0% found this document useful (0 votes)

60 views185 pages

01-04 Typical Device Management Configuration

The document discusses typical stack configurations for fixed switches: 1) Stacks are commonly deployed at aggregation and access layers, combining multiple switches into one logical switch. 2) Recommended scenarios include stacks of aggregation switches connecting to core devices, and stacks of access switches connecting to aggregation devices. 3) Stack topologies can be chains or rings; rings provide higher reliability but chains support longer distances between devices.

Uploaded by

Barrymuyinda_2

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

60 views185 pages

01-04 Typical Device Management Configuration

Uploaded by

Barrymuyinda_2

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

You are on page 1/ 185

Sx300 Series Switches

Typical Configuration Examples 4 Typical Device Management Configuration

4 Typical Device Management

Configuration

4.1 Typical Stack Configuration of Fixed Switches

4.2 Typical CSS Configuration of Modular Switches
4.3 Typical SVF Configuration

4.1 Typical Stack Configuration of Fixed Switches

4.1.1 Overview of Stack

Fixed switches are often deployed at the aggregation layer and access layer. Unlike
modular switches, fixed switches have a fixed number of ports and cannot add
LPUs to expand the number of ports. When the network expands continuously, the
number of ports provided by a single fixed switch may be insufficient to meet
network requirements. Stack technology uses physical member ports and stack
cables to combine multiple stacking-capable switches into one logical switch. You
can set up a stack to improve network scalability and device reliability.

4.1.2 Stack Deployment Method and Recommendations

4.1.2.1 Recommended Stack Deployment Scenarios

Scenario 1: The Stack System Operates on Aggregation Switches

This is the most common scenario when aggregation switches set up a stack
system, as shown in Figure 4-1.
The following switch models can set up a stack system in this scenario: S6300-EI,
S6320-HI, S6330-H, S5300-HI, S5310-EI, S5300-EI, S5300-SI, S5320-EI, S5320-HI,
S5330-HI, S5331-H, S5332-H, S6320-EI.
In this scenario, each switch in a stack connects to a core device through Eth-
Trunk. The stack system simplifies management of aggregation devices and
improves uplink reliability of aggregation devices.

Issue 38 (2023-11-30) Copyright © Huawei Technologies Co., Ltd. 147

Sx300 Series Switches
Typical Configuration Examples 4 Typical Device Management Configuration

Figure 4-1 Stack system operating on aggregation switches

Scenario 2: The Stack System Operates on Access Switches

This is the most common scenario when Layer 2 access switches set up a stack
system, as shown in Figure 4-2.
The following switch models can set up a stack system in this scenario: S2320-EI,
S2350-EI, S5300-LI, S5320-LI, S5335-L, S5300-EI, S5300-SI, S5320-SI, S5331-S,
S5335-S, S5330-SI, S6320-SI.
In this scenario, each switch in a stack connects to an aggregation device through
Eth-Trunk. The stack system simplifies management and improves uplink reliability
of access devices.

Issue 38 (2023-11-30) Copyright © Huawei Technologies Co., Ltd. 148

Sx300 Series Switches
Typical Configuration Examples 4 Typical Device Management Configuration

Figure 4-2 Stack system operating on access switches

Scenario 3: The Stack System Operates on an Access Ring

This scenario rarely occurs. Figure 4-3 shows the networking of this scenario.
The following switch models can set up a stack system in this scenario: S2320-EI,
S2350-EI, S5300-LI, S5320-LI, S5335-L, S5300-EI, S5300-SI, S5320-SI, S5331-S,
S5335-S, S5330-SI, S6320-SI.
In this scenario, multiple stack systems form a ring through Eth-Trunk, and one
stack system connects to aggregation switches through Eth-Trunk. This scenario
reduces the number of management IP addresses of access devices.

Issue 38 (2023-11-30) Copyright © Huawei Technologies Co., Ltd. 149

Sx300 Series Switches
Typical Configuration Examples 4 Typical Device Management Configuration

Figure 4-3 Stack system operating on an access ring

Recommendations
NOTE

The following recommendations are provided based on the positioning of fixed switch models. If
customers have special requirements, it is recommended to deploy high-end devices at a lower
network layer; it is not recommended to deploy low-end devices at a higher network layer. For
example, it is recommended to deploy aggregation switches at the access layer rather than to
deploy access switches at the aggregation layer.
To ensure stack reliability and bandwidth, you are advised to do as follows:
● Ensure that each member device connects to the core device through an uplink port. This
connection prevents upstream traffic forwarding from being affected when any member
device fails.
● When using multiple devices to set up a stack, ensure the same stack bandwidth between
any two devices. Otherwise, the bandwidth of the stack system is the minimum stack
bandwidth.

Table 4-1 Scenario recommendations

Model Scenario 1 Scenario 2 Scenario 3

S5300-HI, S5310- First preferred Second preferred Not

EI, S6300-EI recommended

Issue 38 (2023-11-30) Copyright © Huawei Technologies Co., Ltd. 150

Sx300 Series Switches
Typical Configuration Examples 4 Typical Device Management Configuration

Model Scenario 1 Scenario 2 Scenario 3

S5320-EI, S5320- First preferred Second preferred Second preferred

HI, S5330-HI,
S5331-H, S5332-
H, S6320-EI,
S6320-HI, S6330-
H

S5300-EI, S5300- First preferred First preferred Second preferred

S5320-SI, S5331- Second preferred First preferred First preferred

S, S5335-S

S2320-EI, S2350- Not First preferred Second preferred

EI, S5300-LI, recommended
S5320-LI, S5335-
L, S5330-SI,
S6320-SI

4.1.2.2 Determining the Stack Topology

Networking for a Stack of More Than Two Member Devices

A stack can be connected in a chain or ring topology depending on the stack
connection mode, as shown in Figure 4-4. Table 4-2 compares the two stack
topologies in terms of reliability, link bandwidth utilization, and convenience of
cable connections.

Figure 4-4 Stack topologies

Issue 38 (2023-11-30) Copyright © Huawei Technologies Co., Ltd. 151

Sx300 Series Switches
Typical Configuration Examples 4 Typical Device Management Configuration

Table 4-2 Comparison between stack topologies

Stack Topology Advantages Disadvantages Applicable
Scenario

Chain topology Applicable to ● Low reliability: Member devices

long-distance If any stack are far from one
stacking because link fails, the another and a
the first and last stack splits. ring topology is
member switches ● Low stack link difficult to deploy.
do not need to be utilization: The
connected by a entire stack
physical link. relies on a
single path.

Ring topology ● High reliability: The first and last Member switches
If a stack link member switches are located near
fails, the need to be one another.
topology connected by a
changes from physical link, so
ring to chain, this topology is
and the stack not applicable to
can still long-distance
function stacking.
normally.
● High link
bandwidth
efficiency: Data
can be
forwarded
along the
shortest path.

Networking for a Stack of Two Member Devices

● Two devices can set up a stack in a chain topology, as shown in Figure 4-5. In
this topology, only one logical stack port exists between the two devices and
no loop exists in the stack.

Figure 4-5 Only one logical stack port between two member devices

● Two devices can set up a stack with back-to-back networking, as shown in

Figure 4-6. In this networking, two logical stack ports exist between the two
devices, and one loop exists in the stack, which will be automatically
eliminated by the system.

Issue 38 (2023-11-30) Copyright © Huawei Technologies Co., Ltd. 152

Sx300 Series Switches
Typical Configuration Examples 4 Typical Device Management Configuration

Figure 4-6 Two logical stack ports between two member devices

When using two devices to set up a stack, you are advised to do as follows:
● If the devices provide no more than 28 ports, use the networking with only
one logical stack port. Otherwise, use the back-to-back networking.
● If more member devices need to be added to the stack in the future, use the
back-to-back networking, which will require minimum modification to the
existing system.
● Connect at least two stack cables between the two devices to ensure
reliability.

4.1.2.3 Stack Configuration and Deployment Recommendations

Feature Limitations
Version restrictions:
● When multiple switches set up a stack, member switches will synchronize the
running version of the master switch. If a member switch does not support
this running version, it will restart repeatedly.
● In V200R009C00, if MPLS-incapable S5320-EIs exist in a stack, this stack
cannot have MPLS enabled. If member devices in a stack are running MPLS
services, adding MPLS-incapable S5320-EIs to the stack is not allowed.
● When two stack member devices use ports on S7Q02001 and ES5D21Q02Q00
cards, respectively, to set up a stack, ensure that the device versions are the
same. Otherwise, the stack ports cannot go Up.

MAD specifications:
● You can configure a maximum of eight direct detection links for each member
switch in a stack.
● You can configure the relay mode on a maximum of four Eth-Trunks in a
stack.
● In V200R008C00 and earlier versions, you can configure a maximum of 64
Eth-Trunks on a relay agent to provide the relay function for multiple stacks.
This restriction does not apply to versions later than V200R008C00.

After multiple switches form a stack, the following features cannot be

configured in the stack:

● Y.1731 one- and two-way frame delay measurement

● N:1 VLAN Mapping
● IPv6 over IPv4 tunnel
● IPv4 over IPv6 tunnel
● E-Trunk

Issue 38 (2023-11-30) Copyright © Huawei Technologies Co., Ltd. 153

Sx300 Series Switches
Typical Configuration Examples 4 Typical Device Management Configuration

Deployment Recommendations
● Connect a stack to other network devices using an Eth-Trunk and add one
port of each member switch to the Eth-Trunk.
● When a stack connects to access devices, configure ports directly connected to
terminals as STP edge ports to prevent STP re-calculation when the ports
alternate between Up and Down states. This configuration ensures normal
traffic forwarding.
● If storm control needs to be configured on many ports, replace storm control
with traffic suppression to save CPU resources.
● If port security needs to be configured on many ports, replace port security
with MAC address learning limiting to save CPU resources.
● Loops may occur on a network to which a stack connects. Run the mac-
address flapping action error-down command to set an interface to the
error-down state when MAC address flapping is detected on the interface.
This improves system processing performance and allows the peer device to
detect that the interface becomes Down. Additionally, if the peer device has
redundant links, traffic can be rapidly switched to a normal link.

4.1.3 Example for Setting Up a Stack Using Stack Cards

(V200R001 and Later Versions)
Networking Requirements
A new enterprise network needs to provide sufficient ports for access devices, and
the network structure should be simple to facilitate configuration and
management.
As shown in Figure 4-7, SwitchA, SwitchB, and SwitchC need to set up a stack in a
ring topology and connect to SwitchD through an inter-device Eth-Trunk. SwitchA,
SwitchB, and SwitchC are the master, standby, and slave switches respectively, with
stack IDs of 0, 1, and 2 and stack priorities of 200, 100, and 100. As the three
switches function as one logical device on the network, the number of ports is
increased and network management and maintenance are simplified.
In this example, S5300-EIs set up a stack.

Issue 38 (2023-11-30) Copyright © Huawei Technologies Co., Ltd. 154

Sx300 Series Switches
Typical Configuration Examples 4 Typical Device Management Configuration

Figure 4-7 Stack networking

Configuration Roadmap
1. Power off SwitchA, SwitchB, and SwitchC, install an ES5D00ETPC00 stack card
on each switch, and then power on the three switches.
NOTE

● The ES5D00ETPC00 stack card does not support hot swap. You need to power off a
switch before installing the stack card on the switch.
● You can perform software configurations only after installing a stack card on the
switch.
2. Enable the stacking function.
3. Configure stack IDs and stack priorities for member switches to facilitate
device management and identification.
4. Power off SwitchA, SwitchB, and SwitchC, connect physical member ports
using PCIe cables, and then power on the three switches.
5. Configure an inter-device Eth-Trunk to increase reliability and uplink
bandwidth.
6. Configure multi-active detection (MAD) in relay mode to ensure network
availability when the stack splits. The stack split detection mechanism is
called dual-active detection (DAD) in V200R002 and earlier versions and MAD
in later versions.

Issue 38 (2023-11-30) Copyright © Huawei Technologies Co., Ltd. 155

Sx300 Series Switches
Typical Configuration Examples 4 Typical Device Management Configuration

Procedure
Step 1 Turn off power supplies of SwitchA, SwitchB, and SwitchC, install an
ES5D00ETPC00 stack card on each switch, and then power on the three switches.

Step 2 Enable the stacking function. This function is enabled by default.

Step 3 Configure stack IDs and stack priorities. The default stack ID is 0, and the default
stack priority is 100.
[SwitchA] stack slot 0 priority 200 //Set the stack priority of the master switch to 200, which is larger
than those of other member switches, and use the default stack ID 0.
[SwitchB] stack slot 0 renumber 1 //Use the default stack priority 100 and set the stack ID to 1.
[SwitchC] stack slot 0 renumber 2 //Use the default stack priority 100 and set the stack ID to 2.

Step 4 Turn off power supplies of SwitchA, SwitchB, and SwitchC, connect physical
member ports using PCIe cables as shown in Figure 4-8, and then power on the
three switches.
NOTE

● Run the save command to save the configurations before you power off the switches.
● STACK 1 port of one switch must be connected to STACK 2 port of another switch.
Otherwise, the stack cannot be set up.
● To ensure that a stack can be set up successfully, you are advised to perform operations
in the following sequence. First, power on the switch that you want to specify as the
master switch. In this example, SwitchA becomes the master switch after you complete
the following operations.
1. Power off SwitchA, SwitchB, and SwitchC.
2. Connect SwitchA and SwitchB with a stack cable.
3. Power on and start SwitchA and then power on SwitchB.
4. Check whether SwitchA and SwitchB set up a stack successfully. For details, see step
5.
5. Connect SwitchC to SwitchB and SwitchA using stack cables and then power on
SwitchC.
6. Check whether SwitchA, SwitchB, and SwitchC set up a stack successfully. For details,
see step 5.

Figure 4-8 Stack connection

Issue 38 (2023-11-30) Copyright © Huawei Technologies Co., Ltd. 156

Sx300 Series Switches
Typical Configuration Examples 4 Typical Device Management Configuration

Step 5 Check whether a stack is set up successfully.

# Check the stack indicator status.

Press the MODE button on any member switch to change the mode status
indicator to the stack mode.

● If the mode status indicators on all the member switches change to the stack
mode, the stack is set up successfully.
● If the mode status indicator on any member switch does not change to the
stack mode, the stack is not set up.
NOTE

● The S5300-EI and S5300-SI use the same mode status indicator to show the stack and speed
modes. After you press the MODE button, the indicator is steady red and off after 45
seconds, indicating that the switch enters the stack mode.
● The S5320-EI has an independent stack mode indicator (STCK indicator). After you press the
MODE button, the indicator is steady green or blinking and off after 45 seconds, indicating
that the switch enters the stack mode.

# Check basic stack information.

Log in to the stack to check whether the number of member switches in the stack
is the same as the actual value and whether the stack topology is the same as the
actual hardware connection.
<SwitchA> system-view
[SwitchA] sysname Stack
[Stack] display stack
Stack mode: Card
Stack topology type: Ring
Stack system MAC: xxxx-xxxx-xxx5
MAC switch delay time: 10 min
Stack reserved vlan : 4093
Slot of the active management port: 0
Slot Role Mac address Priority Device type
-------------------------------------------------------------
0 Master xxxx-xxxx-xxx5 200 S5328C-EI
1 Standby xxxx-xxxx-xxx1 100 S5328C-EI
2 Slave xxxx-xxxx-xxx2 100 S5328C-EI

Step 6 Configure an inter-device Eth-Trunk.

# Create an Eth-Trunk in the stack and configure uplink physical ports as Eth-
Trunk member ports.
[Stack] interface eth-trunk 10
[Stack-Eth-Trunk10] trunkport gigabitethernet 0/0/5
[Stack-Eth-Trunk10] trunkport gigabitethernet 1/0/5
[Stack-Eth-Trunk10] trunkport gigabitethernet 2/0/5
[Stack-Eth-Trunk10] quit

# Create an Eth-Trunk on SwitchD and configure the ports connected to the stack
as Eth-Trunk member ports.
<Quidway> system-view
[Quidway] sysname SwitchD
[SwitchD] interface eth-trunk 10
[SwitchD-Eth-Trunk10] trunkport gigabitethernet 0/0/1
[SwitchD-Eth-Trunk10] trunkport gigabitethernet 0/0/2
[SwitchD-Eth-Trunk10] trunkport gigabitethernet 0/0/3
[SwitchD-Eth-Trunk10] quit

Issue 38 (2023-11-30) Copyright © Huawei Technologies Co., Ltd. 157

Sx300 Series Switches
Typical Configuration Examples 4 Typical Device Management Configuration

Step 7 Verify the Eth-Trunk configuration.

# Check Eth-Trunk member port information. The following displays information
about Eth-Trunk member ports in the stack.
[Stack] display trunkmembership eth-trunk 10
Trunk ID: 10
Used status: VALID
TYPE: ethernet
Working Mode : Normal
Number Of Ports in Trunk = 3
Number Of Up Ports in Trunk = 3
Operate status: up

Interface GigabitEthernet0/0/5, valid, operate up, weight=1

Interface GigabitEthernet1/0/5, valid, operate up, weight=1
Interface GigabitEthernet2/0/5, valid, operate up, weight=1

Step 8 Configure MAD in relay mode and configure SwitchD as the relay agent.
# In the stack, configure MAD in relay mode on the inter-device Eth-Trunk.
[Stack] interface eth-trunk 10
[Stack-Eth-Trunk10] mad detect mode relay //This command is used in versions later than V200R002.
The command used in V200R002 and earlier versions is dual-active detect mode relay.
[Stack-Eth-Trunk10] return

# On SwitchD, configure MAD in relay mode on the Eth-Trunk.

[SwitchD] interface eth-trunk 10
[SwitchD-Eth-Trunk10] mad relay //This command is used in versions later than V200R002. The
command used in V200R002 and earlier versions is dual-active relay.
[SwitchD-Eth-Trunk10] return

Step 9 Verify the MAD configuration.

