For example, take the switch Huawei Quidway S3928P-EI, the settings are essentially suitable for the entire Huawei Quidway S3900 series, but may differ slightly depending on the firmware version. If something fails to register, then you can see the options for the teams by typing a question mark after a space after any command.
At me at switching-on of the switch, through the console the following characteristics were displayed:
Creation date: Aug 25 2006 CPU type: BCM4704 CPU Clock Speed: 200MHz BUS Clock Speed: 33MHz Memory Size: 64MB
Let’s see the current configuration with the command:
display current-configuration
To enter the configuration mode, type:
system-view
If desired, we specify the name of the switch:
sysname NAME
Let’s add vlan for management:
vlan 207 description Management quit management-vlan 207
Add vlan for users:
vlan 226 description Users quit
Let’s add an interface in a managed vlan:
interface Vlan-interface 207 ip address 192.168.1.2 255.255.255.0 quit
Add a default route:
ip route 0.0.0.0 0.0.0.0 192.168.1.1
Let’s configure the first SFP port as UPLINK:
interface GigabitEthernet 1/1/1 port link-type trunk port trunk permit vlan 207 226 quit
Activate the loop protection function:
loopback-detect enable loopback-detection interval-time 300
We will configure the ports for the users, specify the necessary vlan and port type, configure loopback-detect protection, limit the broadcast traffic to 30 pps:
interface Ethernet 1/0/1 port link-type access port access vlan 226 loopback-detect enable loopback-detection shutdown enable broadcast-suppression pps 30 interface Ethernet 1/0/2 port link-type access port access vlan 226 loopback-detect enable loopback-detection shutdown enable broadcast-suppression pps 30 interface Ethernet 1/0/3 port link-type access port access vlan 226 loopback-detect enable loopback-detection shutdown enable broadcast-suppression pps 30 interface Ethernet 1/0/4 port link-type access port access vlan 226 loopback-detect enable loopback-detection shutdown enable broadcast-suppression pps 30 interface Ethernet 1/0/5 port link-type access port access vlan 226 loopback-detect enable loopback-detection shutdown enable broadcast-suppression pps 30 interface Ethernet 1/0/6 port link-type access port access vlan 226 loopback-detect enable loopback-detection shutdown enable broadcast-suppression pps 30 interface Ethernet 1/0/7 port link-type access port access vlan 226 loopback-detect enable loopback-detection shutdown enable broadcast-suppression pps 30 interface Ethernet 1/0/8 port link-type access port access vlan 226 loopback-detect enable loopback-detection shutdown enable broadcast-suppression pps 30 interface Ethernet 1/0/9 port link-type access port access vlan 226 loopback-detect enable loopback-detection shutdown enable broadcast-suppression pps 30 interface Ethernet 1/0/10 port link-type access port access vlan 226 loopback-detect enable loopback-detection shutdown enable broadcast-suppression pps 30 interface Ethernet 1/0/11 port link-type access port access vlan 226 loopback-detect enable loopback-detection shutdown enable broadcast-suppression pps 30 interface Ethernet 1/0/12 port link-type access port access vlan 226 loopback-detect enable loopback-detection shutdown enable broadcast-suppression pps 30 interface Ethernet 1/0/13 port link-type access port access vlan 226 loopback-detect enable loopback-detection shutdown enable broadcast-suppression pps 30 interface Ethernet 1/0/14 port link-type access port access vlan 226 loopback-detect enable loopback-detection shutdown enable broadcast-suppression pps 30 interface Ethernet 1/0/15 port link-type access port access vlan 226 loopback-detect enable loopback-detection shutdown enable broadcast-suppression pps 30 interface Ethernet 1/0/16 port link-type access port access vlan 226 loopback-detect enable loopback-detection shutdown enable broadcast-suppression pps 30 interface Ethernet 1/0/17 port link-type access port access vlan 226 loopback-detect enable loopback-detection shutdown enable broadcast-suppression pps 30 interface Ethernet 1/0/18 port link-type access port access vlan 226 loopback-detect enable loopback-detection shutdown enable broadcast-suppression pps 30 interface Ethernet 1/0/19 port link-type access port access vlan 226 loopback-detect enable loopback-detection shutdown enable broadcast-suppression pps 30 interface Ethernet 1/0/20 port link-type access port access vlan 226 loopback-detect enable loopback-detection shutdown enable broadcast-suppression pps 30 interface Ethernet 1/0/21 port link-type access port access vlan 226 loopback-detect enable loopback-detection shutdown enable broadcast-suppression pps 30 interface Ethernet 1/0/22 port link-type access port access vlan 226 loopback-detect enable loopback-detection shutdown enable broadcast-suppression pps 30 interface Ethernet 1/0/23 port link-type access port access vlan 226 loopback-detect enable loopback-detection shutdown enable broadcast-suppression pps 30 interface Ethernet 1/0/24 port link-type access port access vlan 226 loopback-detect enable loopback-detection shutdown enable broadcast-suppression pps 30 quit
Also, configure the remaining Gigabit ports for clients:
interface GigabitEthernet 1/1/2 port link-type access port access vlan 226 loopback-detect enable loopback-detection shutdown enable broadcast-suppression pps 50 interface GigabitEthernet 1/1/3 port link-type access port access vlan 226 loopback-detect enable loopback-detection shutdown enable broadcast-suppression pps 50 interface GigabitEthernet 1/1/4 port link-type access port access vlan 226 loopback-detect enable loopback-detection shutdown enable broadcast-suppression pps 50 quit
Add administrator password:
user-interface vty 0 4 authentication-mode password set authentication password cipher PASSWORD user privilege level 3 quit
Let’s specify the NTP server for time synchronization:
ntp-service unicast-server 192.168.1.1 source-interface Vlan-interface 207
Set up SNMP (for example, public with read access):
snmp-agent snmp-agent sys-info version v2c snmp community read public
When all configured to go into the initial mode, save the configuration and specify that it is bootable:
quit save config.cfg startup saved-configuration config.cfg
Let’s restart the switch:
reboot
To view the MAC address table, use the command:
display mac-address
See also my articles:
Port isolation on Huawei switches
Blocking third-party DHCP servers on the Huawei Quidway S2300