Got it
Huawei Enterprise Support Community
Community Forums Access Network
Configuring Router for sm...

Configuring Router for small internal office network

Created: Oct 8, 2020 08:25:04Latest reply: Oct 8, 2020 14:35:39 709 6 0 0 0
  Rewarded HiCoins: 1 (problem resolved)
View the author 1#

Hello, team!


I have a question.


How to Configure the router for internal office work, given I public IP address from EPON.


The given IP address is 196.188.x.x/29


Can you explain it away as a beginner should understand?


Thank you!




Configuring Route

Like (0) Dislike (0) Favorite(0) Share Report
Previous: Unsearchable 5G Network
Next: Huawei B818-260
Featured Answers

Best answer

(1) (0)
E.DR_91
MVE Author Created Oct 8, 2020 09:32:02

Networking Requirements

In an enterprise,
intranet users in departments A and B can communicate with each other
and access the Internet.

 on a small-sized campus network, S2700 and S3700 switches are typically
deployed as access switches (such as ACC1) at the access layer, S5700
and S6700 switches as core switches (such as CORE) at the core layer,
and AR routers as egress routers (such as Router).

The access
switches are connected to the core switch through Eth-Trunks to ensure
reliability.

A VLAN is assigned to each department and services
are transmitted between departments at Layer 3 through VLANIF interfaces
of the switch CORE.

The core switch functions as a DHCP server
to allocate IP addresses to users in the campus.

The DHCP snooping
function is configured on access switches to prevent intranet users
from connecting to unauthorized routers to obtain IP addresses. The
IPSG function is configured to prevent intranet users from changing
their IP addresses.


ROUT


Data Planning

Data plan

Operation

Item

Data

Description

Configuring the management IP address

IP address of the management interface

10.10.1.1/24

This IP address is used for users to log in to the switch
through the management interface.

Configuring interfaces and VLANs

Eth-Trunk working mode

Static Link Aggregation Control Protocol (LACP) mode

Eth-Trunks work in manual load balancing mode or static
LACP mode.

Interface type

Interfaces connected to switches are configured as trunk
interfaces and interfaces connected to PCs are configured as access
interfaces.

A trunk interface is typically used to connect to a switch.

An access interface is typically used to connect to a PC.

A hybrid interface can connect to either a switch or a PC.

VLAN ID

ACC1: VLAN 10

ACC2: VLAN 20

CORE: VLANs 100,
10, and 20

The default VLAN of a switch is VLAN 1.

To isolate
departments A and B at Layer 2, add department A to VLAN 10 and department
B to VLAN 20.

The switch CORE connects to the egress router
through VLANIF 100.

Configuring DHCP

DHCP server

CORE

The DHCP server is deployed on the core switch.

Address pool

VLAN 10: VLANIF 10

VLAN 20: VLANIF 20

Terminals in department A obtain IP addresses from the address
pool on VLANIF 10.

Terminals in department B obtain IP addresses
from the address pool on VLANIF 20.

Configuring routes on the core switch

IP routes

VLANIF 100: 10.10.100.1/24

VLANIF 10: 10.10.10.1/24

VLANIF 20: 10.10.20.1/24

The IP address of VLANIF 100 is used for the switch CORE
to connect to the egress router and for the internal network to communicate
with the Internet.

On the core switch, configure a default route
and set the next-hop IP address to the IP address of the egress router.

After the IP addresses of VLANIF 10 and VLANIF 20 are configured
on the switch CORE, departments A and B can communicate through the
switch.

Configuring the egress router

IP address of the public network interface

Ethernet0/0/1: 1.1.1.2/30

Ethernet0/0/1 connects the egress router to the Internet.

IP address of the public network gateway

1.1.1.1/30

It is the IP address of the carrier's device connected
to the egress router. On the egress router, configure a default route
to this IP address for forwarding network traffic to the Internet.

DNS server address

2.2.2.2

The DNS server resolves a domain name into an IP address.

IP address of an intranet interface

Ethernet0/0/2: 10.10.100.2/24

Ethernet0/0/2 connects the egress router to the intranet.