# Check the MAD configuration of the stack.
<Stack> display mad verbose //This command is used in versions later than V200R002. The command
used in V200R002 and earlier versions is display dual-active verbose.
Current MAD domain: 0
Current MAD status: Detect
Mad direct detect interfaces configured:
Mad relay detect interfaces configured:
Eth-Trunk10
Excluded ports(configurable):
Excluded ports(can not be configured):

# Check the MAD proxy configuration on SwitchD.

<SwitchD> display mad proxy //This command is used in versions later than V200R002. The command
used in V200R002 and earlier versions is display dual-active proxy.
Mad relay interfaces configured:
Eth-Trunk10

----End

Issue 38 (2023-11-30) Copyright © Huawei Technologies Co., Ltd. 158

Sx300 Series Switches
Typical Configuration Examples 4 Typical Device Management Configuration

eth-trunk 10
#
interface GigabitEthernet1/0/5
eth-trunk 10
#
interface GigabitEthernet2/0/5
eth-trunk 10
#
return

● SwitchD configuration file

#
sysname SwitchD
#
interface Eth-Trunk10
mad relay
#
interface GigabitEthernet0/0/1
eth-trunk 10
#
interface GigabitEthernet0/0/2
eth-trunk 10
#
interface GigabitEthernet0/0/3
eth-trunk 10
#
return

4.1.4 Example for Setting Up a Stack Using Service Ports

(V100R006C05)
Overview
When S2300-EI, S3300-SI, and S3300-EI switches set up stacks using service ports,
you do not need to manually configure stack ports. After the switches are correctly
connected using stack cables, a stack can be set up automatically.

Networking Requirements
A new enterprise network needs to provide sufficient ports for access devices, and
the network structure should be simple to facilitate configuration and
management.
As shown in Figure 4-9, SwitchA, SwitchB, and SwitchC need to set up a stack in a
ring topology and connect to SwitchD through an inter-device Eth-Trunk. SwitchA,
SwitchB, and SwitchC are the master, standby, and slave switches respectively, with
stack IDs of 0, 1, and 2 and stack priorities of 200, 100, and 100. As the three
switches function as one logical device on the network, the number of ports is
increased and network management and maintenance are simplified.
In this example, S3300-EIs set up a stack.

Issue 38 (2023-11-30) Copyright © Huawei Technologies Co., Ltd. 159

Sx300 Series Switches
Typical Configuration Examples 4 Typical Device Management Configuration

Figure 4-9 Stack networking

Configuration Roadmap
1. The stacking function is enabled by default on the S3300-EI. Therefore, these
switches can set up a stack immediately after they are connected using stack
cables, without additional configuration. To facilitate device management and
identification, configure device names, stack IDs, and stack priorities for stack
member switches.
2. Power off SwitchA, SwitchB, and SwitchC, connect physical member ports
using SFP stack cables, and then power on the three switches.
3. Configure an inter-device Eth-Trunk to increase reliability and uplink
bandwidth.

Procedure
Step 1 Configure device names to differentiate devices.

# Configure a device name for SwitchA.

<Quidway> system-view
[Quidway] sysname SwitchA

# Configure a device name for SwitchB.

<Quidway> system-view
[Quidway] sysname SwitchB

# Configure a device name for SwitchC.

Issue 38 (2023-11-30) Copyright © Huawei Technologies Co., Ltd. 160

Sx300 Series Switches
Typical Configuration Examples 4 Typical Device Management Configuration

<Quidway> system-view
[Quidway] sysname SwitchC

Step 2 Configure stack IDs and stack priorities. The default stack ID is 0, and the default
stack priority is 100.
[SwitchA] stack slot 0 priority 200 //Set the stack priority of the master switch to 200, which is larger
than those of other member switches, and use the default stack ID 0.
[SwitchB] stack slot 0 renumber 1 //Use the default stack priority 100 and set the stack ID to 1.
[SwitchC] stack slot 0 renumber 2 //Use the default stack priority 100 and set the stack ID to 2.

Step 3 Turn off power supplies of SwitchA, SwitchB, and SwitchC, connect physical
member ports using SFP stack cables as shown in Figure 4-10, and then power on
the three switches.
NOTE

● Run the save command to save the configurations before you power off the switches.
● To ensure that a stack can be set up successfully, you are advised to perform operations
in the following sequence. To specify a member switch as the master switch, power on
that switch first. In this example, SwitchA becomes the master switch after you
complete the following operations.
1. Power off SwitchA, SwitchB, and SwitchC.
2. Connect SwitchA and SwitchB with a stack cable.
3. Power on and start SwitchA and then power on SwitchB.
4. Check whether SwitchA and SwitchB set up a stack successfully. For details, see step
4.
5. Connect SwitchC to SwitchB and SwitchA using stack cables and then power on
SwitchC.
6. Check whether SwitchA, SwitchB, and SwitchC set up a stack successfully. For details,
see step 4.

Figure 4-10 Stack connection

Step 4 Check whether a stack is set up successfully.

# Log in to the stack through the console port of the master switch to check
whether the number of member switches in the stack is the same as the actual
value and whether the stack topology is the same as the actual hardware
connection.

Issue 38 (2023-11-30) Copyright © Huawei Technologies Co., Ltd. 161

Sx300 Series Switches
Typical Configuration Examples 4 Typical Device Management Configuration

<SwitchA> system-view
[SwitchA] sysname Stack
[Stack] display stack
Stack topology type: Ring
Stack system MAC: xxxx-xxxx-xxx8
MAC switch delay time: never
Stack reserved vlanid : 4093
Slot Role Mac address Priority Device type
-------------------------------------------------------------
0 Master xxxx-xxxx-xxx8 200 S3328TP-EI
1 Standby xxxx-xxxx-xxx1 100 S3328TP-EI
2 Slave xxxx-xxxx-xxx5 100 S3328TP-EI

Step 5 Configure an inter-device Eth-Trunk.

# Create an Eth-Trunk in the stack and configure uplink physical ports as Eth-
Trunk member ports.
[Stack] interface eth-trunk 10
[Stack-Eth-Trunk10] trunkport ethernet 0/0/5
[Stack-Eth-Trunk10] trunkport ethernet 1/0/5
[Stack-Eth-Trunk10] trunkport ethernet 2/0/5
[Stack-Eth-Trunk10] return

# Create an Eth-Trunk on SwitchD and configure the ports connected to the stack
as Eth-Trunk member ports.
<Quidway> system-view
[Quidway] sysname SwitchD
[SwitchD] interface eth-trunk 10
[SwitchD-Eth-Trunk10] trunkport ethernet 0/0/1
[SwitchD-Eth-Trunk10] trunkport ethernet 0/0/2
[SwitchD-Eth-Trunk10] trunkport ethernet 0/0/3
[SwitchD-Eth-Trunk10] return

Step 6 Verify the Eth-Trunk configuration.

# Check Eth-Trunk member port information. The following displays information
about Eth-Trunk member ports in the stack.
<Stack> display trunkmembership eth-trunk 10
Trunk ID: 10
used status: VALID
TYPE: ethernet
Working Mode : Normal
Number Of Ports in Trunk = 3
Number Of UP Ports in Trunk = 3
operate status: up

Interface Ethernet0/0/5, valid, operate up, weight=1

Interface Ethernet1/0/5, valid, operate up, weight=1
Interface Ethernet2/0/5, valid, operate up, weight=1

----End

Issue 38 (2023-11-30) Copyright © Huawei Technologies Co., Ltd. 162

Sx300 Series Switches
Typical Configuration Examples 4 Typical Device Management Configuration

eth-trunk 10
#
interface Ethernet2/0/5
eth-trunk 10
#
return

● SwitchD configuration file

#
sysname SwitchD
#
interface Eth-Trunk10
#
interface Ethernet0/0/1
eth-trunk 10
#
interface Ethernet0/0/2
eth-trunk 10
#
interface Ethernet0/0/3
eth-trunk 10
#
return

4.1.5 Example for Setting Up a Stack Using Service Ports

(V200R001 to V200R002)
Overview
Service port connection allows member switches to be connected using service
ports, without requiring dedicated stack cards.
To improve stack efficiency and reduce manual configuration, since V200R011C10,
switches can set up a stack using dedicated stack cables. Service port connections
are classified into ordinary and dedicated cable connections based on cable types.
● Ordinary cable connection: Switches use optical cables, network cables, and
high-speed cables to set up a stack.
● Dedicated cable connection: Switches use dedicated stack cables to set up a
stack. The two ends of a dedicated stack cable are the master end with the
Master tag and the slave end without any tag. The device connected to the
master end of a dedicated stack cable assumes the master role and the device
connected to the slave end assumes the slave role only after you perform
operations as required.

Networking Requirements
A new enterprise network needs to provide sufficient ports for access devices, and
the network structure should be simple to facilitate configuration and
management.
As shown in Figure 4-11, SwitchA, SwitchB, and SwitchC need to set up a stack in
a ring topology and connect to SwitchD through an inter-device Eth-Trunk.
SwitchA, SwitchB, and SwitchC are the master, standby, and slave switches
respectively, with stack IDs of 0, 1, and 2 and stack priorities of 200, 100, and 100.
As the three switches function as one logical device on the network, the number
of ports is increased and network management and maintenance are simplified.
In this example, S5300-LIs set up a stack.

Issue 38 (2023-11-30) Copyright © Huawei Technologies Co., Ltd. 163

Sx300 Series Switches
Typical Configuration Examples 4 Typical Device Management Configuration

Figure 4-11 Stack networking

Configuration Roadmap
1. Configure logical stack ports and add physical member ports to the
corresponding logical stack ports to enable packet forwarding between
member switches.
2. Configure stack IDs and stack priorities for member switches to facilitate
device management and identification.
3. Power off SwitchA, SwitchB, and SwitchC, connect physical member ports
using SFP+ stack cables, and then power on the three switches.
4. Configure an inter-device Eth-Trunk to increase reliability and uplink
bandwidth.
5. Configure dual-active detection (DAD) in relay mode to ensure network
availability when the stack splits.

Procedure
Step 1 Configure logical stack ports and add physical member ports to them.
NOTE

Interface stack-port 0/1 of one switch must be connected to interface stack-port 0/2 of
another switch. Otherwise, the stack cannot be set up.

# Configure service ports GigabitEthernet0/0/27 and GigabitEthernet0/0/28 on

SwitchA as physical member ports and add them to corresponding logical stack
ports.

Issue 38 (2023-11-30) Copyright © Huawei Technologies Co., Ltd. 164

Sx300 Series Switches
Typical Configuration Examples 4 Typical Device Management Configuration

<Quidway> system-view
[Quidway] sysname SwitchA
[SwitchA] stack port interface gigabitethernet 0/0/27 enable
[SwitchA] stack port interface gigabitethernet 0/0/28 enable
[SwitchA] interface stack-port 0/1
[SwitchA-stack-port0/1] port member-group interface gigabitethernet 0/0/27
[SwitchA-stack-port0/1] quit
[SwitchA] interface stack-port 0/2
[SwitchA-stack-port0/2] port member-group interface gigabitethernet 0/0/28
[SwitchA-stack-port0/2] quit

# Configure service ports GigabitEthernet0/0/27 and GigabitEthernet0/0/28 on

SwitchB as physical member ports and add them to corresponding logical stack
ports.
<Quidway> system-view
[Quidway] sysname SwitchB
[SwitchB] stack port interface gigabitethernet 0/0/27 enable
[SwitchB] stack port interface gigabitethernet 0/0/28 enable
[SwitchB] interface stack-port 0/1
[SwitchB-stack-port0/1] port member-group interface gigabitethernet 0/0/27
[SwitchB-stack-port0/1] quit
[SwitchB] interface stack-port 0/2
[SwitchB-stack-port0/2] port member-group interface gigabitethernet 0/0/28
[SwitchB-stack-port0/2] quit

# Configure service ports GigabitEthernet0/0/27 and GigabitEthernet0/0/28 on

SwitchC as physical member ports and add them to corresponding logical stack
ports.
<Quidway> system-view
[Quidway] sysname SwitchC
[SwitchC] stack port interface gigabitethernet 0/0/27 enable
[SwitchC] stack port interface gigabitethernet 0/0/28 enable
[SwitchC] interface stack-port 0/1
[SwitchC-stack-port0/1] port member-group interface gigabitethernet 0/0/27
[SwitchC-stack-port0/1] quit
[SwitchC] interface stack-port 0/2
[SwitchC-stack-port0/2] port member-group interface gigabitethernet 0/0/28
[SwitchC-stack-port0/2] quit

Step 3 Turn off power supplies of SwitchA, SwitchB, and SwitchC, connect physical
member ports using SFP+ stack cables as shown in Figure 4-12, and then power
on the three switches.

Issue 38 (2023-11-30) Copyright © Huawei Technologies Co., Ltd. 165

Sx300 Series Switches
Typical Configuration Examples 4 Typical Device Management Configuration

NOTE

Figure 4-12 Stack connection

Step 4 Check whether a stack is set up successfully.

# Check the stack indicator status.
Press the MODE button on any member switch to change the mode status
indicator to the stack mode.
● If the mode status indicators on all the member switches change to the stack
mode, the stack is set up successfully.
● If the mode status indicator on any member switch does not change to the
stack mode, the stack is not set up.
NOTE

● The S6300-EI uses the mode status indicator to show the stack and speed modes. After you
press the MODE button, the indicator is steady red and off after 45 seconds, indicating that
the switch enters the stack mode.
● The S5300-LI and S5310-EI have an independent stack mode indicator (STCK indicator).
After you press the MODE button, the indicator is steady green or blinking and off after 45
seconds, indicating that the switch enters the stack mode.

Issue 38 (2023-11-30) Copyright © Huawei Technologies Co., Ltd. 166

Sx300 Series Switches
Typical Configuration Examples 4 Typical Device Management Configuration

# Check basic stack information.

Log in to the stack to check whether the number of member switches in the stack
is the same as the actual value and whether the stack topology is the same as the
actual hardware connection.
<SwitchA> system-view
[SwitchA] sysname Stack
[Stack] display stack
Stack topology type : Ring
Stack system MAC: 00e0-fc00-1234
MAC switch delay time: 10 min
Stack reserved vlanid : 4093
Slot Role Mac address Priority Device type
-------------------------------------------------------------
0 Master 00e0-fc00-1234 200 S5300-28P-LI-AC
1 Standby 00e0-fc00-1235 100 S5300-28P-LI-AC
2 Slave 00e0-fc00-1236 100 S5300-28P-LI-AC

Step 5 Configure an inter-device Eth-Trunk.

Step 6 Verify the Eth-Trunk configuration.

Interface GigabitEthernet0/0/5, valid, operate up, weight=1

Interface GigabitEthernet1/0/5, valid, operate up, weight=1
Interface GigabitEthernet2/0/5, valid, operate up, weight=1

Step 7 Configure DAD in relay mode on SwitchD and configure SwitchD as the relay
agent.
# In the stack, configure DAD in relay mode on the inter-device Eth-Trunk.
[Stack] interface eth-trunk 10
[Stack-Eth-Trunk10] dual-active detect mode relay
[Stack-Eth-Trunk10] return

# On SwitchD, configure DAD in relay mode on the Eth-Trunk.

Issue 38 (2023-11-30) Copyright © Huawei Technologies Co., Ltd. 167

Sx300 Series Switches
Typical Configuration Examples 4 Typical Device Management Configuration

[SwitchD] interface eth-trunk 10

[SwitchD-Eth-Trunk10] dual-active relay
[SwitchD-Eth-Trunk10] return

Step 8 Verify the DAD configuration.

# Check the DAD configuration of the stack.
<Stack> display dual-active verbose
Current DAD status: Detect
Dual-active direct detect interfaces configured:
Dual-active relay detect interfaces configured:
Eth-Trunk10
Excluded ports(configurable):
Excluded ports(can not be configured):
GigabitEthernet0/0/27
GigabitEthernet0/0/28
GigabitEthernet1/0/27
GigabitEthernet1/0/28
GigabitEthernet2/0/27
GigabitEthernet2/0/28

# Check the DAD proxy configuration on SwitchD.

<SwitchD> display dual-active proxy
Dual-active relay interfaces configured:
Eth-Trunk10

----End

Configuration Files
● Stack configuration file (the stack configuration is written to the flash
memory instead of the configuration file)
#
sysname Stack
#
interface Eth-Trunk10
dual-active detect mode relay
#
interface GigabitEthernet0/0/5
eth-trunk 10
#
interface GigabitEthernet1/0/5
eth-trunk 10
#
interface GigabitEthernet2/0/5
eth-trunk 10
#
return
● SwitchD configuration file
#
sysname SwitchD
#
interface Eth-Trunk10
dual-active relay
#
interface GigabitEthernet0/0/1
eth-trunk 10
#
interface GigabitEthernet0/0/2
eth-trunk 10
#
interface GigabitEthernet0/0/3
eth-trunk 10
#
return

Issue 38 (2023-11-30) Copyright © Huawei Technologies Co., Ltd. 168

Sx300 Series Switches
Typical Configuration Examples 4 Typical Device Management Configuration

4.1.6 Example for Setting Up a Stack Using Service Ports

(V200R003 and Later Versions)
Overview
Service port connection allows member switches to be connected using service
ports, without requiring dedicated stack cards.
To improve stack efficiency and reduce manual configuration, since V200R011C10,
switches can set up a stack using dedicated stack cables. Service port connections
are classified into ordinary and dedicated cable connections based on cable types.
● Ordinary cable connection: Switches use optical cables, network cables, and
high-speed cables to set up a stack.
● Dedicated cable connection: Switches use dedicated stack cables to set up a
stack. The two ends of a dedicated stack cable are the master end with the
Master tag and the slave end without any tag. The device connected to the
master end of a dedicated stack cable assumes the master role and the device
connected to the slave end assumes the slave role only after you perform
operations as required.

Networking Requirements
A new enterprise network needs to provide sufficient ports for access devices, and
the network structure should be simple to facilitate configuration and
management.
As shown in Figure 4-13, SwitchA, SwitchB, and SwitchC need to set up a stack in
a ring topology and connect to SwitchD through an inter-device Eth-Trunk.
SwitchA, SwitchB, and SwitchC are the master, standby, and slave switches
respectively, with stack IDs of 0, 1, and 2 and stack priorities of 200, 100, and 100.
As the three switches function as one logical device on the network, the number
of ports is increased and network management and maintenance are simplified.
In this example, S5300-28X-LI-AC set up a stack.

Issue 38 (2023-11-30) Copyright © Huawei Technologies Co., Ltd. 169

Sx300 Series Switches
Typical Configuration Examples 4 Typical Device Management Configuration

Figure 4-13 Stack networking

Configuration Roadmap
1. Configure logical stack ports and add physical member ports to the
corresponding logical stack ports to enable packet forwarding between
member switches.
2. Configure stack IDs and stack priorities for member switches to facilitate
device management and identification.
3. Turn off power supplies of SwitchA, SwitchB, and SwitchC, connect physical
member ports using SFP+ stack cables, and then power on the three switches.
4. Configure an inter-device Eth-Trunk to increase reliability and uplink
bandwidth.
5. Configure multi-active detection (MAD) in relay mode to ensure network
availability when the stack splits.

Procedure
Step 1 Configure logical stack ports and add physical member ports to them.
NOTE

Interface stack-port 0/1 of one switch must be connected to interface stack-port 0/2 of
another switch. Otherwise, the stack cannot be set up.

