Skip to main content

Huawei Switch Configuration Commands

Here are some Huawei switch configuration command and verification command is here.


1. Enter int to the privilege mode
<sw1>system view

2. Create the VLAN
[sw1]vlan 30
[sw1]des fiber

3. Configure interface trunk
[sw1]interface GigabitEthernet 0/0/1
[sw1-GigabitEthernet0/0/1]port link-type trunk

4. Configure interface access
[sw1-GigabitEthernet0/0/3]port link-type access
[sw1-GigabitEthernet0/0/4]port link-type access

5. Assign vlan to that port
[sw1]vlan 30
[sw1-vlan30]port GigabitEthernet 0/0/3
[sw1]vlan 30
[sw1-vlan30]port GigabitEthernet 0/0/4

6. Change port speed and duplex
[sw1]interface GigabitEthernet 0/0/3
[sw1-GigabitEthernet0/0/3]undo negotiation auto
[sw1-GigabitEthernet0/0/3]speed ?
  10                10M port speed mode
  100               100M port speed mode
  1000              1000M port speed mode
  auto-negotiation  Auto negotiation
[sw1-GigabitEthernet0/0/3]speed 100
[sw1]int gi0/0/4
[sw1-GigabitEthernet0/0/4]undo negotiation auto
[sw1-GigabitEthernet0/0/4]speed 100

[sw1-GigabitEthernet0/0/4]duplex ?
  full  Full-Duplex mode
  half  Half-Duplex mode
[sw1-GigabitEthernet0/0/4]duplex full


7. Configure VLAN and add VLAN in trunk port
[sw1-GigabitEthernet0/0/1]port trunk allow-pass vlan 301 302
Info: This operation may take a few seconds. Please wait for a moment...done.

8. MST Configuration

[sw1]stp region-configuration
Info: Please activate the stp region-configuration after it is modified.
[sw1-mst-region]region-name JP
[sw1-mst-region]instance 1 vlan instance 1 vlan 10 20 30 to 50 600 to 616
[sw1-mst-region]instance 0 vlan 302

9. Create management interface
[sw1]interface Vlanif 25
Error: Can not create this interface because the interface number of this type has reached its maximum.
[sw1]undo interface Vlanif 1
[sw1-Vlanif25]ip add 10.10.10.11 255.255.255.0
[sw1-Vlanif25]ip route-static 0.0.0.0 0.0.0.0 129.102.0.2


10. Configure SSH

[sw1]rsa local-key-pair create
The key name will be: sw1_Host
The range of public key size is (512 ~ 2048).
NOTES: If the key modulus is greater than 512,
       it will take a few minutes.
Input the bits in the modulus[default = 2048]:1024
Generating keys...
.....++++++
..........++++++
.................+++++
...+++++

11. Create local user
[sw1]aaa
[sw1-aaa]local-user jpudasaini password ?
  cipher               User password with cipher text
  irreversible-cipher  User password with irreversible-cipher text
  <cr>

[sw1-aaa]local-user jpudasaini password
Please configure the login password (8-16)
It is recommended that the password consist of at least 2 types of characters, including lowercase letters, uppercase letters, numerals and special characters.
Please enter password:
Please confirm password:
Info: Add a new user.

[sw1-aaa]local-user jpudasaini service-type ssh telnet

12. Configure telnet session
[sw1]stelnet server enable
[sw1]ssh authentication-type default password
[sw1]ssh user jpudasaini
[sw1]ssh user jpudasaini authentication-type password
[sw1]ssh user jpudasaini service-type stelnet


[sw1]user-interface vty 0 4
[sw1-ui-vty0-4]authentication-mode aaa
[sw1-ui-vty0-4]protocol inbound ssh



[sw1-aaa]local-user jpudasaini privilege level 15
[sw1-aaa]local-user jpudasaini service-type ssh
[sw1]ssh authentication-type default password

