commands
Packet Obtaining Configuration Command
Ping and Tracert Configuration Commands

See more please click 

https://support.huawei.com/enterprise/en/doc/EDOC1000069520/9aadccc0/comprehensive-configuration-examples


  • x
  • convention:

Reply

Reply
You need to log in to reply to the post Login | Register

Notice: To protect the legitimate rights and interests of you, the community, and third parties, do not release content that may bring legal risks to all parties, including but are not limited to the following:
  • Politically sensitive content
  • Content concerning pornography, gambling, and drug abuse
  • Content that may disclose or infringe upon others ' commercial secrets, intellectual properties, including trade marks, copyrights, and patents, and personal privacy
Do not share your account and password with others. All operations performed using your account will be regarded as your own actions and all consequences arising therefrom will be borne by you. For details, see " Privacy."
If the attachment button is not available, update the Adobe Flash Player to the latest version!
Fast reply Scroll to top