Issue 38 (2023-11-30) Copyright © Huawei Technologies Co., Ltd. 170

Sx300 Series Switches
Typical Configuration Examples 4 Typical Device Management Configuration

# Configure service ports GigabitEthernet0/0/27 and GigabitEthernet0/0/28 on

SwitchA as physical member ports and add them to corresponding logical stack
ports.
<Quidway> system-view
[Quidway] sysname SwitchA
[SwitchA] interface stack-port 0/1
[SwitchA-stack-port0/1] port interface gigabitethernet 0/0/27 enable
[SwitchA-stack-port0/1] quit
[SwitchA] interface stack-port 0/2
[SwitchA-stack-port0/2] port interface gigabitethernet 0/0/28 enable
[SwitchA-stack-port0/2] quit

# Configure service ports GigabitEthernet0/0/27 and GigabitEthernet0/0/28 on

SwitchB as physical member ports and add them to corresponding logical stack
ports.
<Quidway> system-view
[Quidway] sysname SwitchB
[SwitchB] interface stack-port 0/1
[SwitchB-stack-port0/1] port interface gigabitethernet 0/0/27 enable
[SwitchB-stack-port0/1] quit
[SwitchB] interface stack-port 0/2
[SwitchB-stack-port0/2] port interface gigabitethernet 0/0/28 enable
[SwitchB-stack-port0/2] quit

# Configure service ports GigabitEthernet0/0/27 and GigabitEthernet0/0/28 on

SwitchC as physical member ports and add them to corresponding logical stack
ports.
<Quidway> system-view
[Quidway] sysname SwitchC
[SwitchC] interface stack-port 0/1
[SwitchC-stack-port0/1] port interface gigabitethernet 0/0/27 enable
[SwitchC-stack-port0/1] quit
[SwitchC] interface stack-port 0/2
[SwitchC-stack-port0/2] port interface gigabitethernet 0/0/28 enable
[SwitchC-stack-port0/2] quit

Step 3 Turn off power supplies of SwitchA, SwitchB, and SwitchC, connect physical
member ports using SFP+ stack cables as shown in Figure 4-14, and then power
on the three switches.

Issue 38 (2023-11-30) Copyright © Huawei Technologies Co., Ltd. 171

Sx300 Series Switches
Typical Configuration Examples 4 Typical Device Management Configuration

NOTE

Figure 4-14 Stack connection

Step 4 Check whether a stack is set up successfully.

Issue 38 (2023-11-30) Copyright © Huawei Technologies Co., Ltd. 172

Sx300 Series Switches
Typical Configuration Examples 4 Typical Device Management Configuration

NOTE

● The S5300-SI, S5300-EI, S5300-HI, S6300-EI use the same mode status indicator to show the
stack and speed modes. After you press the MODE button, the indicator is steady red and off
after 45 seconds, indicating that the switch enters the stack mode.
● The S5332-H, S6320-HI, and S6330-H have an independent stack master/slave indicator to
show the MST. If the indicator is off, the switch is not a stack master. If the indicator is
steady green, the switch is a stack master or standalone switch.
● Other models have an independent stack mode indicator (STCK indicator). After you press
the MODE button, the indicator is steady green or blinking and off after 45 seconds,
indicating that the switch enters the stack mode.

# Check basic stack information.

Log in to the stack through the console port of any member switch to check
whether the number of member switches in the stack is the same as the actual
value and whether the stack topology is the same as the actual hardware
connection.
<SwitchA> system-view
[SwitchA] sysname Stack
[Stack] display stack
Stack mode: Service-port
Stack topology type : Ring
Stack system MAC: xxxx-xxxx-xxx5
MAC switch delay time: 10 min
Stack reserved vlan : 4093
Slot of the active management port: 0
Slot Role Mac address Priority Device type
-------------------------------------------------------------
0 Master xxxx-xxxx-xxx5 200 S5300-28P-LI-AC
1 Standby xxxx-xxxx-xxx4 100 S5300-28P-LI-AC
2 Slave xxxx-xxxx-xxx1 100 S5300-28P-LI-AC

Step 5 Configure an inter-device Eth-Trunk.

Step 6 Verify the Eth-Trunk configuration.

Issue 38 (2023-11-30) Copyright © Huawei Technologies Co., Ltd. 173

Sx300 Series Switches
Typical Configuration Examples 4 Typical Device Management Configuration

Number Of Ports in Trunk = 3

Number Of Up Ports in Trunk = 3
Operate status: up

Interface GigabitEthernet0/0/5, valid, operate up, weight=1

Interface GigabitEthernet1/0/5, valid, operate up, weight=1
Interface GigabitEthernet2/0/5, valid, operate up, weight=1

Step 7 Configure MAD in relay mode on SwitchD and configure SwitchD as the relay
agent.
# In the stack, configure MAD in relay mode on the inter-device Eth-Trunk.
[Stack] interface eth-trunk 10
[Stack-Eth-Trunk10] mad detect mode relay
[Stack-Eth-Trunk10] return

# On SwitchD, configure MAD in relay mode on the Eth-Trunk.

[SwitchD] interface eth-trunk 10
[SwitchD-Eth-Trunk10] mad relay
[SwitchD-Eth-Trunk10] return

Step 8 Verify the MAD configuration.

# Check the MAD configuration of the stack.
<Stack> display mad verbose
Current MAD domain: 0
Current MAD status: Detect
Mad direct detect interfaces configured:
Mad relay detect interfaces configured:
Eth-Trunk10
Excluded ports(configurable):
Excluded ports(can not be configured):
GigabitEthernet0/0/27
GigabitEthernet0/0/28
GigabitEthernet1/0/27
GigabitEthernet1/0/28
GigabitEthernet2/0/27
GigabitEthernet2/0/28

# Check the MAD proxy configuration on SwitchD.

<SwitchD> display mad proxy
Mad relay interfaces configured:
Eth-Trunk10

----End

Issue 38 (2023-11-30) Copyright © Huawei Technologies Co., Ltd. 174

Sx300 Series Switches
Typical Configuration Examples 4 Typical Device Management Configuration

#
return

● SwitchD configuration file

#
sysname SwitchD
#
interface Eth-Trunk10
mad relay
#
interface GigabitEthernet0/0/1
eth-trunk 10
#
interface GigabitEthernet0/0/2
eth-trunk 10
#
interface GigabitEthernet0/0/3
eth-trunk 10
#
return

4.1.7 Example for Establishing a Stack Through Service Port

Connections Using Dedicated Stack Cables (V200R011C10 and
Later Versions)

Overview
Service port connection allows member switches to be connected using service
ports, without requiring dedicated stack cards.

To improve stack efficiency and reduce manual configuration, since V200R011C10,

switches can set up a stack using dedicated stack cables. Service port connections
are classified into ordinary and dedicated cable connections based on cable types.
● Ordinary cable connection: Switches use optical cables, network cables, and
high-speed cables to set up a stack.
● Dedicated cable connection: Switches use dedicated stack cables to set up a
stack. The two ends of a dedicated stack cable are the master end with the
Master tag and the slave end without any tag. The device connected to the
master end of a dedicated stack cable assumes the master role and the device
connected to the slave end assumes the slave role only after you perform
operations as required.

Precautions
● Connect member switches using dedicated stack cables based on the
following rules:
– Connect the switches in sequence from top to bottom.
– Ensure that all logical stack ports of the top switch are connected to the
master ends of cables, all logical stack ports of the bottom switch are
connected to the slave ends of cables, and two logical stack ports of the
intermediate switch are connected to the master and slave ends
respectively.
– After the switches have been connected using dedicated stack cables,
they automatically set up a stack and their stack IDs as well as stack
roles are automatically assigned.

Issue 38 (2023-11-30) Copyright © Huawei Technologies Co., Ltd. 175

Sx300 Series Switches
Typical Configuration Examples 4 Typical Device Management Configuration

– If the switches are not connected in a ring topology, you only need to
ensure that logical stack port 1 of the local switch is connected to logical
stack port 2 of the remote switch. In this situation, these switches can set
up a stack, but their master and standby roles and stack IDs are
randomly generated.
● Ensure that there are no service configurations on the ports that have
dedicated stack cables connected. Otherwise, these ports cannot
automatically become stack ports and the switches cannot set up a stack.
– On ASs in an SVF system, ensure that there are no other configurations
except the shutdown and stp root-protection command configurations
on ports.
– On other switches, ensure that there are no other configurations except
the shutdown command configuration on ports.
● If logical stack port numbers have been manually configured before dedicated
stack cables are connected, the configured port numbers still take effect after
the cables are connected. You need to connect these ports based on the
configured port numbers. If logical stack port numbers are not manually
configured, corresponding logical stack port numbers will be automatically
generated after dedicated stack cables are connected. To view logical stack
ports of ports supporting dedicated stack cables and master as well as slave
ends of the cables connected to these ports, run the display stack port auto-
cable-info command.

Networking Requirements
An enterprise network needs to provide sufficient ports for access devices, and the
network structure should be simple to facilitate configuration and management.
As shown in Figure 4-15, Switches A to C set up a stack in a ring topology and
connect to SwitchD through an inter-chassis Eth-Trunk. To reduce the
configuration, Switches A to C set up a stack using dedicated stack cables. In the
stack, SwitchA needs to function as the master switch, Switch B as the standby
switch, and SwitchC as the slave switch.
This example describes how to use S5320-28P-PWR-LI-AC switches to set up a
stack.

Issue 38 (2023-11-30) Copyright © Huawei Technologies Co., Ltd. 176

Sx300 Series Switches
Typical Configuration Examples 4 Typical Device Management Configuration

Figure 4-15 Stack topology

Configuration Roadmap
1. Power off SwitchA, SwitchB, and SwitchC to ensure security.
2. Connect the switches using dedicated stack cables based on dedicated stack
cable connection rules.
3. Power on these switches in the following sequence to ensure that SwitchA,
SwitchB, and SwitchC become the master switch, standby switch, and slave
switch respectively.
4. Save the stack configuration automatically generated for dedicated cable
stacking to the flash memory. This ensures that the stack configuration still
takes effect when these cables are removed or other cables are connected.
5. Configure an inter-chassis Eth-Trunk to increase reliability and uplink
bandwidth.
6. Configure multi-active detection in relay mode to ensure network availability
when the stack splits.

Procedure
Step 1 Power off SwitchA, SwitchB, and SwitchC.
Step 2 Power off SwitchA, SwitchB, and SwitchC and then connect them using dedicated
stack cables as shown in Figure 4-16.

Issue 38 (2023-11-30) Copyright © Huawei Technologies Co., Ltd. 177

Sx300 Series Switches
Typical Configuration Examples 4 Typical Device Management Configuration

NOTE

● Logical stack port 1 of the local switch must be connected to logical stack port 2 of the
adjacent switch. Otherwise, these switches cannot set up a stack.
● All logical stack ports of SwitchA must be connected to the master ends of dedicated stack
cables, and all logical stack ports of SwitchC must be connected to the slave ends of these
cables.

Figure 4-16 Dedicated stack cable connection

Step 3 Power on SwitchA, SwitchB, and SwitchC in sequence.

# Power on these switches in the following sequence to ensure that SwitchA,

SwitchB, and SwitchC become the master switch, standby switch, and slave switch
respectively.

1. Power on SwitchA first.

2. Power on SwitchB after SwitchA starts.
3. Power on SwitchC after SwitchB starts.

The preceding power-on sequence can guarantee only roles of these switches but
not their slot IDs. The following assumes that SwitchA, SwitchB, and SwitchC use
automatically generated slot IDs 0, 1, and 2 respectively.

Step 4 Check whether a stack has been set up successfully.

# Check the stack indicator status.

Press the mode switching (MODE) button on any member switch to change the
mode status indicator to the stack mode.

● If the mode status indicators on all member switches change to the stack
mode, a stack has been set up successfully.
● If the mode status indicator on any member switch does not change to the
stack mode, a stack has not been set up.

Issue 38 (2023-11-30) Copyright © Huawei Technologies Co., Ltd. 178

Sx300 Series Switches
Typical Configuration Examples 4 Typical Device Management Configuration

NOTE

# Check basic stack information.

Log in to the stack through the console port of any member switch to check
whether the number of member switches in the stack is the same as the actual
value and whether the stack topology status is the same as the actual hardware
connection.
<SwitchA> system-view
[SwitchA] sysname Stack
[Stack] display stack
Stack mode: Service-port
Stack topology type : Ring
Stack system MAC: xxxx-xxxx-xxx5
MAC switch delay time: 10 min
Stack reserved vlan : 4093
Slot of the active management port: 0
Slot Role Mac address Priority Device type
-------------------------------------------------------------
0 Master xxxx-xxxx-xxx5 100 S5320-28P-LI-AC
1 Standby xxxx-xxxx-xxx4 100 S5320-28P-LI-AC
2 Slave xxxx-xxxx-xxx1 100 S5320-28P-LI-AC

Step 5 Save the stack configuration that is automatically generated for dedicated cable
stacking to the flash memory.
# After verifying that a stack has been set up, save the stack configuration that is
automatically generated for dedicated cable stacking to the flash memory.
[Stack] save stack configuration
Warning: This operation will save all stack configurations to flash. Are you sure you want to continue? [Y/
N]:y

Step 6 Configure an inter-device Eth-Trunk.

Issue 38 (2023-11-30) Copyright © Huawei Technologies Co., Ltd. 179

Sx300 Series Switches
Typical Configuration Examples 4 Typical Device Management Configuration

Step 7 Verify the Eth-Trunk configuration.

Interface GigabitEthernet0/0/5, valid, operate up, weight=1

Interface GigabitEthernet1/0/5, valid, operate up, weight=1
Interface GigabitEthernet2/0/5, valid, operate up, weight=1

Step 8 Configure MAD in relay mode on SwitchD and configure SwitchD as the relay
agent.
# In the stack, configure MAD in relay mode on the inter-chassis Eth-Trunk.
[Stack] interface eth-trunk 10
[Stack-Eth-Trunk10] mad detect mode relay
[Stack-Eth-Trunk10] return

# Configure MAD in relay mode on the relay agent SwitchD.

[SwitchD] interface eth-trunk 10
[SwitchD-Eth-Trunk10] mad relay
[SwitchD-Eth-Trunk10] return

Step 9 Verify the MAD configuration.

# Check detailed MAD configuration of the stack.
<Stack> display mad verbose
Current MAD domain: 0
Current MAD status: Detect
Mad direct detect interfaces configured:
Mad relay detect interfaces configured:
Eth-Trunk10
Excluded ports(configurable):
Excluded ports(can not be configured):
GigabitEthernet0/0/26
GigabitEthernet0/0/27
GigabitEthernet1/0/26
GigabitEthernet1/0/27
GigabitEthernet2/0/26
GigabitEthernet2/0/27

# Check the MAD proxy configuration on SwitchD.

<SwitchD> display mad proxy
Mad relay interfaces configured:
Eth-Trunk10

----End

Configuration Files
● Stack configuration file (the stack configuration is written to the flash
memory instead of the configuration file)
#
sysname Stack
#
interface Eth-Trunk10

Issue 38 (2023-11-30) Copyright © Huawei Technologies Co., Ltd. 180

Sx300 Series Switches
Typical Configuration Examples 4 Typical Device Management Configuration

mad detect mode relay

#
interface GigabitEthernet0/0/5
eth-trunk 10
#
interface GigabitEthernet1/0/5
eth-trunk 10
#
interface GigabitEthernet2/0/5
eth-trunk 10
#
return
● SwitchD configuration file
#
sysname SwitchD
#
interface Eth-Trunk10
mad relay
#
interface GigabitEthernet0/0/1
eth-trunk 10
#
interface GigabitEthernet0/0/2
eth-trunk 10
#
interface GigabitEthernet0/0/3
eth-trunk 10
#
return

4.1.8 Stacked Switch Replacement Guide

You may need to replace a faulty member switch in a stack. To prevent services
from being interrupted during the switch replacement, use inter-device link
aggregation to connect upstream and downstream devices for link backup.
● Replace one member switch in a stack of two member switches.
SwitchA and SwitchB set up a stack. SwitchA is faulty and needs to be
replaced by SwitchC. You are advised to follow this procedure to complete the
replacement:
a. Before the replacement, ensure that SwitchC has the same system
software version and hardware model as SwitchA. To check the system
software version and hardware model of switches, run the display
version and display device commands.
b. Run the display stack, display stack configuration, and display stack
port commands to check and record the before-replacement stack status,
stack configuration, and stack port status.
c. Before connecting SwitchC with stack cables, power on it and perform the
following procedure to configure it:
i. After SwitchC starts, upload the configuration file of SwitchA to
SwitchC.
ii. Run the startup saved-configuration configuration-file command to
specify the uploaded configuration file as the configuration file used
for the next startup of SwitchC, and then restart SwitchC.
iii. After SwitchC restarts, manually copy the stack configuration
displayed using the display stack configuration command to
SwitchC to ensure that SwitchC has the same stack configuration as
SwitchA.

Issue 38 (2023-11-30) Copyright © Huawei Technologies Co., Ltd. 181

Sx300 Series Switches
Typical Configuration Examples 4 Typical Device Management Configuration

d. After the configuration is complete, check whether SwitchC has the same
stack configuration as SwitchA. If so, power off SwitchC.
e. (Optional) To prevent OSPF, BGP, or LDP flapping during an master/
backup switchover in a stack, configure graceful restart (GR) for the
corresponding protocol. For details, see the configuration guide of the
corresponding protocol.
f. Run the display stack command to check whether SwitchA is the master
switch. If so, run the slave switchover command to perform an active/
standby switchover in the stack. If not, go to the next step.
<HUAWEI> display switchover state //Check whether the active/standby switchover
conditions are met.
Slot 0 HA FSM State(master): realtime or routine backup. //The switchover can be performed
only in this state.
Slot 1 HA FSM State(slave): receiving realtime or routine data.
<HUAWEI> system-view
[HUAWEI] slave switchover enable //Enable the active/standby switchover.
[HUAWEI] slave switchover //Perform an active/standby switchover.
Warning: This operation will switch the slave board to the master board. Continue? [Y/N]:y
After an active/standby switchover is performed, the master switch will
restart. After the switch restarts and joins the stack again, go to the next
step. To check whether the switch has joined the stack again, run the
display stack command.
g. Power off and remove SwitchA.
h. Install SwitchC and connect cables to its service ports, stack ports, and
ports that have dual-active detection (DAD) configured.
i. Power on SwitchC so that SwitchC joins the stack as a new member. Run
the display stack command to check whether SwitchC can set up a stack
with SwitchB.
j. After SwitchC and SwitchB set up a stack, run the display stack
configuration and display stack port commands to check the stack
configuration and interface status. Ensure that the stack configuration is
the same as that used before the device replacement and that interfaces
become Up normally.
k. After confirming all services are normal, run the save command to save
the stack configuration.
l. If the current master and standby switches are different from those
before the device replacement, perform an active/standby switchover.
● Replace one member switch in a stack of three or more member switches
(in a ring topology).
In a stack set up by three or more member switches in a ring topology, the
device replacement procedure is similar to that in a stack of two member
switches. For details, see Replace one member switch in a stack of two
member switches.
● Replace one member switch in a stack of three or more member switches
(in a chain topology).
In a stack set up by three or more member switches in a chain topology, the
replacement procedure of edge switches on both ends is similar to that in a
stack of two member switches. For details, see Replace one member switch
in a stack of two member switches. To replace an intermediate switch,
change the stack connection topology to the ring topology and then replace
the switch according to Replace one member switch in a stack of two
member switches. The procedure is as follows:

Issue 38 (2023-11-30) Copyright © Huawei Technologies Co., Ltd. 182

Sx300 Series Switches
Typical Configuration Examples 4 Typical Device Management Configuration

a. On edge switches on both ends, create a logical stack port and add
member ports into the logical stack port, and then connect these ports
using cables.
<HUAWEI> system-view
[HUAWEI] interface stack-port 1/1 //Create a logical stack port.
[HUAWEI-stack-port1/1] port interface gigabitethernet 1/0/46 enable //Add a member
port to the logical stack port.