Configuring DHCP snooping and IPSG

Trusted port

Eth-Trunk 1

N/A

Configuration Roadmap

The configuration
roadmap is as follows:

  1. Log in to switches.

  2. Configure the interfaces and VLANs on access switches.

  3. Configure the interfaces and VLAN on the core switch.

  4. Configure the DHCP server on the core switch.

  5. Configure routes on the core switch.

  6. Configure the egress router.

  7. Configure DHCP snooping and IPSG on access switches.

  8. Save the configuration.

Procedure

  1. Log in to a switch.

  2. Connect the switch to a PC.

    Connect the PC to any Ethernet interface (except the management
    interface) of the switch.

  3. Enter the initial configuration mode.

    Press and hold down the MODE button
    for 6 seconds or longer. When all indicators are steady green, the
    switch enters the initial configuration mode.

    In the initial
    configuration mode, the system sets the switch's IP address to
    192.168.1.253/24 and sets the level of the default user admin to 15 by default.

  4. Configure an IP address for the PC.

    To ensure that the switch and PC are reachable, configure
    an IP address that is on the same network segment as the switch's
    default IP address for the PC.

  5. Log in to the switch through the web system.

    Open a browser on the PC, enter https://192.168.1.253 in the address box, and press Enter. The web system login
    page is displayed.

    Enter the default
    user name admin and password admin@huawei.com, and select
    the system language. Click GO or press Enter. The web system configuration page is displayed.


LAN

Configure the switch.On the web configuration page, perform the following operations
in the Basic Setting area:

  • Set Management IP Address to 10.10.1.1 and Mask to 24(255.255.255.0).

  • Enter admin@huawei.com in the Old Password text box.

  • Enter a new password in WEB User Password and Confirm Password text boxes.

  • Select 15 from the WEB User Level drop-down list box.

 

ROU

Configure interfaces and VLANs on access switches (ACC1
is used as an example here, and the configuration on ACC2 is similar).Configure Eth-Trunk 1 that connects ACC1 to CORE to transparently
transmit packets from the VLAN of department A.

  1. Choose Configuration > Basic Services > Interface Settings, and click Connect to Switch in
    the Select Task area.

  2. Select GigabitEthernet0/0/1 and GigabitEthernet0/0/2 to be configured.

  3. Select Enable link aggregation in the Configure Interface area, and set parameters, 

  • Interface Status: ON

  • Eth-Trunk: 1

  • Eth-Trunk Mode: Static LACP

  • Allowed VLANs: 10

  • Default VLAN: 1

  • Auto VLAN Creation: ON

Click Apply. In the dialog box that is displayed,
click OK.

Configuring Eth-Trunk 1 that connects ACC1 to COR

Configure interfaces of ACC1 connected to users and add users
to a VLAN.

  1. Choose Configuration > Basic Services > Interface Settings, and click Connect to PC in the Select Task area.

  2. Select Ethernet0/0/2 and Ethernet0/0/3 to be configured.

  3. Set parameters in the Configure Interface area

  • Interface Status: ON

  • Default VLAN: 10

  • Port Isolation: OFF

  • Port Security: OFF

  • Loopback Detection: OFF

  • Trust Priority: None

813

Configure edge ports and the BPDU protection function.

  1. Choose Configuration > Advanced Services > STP > STP Summary. The STP Summary tab
    page is displayed.

  2. Enable BPDU protection in the STP
    Global Setting     area, 

813

Select Ethernet0/0/2 and Ethernet0/0/3 to be configured in the Interface Status area,
and click Enable Edge Port

814

Configure the interfaces and VLAN on the core switch.Configure downlink interfaces of the core switch. (The following
uses the configuration of Eth-Trunk 1 that connects CORE to ACC1 as
an example, and the configuration for connecting to ACC2 is similar.)

  1. Choose Configuration > Basic Services > Interface Settings > Service Interface Setting, and
    click Connect to Switch in the Select Task area.

  2. Select GigabitEthernet0/0/1 and GigabitEthernet0/0/2 to be configured.

  3. Select Enable link aggregation in the Configure Interface area, and set parameters,

  • Interface Status: ON

  • Eth-Trunk: 1

  • Eth-Trunk Mode: Static LACP

  • Allowed VLANs: 10

  • Default VLAN: 1

  • Auto VLAN Creation: ON

15

  1. Click Apply. In the dialog box that is displayed,
    click OK.

Configure VLANIF interfaces for departments A and B to communicate
with each other.

