Whether to enable STP if an AR router is used as a user access device

11

If an AR is used as a user access device (the WAN interface of the router is connected to the Internet, and the LAN interface is connected to an intranet), you are advised to disable STP to avoid network flapping due to STP convergence.

Other related questions:
STP enabling/disabling method on an AR router
By default, STP is enabled on an AR router globally and on Layer 2 interface. Run the stp enable command in the system or interface view to enable STP globally or on Layer 2 interface. Run the stp disable command in the system or interface view to disable STP globally or on Layer 2 interface.

Configure NAT on the AR router to enable external users to access the internal server
The NAT server can be configured on a Huawei AR router to enable external users to access internal servers. A company's network provides the web server for external users. The web server uses internal IP address 192.168.20.2/24 and port 8080. The web server's IP address advertised to external users is 202.169.10.5/24, and external users are on the network segment 202.169.10.2/24. The configuration details are as follows: 1. Assign IP addresses to interfaces on the router. [Huawei] vlan 100 [Huawei-vlan100] quit [Huawei] interface vlanif 100 [Huawei-Vlanif100] ip address 192.168.20.1 24 [Huawei-Vlanif100] quit [Huawei] interface ethernet 2/0/0 [Huawei-Ethernet2/0/0] port link-type access [Huawei-Ethernet2/0/0] port default vlan 100 [Huawei-Ethernet2/0/0] quit [Huawei] interface gigabitethernet 3/0/0 [Huawei-GigabitEthernet3/0/0] ip address 202.169.10.1 24 [Huawei-GigabitEthernet3/0/0] quit 2. Configure a default route on the router and specify the next hop address as 202.169.10.2 [Huawei] ip route-static 0.0.0.0 0.0.0.0 202.169.10.2 3. Configure the NAT server on Gigabitethernet 3/0/0 of the router to allow external users to access internal servers. [Huawei] interface gigabitethernet 3/0/0 [Huawei-GigabitEthernet3/0/0] nat server protocol tcp global 202.169.10.5 www inside 192.168.20.2 8080 [Huawei-GigabitEthernet3/0/0] quit

Configure VRRP on an AR router and connect the router to a firewall for external network access
The roadmap of configuring VRRP on an AR router and connecting the router to a firewall for external network access is as follows: 1. Configure VRRP on an AR router to implement two-node backup, and configure a virtual IP address. 2. Add the Layer 2 interface of a firewall on the intranet side to the same VLAN, and configure a VLANIF address. 3. Add the physical interface and VLANIF interface of the firewall to a security zone, and configure an inter-zone policy. 4. Configure the next hop for the route from the firewall to the intranet as a VRRP virtual IP address so that a normal link can be switched over to if an active link is interrupted. For details about the configuration, see the URL: Example for Connecting the AR to the Firewall Through VRRP.

How to enable the web function on an AR router
The methods of enabling the web function on an AR router are as follows: Method 1: Default web login 1. Connect a PC to the router over the management interface through a network cable. 2. Configure an IP address for the PC. Configurable network segment: 192.168.1.2~192.168.1.254. 3. Open a browser, enter the URL "https://192.168.1.1" in the address bar, and click Enter to enter the user login page. 4. Enter login information. 5. Configure the router through the web NMS page. Note: If you cannot enter the web NMS page, the software version you use does not support the default web login method. Please try the following method: Method 2: Non-default web login 1. Connect a PC to the router over the CON/AUX interface through a console configuration cable. 2. Enable the terminal emulation software on the PC, create a connection, and set an interface for the connection and other communication parameters. 3. Press Enter until the following information is displayed to remind users of configuring a verification code. 4. Connect a PC to the router over the management interface through a network cable. 5. Configure an IP address for the router for management. 6. Enable the web service. 7. Configure an HTTPS user and a user level. 8. Configure an IP address for the PC. 9. Open a browser, enter the URL "https://192.168.1.1" in the address bar, and click Enter to enter the user login page. 10. Configure the router through the web NMS page.

When an AR router is used as the PPPoE client, the Internet access rate of the LAN users connected to the device is low
In the dialer interface view, run the tcp adjust -mss value command to set the maximum TCP segment size of the interface. In scenarios of PPPoE application, it is recommended that the value used in the tcp adjust -mss command should be 1200. The maximum transmission unit (MTU) of the PPPoE interface is 1492 bytes. If the packets which are forwarded in Layer 2 and transmitted upward through the interface are larger than the MTU size and cannot be fragmented as configured, the packets cannot be sent, which results in the low Internet access rate of users. In this case, you can run the tcp adjust -mss command in the dialer interface view to modify the maximum segment size (MSS) value determined in the TCP negotiation phase, ensuring that the packet size is smaller than the MTU size of the dialer interface so that the packets can be processed properly and improving the Internet access rate.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top