After cables are connected, run the display stack command to check
whether the stack connection topology is changed to the ring topology.
b. After the stack connection topology changes to ring topology, replace the
switch according to Replace one member switch in a stack of two
member switches.
c. To restore the stack connection topology to chain topology after the
replacement, remove the stack cables connected in step 1.

4.1.9 Changing the Stack ID

Networking Requirements
In Figure 4-17, the stack IDs of stack members are 3, 1, and 2 from top to bottom.
These stack IDs need to be planned again based on the location to facilitate
device management.

Figure 4-17 Networking diagram

Check information about the stack members with the stack IDs.

Issue 38 (2023-11-30) Copyright © Huawei Technologies Co., Ltd. 183

Sx300 Series Switches
Typical Configuration Examples 4 Typical Device Management Configuration

<Stack> display stack

Stack mode: Service-port
Stack topology type: Ring
Stack system MAC: 00e0-fc00-1234
MAC switch delay time: 10 min
Stack reserved VLAN: 4093
Slot of the active management port: 3
Slot Role MAC address Priority Device type
-------------------------------------------------------------
3 Master 00e0-fc00-1234 200
1 Standby 00e0-fc00-1235 150
2 Slave 00e0-fc00-1236 150

The stack IDs need to be changed according to the following rules: After the
change, check whether the change is correct based on the MAC addresses of the
devices.
● Slot 3 → Slot 1
● Slot 1 → Slot 2
● Slot 2 → Slot 3

NOTE

To change the stack IDs, you need to restart the devices, which interrupts services. Therefore,
perform this operation in a specified period.

Procedure
Step 1 Shut down the uplink and downlink ports of the stack to isolate the stack from
the network.
<Stack> system-view
[Stack] interface gigabitethernet 3/0/8
[Stack-GigabitEthernet3/0/8] shutdown
[Stack-GigabitEthernet3/0/8] quit
[Stack] interface gigabitethernet 1/0/9
[Stack-GigabitEthernet1/0/9] shutdown
[Stack-GigabitEthernet1/0/9] quit
[Stack] interface gigabitethernet 2/0/5
[Stack-GigabitEthernet2/0/5] shutdown
[Stack-GigabitEthernet2/0/5] quit
[Stack] interface gigabitethernet 3/0/6
[Stack-GigabitEthernet3/0/6] shutdown
[Stack-GigabitEthernet3/0/6] quit

Step 2 After the stack IDs are changed, the configurations of the interfaces with the
original stack IDs will be lost. Therefore, you need to perform the same
configurations on the new interfaces before changing the stack IDs.
For example: The configurations of the interfaces with the original stack IDs are as
follows:
#
interface GigabitEthernet3/0/6
description ToPC
port link-type access
port default vlan 10
#
interface GigabitEthernet3/0/8
eth-trunk 10
#
interface GigabitEthernet1/0/9
eth-trunk 10
#
interface GigabitEthernet2/0/5
description ToIPPhone-01

Issue 38 (2023-11-30) Copyright © Huawei Technologies Co., Ltd. 184

Sx300 Series Switches
Typical Configuration Examples 4 Typical Device Management Configuration

port link-type access

port default vlan 20
#

Change the configurations of these interfaces to the configurations of the

interfaces with the new stack IDs.
[Stack] interface gigabitethernet 1/0/6 // Correspond to GE3/0/6.
[Stack-GigabitEthernet1/0/6] description ToPC
[Stack-GigabitEthernet1/0/6] port link-type access
[Stack-GigabitEthernet1/0/6] port default vlan 10
[Stack-GigabitEthernet1/0/6] quit
[Stack] interface gigabitethernet 1/0/8 // Correspond to GE3/0/8.
[Stack-GigabitEthernet1/0/8] eth-trunk 10
[Stack-GigabitEthernet1/0/8] quit
[Stack] interface gigabitethernet 2/0/9 // Correspond to GE1/0/9.
[Stack-GigabitEthernet2/0/9] eth-trunk 10
[Stack-GigabitEthernet2/0/9] quit
[Stack] interface gigabitethernet 3/0/5 // Correspond to GE2/0/5.
[Stack-GigabitEthernet3/0/5] description ToIPPhone-01
[Stack-GigabitEthernet3/0/5] port link-type access
[Stack-GigabitEthernet3/0/5] port default vlan 20
[Stack-GigabitEthernet3/0/5] quit

Step 3 Change the stack IDs, save the configurations, and restart the switches.
[Stack] stack slot 3 renumber 1
Info: The assigned slot ID already exists in the stack system.
Warning: All the configurations related to the slot ID will be lost after the slot ID is
modified.
Do not frequently modify the slot ID because it will make the stack split. Continue? [Y/
N]:y
Info: Stack configuration has been changed, and the device needs to restart to make the configuration
effective.
[Stack] stack slot 1 renumber 2
Info: The assigned slot ID already exists in the stack system.
Warning: All the configurations related to the slot ID will be lost after the slot ID is
modified.
Do not frequently modify the slot ID because it will make the stack split. Continue? [Y/
N]:y
Info: Stack configuration has been changed, and the device needs to restart to make the configuration
effective.
[Stack] stack slot 2 renumber 3
Info: The assigned slot ID already exists in the stack system.
Warning: All the configurations related to the slot ID will be lost after the slot ID is
modified.
Do not frequently modify the slot ID because it will make the stack split. Continue? [Y/
N]:y
Info: Stack configuration has been changed, and the device needs to restart to make the configuration
effective.
[Stack] quit
<Stack> save
The current configuration will be written to flash:/vrpcfg.zip.
Are you sure to continue?[Y/N]y
Now saving the current configuration to the slot 3.........
Save the configuration successfully.
Now saving the current configuration to the slot 1.
Save the configuration successfully.
Now saving the current configuration to the slot 2.
Save the configuration successfully.
<Stack> reboot
Info: The system is now comparing the configuration, please wait...................
Info: If want to reboot with saving diagnostic information, input 'N' and then execute 'reboot save
diagnostic-information'.
System will reboot! Continue?[Y/N]:y

Step 4 After the restart is complete, check whether the stack status, stack IDs, and
interface configurations are correct. If the configurations on the interfaces are
incorrect, reconfigure the interfaces.

Issue 38 (2023-11-30) Copyright © Huawei Technologies Co., Ltd. 185

Sx300 Series Switches
Typical Configuration Examples 4 Typical Device Management Configuration

<Stack> display stack

Stack mode: Service-port
Stack topology type: Ring
Stack system MAC: xxxx-xxxx-xxx4
MAC switch delay time: 10 min
Stack reserved VLAN: 4093
Slot of the active management port: 1
Slot Role MAC address Priority Device type
-------------------------------------------------------------
1 Master xxxx-xxxx-xxx4 200
2 Standby xxxx-xxxx-xxx1 150
3 Slave xxxx-xxxx-xxx2 150

Step 5 If the configurations are correct, enable the uplink and downlink ports of the
stack.
<Stack> system-view
[Stack] interface gigabitethernet 1/0/8
[Stack-GigabitEthernet1/0/8] undo shutdown
[Stack-GigabitEthernet1/0/8] quit
[Stack] interface gigabitethernet 2/0/9
[Stack-GigabitEthernet2/0/9] undo shutdown
[Stack-GigabitEthernet2/0/9] quit
[Stack] interface gigabitethernet 3/0/5
[Stack-GigabitEthernet3/0/5] undo shutdown
[Stack-GigabitEthernet3/0/5] quit
[Stack] interface gigabitethernet 1/0/6
[Stack-GigabitEthernet1/0/6] undo shutdown
[Stack-GigabitEthernet1/0/6] quit

----End

4.2 Typical CSS Configuration of Modular Switches

4.2.1 CSS Support

4.2.1.1 CSS Version Requirements

Table 4-3 Products and versions supporting CSS

Prod Prod Version Supporting CSS Card Version Supporting Service
uct uct Clustering Port Clustering
Mode
l

S930 S930 Not supported Not supported

0 3

Issue 38 (2023-11-30) Copyright © Huawei Technologies Co., Ltd. 186

Sx300 Series Switches
Typical Configuration Examples 4 Typical Device Management Configuration

Prod Prod Version Supporting CSS Card Version Supporting Service

uct uct Clustering Port Clustering
Mode
l

S930 V100R003C00, V200R002C00, V200R003C00,

6 V100R006(C00&C10), V200R005C00SPC300,
S931 V200R001C00, V200R002C00, V200R006C00, V200R007C00,
2 V200R003C00, V200R008(C00&C10),
V200R005C00SPC300, V200R009C00, V200R010C00,
V200R006C00, V200R007C00, V200R011C10, V200R012C00,
V200R008(C00&C10), V200R013C00, V200R013C02,
V200R009C00, V200R010C00, V200R019C00, V200R019C10,
V200R011C10, V200R012C00, V200R020C00, V200R020C10,
V200R013C00, V200R019C00, V200R021C00, V200R021C01
V200R019C10, V200R020C00,
V200R020C10, V200R021C00,
V200R021C01

S931 V200R010C00, V200R011C10, V200R010C00, V200R011C10,

0 V200R012C00, V200R013C00, V200R012C00, V200R013C00,
V200R019C00, V200R019C10, V200R019C00, V200R019C10,
V200R020C00, V200R020C10, V200R020C00, V200R020C10,
V200R021C00 V200R021C00

S930 S931 V200R010C00, V200R011C10, V200R010C00, V200R011C10,

0X 0X V200R012C00, V200R013C00, V200R012C00, V200R013C00,
V200R019C00, V200R019C10, V200R019C00, V200R019C10,
V200R020C00, V200R020C10, V200R020C00, V200R020C10,
V200R021C00 V200R021C00

S930 Not supported V200R019C00, V200R019C10,

0X-4, V200R020C00, V200R020C10,
S930 V200R021C00, V200R021C01
0X-8,
S930
0X-12

S930 S930 Not supported Not supported

0E 3E

S930 V200R008(C00&C10), V200R002C00, V200R003C00,

6E V200R009C00, V200R010C00, V200R005C00SPC300,
S931 V200R011C10, V200R012C00, V200R006C00, V200R007C00,
2E V200R013C00 V200R008(C00&C10),
V200R009C00, V200R010C00,
V200R011C10, V200R012C00,
V200R013C00

Issue 38 (2023-11-30) Copyright © Huawei Technologies Co., Ltd. 187

Sx300 Series Switches
Typical Configuration Examples 4 Typical Device Management Configuration

4.2.1.2 Software and Hardware Support for S9300 CSS Card Clustering

Table 4-4 Software and Hardware Support for S9306&S9312 CSS Card Clustering
Device Model ● S9306
● S9312

CSS Card and CSS card: LE0D0VSTSA00 CSS card: LE1D2VS04000 (CSS
Installation Slot (All ports on the CSS ports on the CSS cards must
cards must be have at least one cable
connected.) connected and ports on both
Installation slot: subcard ends of the cable must use the
slots of LE0MSRUA (non- same port number.)
VER.A), LE0DSRUA, and Installation slot: subcard slots of
LE0D00SRUB00 (non- LSS3SRUHA100,
VER.A) LE1D2SRUH000,
LE1D2SRUH100,
CSS card and MPU models are
LE1D2SRUH002,
abbreviated to VSTSA, SRUA, and
LSS3SRUHD000, and
SRUB respectively. LE1D2SRUE000
CSS card and MPU models are abbreviated
to VS04, SRUHA1, SRUH, SRUH1, and SRUE
respectively.

Hot Swap of Not supported Supported

CSS Cards

Number of CSS 2 2
Cards
Supported by
Each Chassis

Number of CSS Four 16G ports Four 10G ports

Ports on Each
CSS Card and
Bandwidth of a
Single CSS Port

Pluggable ● 3 m and 10 m QSFP+ ● 1 m, 3 m, 5 m, and 10 m SFP

Modules for high-speed cable + high-speed cable
Ports on CSS ● QSFP+ optical module ● SFP+ optical module and
Cards (only QSFP-40G-SR4, fiber
QSFP-40G-iSR4, and ● 3 m and 10 m SFP+ AOC
QSFP-40G-eSR4) and cable
fiber
● 10 m QSFP+ AOC
cable (supported since
V200R010C00)
● 5 m QSFP+ high-speed
cable (supported since
V200R011C10)

Issue 38 (2023-11-30) Copyright © Huawei Technologies Co., Ltd. 188

Sx300 Series Switches
Typical Configuration Examples 4 Typical Device Management Configuration

Hardware ● Two S9306s, one ● Two S9306s, one S9306 and

Configuration S9306 and one S9312, one S9312, or two S9312s
or two S9312s can set can set up a CSS.
up a CSS. ● Each chassis can have only
● Each chassis must one SRU installed, and a CSS
have both active and card can be installed in any
standby MPUs MPU slot. To ensure
installed, and the two reliability, you are advised to
MPUs must have stack install two MPUs in each
cards installed. chassis.
● SRUs in the same ● SRUs in the same chassis
chassis must be the must be the same model. To
same model. To set up set up a stack, the local and
a stack, the local and remote chassis must use
remote chassis must SRUs of the same model or
use SRUs of the same use SRUH and SRUE
model or use SRUA respectively(both chassis
and SRUB respectively. must run V200R010C00 or a
later version), or use SRUH1
and SRUE respectively, or use
SRUH and SRUH1
respectively.

License No
Required

Table 4-5 Software and Hardware Support for S9310 CSS Card Clustering
Device Model S9310

CSS Card and CSS cards are integrated into MPUs (LE1D2SRUKC00 or
Installation Slot LE1D2SRUKC01) and do not need to be installed.
CSS cards are integrated into SFUs (LE1D2SFUK000) and do
not need to be installed.
MPU and SFU models are abbreviated to SRUK and SFUK respectively.

Number of CSS 4
Cards
Supported by
Each Chassis

Number of CSS Four 10G ports and one 40G port

Ports on Each
CSS Card and
Bandwidth of a
Single CSS Port

Issue 38 (2023-11-30) Copyright © Huawei Technologies Co., Ltd. 189

Sx300 Series Switches
Typical Configuration Examples 4 Typical Device Management Configuration

Pluggable 10G port:

Modules for ● 1 m, 3 m, 5 m, and 10 m SFP+ high-speed cable
Ports on CSS
Cards ● SFP+ optical module and fiber
● 3 m and 10 m SFP+ AOC cable
40G port:
● 1 m, 3 m, and 5 m QSFP+ high-speed cable
● QSFP+ optical module (except the QSFP-40G-SR-BD
model) and fiber
● 10 m QSFP+ AOC cable (this cable cannot be used when
40G ports on both ends are split into 10G ports)

Hardware ● Two S9310s can set up a CSS.

Configuration ● Each chassis can have only one MPU installed. It is
recommended that each chassis have two MPUs installed.
If 1+N backup of MPUs is required so that a CSS can
operate normally even if two MPUs in one chassis are
faulty, SFUs also need to be installed.
● The SFUs of the same model can be installed in the same
chassis. The models of the SFUs installed in the local
chassis can be different from those of the SFUs installed
in the remote chassis. It is recommended that the SFU
models of the local and remote chassis be the same.

License No
Required

4.2.1.3 Software and Hardware Support for S9300E CSS Card Clustering
Device Model ● S9306E
● S9312E

CSS Card and CSS card: LE2D2VS08000 (Eight ports on a CSS card are
Installation Slot divided into two groups, each of which must have at least
one cable connected.)
Installation slot: subcard slot of LE2D2SRUC000
CSS card and MPU models are abbreviated to VS08 and SRUC respectively.

Hot Swap of Not supported

CSS Cards

Number of CSS 2
Cards
Supported by
Each Chassis

Issue 38 (2023-11-30) Copyright © Huawei Technologies Co., Ltd. 190

Sx300 Series Switches
Typical Configuration Examples 4 Typical Device Management Configuration

Number of CSS Eight 10G ports

Ports on Each
CSS Card and
Bandwidth of a
Single CSS Port

Pluggable ● 1 m, 3 m, 5 m, and 10 m SFP+ high-speed cable

Modules for ● SFP+ optical module and fiber
Ports on CSS
Cards ● 3 m and 10 m SFP+ AOC cable

Hardware ● Two S9306Es, one S9306E and one S9312E, or two

Configuration S9312Es can set up a CSS.
● Switches to set up a CSS must have both active and
standby MPUs installed, and the two MPUs must have
stack cards installed.

License No
Required

4.2.1.4 Software and Hardware Support for S9310X CSS Card Clustering
Device Model S9310X

CSS Card and CSS cards are integrated into MPUs (LX1D2MFUXC00) and
Installation Slot do not need to be installed.
CSS cards are integrated into SFUs (LX1D2SFUX000) and do
not need to be installed.
MPU and SFU models are abbreviated to MFUX and SFUX respectively.

Number of CSS 4
Cards
Supported by
Each Chassis

Number of CSS Four 10G ports and one 40G port

Ports on Each
CSS Card and
Bandwidth of a
Single CSS Port

Issue 38 (2023-11-30) Copyright © Huawei Technologies Co., Ltd. 191

Sx300 Series Switches
Typical Configuration Examples 4 Typical Device Management Configuration

Pluggable 10G port:

Hardware ● Two S9310Xs can set up a CSS.