  1. Choose Configuration > Basic Services > VLAN to access the VLAN configuration page.

  2. Click 10 in the VLAN ID column. The Modify VLAN dialog box is displayed.

  3. Click Create VLANIF, set IPv4 address to 10.10.10.1, and set Mask to 24. Use the same method to configure VLANIF
    20,

816


please for more details follow the below link:

https://support.huawei.com/enterprise/en/doc/EDOC1000169679/9ecf2b10/example-for-configuring-a-small-sized-campus-network


View more
  • x
  • convention:

Recommended answer

(0) (0)
Chenxintao
Admin Created Oct 8, 2020 08:41:48

Hello, friend!


First, EPON is a terminal technology and is usually used for access networks.

Common access devices include the OLT, MDU, and ONT.

The router you are referring to should be an ONT.

To configure the internal network on the ONT, log in to the ONT web page, click the LAN tab, and enter the IP address and mask in the IP address configured on the host.


For more information, see the Enterprise Access Network Knowledge Sharing post.


Thanks




View more
  • x
  • convention:

Unicef
Unicef Created Oct 8, 2020 09:31:55 (0) (0)
Very good  
All Answers
(0) (0)
2#
Chenxintao
Chenxintao Admin Created Oct 8, 2020 08:29:01

Hello, friend!

Please kindly wait for a minute.

Our engineer is dealing with your question.
View more
  • x
  • convention:
(0) (0)
3#
Chenxintao
Chenxintao Admin Created Oct 8, 2020 08:31:03

Hi,

Can you give me the model of the equipment?

View more
  • x
  • convention:
(0) (0)
4#
Chenxintao
Chenxintao Admin Created Oct 8, 2020 08:41:48

Hello, friend!


First, EPON is a terminal technology and is usually used for access networks.

Common access devices include the OLT, MDU, and ONT.

The router you are referring to should be an ONT.

To configure the internal network on the ONT, log in to the ONT web page, click the LAN tab, and enter the IP address and mask in the IP address configured on the host.


For more information, see the Enterprise Access Network Knowledge Sharing post.


Thanks




View more
  • x
  • convention:

Unicef
Unicef Created Oct 8, 2020 09:31:55 (0) (0)
Very good  
(1) (0)
5#
E.DR_91
E.DR_91 MVE Author Created Oct 8, 2020 09:32:02

Networking Requirements

In an enterprise,
intranet users in departments A and B can communicate with each other
and access the Internet.

 on a small-sized campus network, S2700 and S3700 switches are typically
deployed as access switches (such as ACC1) at the access layer, S5700
and S6700 switches as core switches (such as CORE) at the core layer,
and AR routers as egress routers (such as Router).

The access
switches are connected to the core switch through Eth-Trunks to ensure
reliability.

A VLAN is assigned to each department and services
are transmitted between departments at Layer 3 through VLANIF interfaces
of the switch CORE.

The core switch functions as a DHCP server
to allocate IP addresses to users in the campus.

The DHCP snooping
function is configured on access switches to prevent intranet users
from connecting to unauthorized routers to obtain IP addresses. The
IPSG function is configured to prevent intranet users from changing
their IP addresses.


ROUT


Data Planning

Data plan

Operation

Item

Data

Description

Configuring the management IP address

IP address of the management interface

10.10.1.1/24

This IP address is used for users to log in to the switch
through the management interface.

Configuring interfaces and VLANs

Eth-Trunk working mode

Static Link Aggregation Control Protocol (LACP) mode

Eth-Trunks work in manual load balancing mode or static
LACP mode.

Interface type

Interfaces connected to switches are configured as trunk
interfaces and interfaces connected to PCs are configured as access
interfaces.

A trunk interface is typically used to connect to a switch.

An access interface is typically used to connect to a PC.

A hybrid interface can connect to either a switch or a PC.

VLAN ID

ACC1: VLAN 10

ACC2: VLAN 20

CORE: VLANs 100,
10, and 20

The default VLAN of a switch is VLAN 1.