13. DHCP Snooping enable
[huawei-sw1]dhcp enable
[huawei-sw1]dhcp snooping enable ipv4
[huawei-sw1]dhcp server detect

[huawei-sw1]dhcp snooping check dhcp-rate enable
<huawei-sw1>display dhcp snooping
[huawei-sw1]dhcp snooping check dhcp-rate 50

14. Apply to VLAN
[huawei-sw1]vlan 301
[huawei-sw1-vlan301]dhcp snooping enable

15. Apply to Interface
[huawei-sw1-GigabitEthernet0/0/3]dhcp snooping enable
[huawei-sw1-GigabitEthernet0/0/3]dhcp snooping check dhcp-rate enable


16. Apply to Trunk port
[huawei-sw1-GigabitEthernet0/0/4]dhcp snooping trusted


17. Verify Command
[huawei-sw1]display dhcp snooping configuration    
#
dhcp snooping enable
dhcp snooping check dhcp-rate enable
dhcp snooping check dhcp-rate 50
dhcp server detect
#
vlan 301
 dhcp snooping enable
#
interface GigabitEthernet0/0/3
 dhcp snooping enable
 dhcp snooping check dhcp-rate enable
#
interface GigabitEthernet0/0/4
 dhcp snooping trusted

Comments

  1. May u know cisco port fast equivalent command for huawei

    ReplyDelete
    Replies
    1. [sw1]int gi0/0/4
      [sw1-GigabitEthernet0/0/4]stp edged-port enable

      Delete
  2. This comment has been removed by the author.

    ReplyDelete

Post a Comment

Popular posts from this blog

Unable to open kernel device . global vmx86 windows 7

Suddenly I encounter a weird problem with VMware 9 version. I install different OS for my education and testing purposed. Like MAC os, Ubuntu, CentOS, BT, WinXP, Win-server 2003. When I tried to run one of this OS a error message appear. unable to open kernel device "\\.Global\vmx86": The system cannot find the file specified. Did you reboot after installing VMware Workstation? Failed to initialize monitor device. Click ok you can see this window After googling I found one solution in developer forum but thread starter never use that method. So I tried it and here is my finding. Go to the directory of vmware installed  (In my case I run it as Administrator) C:\Program Files (x86)\VMware\VMware Workstation>   ( I've 32-bit apps on 64-bit OS, your may be different) Run this command vnetlib -- uninstall vmx86  reboot Go to the same directory and check net start command - this time it should say "service name  is invalid&quo

Simple Failover Mikrotik

Simple fail-over Mikrotik router configuration. Most of the user wants backup link (Fiber link with Wireless backup), in case fiber down wireless link auto up. No downtime for the user. Here is simple setting on Mikrotik for fail-over. I'm very great full to Anton to point out the mistake in src-address. It has been corrected now. ****default routes for new outgoing traffic.**** /ip route add dst-address=0.0.0.0/0 gateway=ISP-GW-ADDR-1 distance=1 check-gateway=ping add dst-address=0.0.0.0/0 gateway=ISP-GW-ADDR-2 distance=2 ++masquerade both WAN connections++ /ip firewall nat add chain=srcnat src-address=192.168.0.0/24 out-interface=WAN-1 action=masquerade add chain=srcnat src-address=192.168.0.0/24 out-interface=WAN-2 action=masquerade Thats it.

Mikrotik SXT 5nD r2 setup in bridge mode

How to connect two Mikrotik RouterBoard SXT 5nD r2 devices together in Bridge Mode Upgrading you SXT's to the Latest version of RouterOS Doing a Bandwidth Test between two RouterBoard SXT-5nD's Mikrotik routerboard default IP is 192.168.88.1 You can connect with routerboard by WinBox through IP and MAC address. You need to download WinBox from mikrotik website. By default routerboard have Admin as username and blank password. If you want to connect with device through IP then don't forget to add same network address into your pc NIC, otherwise connection isn't established. Else you can connect through MAC so choose MAC address from Elipsis next to " connect " field. When you login, "RouterOS Default configuration" screen is popup. click okay. Do same for other device to login to routerOS If you followed the process then you already open both device. Now you can set a HostName for those devices. Click on the system button o