License No
Required

4.2.1.5 Software and Hardware Support for S9300 and S9300X Service Port
Clustering

Table 4-6 S9306 and S9312 service port clustering (using SRUA/SRUB/SRUE/
SRUE1/SRUH/SRUHD/SRUH1/SRUHA1 MPU)
LPU ● LE2D2X08SED4 LE1D2L02QFC0
Model ● LE2D2X08SED5
● LE0DX12XSA00
● LE0DX16SFC00
● LE0DX40SFC00
● LE1D2X32SSC0
● LSS3X32SA1E0
● LE1D2X16SSC2
● LSS3X16SA1E0
● LE1D2X08SSC0
● LE1D2X12SSC0

Issue 38 (2023-11-30) Copyright © Huawei Technologies Co., Ltd. 192

Sx300 Series Switches
Typical Configuration Examples 4 Typical Device Management Configuration

Pluggabl ● 1 m, 3 m, 5 m, and 10 m SFP+ high-speed ● 1 m, 3 m, and 5

e cable m QSFP+ high-
Modules ● SFP+ optical module and fiber speed cable
on ● QSFP+ optical
Service ● 3 m and 10 m SFP+ AOC cable
module and
Ports NOTE
The LE0DX12XSA00 does not support 3 m and 5 m
fiber
SFP+ high-speed cable. (QSFP-40G-SR-
The LSS3X32SA1E0 and LSS3X16SA1E0 do not
BD optical
support SFP+ high-speed cable. modules can be
used for CSS
since
V200R019C10SP
C500.)
● 10 m QSFP+
AOC cable
(supported since
V200R009C00)

Usage ● On the LE2D2X08SED4 and None

Constrain LE2D2X08SED5 LPUs, at most four ports
ts can be configured as CSS physical member
ports. The four physical member ports
must be the first four ports (numbered 0
to 3) or the last four ports (numbered 4 to
7) on the LPUs.
● On the LE1D2X08SSC0, LE1D2X12SSC0,
LE0DX16SFC00, LE0DX40SFC00,
LE1D2X32SSC0, LSS3X32SA1E0,
LSS3X16SA1E0, and LE1D2X16SSC2 LPUs,
four contiguous ports must be configured
as a group of physical member ports
together. The port numbers of the four
ports must start with 4xN and end with
4xN+3 (N = 0, 1, 2...). For example, ports 0
to 3 or ports 4 to 7 must be configured
together, but ports 2 to 5 cannot be
configured together. If any port in a group
is configured as a physical member port,
the other three ports of the same group
must also be configured as physical
member ports.

Issue 38 (2023-11-30) Copyright © Huawei Technologies Co., Ltd. 193

Sx300 Series Switches
Typical Configuration Examples 4 Typical Device Management Configuration

Hardware ● Two S9306, two S9312, or one S9306 and one S9312 can set up
Configura a CSS.
tion ● SRUs in the same chassis must be the same model. To set up a
stack, the local and remote chassis must use SRUs of the same
model, use SRUA and SRUB respectively, or use SRUH and SRUE
respectively, or use SRUH1 and SRUE respectively, or use SRUH
and SRUH1 respectively(both chassis must run V200R010C00 or
a later version).
● Each chassis can have at most two LPUs for CSS connection. It is
recommended that you use the same type of LPUs in a chassis
for CSS connection. The two chassis must use the same type of
ports for CSS connection, for example, 10GE SFP+ optical ports.
● Each LPU allows only one logical CSS port. Each logical CSS port
supports a maximum of 32 physical member ports.
● Some ports on an LPU can function as CSS ports, while other
ports on the LPU function as service ports.
● A CSS can be set up as long as a logical CSS port has one CSS
member port in Up state.
● Ports do not support the CSS function after being split.

License Yes
Required

Table 4-7 S9306 and S9312 service port clustering (using SRUHX1 MPU)
LPU ● LST3X36SX6 LSS3M24VX6E0 ● LST3C02BX ● LST3C06HX6
Model E0 (MultiGE ports) 6E0 (40GE S0
● LST3X24SX6 ports) ● LST3C06HX6
E0 ● LST3L12QX E0
● LST3X24BX6 6E0 ● LST3C02BX6E
E0 0 (100GE
● LST3X24BX6 ports)
S0
● LST3X48SX6
E0
● LST3X48SX6
S0

Issue 38 (2023-11-30) Copyright © Huawei Technologies Co., Ltd. 194

Sx300 Series Switches
Typical Configuration Examples 4 Typical Device Management Configuration

Plugga ● 1 m, 3 m, 5 Category 6A or ● QSFP+ ● 1 m and 3 m

ble m, and 10 m higher network optical QSFP28
Modul SFP+ high- cables (If module high-speed
es on speed cable Category 6 and fiber cable
Service ● SFP+ optical cables are used, ● 10 m QSFP ● QSFP28
Ports module and ensure that the + AOC optical
fiber cables meet cable module and
requirements of fiber
● 3 m and 10 TSB-155.)
m SFP+ AOC ● 10 m QSFP28
cable AOC cable

Hardw ● Two S9306, two S9312, or one S9306 and one S9312 can set up a
are CSS.
Config ● The MPUs in the two chassis must be the SRUHX1.
uratio
n ● Each chassis can have at most two LPUs for CSS connection. It is
recommended that you use the same type of LPUs in a chassis for
CSS connection. The two chassis must use the same type of ports
for CSS connection, for example, 10GE SFP+ optical ports.
● Each LPU allows only one logical CSS port. Each logical CSS port
supports a maximum of 32 physical member ports.
● Some ports on an LPU can function as CSS ports, while other ports
on the LPU function as service ports.
● A CSS can be set up as long as a logical CSS port has one CSS
member port in Up state.
● Ports do not support the CSS function after being split.

License No
Requir
ed

Table 4-8 S9310 and S9310X service port clustering

LPU ● LE2D2X08SED4 LE1D2L02QFC0
Model ● LE2D2X08SED5
● LE0DX12XSA00
● LE0DX16SFC00
● LE0DX40SFC00
● LE1D2X32SSC0
● LSS3X32SA1E0
● LE1D2X16SSC2
● LSS3X16SA1E0
● LE1D2X08SSC0
● LE1D2X12SSC0

Issue 38 (2023-11-30) Copyright © Huawei Technologies Co., Ltd. 195

Sx300 Series Switches
Typical Configuration Examples 4 Typical Device Management Configuration

Pluggabl ● 1 m, 3 m, 5 m, and 10 m SFP+ high-speed ● 1 m, 3 m, and

e cable 5 m QSFP+
Modules ● SFP+ optical module and fiber high-speed
on cable
Service ● 3 m and 10 m SFP+ AOC cable
● QSFP+ optical
Ports NOTE
The LE0DX12XSA00 does not support 3 m and 5 m SFP
module and
+ high-speed cable. fiber
The LSS3X32SA1E0 and LSS3X16SA1E0 do not support
(QSFP-40G-
SFP+ high-speed cable. SR-BD optical
modules can
be used for
CSS since
V200R019C10
SPC500.)
● 10 m QSFP+
AOC cable
(supported
since
V200R009C00
)

Usage ● On the LE2D2X08SED4 and LE2D2X08SED5 None

Constrai LPUs, at most four ports can be configured as
nts CSS physical member ports. The four physical
member ports must be the first four ports
(numbered 0 to 3) or the last four ports
(numbered 4 to 7) on the LPUs.
● On the LE1D2X08SSC0, LE1D2X12SSC0,
LE0DX16SFC00, LE0DX40SFC00,
LE1D2X32SSC0, LSS3X32SA1E0,
LSS3X16SA1E0, and LE1D2X16SSC2 LPUs, four
contiguous ports must be configured as a
group of physical member ports together. The
port numbers of the four ports must start
with 4xN and end with 4xN+3 (N = 0, 1, 2...).
For example, ports 0 to 3 or ports 4 to 7 must
be configured together, but ports 2 to 5
cannot be configured together. If any port in a
group is configured as a physical member
port, the other three ports of the same group
must also be configured as physical member
ports.

Issue 38 (2023-11-30) Copyright © Huawei Technologies Co., Ltd. 196

Sx300 Series Switches
Typical Configuration Examples 4 Typical Device Management Configuration

Hardwar ● Only two S9310 or two S9310X can set up a CSS.

e ● Each chassis can have at most two LPUs for CSS connection. It is
Configur recommended that you use the same type of LPUs in a chassis
ation for CSS connection. The two chassis must use the same type of
ports for CSS connection, for example, 10GE SFP+ optical ports.
● Each LPU allows only one logical CSS port. Each logical CSS port
supports a maximum of 32 physical member ports.
● Some ports on an LPU can function as CSS ports, while other
ports on the LPU function as service ports.
● A CSS can be set up as long as a logical CSS port has one CSS
member port in Up state.
● Ports do not support the CSS function after being split.

License Yes
Required

Table 4-9 S9300X-4, S9300X-8, and S9300X-12 service port clustering

Service ● LST3X24 LST3M24BX ● LST3Y40 ● LST3C02B ● LST3C06
Card BX6E0 6E0 SX6H0 X6E0 HX6E0
Model ● LST3X24 (MultiGE (25GE (40GE ● LST3C06
BX6S0 ports) ports in ports) HX6S0
40 x ● LST3L12
● LST3X48 25GE ● LST3C04
SX6E0 QX6E0 HX6E0
mode)
● LST3X48 ● LST3Y40 ● LST3C24
SX6S0 SX6H0 HX6E0
● LST3X36 (25GE ● LST3C02
SX6E0 ports in BX6E0
● LST3X08 32 x (100GE
BX6E0 25GE ports)
+ 16 x
● LST3X16 10GE
BX6E0 mode)
● LST3X24
SX6E0
● LST3X04
BX6E0
● LST3Y40
SX6H0
(10GE
ports in
32 x
25GE
+ 16 x
10GE
mode)

Issue 38 (2023-11-30) Copyright © Huawei Technologies Co., Ltd. 197

Sx300 Series Switches
Typical Configuration Examples 4 Typical Device Management Configuration

Hardw ● A CSS can be set up between two S9300X-4 switches, between one
are S9300X-4 and one S9300X-8, between two S9300X-8 switches,
Config between two S9300X-12 switches, between one S9300X-4 and one
uration S9300X-12, or between one S9300X-8 and one S9300X-12.
● Each chassis can have at most two LPUs for CSS connection. It is
recommended that you use the same type of LPUs in a chassis for
CSS connection. The two chassis must use the same type of ports
for CSS connection, for example, 10GE SFP+ optical ports.
● Each LPU allows only one logical CSS port. Each logical CSS port
supports a maximum of 32 physical member ports.
● Some ports on an LPU can function as CSS ports, while other ports
on the LPU function as service ports.
● A CSS can be set up as long as a logical CSS port has one CSS
member port in Up state.
● Ports do not support the CSS function after being split.

License No
Require
d

4.2.1.6 Software and Hardware Support for S9300E Service Port Clustering
Device ● S9306E
Model ● S9312E

Software V200R002C00, V200R003C00, V200R005C00SPC300,

Version V200R006C00, V200R007C00, V200R008(C00&C10),
V200R009C00, V200R010C00, V200R011C10, V200R012C00,
V200R013C00

Issue 38 (2023-11-30) Copyright © Huawei Technologies Co., Ltd. 198

Sx300 Series Switches
Typical Configuration Examples 4 Typical Device Management Configuration

LPU Model ● LE2D2X08SED4 ● LE1D2L02QFC0

NOTE ● LE2D2X08SED5
For details
about LPUs, ● LE0DX12XSA00
see "Cards" ● LE0DX16SFC00
in the
Hardware ● LE0DX40SFC00
Description ● LE1D2X32SSC0
of the
related ● LE1D2X16SSC2
device ● LE1D2X08SSC0
model.
● LE1D2X12SSC0

Pluggable ● 1 m, 3 m, 5 m, and 10 m ● 1 m, 3 m, and 5 m QSFP+

Modules on SFP+ high-speed cable high-speed cable
Service Ports ● SFP+ optical module and ● QSFP+ optical module
fiber (except the QSFP-40G-SR-
● 3 m and 10 m SFP+ AOC BD model) and fiber
cable ● 10 m QSFP+ AOC cable
NOTE (supported since
The LE0DX12XSA00 does not V200R009C00)
support 3 m and 5 m SFP+ high-
speed cables

Issue 38 (2023-11-30) Copyright © Huawei Technologies Co., Ltd. 199

Sx300 Series Switches
Typical Configuration Examples 4 Typical Device Management Configuration

Usage ● On the LE2D2X08SED4 and The interconnected CSS

Constraints LE2D2X08SED5 LPUs, at physical member ports on the
most four ports can be two member switches must
configured as CSS physical be both 40GE ports. XGE ports
member ports. The four derived from a 40GE port
physical member ports must cannot be added to a logical
be the first four ports CSS port.
(numbered 0 to 3) or the
last four ports (numbered 4
to 7) on the LPUs.
● On the LE1D2X08SSC0,
LE1D2X12SSC0,
LE0DX16SFC00,
LE0DX40SFC00,
LE1D2X32SSC0 and
LE1D2X16SSC2 LPUs, four
contiguous ports must be
configured as a group of
physical member ports
together. The port numbers
of the four ports must start
with 4xN and end with 4xN
+3 (N = 0, 1, 2...). For
example, ports 0 to 3 or
ports 4 to 7 must be
configured together, but
ports 2 to 5 cannot be
configured together. If any
port in a group is configured
as a physical member port,
the other three ports of the
same group must also be
configured as physical
member ports.

Hardware ● Only two S9306E switches, two S9312E switches, or one

Configuratio S9306E and one S9312E can set up a CSS.
n ● MPUs in one chassis must be the same model. MPUs in the
local and peer chassis can be different models but are
recommended to be the same model.

Issue 38 (2023-11-30) Copyright © Huawei Technologies Co., Ltd. 200

Sx300 Series Switches
Typical Configuration Examples 4 Typical Device Management Configuration

● Each chassis can have at most two LPUs for CSS connection.
It is recommended that you use the same type of LPUs in a
chassis for CSS connection. The two chassis must use the
same type of ports for CSS connection, for example, 10GE
SFP+ optical ports.
● Each LPU allows only one logical CSS port. Each logical CSS
port supports a maximum of 32 physical member ports.
● Some ports on an LPU can function as CSS ports, while other
ports on the LPU function as service ports.
● A CSS can be set up as long as a logical CSS port has one CSS
member port in Up state.

License Yes
Required

4.2.2 Example for Setting Up a CSS of Two Member Switches

Using CSS Cards

Overview of CSS
A Cluster Switch System (CSS), also called a cluster, is a logical switch consisting
of two clustering-capable switches. It provides high forwarding performance and
high network reliability and scalability, while simplifying network management.
● High reliability: Member switches in a CSS work in redundancy mode. Link
redundancy can also be implemented between member switches through link
aggregation.
● High scalability: Switches can set up a CSS to increase the number of ports,
bandwidth, and packet processing capabilities.
● Simplified configuration and management: After two switches set up a CSS,
they are virtualized into one device. You can log in to the CSS from either
member switch to configure and manage the entire CSS.

In CSS card connection mode, member switches are connected using CSS cards on
MPUs or SFUs and cluster cables. Compared with the service port connection
mode, the CSS card connection mode does not occupy common service ports, is
easy to configure, ensures high stability and low latency, but has higher hardware
requirements.

SFU-integrated CSS cards connection mode, newly supported in V200R010C00, is

also called Cluster Switch System Generation 2 (CSS2). In addition to the existing
CSS features, CSS2 supports 1+N backup of MPUs.

1+N backup of MPUs enables a CSS to run stably as long as one MPU of any
chassis in the CSS is working normally. Compared with the service port connection
mode in which each chassis must have at least one MPU working normally, CSS2
is more reliable. Compared with the MPU-mounted CSS card connection mode in
which each chassis must have two MPUs installed, CSS2 is more flexible.

After a CSS is set up, you are advised to perform the following configurations:

Issue 38 (2023-11-30) Copyright © Huawei Technologies Co., Ltd. 201

Sx300 Series Switches
Typical Configuration Examples 4 Typical Device Management Configuration

● To simplify network configuration, increase uplink bandwidth, and improve

reliability, configure inter-device Eth-Trunks in the CSS, connect downstream
devices to the CSS in dual-homing mode, and add uplink and downlink ports
of the CSS to the Eth-Trunks.
● Configure the multi-active detection (MAD) function in the CSS. Two member
switches in a CSS use the same IP address and MAC address (CSS system MAC
address). Therefore, after the CSS splits, two CSSs using the same IP address
and MAC address exist. To prevent this situation, a mechanism is required to
check for IP address and MAC address conflicts after a split. MAD is a CSS
split detection protocol that provides split detection, multi-active handling,
and fault recovery mechanisms when a CSS splits due to a link failure. This
minimizes the impact of a CSS split on services.
MAD can be implemented in direct or relay mode, but these modes cannot be
configured simultaneously in a CSS. You can configure MAD in relay mode for
a CSS when an inter-device Eth-Trunk is configured in the CSS. The direct
mode occupies additional ports, and these ports can only be used for MAD
after being connected using common cables. In contrast to the direct mode,
the relay mode does not occupy additional ports.

Guidelines
● After two switches set up a CSS, the following features cannot be configured
in the CSS:
– Synchronous Ethernet clock
– Precision Time Protocol (PTP) (IEEE 1588)
– Web system configuration (In V200R001C00, the web system is not
supported. In V200R002C00 and later versions, you can log in to the CSS
through the web system to perform configurations.)
● When configuring MAD, focus on the differences in the command syntax
between V200R002C00 (and earlier versions) and V200R003C00 (and later
versions). In V200R002C00 and earlier versions, the split detection function is
called dual-active detection (DAD).
● Regardless of how many MAD links exist, ports of the standby switch will be
shut down and no longer forward service packets as long as the CSS splits.

Networking Requirements
An enterprise needs to build a network that has a reliable core layer and simple
structure to facilitate configuration and management.
To meet requirements of the enterprise, core switches SwitchA and SwitchB set up
a CSS in CSS card connection mode. SwitchA is the master switch, and SwitchB is
the standby switch. Figure 4-18 shows the network topology. Aggregation
switches connect to the CSS through Eth-Trunks, and the CSS connects to the
upstream network through an Eth-Trunk. In this example, the core switches are
the S9306 switches.