To isolate
departments A and B at Layer 2, add department A to VLAN 10 and department
B to VLAN 20.

The switch CORE connects to the egress router
through VLANIF 100.

Configuring DHCP

DHCP server

CORE

The DHCP server is deployed on the core switch.

Address pool

VLAN 10: VLANIF 10

VLAN 20: VLANIF 20

Terminals in department A obtain IP addresses from the address
pool on VLANIF 10.

Terminals in department B obtain IP addresses
from the address pool on VLANIF 20.

Configuring routes on the core switch

IP routes

VLANIF 100: 10.10.100.1/24

VLANIF 10: 10.10.10.1/24

VLANIF 20: 10.10.20.1/24

The IP address of VLANIF 100 is used for the switch CORE
to connect to the egress router and for the internal network to communicate
with the Internet.

On the core switch, configure a default route
and set the next-hop IP address to the IP address of the egress router.

After the IP addresses of VLANIF 10 and VLANIF 20 are configured
on the switch CORE, departments A and B can communicate through the
switch.

Configuring the egress router

IP address of the public network interface

Ethernet0/0/1: 1.1.1.2/30

Ethernet0/0/1 connects the egress router to the Internet.

IP address of the public network gateway

1.1.1.1/30

It is the IP address of the carrier's device connected
to the egress router. On the egress router, configure a default route
to this IP address for forwarding network traffic to the Internet.

DNS server address

2.2.2.2

The DNS server resolves a domain name into an IP address.

IP address of an intranet interface

Ethernet0/0/2: 10.10.100.2/24

Ethernet0/0/2 connects the egress router to the intranet.

Configuring DHCP snooping and IPSG

Trusted port

Eth-Trunk 1

N/A

Configuration Roadmap

The configuration
roadmap is as follows:

  1. Log in to switches.

  2. Configure the interfaces and VLANs on access switches.

  3. Configure the interfaces and VLAN on the core switch.

  4. Configure the DHCP server on the core switch.

  5. Configure routes on the core switch.

  6. Configure the egress router.

  7. Configure DHCP snooping and IPSG on access switches.

  8. Save the configuration.

Procedure

  1. Log in to a switch.

  2. Connect the switch to a PC.

    Connect the PC to any Ethernet interface (except the management
    interface) of the switch.

  3. Enter the initial configuration mode.

    Press and hold down the MODE button
    for 6 seconds or longer. When all indicators are steady green, the
    switch enters the initial configuration mode.

    In the initial
    configuration mode, the system sets the switch's IP address to
    192.168.1.253/24 and sets the level of the default user admin to 15 by default.

  4. Configure an IP address for the PC.

    To ensure that the switch and PC are reachable, configure
    an IP address that is on the same network segment as the switch's
    default IP address for the PC.

  5. Log in to the switch through the web system.

    Open a browser on the PC, enter https://192.168.1.253 in the address box, and press Enter. The web system login
    page is displayed.

    Enter the default
    user name admin and password admin@huawei.com, and select
    the system language. Click GO or press Enter. The web system configuration page is displayed.


LAN

Configure the switch.On the web configuration page, perform the following operations
in the Basic Setting area:

  • Set Management IP Address to 10.10.1.1 and Mask to 24(255.255.255.0).

  • Enter admin@huawei.com in the Old Password text box.

  • Enter a new password in WEB User Password and Confirm Password text boxes.

  • Select 15 from the WEB User Level drop-down list box.

 

ROU

Configure interfaces and VLANs on access switches (ACC1
is used as an example here, and the configuration on ACC2 is similar).Configure Eth-Trunk 1 that connects ACC1 to CORE to transparently
transmit packets from the VLAN of department A.

  1. Choose Configuration > Basic Services > Interface Settings, and click Connect to Switch in
    the Select Task area.

  2. Select GigabitEthernet0/0/1 and GigabitEthernet0/0/2 to be configured.

  3. Select Enable link aggregation in the Configure Interface area, and set parameters, 

  • Interface Status: ON

  • Eth-Trunk: 1

  • Eth-Trunk Mode: Static LACP

  • Allowed VLANs: 10

  • Default VLAN: 1

  • Auto VLAN Creation: ON

Click Apply. In the dialog box that is displayed,
click OK.

Configuring Eth-Trunk 1 that connects ACC1 to COR

Configure interfaces of ACC1 connected to users and add users
to a VLAN.

  1. Choose Configuration > Basic Services > Interface Settings, and click Connect to PC in the Select Task area.

  2. Select Ethernet0/0/2 and Ethernet0/0/3 to be configured.

  3. Set parameters in the Configure Interface area

  • Interface Status: ON

  • Default VLAN: 10

  • Port Isolation: OFF

  • Port Security: OFF

  • Loopback Detection: OFF

  • Trust Priority: None

813

Configure edge ports and the BPDU protection function.

  1. Choose Configuration > Advanced Services > STP > STP Summary. The STP Summary tab
    page is displayed.

  2. Enable BPDU protection in the STP
    Global Setting     area, 

813

Select Ethernet0/0/2 and Ethernet0/0/3 to be configured in the Interface Status area,
and click Enable Edge Port

814

Configure the interfaces and VLAN on the core switch.Configure downlink interfaces of the core switch. (The following
uses the configuration of Eth-Trunk 1 that connects CORE to ACC1 as
an example, and the configuration for connecting to ACC2 is similar.)

  1. Choose Configuration > Basic Services > Interface Settings > Service Interface Setting, and
    click Connect to Switch in the Select Task area.

  2. Select GigabitEthernet0/0/1 and GigabitEthernet0/0/2 to be configured.

  3. Select Enable link aggregation in the Configure Interface area, and set parameters,

  • Interface Status: ON

  • Eth-Trunk: 1

  • Eth-Trunk Mode: Static LACP

  • Allowed VLANs: 10

  • Default VLAN: 1

  • Auto VLAN Creation: ON

15

  1. Click Apply. In the dialog box that is displayed,
    click OK.

Configure VLANIF interfaces for departments A and B to communicate
with each other.

  1. Choose Configuration > Basic Services > VLAN to access the VLAN configuration page.

  2. Click 10 in the VLAN ID column. The Modify VLAN dialog box is displayed.

  3. Click Create VLANIF, set IPv4 address to 10.10.10.1, and set Mask to 24. Use the same method to configure VLANIF
    20,

816


please for more details follow the below link:

https://support.huawei.com/enterprise/en/doc/EDOC1000169679/9ecf2b10/example-for-configuring-a-small-sized-campus-network


View more
  • x
  • convention:
(0) (0)
6#
Peterhof
Peterhof Author Created Oct 8, 2020 14:35:39

Hello, @Berakia!
The configuration method was explained at the top. I just give you some more information about IP addresses that you got.
Internet providers have a pools of the IP addresses. When you buy a IP you can get one IP address or several IP addresses. If you buy one address - everything is easy but if you buy several addresses then internet provider will give subpool of its own IP addresses pool. And that is what you got. 196.188.46.33 - 196.188.46.38 are the pool of your addresses. Usually one of them is reserved for the providers router but in your case you don't need it, so you get all the addresses to use by yorself.

View more
  • x
  • convention:
Back to list

Comment

Advanced
B Color Image Link Quote Code Smilies
You need to log in to comment to the post Login | Register
Comment

Notice: To protect the legitimate rights and interests of you, the community, and third parties, do not release content that may bring legal risks to all parties, including but are not limited to the following:
  • Politically sensitive content
  • Content concerning pornography, gambling, and drug abuse
  • Content that may disclose or infringe upon others ' commercial secrets, intellectual properties, including trade marks, copyrights, and patents, and personal privacy
Do not share your account and password with others. All operations performed using your account will be regarded as your own actions and all consequences arising therefrom will be borne by you. For details, see " User Agreement."

My Followers

Login and enjoy all the member benefits

Login
Huawei Website Support About Huawei Privacy User Agreement Terms of Use Cookies Cookie Settings
Huawei Enterprise Huawei Carrier Forum Training & Certification

Contact Us: e_online@huawei.com Copyright © 2022 Huawei Technologies Co., Ltd. All rights reserved.

APP

Block
Are you sure to block this user?
Users on your blacklist cannot comment on your post,cannot mention you, cannot send you private messages.
Reminder
Please bind your phone number to obtain invitation bonus.