Issue 38 (2023-11-30) Copyright © Huawei Technologies Co., Ltd. 202

Sx300 Series Switches
Typical Configuration Examples 4 Typical Device Management Configuration

Figure 4-18 Setting up a CSS

Configuration Roadmap
The configuration roadmap is as follows:

1. Install hardware modules on SwitchA and SwitchB.

2. Set the CSS connection mode on SwitchA and SwitchB and set their CSS IDs to
1 and 2 and CSS priorities to 100 and 10 respectively. These configurations
ensure that SwitchA has a higher probability to become the master switch.
3. Enable the CSS function on SwitchA and then on SwitchB to ensure that
SwitchA becomes the master switch.
4. Check whether a CSS is set up successfully.
5. Configure uplink and downlink Eth-Trunks for the CSS to improve forwarding
bandwidth and reliability.
6. Configure MAD to minimize the impact of a CSS split on the network.

Procedure
Step 1 Install hardware modules.

Issue 38 (2023-11-30) Copyright © Huawei Technologies Co., Ltd. 203

Sx300 Series Switches
Typical Configuration Examples 4 Typical Device Management Configuration

The following describes only the rule for connecting cluster cables between two
member switches. If you also need to install MPUs and CSS cards and learn about
installation details, see the Switch Cluster Setup Guide.
Select the required connection diagram based on the device model and CSS card
model to connect cluster cables.

Figure 4-19 VSTSA CSS card connections (S9306&S9312)

NOTE

Follow these rules when connecting VSTSA CSS cards: Each VSTSA CSS card has four ports.
All ports with the same port number and color must be connected, as shown in the
preceding figure. For example, port 1 in blue on the left chassis must be connected to port
1 in blue on the right chassis.
The CSS set up using VSTSA CSS cards allows at most one faulty cluster cable.

Figure 4-20 VS04 CSS card connections (S9306&S9312)

Issue 38 (2023-11-30) Copyright © Huawei Technologies Co., Ltd. 204

Sx300 Series Switches
Typical Configuration Examples 4 Typical Device Management Configuration

NOTE

Follow these rules when connecting VS04 CSS cards:

● Each VS04 CSS card has four ports. All ports with the same port number must be
connected, as shown in the preceding figure. For example, port 1 in blue on the left
chassis must be connected to port 1 in blue on the right chassis. The two chassis can
be connected through one cable. However, it is recommended that the two chassis be
connected through multiple cables.
● Each CSS card on the local chassis can be connected to only one CSS card on the peer
chassis.

Figure 4-21 S9310 and S9310X integrated CSS card connections (using 4*10G
ports and 40G ports)

Issue 38 (2023-11-30) Copyright © Huawei Technologies Co., Ltd. 205

Sx300 Series Switches
Typical Configuration Examples 4 Typical Device Management Configuration

NOTE

Follow these rules when connecting S9310 and S9310X integrated CSS cards:
● On the S9310 and S9310X, the local and peer chassis can be connected using either
MPUs or SFUs or both MPUs and SFUs. MPUs or SFUs in one chassis can only be
connected to the same type of cards (MPUs or SFUs) in the other chassis.
● MPU-integrated and SFU-integrated CSS cards have two types of ports: 4*10G ports
and 40G port. 10G ports with the same port number must be connected, as shown in
the preceding figure. For example, port 1 in blue on the left chassis must be connected
to port 1 in blue on the right chassis.
● The two chassis can set up a CSS as long as they are connected by one cluster cable.
To ensure reliability, it is advised to connect multiple cluster cables. Ensure that all
SFUs are connected using cluster cables.
● To support 1+N MPU backup, ensure that SFUs are connected using cluster cables.

Step 2 Configure the CSS connection mode, CSS ID, and CSS priority.
# Configure the CSS function on SwitchA. Retain the default CSS connection mode
(CSS card connection) and the default CSS ID 1, and set the CSS priority to 100.
<Quidway> system-view
[Quidway] sysname SwitchA
[SwitchA] set css priority 100

# Configure the CSS function on SwitchB. Retain the default CSS connection mode
(CSS card connection), and set the CSS ID to 2 and CSS priority to 10.
<Quidway> system-view
[Quidway] sysname SwitchB
[SwitchB] set css id 2
[SwitchB] set css priority 10

Issue 38 (2023-11-30) Copyright © Huawei Technologies Co., Ltd. 206

Sx300 Series Switches
Typical Configuration Examples 4 Typical Device Management Configuration

NOTE

To use two S9310s or S9310Xs to establish a CSS, you need to run the css port media-type
command to set the CSS port type to the actual port type used for cluster connections. You can
run the display css status [ saved ] command to check the current and saved CSS port types
based on the CSS port media-type field.

# Check the CSS configuration.

NOTE

After the configuration is complete, run the display css status saved command to check
the CSS configuration.

Check the CSS configuration on SwitchA.

[SwitchA] display css status saved
Current Id Saved Id CSS Enable CSS Mode Priority Master force
------------------------------------------------------------------------------
1 1 Off CSS card 100 Off

Check the CSS configuration on SwitchB.

[SwitchB] display css status saved
Current Id Saved Id CSS Enable CSS Mode Priority Master force
------------------------------------------------------------------------------
1 2 Off CSS card 10 Off

Step 3 Enable the CSS function.

# Enable the CSS function on SwitchA and restart SwitchA.
[SwitchA] css enable
Warning: The CSS configuration will take effect only after the system is rebooted. The next CSS mode is CSS
card. Reboot now? [Y/N]:y

# Enable the CSS function on SwitchB and restart SwitchB.

[SwitchB] css enable
Warning: The CSS configuration will take effect only after the system is rebooted. The next CSS mode is CSS
card. Reboot now? [Y/N]:y

Step 4 Check whether a CSS is set up successfully.

# View the indicator status.
The MASTER indicator on a CSS card of SwitchA is steady on, indicating that the
MPU with the CSS card installed is the active MPU of the CSS and SwitchA is the
master switch.
The MASTER indicators on the CSS cards of SwitchB are off, indicating that
SwitchB is the standby switch.
# Log in to the CSS through the console port on any MPU to check whether the
CSS has been set up successfully. In versions earlier than V200R005C00, you must
log in to the CSS through the console port on the active MPU.
<SwitchA> display device
Chassis 1 (Master Switch)
S9306's Device status:
Slot Sub Type Online Power Register Status Role
---------------------------------------
1 - LE0DT24XEA00 Present PowerOn Registered Normal NA
2 - LE0MG48SC Present PowerOn Registered Normal NA
7 - LE0D00SRUB00 Present PowerOn Registered Normal Master
1 LE0D0VSTSA00 Present PowerOn Registered Normal NA

Issue 38 (2023-11-30) Copyright © Huawei Technologies Co., Ltd. 207

Sx300 Series Switches
Typical Configuration Examples 4 Typical Device Management Configuration

8 - LE0D00SRUB00 Present PowerOn Registered Normal Slave

1 LE0D0VSTSA00 Present PowerOn Registered Normal NA
PWR1 - - Present PowerOn Registered Normal NA
CMU1 - LE0DCMUA0000 Present PowerOn Registered Normal Slave
CMU2 - LE0DCMUA0000 Present PowerOn Registered Normal Master
FAN1 - - Present PowerOn Registered Normal NA
FAN2 - - Present PowerOn Registered Normal NA
Chassis 2 (Standby Switch)
S9306's Device status:
Slot Sub Type Online Power Register Status Role
---------------------------------------
1 - LE0DG48SBC00 Present PowerOn Registered Normal NA
3 - LE0MF48TA Present PowerOn Registered Normal NA
5 - LE0MF48TC Present PowerOn Registered Normal NA
6 - LE0MG48SD Present PowerOn Registered Normal NA
7 - LE0D00SRUB00 Present PowerOn Registered Normal Master
1 LE0D0VSTSA00 Present PowerOn Registered Normal NA
8 - LE0D00SRUB00 Present PowerOn Registered Normal Slave
1 LE0D0VSTSA00 Present PowerOn Registered Normal NA
PWR1 - - Present PowerOn Registered Normal NA
CMU1 - LE0DCMUA0000 Present PowerOn Registered Normal Master
FAN1 - - Present PowerOn Registered Normal NA
FAN2 - - Present PowerOn Registered Normal NA

The command output shows the card status of both member switches, indicating
that the CSS has been set up successfully.
# Check whether CSS links are normal.
<SwitchA> display css channel
Chassis 1 || Chassis 2
================================================================================
Num [SRUB HG] [VSTS Port(Status)] || [VSTS Port(Status)] [SRUB HG]
1 1/7 1/15 -- 1/7/0/1(UP 16G) ---||--- 2/7/0/4(UP 16G) -- 2/8 1/14
2 1/7 0/15 -- 1/7/0/3(UP 16G) ---||--- 2/8/0/2(UP 16G) -- 2/7 0/14
3 1/7 1/14 -- 1/8/0/4(UP 16G) ---||--- 2/7/0/1(UP 16G) -- 2/7 1/15
4 1/7 0/14 -- 1/8/0/2(UP 16G) ---||--- 2/8/0/3(UP 16G) -- 2/8 0/15
5 1/8 1/15 -- 1/8/0/1(UP 16G) ---||--- 2/8/0/4(UP 16G) -- 2/7 1/14
6 1/8 0/15 -- 1/8/0/3(UP 16G) ---||--- 2/7/0/2(UP 16G) -- 2/8 0/14
7 1/8 1/14 -- 1/7/0/4(UP 16G) ---||--- 2/8/0/1(UP 16G) -- 2/8 1/15
8 1/8 0/14 -- 1/7/0/2(UP 16G) ---||--- 2/7/0/3(UP 16G) -- 2/7 0/15

The command output shows that all the CSS links are Up, indicating that the CSS
has been set up successfully.
Step 5 Configure Eth-Trunks between the CSS and its upstream and downstream devices.
# Configure an Eth-Trunk in the CSS and add uplink ports to the Eth-Trunk.
<SwitchA> system-view
[SwitchA] sysname CSS //Rename the CSS.
[CSS] interface eth-trunk 10
[CSS-Eth-Trunk10] quit
[CSS] interface gigabitethernet 1/1/0/4
[CSS-GigabitEthernet1/1/0/4] eth-trunk 10
[CSS-GigabitEthernet1/1/0/4] quit
[CSS] interface gigabitethernet 2/1/0/4
[CSS-GigabitEthernet2/1/0/4] eth-trunk 10
[CSS-GigabitEthernet2/1/0/4] quit

# Configure an Eth-Trunk in the CSS and add the downlink ports connected to
SwitchC to the Eth-Trunk.
[CSS] interface eth-trunk 20
[CSS-Eth-Trunk20] quit
[CSS] interface gigabitethernet 1/1/0/3
[CSS-GigabitEthernet1/1/0/3] eth-trunk 20
[CSS-GigabitEthernet1/1/0/3] quit
[CSS] interface gigabitethernet 2/1/0/5

Issue 38 (2023-11-30) Copyright © Huawei Technologies Co., Ltd. 208

Sx300 Series Switches
Typical Configuration Examples 4 Typical Device Management Configuration

[CSS-GigabitEthernet2/1/0/5] eth-trunk 20
[CSS-GigabitEthernet2/1/0/5] quit

# Configure an Eth-Trunk in the CSS and add the downlink ports connected to
SwitchD to the Eth-Trunk.
[CSS] interface eth-trunk 30
[CSS-Eth-Trunk30] quit
[CSS] interface gigabitethernet 1/1/0/5
[CSS-GigabitEthernet1/1/0/5] eth-trunk 30
[CSS-GigabitEthernet1/1/0/5] quit
[CSS] interface gigabitethernet 2/1/0/3
[CSS-GigabitEthernet2/1/0/3] eth-trunk 30
[CSS-GigabitEthernet2/1/0/3] return

# Configure an Eth-Trunk on SwitchE and add member ports to the Eth-Trunk.

<Quidway> system-view
[Quidway] sysname SwitchE
[SwitchE] interface eth-trunk 10
[SwitchE-Eth-Trunk10] quit
[SwitchE] interface gigabitethernet 1/0/1
[SwitchE-GigabitEthernet1/0/1] eth-trunk 10
[SwitchE-GigabitEthernet1/0/1] quit
[SwitchE] interface gigabitethernet 1/0/2
[SwitchE-GigabitEthernet1/0/2] eth-trunk 10
[SwitchE-GigabitEthernet1/0/2] quit

# Configure an Eth-Trunk on SwitchC and add member ports to the Eth-Trunk.

<Quidway> system-view
[Quidway] sysname SwitchC
[SwitchC] interface eth-trunk 20
[SwitchC-Eth-Trunk20] quit
[SwitchC] interface gigabitethernet 1/0/1
[SwitchC-GigabitEthernet1/0/1] eth-trunk 20
[SwitchC-GigabitEthernet1/0/1] quit
[SwitchC] interface gigabitethernet 1/0/2
[SwitchC-GigabitEthernet1/0/2] eth-trunk 20
[SwitchC-GigabitEthernet1/0/2] quit

# Configure an Eth-Trunk on SwitchD and add member ports to the Eth-Trunk.

<Quidway> system-view
[Quidway] sysname SwitchD
[SwitchD] interface eth-trunk 30
[SwitchD-Eth-Trunk30] quit
[SwitchD] interface gigabitethernet 1/0/1
[SwitchD-GigabitEthernet1/0/1] eth-trunk 30
[SwitchD-GigabitEthernet1/0/1] quit
[SwitchD] interface gigabitethernet 1/0/2
[SwitchD-GigabitEthernet1/0/2] eth-trunk 30
[SwitchD-GigabitEthernet1/0/2] quit

# Verify the configuration.

After the configuration is complete, run the display trunkmembership eth-trunk
command in any view to check information about Eth-Trunk member ports. For
example:
The command output shows information about member ports in Eth-Trunk 10.
<CSS> display trunkmembership eth-trunk 10
Trunk ID: 10
Used status: VALID
TYPE: ethernet
Working Mode : Normal
Number Of Ports in Trunk = 2
Number Of Up Ports in Trunk = 2

Issue 38 (2023-11-30) Copyright © Huawei Technologies Co., Ltd. 209

Sx300 Series Switches
Typical Configuration Examples 4 Typical Device Management Configuration

Operate status: up

Interface GigabitEthernet1/1/0/4, valid, operate up, weight=1

Interface GigabitEthernet2/1/0/4, valid, operate up, weight=1

Step 6 Configure the MAD function. The following procedure configures MAD in relay
mode and configures SwitchC as the relay agent using the commands applicable
to V200R003C00 and later versions.
# In the CSS, configure MAD in relay mode for the inter-device Eth-Trunk.
<CSS> system-view
[CSS] interface eth-trunk 20
[CSS-Eth-Trunk20] mad detect mode relay //In V200R002C00 and earlier versions, the command is
dual-active detect mode relay.
[CSS-Eth-Trunk20] quit
[CSS] quit

# Configure the MAD proxy function on SwitchC.

[SwitchC] interface eth-trunk 20
[SwitchC-Eth-Trunk20] mad relay //In V200R002C00 and earlier versions, the command is
dual-active relay.
[SwitchC-Eth-Trunk20] quit
[SwitchC] quit

# Verify the configuration.

Check the MAD configuration in the CSS.
<CSS> display mad //In V200R002C00 and earlier versions, the command is display
dual-active.
Current MAD domain: 0
MAD direct detection enabled: NO
MAD relay detection enabled: YES

Check MAD proxy information on SwitchC.

<SwitchC> display mad proxy //In V200R002C00 and earlier versions, the command is
display dual-active proxy.
Mad relay interfaces configured:
Eth-Trunk20

----End

Configuration Files
● CSS configuration file
#
sysname CSS
#
interface Eth-Trunk10
#
interface Eth-Trunk20
mad detect mode relay
#
interface Eth-Trunk30
#
interface GigabitEthernet1/1/0/3
eth-trunk 20
#
interface GigabitEthernet1/1/0/4
eth-trunk 10
#
interface GigabitEthernet1/1/0/5
eth-trunk 30
#
interface GigabitEthernet2/1/0/3

Issue 38 (2023-11-30) Copyright © Huawei Technologies Co., Ltd. 210

Sx300 Series Switches
Typical Configuration Examples 4 Typical Device Management Configuration

eth-trunk 30
#
interface GigabitEthernet2/1/0/4
eth-trunk 10
#
interface GigabitEthernet2/1/0/5
eth-trunk 20
#
return
● SwitchC configuration file
#
sysname SwitchC
#
interface Eth-Trunk20
mad relay
#
interface GigabitEthernet1/0/1
eth-trunk 20
#
interface GigabitEthernet1/0/2
eth-trunk 20
#
return
● SwitchD configuration file
#
sysname SwitchD
#
interface Eth-Trunk30
#
interface GigabitEthernet1/0/1
eth-trunk 30
#
interface GigabitEthernet1/0/2
eth-trunk 30
#
return
● SwitchE configuration file
#
sysname SwitchE
#
interface Eth-Trunk10
#
interface GigabitEthernet1/0/1
eth-trunk 10
#
interface GigabitEthernet1/0/2
eth-trunk 10
#
return

4.2.3 Example for Setting Up a CSS Using Service Ports

Issue 38 (2023-11-30) Copyright © Huawei Technologies Co., Ltd. 211

Sx300 Series Switches
Typical Configuration Examples 4 Typical Device Management Configuration

● Simplified configuration and management: After two switches set up a CSS,

they are virtualized into one device. You can log in to the CSS from either
member switch to configure and manage the entire CSS.

In service port connection mode, member switches are connected using service
ports, without a need for CSS cards. The service ports must be configured as
physical member ports of logical CSS ports. Figure 4-22 shows physical member
ports and logical CSS ports in a CSS.

Figure 4-22 Service port connection

● Physical member port

A physical member port is a service port used to set up a CSS link between
CSS member switches. Physical member ports forward service packets or CSS
protocol packets between member switches.
● Logical CSS port
A logical CSS port is bound to physical member ports for CSS connection.
Each CSS member switch supports two logical CSS ports.

Compared with the CSS card connection mode, the service port connection mode
is more flexible but is complex to configure and needs to occupy service ports on
LPUs.

After a CSS is set up, you are advised to perform the following configurations:
● To simplify network configuration, increase uplink bandwidth, and improve
reliability, configure inter-device Eth-Trunks in the CSS, connect downstream
devices to the CSS in dual-homing mode, and add uplink and downlink ports
of the CSS to the Eth-Trunks.
● Configure the multi-active detection (MAD) function in the CSS. Two member
switches in a CSS use the same IP address and MAC address (CSS system MAC
address). Therefore, after the CSS splits, two CSSs using the same IP address
and MAC address exist. To prevent this situation, a mechanism is required to
check for IP address and MAC address conflicts after a split. MAD is a CSS
split detection protocol that provides split detection, multi-active handling,
and fault recovery mechanisms when a CSS splits due to a link failure. This
minimizes the impact of a CSS split on services.
MAD can be implemented in direct or relay mode, but these modes cannot be
configured simultaneously in a CSS. You can configure MAD in relay mode for
a CSS when an inter-device Eth-Trunk is configured in the CSS. The direct
mode occupies additional ports, and these ports can only be used for MAD
after being connected using common cables. In contrast to the direct mode,
the relay mode does not occupy additional ports.

Issue 38 (2023-11-30) Copyright © Huawei Technologies Co., Ltd. 212

Sx300 Series Switches
Typical Configuration Examples 4 Typical Device Management Configuration

Guidelines
● The service port clustering function is controlled by a license. By default, this
function is disabled on a new device. To use this function, apply for and
purchase a license from the Huawei agent or local office.
● When switches using SRUAs, SRUBs, SRUCs, and SRUDs set up a CSS in
service port clustering mode, the system software file (system startup
package) must be saved in the CF card. If it is saved in the flash memory, the
CSS cannot be set up in service port clustering mode.
● After two switches set up a CSS, the following features cannot be configured
in the CSS:
– Synchronous Ethernet clock
– Precision Time Protocol (PTP) (IEEE 1588)
● When configuring MAD, focus on the differences in the command syntax
between V200R002C00 and V200R003C00 (and later versions). In
V200R002C00, the split detection function is called dual-active detection
(DAD).
● Regardless of how many MAD links exist, ports of the standby switch will be
shut down and no longer forward service packets as long as the CSS splits.

Networking Requirements
An enterprise needs to build a network that has a reliable core layer and simple
structure to facilitate configuration and management and reduce deployment
costs.
To meet requirements of the enterprise, core switches SwitchA and SwitchB set up
a CSS in service port connection mode. SwitchA is the master switch, and SwitchB
is the standby switch. Figure 4-23 shows the network topology. Aggregation
switches connect to the CSS through Eth-Trunks, and the CSS connects to the
upstream network through an Eth-Trunk. In this example, the core switches are
the S9306 switches.

Issue 38 (2023-11-30) Copyright © Huawei Technologies Co., Ltd. 213

Sx300 Series Switches
Typical Configuration Examples 4 Typical Device Management Configuration

Figure 4-23 Setting up a CSS

Configuration Roadmap
The configuration roadmap is as follows:
1. Install LPUs on SwitchA and SwitchB, and connect cluster cables. Connect four
service ports on two LPUs of each switch to improve bandwidth and reliability.
2. Set the CSS connection mode on SwitchA and SwitchB and set their CSS IDs to
1 and 2 and CSS priorities to 100 and 10 respectively. These configurations
ensure that SwitchA has a higher probability to become the master switch.
3. Configure two logical CSS ports on each of SwitchA and SwitchB and add two
physical member ports to each logical CSS port.
4. Enable the CSS function on SwitchA and then on SwitchB to ensure that
SwitchA becomes the master switch.
5. Check whether a CSS is set up successfully.
6. Configure uplink and downlink Eth-Trunks for the CSS to improve forwarding
bandwidth and reliability.
7. Configure MAD to minimize the impact of a CSS split on the network.

Issue 38 (2023-11-30) Copyright © Huawei Technologies Co., Ltd. 214

Sx300 Series Switches
Typical Configuration Examples 4 Typical Device Management Configuration

Procedure
Step 1 Install hardware modules.
The following describes only the rule for connecting cluster cables between two
member switches. If you also need to install LPUs and learn about installation
details, see the Switch Cluster Setup Guide.
Connect cluster cables according to the connection rule shown in Figure 4-24.

Figure 4-24 Connection rule for service port clustering

Service ports are connected in two ways according to link distribution:

● 1+0 networking
Each member switch has one logical CSS port and connects to the other
member switch through physical member ports on one service card.
● 1+1 networking
Each member switch has two logical CSS ports, and physical member ports of
the logical CSS ports are located on two service cards. CSS links on the two
service cards implement link redundancy. The preceding figure shows the
cable connections in this networking.

Issue 38 (2023-11-30) Copyright © Huawei Technologies Co., Ltd. 215

Sx300 Series Switches
Typical Configuration Examples 4 Typical Device Management Configuration

NOTE

When connecting cluster cables, pay attention to the following points:

● Physical member ports of a logical CSS port on one switch must connect to physical
member ports of a logical CSS port on the other switch.
● In 1+1 networking, it is recommended that two service cards have the same number
of CSS links.
To ensure reliability, pay attention to the following points when using the preceding two
service port clustering networkings:
● You are advised to install MPUs in between CSS cards.
● To ensure high reliability, you are advised to use 1+1 networking and configure multi-
active detection (MAD).
● At least two physical member ports on an LPU must be added to one logical CSS port.
● It is recommended that the cards where uplink ports and MAD-enabled port are
located be the LPUs that are not used for CSS connections.

Step 2 Configure the CSS connection mode, CSS ID, and CSS priority.

# Configure the CSS function on SwitchA. Configure the service port connection
mode, set the CSS priority to 100, and retain the default CSS ID 1.
<Quidway> system-view
[Quidway] sysname SwitchA
[SwitchA] set css mode lpu
[SwitchA] set css priority 100

# Configure the CSS function on SwitchB. Configure the service port connection
mode, and set the CSS ID to 2 and CSS priority to 10.
<Quidway> system-view
[Quidway] sysname SwitchB
[SwitchB] set css mode lpu
[SwitchB] set css id 2
[SwitchB] set css priority 10

# Check the CSS configuration.

NOTE

After the configuration is complete, run the display css status saved command to check
the CSS configuration.

Check the CSS configuration on SwitchA.

[SwitchA] display css status saved
Current Id Saved Id CSS Enable CSS Mode Priority Master force
------------------------------------------------------------------------------
1 1 Off LPU 100 Off

Check the CSS configuration on SwitchB.

[SwitchB] display css status saved
Current Id Saved Id CSS Enable CSS Mode Priority Master force
------------------------------------------------------------------------------
1 2 Off LPU 10 Off

Step 3 Configure logical CSS ports.

# On SwitchA, configure service ports XGE1/0/1 and XGE1/0/2 as physical member

ports and add them to CSS port 1, and configure service ports XGE2/0/1 and
XGE2/0/2 as physical member ports and add them to CSS port 2.

Issue 38 (2023-11-30) Copyright © Huawei Technologies Co., Ltd. 216

Sx300 Series Switches
Typical Configuration Examples 4 Typical Device Management Configuration

[SwitchA] interface css-port 1

[SwitchA-css-port1] port interface xgigabitethernet 1/0/1 to xgigabitethernet 1/0/2 enable
[SwitchA-css-port1] quit
[SwitchA] interface css-port 2
[SwitchA-css-port2] port interface xgigabitethernet 2/0/1 to xgigabitethernet 2/0/2 enable
[SwitchA-css-port2] quit

# On SwitchB, configure service ports XGE1/0/1 and XGE1/0/2 as physical member

ports and add them to CSS port 1, and configure service ports XGE2/0/1 and
XGE2/0/2 as physical member ports and add them to CSS port 2.
[SwitchB] interface css-port 1
[SwitchB-css-port1] port interface xgigabitethernet 1/0/1 to xgigabitethernet 1/0/2 enable
[SwitchB-css-port1] quit
[SwitchB] interface css-port 2
[SwitchB-css-port2] port interface xgigabitethernet 2/0/1 to xgigabitethernet 2/0/2 enable
[SwitchB-css-port2] quit

NOTE

After the configuration is complete, run the display css css-port saved command to check
whether the ports are Up.

Step 4 Enable the CSS function.

# Enable the CSS function on SwitchB and restart SwitchB.

[SwitchB] css enable
Warning: The CSS configuration will take effect only after the system is rebooted. The next CSS mode is
LPU. Reboot now? [Y/N]:y

Step 5 Check whether a CSS is set up successfully.

# View the indicator status.
The ACT indicator on an MPU of SwitchA is steady green, indicating that the MPU
is the active MPU of the CSS and SwitchA is the master switch.
The ACT indicator on an MPU of SwitchB is blinking green, indicating that the
MPU is the standby MPU of the CSS and SwitchB is the standby switch.
# Log in to the CSS through the console port on any MPU to check whether the
CSS has been set up successfully.
<SwitchA> display device
Chassis 1 (Master Switch)
S9306's Device status:
Slot Sub Type Online Power Register Status Role
---------------------------------------
1 - LE0DX12XSA00 Present PowerOn Registered Normal NA
2 - LE0DX12XSA00 Present PowerOn Registered Normal NA
3 - LE0DX12XSA00 Present PowerOn Registered Normal NA
4 - LE0DT24XEA00 Present PowerOn Registered Normal NA
7 - LE0D00SRUB00 Present PowerOn Registered Normal Master
8 - LE0D00SRUB00 Present PowerOn Registered Normal Slave
PWR1 - - Present PowerOn Registered Normal NA
CMU1 - LE0DCMUA0000 Present PowerOn Registered Normal Master
FAN1 - - Present PowerOn Registered Normal NA
FAN2 - - Present PowerOn Registered Normal NA
Chassis 2 (Standby Switch)
S9306's Device status:

Issue 38 (2023-11-30) Copyright © Huawei Technologies Co., Ltd. 217

Sx300 Series Switches
Typical Configuration Examples 4 Typical Device Management Configuration

Slot Sub Type Online Power Register Status Role

---------------------------------------
1 - LE0DX12XSA00 Present PowerOn Registered Normal NA
2 - LE0DX12XSA00 Present PowerOn Registered Normal NA
3 - LE0DX12XSA00 Present PowerOn Registered Normal NA
4 - LE0DT24XEA00 Present PowerOn Registered Normal NA
5 - - Present PowerOff Unregistered - NA
6 - LE0DX12XSA00 Present PowerOn Registered Normal NA
7 - LE0D00SRUB00 Present PowerOn Registered Normal Master
8 - LE0D00SRUB00 Present PowerOn Registered Normal Slave
PWR1 - - Present PowerOn Registered Normal NA
CMU2 - - Present - Unregistered - NA
FAN1 - - Present PowerOn Registered Normal NA
FAN2 - - Present PowerOn Registered Normal NA

The command output shows the card status of both member switches, indicating
that the CSS has been set up successfully.
# Check whether the CSS link topology is the same as the actual hardware
connection.
<SwitchA> display css channel all
CSS link-down-delay: 500ms

Chassis 1 || Chassis 2
================================================================================
Num [CSS port] [LPU Port] || [LPU Port] [CSS port]
1 1/1 XGigabitEthernet1/1/0/1 XGigabitEthernet2/1/0/1 2/1
2 1/1 XGigabitEthernet1/1/0/2 XGigabitEthernet2/1/0/2 2/1
3 1/2 XGigabitEthernet1/2/0/1 XGigabitEthernet2/2/0/1 2/2
4 1/2 XGigabitEthernet1/2/0/2 XGigabitEthernet2/2/0/2 2/2
Chassis 2 || Chassis 1
================================================================================
Num [CSS port] [LPU Port] || [LPU Port] [CSS port]
1 2/1 XGigabitEthernet2/1/0/1 XGigabitEthernet1/1/0/1 1/1
2 2/1 XGigabitEthernet2/1/0/2 XGigabitEthernet1/1/0/2 1/1
3 2/2 XGigabitEthernet2/2/0/1 XGigabitEthernet1/2/0/1 1/2
4 2/2 XGigabitEthernet2/2/0/2 XGigabitEthernet1/2/0/2 1/2

The command output shows that the CSS link topology is the same as the actual
hardware connection, indicating that the CSS has been set up successfully.
Step 6 Configure Eth-Trunks between the CSS and its upstream and downstream devices.
# Configure an Eth-Trunk in the CSS and add uplink ports to the Eth-Trunk.
<SwitchA> system-view
[SwitchA] sysname CSS //Rename the CSS.
[CSS] interface eth-trunk 10
[CSS-Eth-Trunk10] quit
[CSS] interface xgigabitethernet 1/3/0/4
[CSS-XGigabitEthernet1/3/0/4] eth-trunk 10
[CSS-XGigabitEthernet1/3/0/4] quit
[CSS] interface xgigabitethernet 2/3/0/4
[CSS-XGigabitEthernet2/3/0/4] eth-trunk 10
[CSS-XGigabitEthernet2/3/0/4] quit

# Configure an Eth-Trunk in the CSS and add the downlink ports connected to
SwitchC to the Eth-Trunk.
[CSS] interface eth-trunk 20
[CSS-Eth-Trunk20] quit
[CSS] interface gigabitethernet 1/4/0/3
[CSS-GigabitEthernet1/4/0/3] eth-trunk 20
[CSS-GigabitEthernet1/4/0/3] quit
[CSS] interface gigabitethernet 2/4/0/5
[CSS-GigabitEthernet2/4/0/5] eth-trunk 20
[CSS-GigabitEthernet2/4/0/5] quit

Issue 38 (2023-11-30) Copyright © Huawei Technologies Co., Ltd. 218

Sx300 Series Switches
Typical Configuration Examples 4 Typical Device Management Configuration

# Configure an Eth-Trunk in the CSS and add the downlink ports connected to
SwitchD to the Eth-Trunk.
[CSS] interface eth-trunk 30
[CSS-Eth-Trunk30] quit
[CSS] interface gigabitethernet 1/4/0/5
[CSS-GigabitEthernet1/4/0/5] eth-trunk 30
[CSS-GigabitEthernet1/4/0/5] quit
[CSS] interface gigabitethernet 2/4/0/3
[CSS-GigabitEthernet2/4/0/3] eth-trunk 30
[CSS-GigabitEthernet2/4/0/3] return

# Configure an Eth-Trunk on SwitchE and add member ports to the Eth-Trunk.

<Quidway> system-view
[Quidway] sysname SwitchE
[SwitchE] interface eth-trunk 10
[SwitchE-Eth-Trunk10] quit
[SwitchE] interface xgigabitethernet 1/0/1
[SwitchE-XGigabitEthernet1/0/1] eth-trunk 10
[SwitchE-XGigabitEthernet1/0/1] quit
[SwitchE] interface xgigabitethernet 1/0/2
[SwitchE-XGigabitEthernet1/0/2] eth-trunk 10
[SwitchE-XGigabitEthernet1/0/2] quit

# Configure an Eth-Trunk on SwitchC and add member ports to the Eth-Trunk.

# Configure an Eth-Trunk on SwitchD and add member ports to the Eth-Trunk.

# Verify the configuration.

After the configuration is complete, run the display trunkmembership eth-trunk

command in any view to check information about Eth-Trunk member ports. For
example:

The command output shows information about member ports in Eth-Trunk 10.
<CSS> display trunkmembership eth-trunk 10
Trunk ID: 10
Used status: VALID
TYPE: ethernet
Working Mode : Normal
Number Of Ports in Trunk = 2
Number Of Up Ports in Trunk = 2
Operate status: up

Issue 38 (2023-11-30) Copyright © Huawei Technologies Co., Ltd. 219

Sx300 Series Switches
Typical Configuration Examples 4 Typical Device Management Configuration

Interface XGigabitEthernet1/3/0/4, valid, operate up, weight=1

Interface XGigabitEthernet2/3/0/4, valid, operate up, weight=1

Step 7 Configure the MAD function. The following procedure configures MAD in relay
mode and configures SwitchC as the relay agent using the commands applicable
to V200R003C00 and later versions.
# In the CSS, configure MAD in relay mode for the inter-device Eth-Trunk.
<CSS> system-view
[CSS] interface eth-trunk 20
[CSS-Eth-Trunk20] mad detect mode relay //In V200R002C00, the command is dual-active detect
mode relay.
[CSS-Eth-Trunk20] quit
[CSS] quit

# Configure the MAD proxy function on SwitchC.

[SwitchC] interface eth-trunk 20
[SwitchC-Eth-Trunk20] mad relay //In V200R002C00, the command is dual-active relay.
[SwitchC-Eth-Trunk20] quit
[SwitchC] quit

# Verify the configuration.

Check the MAD configuration in the CSS.
<CSS> display mad //In V200R002C00, the command is display dual-active.
Current MAD domain: 0
MAD direct detection enabled: NO
MAD relay detection enabled: YES

Check MAD proxy information on SwitchC.

<SwitchC> display mad proxy //In V200R002C00, the command is display dual-active proxy.
Mad relay interfaces configured:
Eth-Trunk20

----End

Configuration Files
● CSS configuration file
#
sysname CSS
#
interface Eth-Trunk10
#
interface Eth-Trunk20
mad detect mode relay
#
interface Eth-Trunk30
#
interface GigabitEthernet1/4/0/3
eth-trunk 20
#
interface XGigabitEthernet1/3/0/4
eth-trunk 10
#
interface GigabitEthernet1/4/0/5
eth-trunk 30
#
interface GigabitEthernet2/4/0/3
eth-trunk 30
#
interface XGigabitEthernet2/3/0/4
eth-trunk 10
#

Issue 38 (2023-11-30) Copyright © Huawei Technologies Co., Ltd. 220

Sx300 Series Switches
Typical Configuration Examples 4 Typical Device Management Configuration

interface GigabitEthernet2/4/0/5
eth-trunk 20
#
return

● SwitchC configuration file

#
sysname SwitchC
#
interface Eth-Trunk20
mad relay
#
interface GigabitEthernet1/0/1
eth-trunk 20
#
interface GigabitEthernet1/0/2
eth-trunk 20
#
return

● SwitchD configuration file

#
sysname SwitchD
#
interface Eth-Trunk30
#
interface GigabitEthernet1/0/1
eth-trunk 30
#
interface GigabitEthernet1/0/2
eth-trunk 30
#
return

● SwitchE configuration file

#
sysname SwitchE
#
interface Eth-Trunk10
#
interface XGigabitEthernet1/0/1
eth-trunk 10
#
interface XGigabitEthernet1/0/2
eth-trunk 10
#
return

4.2.4 Combining Standalone Switches into a CSS

Networking Requirements
Two modular switches at the aggregation layer use VRRP and STP to implement
gateway backup. To simplify the configuration, the two modular switches need to
be combined into a logical CSS.
In Figure 4-25, S1 and S2 at the aggregation layer are two standalone switches
and need to be combined into a CSS to simplify configuration and facilitate
maintenance and management.

Issue 38 (2023-11-30) Copyright © Huawei Technologies Co., Ltd. 221

Sx300 Series Switches
Typical Configuration Examples 4 Typical Device Management Configuration

Figure 4-25 Networking diagram of combining standalone switches into a CSS

When two standalone devices are combined into a CSS, major configuration
changes include:
● The VRRP gateway backup protocol deployed at the aggregation layer is not
required and its configuration needs to be deleted.
● The STP loop prevention protocol deployed at the access layer is not required
and its configuration needs to be deleted.
● The links at the access, aggregation, and core layers are changed to Eth-
Trunks, and related interface configurations need to be changed, including
basic VLAN configuration, QoS configuration, and ACL configuration.

Guidelines
● This operation applies to CSS card clustering and service port clustering.
Before combining two standalone switches into a CSS, ensure that the
hardware and software of the two switches meet CSS requirements. For CSS
card clustering, CSS cards and cluster cables have been prepared. For service
port clustering, service cards that support service port clustering and cluster
cables have been prepared.
● After the CSS function is enabled on a standalone switch and the switch is
restarted, configurations on interfaces of the switch may be lost in some
special configuration scenarios. Therefore, you are advised to back up the
configuration file before enabling the CSS function.
● The following procedure provides only the related configurations. Whether
other configurations need to be changed depends on the actual networking.

Procedure
Step 1 In the original networking, traffic at the access layer is load-balanced among
multiple links through STP and VRRP. In Figure 4-26, some traffic is forwarded
through S1 and some traffic is forwarded through S2.

Issue 38 (2023-11-30) Copyright © Huawei Technologies Co., Ltd. 222

Sx300 Series Switches
Typical Configuration Examples 4 Typical Device Management Configuration

Figure 4-26 Existing traffic forwarding

Step 2 Manually shut down the uplink and downlink ports of S2 to change the STP and
VRRP status so that S2 is isolated from the network and all traffic is forwarded
through S1, as shown in Figure 4-27.

Figure 4-27 Traffic forwarding after an STP and VRRP status switchover

Issue 38 (2023-11-30) Copyright © Huawei Technologies Co., Ltd. 223

Sx300 Series Switches
Typical Configuration Examples 4 Typical Device Management Configuration

Step 3 Back up the configuration file of S2. After the CSS function is enabled on a
standalone switch, the interface number format on the switch is changed from
slot ID/subcard ID/port number to stack member ID/slot ID/subcard ID/port
number, and the configurations on the interfaces of the switch are lost.
Step 4 Change S2 to the CSS state.
● Procedure for configuring service port clustering
a. Power off S2, install service cards, and power on S2.
b. Configure the CSS connection mode and CSS priority on S2.
<S2> system-view
[S2] set css mode lpu
[S2] set css priority 200 // Set the CSS priority to 200 to make S2 become the CSS master. The
default CSS priority is 1.
[S2] display css status saved // Check whether the configuration is correct.
Current Id Saved Id CSS Enable CSS Mode Priority Master
Force
------------------------------------------------------------------------------

1 1 Off LPU 200 On

c. Configure service ports as CSS ports. For example, configure service ports
XGE1/0/1, XGE1/0/2, XGE2/0/1, and XGE2/0/2 as CSS ports.
[S2] interface css-port 1
[S2-css-port1] port interface xgigabitethernet 1/0/1 to xgigabitethernet 1/0/2 enable
[S2-css-port1] quit
[S2] interface css-port 2
[S2-css-port2] port interface xgigabitethernet 2/0/1 to xgigabitethernet 2/0/2 enable
[S2-css-port2] quit

d. Enable the CSS function on S2 and restart S2.

[S2] css enable
Warning: The CSS configuration will take effect only after the system is rebooted. The next CSS
mode is LPU. Reboot now? [Y/N]:y

e. After S2 is restarted, check its CSS status. If the following output is

displayed, S2 has been changed to the CSS state:
<S2> display device
Chassis 1 (Master Switch)
S9306's Device status:
Slot Sub Type Online Power Register Status Role
---------------------------------------
1 - LE0DX12XSA00 Present PowerOn Registered Normal NA
2 - LE0DX12XSA00 Present PowerOn Registered Normal NA
3 - LE1D2G48TX1E Present PowerOn Registered Normal
NA
4 - LE1D2G48TX1E Present PowerOn Registered Normal
NA
7 - LE0D00SRUB00 Present PowerOn Registered Normal Master
8 - LE0D00SRUB00 Present PowerOn Registered Normal Slave
PWR1 - - Present PowerOn Registered Normal NA
PWR2 - - Present - Unregistered - NA
CMU2 - LE0DCMUA0000 Present PowerOn Registered Normal Master
FAN1 - - Present PowerOn Registered Abnormal NA
FAN2 - - Present - Unregistered - NA

● Procedure for configuring CSS card clustering

a. Power off S2, install CSS cards, and power on S2.
b. Configure the CSS priority on S2.
<S2> system-view
[S2] set css priority 200 // Set the CSS priority to 200 to make S2 become the CSS master. The
default CSS priority is 1.
[S2] display css status saved // Check whether the configuration is correct.
Current Id Saved Id CSS Enable CSS Mode Priority Master
Force
------------------------------------------------------------------------------

Issue 38 (2023-11-30) Copyright © Huawei Technologies Co., Ltd. 224

Sx300 Series Switches
Typical Configuration Examples 4 Typical Device Management Configuration

1 1 Off CSS card 200 On

c. Enable the CSS function on S2 and restart S2.
[S2] css enable
Warning: The CSS configuration will take effect only after the system is rebooted. The next CSS
mode is CSS card. Reboot now? [Y/N]:y
d. After S2 is restarted, check its CSS status. If the following output is
displayed, S2 has been changed to the CSS state:
<S2> display device
Chassis 1 (Master Switch)
S9306's Device status:
Slot Sub Type Online Power Register Status Role
---------------------------------------
3 - LE1D2G48TX1E Present PowerOn Registered Normal
NA
4 - LE1D2G48TX1E Present PowerOn Registered Normal
NA
7 - LE1D2SRUH000 Present PowerOn Registered Normal Master
1 LE1D2VS04000 Present PowerOn Registered Normal NA
8 - LE1D2SRUH000 Present PowerOn Registered Normal Slave
1 LE1D2VS04000 Present PowerOn Registered Normal NA
PWR1 - - Present PowerOn Registered Normal NA
PWR2 - - Present - Unregistered - NA
CMU2 - LE0DCMUA0000 Present PowerOn Registered Normal Master
FAN1 - - Present PowerOn Registered Abnormal NA
FAN2 - - Present - Unregistered - NA

Step 5 Change the configuration of S2, which has been changed to a single-chassis
cluster CSS-1. Alternatively, change the configuration after S1 and S2 are
combined into a CSS. Changing the configuration of S2 before S1 and S2 are
combined into a CSS can reduce the traffic loss.

Figure 4-28 Single-chassis CSS

1. Bind uplink ports XGE1/4/0/1 and XGE1/4/0/2 of CSS-1 to Eth-Trunks and

move the configurations of these ports to the Eth-Trunks.

Issue 38 (2023-11-30) Copyright © Huawei Technologies Co., Ltd. 225

Sx300 Series Switches
Typical Configuration Examples 4 Typical Device Management Configuration

For example: The configurations on the original ports (connecting CSS-1 to

devices at the core layer) are as follows:
#
interface XGigabitEthernet4/0/1
undo portswitch
ip address 192.168.4.2 255.255.255.0
#
interface XGigabitEthernet4/0/2
port link-type trunk
port trunk allow-pass vlan 100 200
#
Change the configurations.
<S2> system-view
[S2] sysname CSS // Change the device name to facilitate maintenance.
[CSS] interface eth-trunk 20 // Add the port connecting the CSS to a core device to Eth-Trunk 20.
[CSS-Eth-Trunk20] trunkport xgigabitethernet1/4/0/1
[CSS-Eth-Trunk20] ip address 192.168.4.2 255.255.255.0
[CSS-Eth-Trunk20] quit
[CSS] interface eth-trunk 10 // Add the port connecting the CSS to another core device to Eth-Trunk
10.
[CSS-Eth-Trunk10] trunkport xgigabitethernet1/4/0/2
[CSS-Eth-Trunk10] port link-type trunk
[CSS-Eth-Trunk10] port trunk allow-pass vlan 100 200
[CSS-Eth-Trunk10] quit
2. Change the configurations of devices at the core layer and access layer and
bind physical ports to Eth-Trunks. The procedure is similar to the preceding
procedure.
3. Delete the VRRP configuration on CSS-1.
For example, the configurations of VLANIF interfaces are as follows:
#
interface Vlanif100
ip address 10.1.10.1 255.255.255.0
vrrp vrid 1 virtual-ip 10.1.10.111
vrrp vrid 1 priority 120
#
interface Vlanif200
ip address 10.1.20.1 255.255.255.0
vrrp vrid 2 virtual-ip 10.1.20.111
#
Delete the configurations of VLANIF interfaces.
[CSS] interface vlanif 100
[CSS-Vlanif100] undo vrrp vrid 1
[CSS-Vlanif100] undo ip address
[CSS-Vlanif100] quit
[CSS] interface vlanif 200
[CSS-Vlanif200] undo vrrp vrid 2
[CSS-Vlanif200] undo ip address
[CSS-Vlanif200] quit
4. Delete unnecessary network segments from the OSPF routing domain.
5. Change the configurations of the interfaces on which QoS and ACLs are
configured to bind these interfaces to Eth-Trunks.
6. Change the STP priority of CSS-1 so that CSS-1 becomes the root switch of all
VLANs.
Step 6 Run the undo shutdown command to disable the interfaces on CSS-1 to check
whether Layer 2 and Layer 3 forwarding between CSS-1 and devices at the access
layer and core layer is normal.
Step 7 After confirming that Layer 2 and Layer 3 forwarding between CSS-1 and devices
at the access layer and core layer is normal, shut down interfaces on S1 so that S1
is isolated from the network and all traffic is forwarded through CSS-1.

Issue 38 (2023-11-30) Copyright © Huawei Technologies Co., Ltd. 226

Sx300 Series Switches
Typical Configuration Examples 4 Typical Device Management Configuration

Figure 4-29 Traffic switched to CSS-1

Step 8 Change S1 to the CSS state. After S1 is added to CSS-1, S1 uses the configuration
file of CSS-1.
● Procedure for configuring service port clustering
a. Power off S1, install service cards, connect the cluster cables between S1
and CSS-1, and power on S1.
b. Configure the cluster connection mode and CSS ID and retain the default
CSS priority 1 on S1.
<S1> system-view
[S1] set css mode lpu
[S1] set css id 2
[S1] display css status saved // Check whether the configuration is correct.
Current Id Saved Id CSS Enable CSS Mode Priority Master
Force
------------------------------------------------------------------------------

1 2 Off LPU 1 On

c. Configure service ports as CSS ports. For example, configure service ports
XGE1/0/1, XGE1/0/2, XGE2/0/1, and XGE2/0/2 as CSS ports.
[S1] interface css-port 1
[S1-css-port1] port interface xgigabitethernet 1/0/1 to xgigabitethernet 1/0/2 enable
[S1-css-port1] quit
[S1] interface css-port 2
[S1-css-port2] port interface xgigabitethernet 2/0/1 to xgigabitethernet 2/0/2 enable
[S1-css-port2] quit

d. Enable the CSS function on S1 and restart S1.

[S1] css enable
Warning: The CSS configuration will take effect only after the system is rebooted. The next CSS
mode is LPU. Reboot now? [Y/N]:y

e. After S1 is restarted, check its CSS status. If the following output is

displayed, S1 has joined the CSS.

Issue 38 (2023-11-30) Copyright © Huawei Technologies Co., Ltd. 227

Sx300 Series Switches
Typical Configuration Examples 4 Typical Device Management Configuration

<CSS> display device

Chassis 1 (Master Switch)
S9306's Device status:
Slot Sub Type Online Power Register Status Role
---------------------------------------
1 - LE0DX12XSA00 Present PowerOn Registered Normal NA
2 - LE0DX12XSA00 Present PowerOn Registered Normal NA
3 - LE1D2G48TX1E Present PowerOn Registered Normal
NA
4 - LE1D2G48TX1E Present PowerOn Registered Normal
NA
7 - LE0D00SRUB00 Present PowerOn Registered Normal Master
8 - LE0D00SRUB00 Present PowerOn Registered Normal Slave
PWR1 - - Present PowerOn Registered Normal NA
PWR2 - - Present - Unregistered - NA
CMU2 - LE0DCMUA0000 Present PowerOn Registered Normal Master
FAN1 - - Present PowerOn Registered Abnormal NA
FAN2 - - Present - Unregistered - NA
Chassis 2 (Standby Switch)
S9306's Device status:
Slot Sub Type Online Power Register Status Role
---------------------------------------
1 - LE0DX12XSA00 Present PowerOn Registered Normal NA
2 - LE0DX12XSA00 Present PowerOn Registered Normal NA
3 - LE1D2G48TX1E Present PowerOn Registered Normal
NA
4 - LE1D2G48TX1E Present PowerOn Registered Normal
NA
7 - LE0D00SRUB00 Present PowerOn Registered Normal Master
8 - LE0D00SRUB00 Present PowerOn Registered Normal Slave
PWR1 - - Present PowerOn Registered Normal NA
PWR2 - - Present - Unregistered - NA
CMU2 - LE0DCMUA0000 Present PowerOn Registered Normal Master
FAN1 - - Present PowerOn Registered Abnormal NA
FAN2 - - Present - Unregistered - NA
● Procedure for configuring CSS card clustering
a. Power off S1, install CSS cards, connect the cluster cables between S1 and
CSS-1, and power on S1.
b. Configure the CSS ID and retain the default CSS priority 1 on S1.
<S1> system-view
[S1] set css id 2
c. Enable the CSS function on S1 and restart S1.
[S1] css enable
Warning: The CSS configuration will take effect only after the system is rebooted. The next CSS
mode is CSS card. Reboot now? [Y/N]:y
d. After S1 is restarted, check its CSS status. If the following output is
displayed, S1 has joined the CSS.
<CSS> display device
Chassis 1 (Master Switch)
S9306's Device status:
Slot Sub Type Online Power Register Status Role
---------------------------------------
3 - LE1D2G48TX1E Present PowerOn Registered Normal
NA
4 - LE1D2G48TX1E Present PowerOn Registered Normal
NA
7 - LE1D2SRUH000 Present PowerOn Registered Normal Master
1 LE1D2VS04000 Present PowerOn Registered Normal NA
8 - LE1D2SRUH000 Present PowerOn Registered Normal Slave
1 LE1D2VS04000 Present PowerOn Registered Normal NA
PWR1 - - Present PowerOn Registered Normal NA
PWR2 - - Present - Unregistered - NA
CMU2 - LE0DCMUA0000 Present PowerOn Registered Normal Master
FAN1 - - Present PowerOn Registered Abnormal NA
FAN2 - - Present - Unregistered - NA
Chassis 2 (Standby Switch)

Issue 38 (2023-11-30) Copyright © Huawei Technologies Co., Ltd. 228

Sx300 Series Switches
Typical Configuration Examples 4 Typical Device Management Configuration

S9306's Device status:

Slot Sub Type Online Power Register Status Role
---------------------------------------
3 - LE1D2G48TX1E Present PowerOn Registered Normal
NA
4 - LE1D2G48TX1E Present PowerOn Registered Normal
NA
7 - LE1D2SRUH000 Present PowerOn Registered Normal Master
1 LE1D2VS04000 Present PowerOn Registered Normal NA
8 - LE1D2SRUH000 Present PowerOn Registered Normal Slave
1 LE1D2VS04000 Present PowerOn Registered Normal NA
PWR1 - - Present PowerOn Registered Normal NA
PWR2 - - Present - Unregistered - NA
CMU2 - LE0DCMUA0000 Present PowerOn Registered Normal Master
FAN1 - - Present PowerOn Registered Abnormal NA
FAN2 - - Present - Unregistered - NA

Step 9 S1 is changed to CSS-2 and becomes the stack standby.

Figure 4-30 Two CSS systems merging into one

Step 10 Change the configurations of CSS-2 and add interfaces of CSS-2 to Eth-Trunks.
1. Add uplink ports XGE2/4/0/1 and XGE2/4/0/2 of CSS-2 to Eth-Trunks.
[CSS] interface eth-trunk 20
[CSS-Eth-Trunk20] trunkport xgigabitethernet2/4/0/1
[CSS-Eth-Trunk20] quit
[CSS] interface eth-trunk 10
[CSS-Eth-Trunk10] trunkport xgigabitethernet2/4/0/2
[CSS-Eth-Trunk10] quit
2. Change the configurations of devices at the core layer and access layer and
bind physical ports to Eth-Trunks. The procedure is similar to the preceding
procedure.
Step 11 Run the undo shutdown command to disable the interfaces of CSS-2 and check
whether Layer 2 and Layer 3 forwarding between CSS-2 and devices at the core

Issue 38 (2023-11-30) Copyright © Huawei Technologies Co., Ltd. 229

Sx300 Series Switches
Typical Configuration Examples 4 Typical Device Management Configuration

layer and access layer is normal. In this case, S1 and S2 have been combined into
a CSS, as shown in Figure 4-31.

Figure 4-31 Traffic forwarding after a CSS merge

----End

4.3 Typical SVF Configuration

4.3.1 Information to Know Before SVF Deployment

4.3.1.1 SVF Technical Characteristics

A traditional campus network has the following characteristics:
● Core and aggregation devices have fixed services.
● Access devices are widely distributed.
● Access devices use simple, similar service configurations.
● Access devices have many ports.
Management and configuration of access devices are time-consuming due to the
preceding characteristics. Super Virtual Fabric (SVF) technology effectively
simplifies management and configuration of access devices.

Issue 38 (2023-11-30) Copyright © Huawei Technologies Co., Ltd. 230

Sx300 Series Switches
Typical Configuration Examples 4 Typical Device Management Configuration

Figure 4-32 SVF networking diagram

As shown in Figure 4-32, SVF simplifies campus network management and

maintenance. According to characteristics of campus networks, SVF technology
allows you to configure and maintain access devices as well as manage access
users in a uniform manner.

In an SVF system, a parent manages and configures the SVF system. Client refers
to all access devices, including access devices (ASs).

SVF has the following technical characteristics:

● Manages access users on the parent in a uniform manner.

● Configures services of access switches (ASs) through the parent. For the
configurable services and service configuration modes, see 4.3.1.3 SVF
Service Deployment Limitations.
● Maintains the status of ASs through the parent, including device registration
status and heartbeat, version and patch status, important alarms, port status,
and user status of all ASs.
● Supports at most two levels of ASs (level-1 and level-2 ASs).

The following table lists SVF hardware and software requirements.

NOTE

● Table1 describes the version mapping between parent and AS. Table2 describes
supported Parent and AS switch models in different software versions.

Table 4-10 Version mapping between parent and AS

Parent Version Required AS Version

V200R011C10 V200R011C10

V200R012C00 V200R011C10, V200R012C00

V200R013C00 V200R011C10, V200R012C00, V200R013C00

V200R019C00 V200R012C00, V200R013C00, V200R019C00

Issue 38 (2023-11-30) Copyright © Huawei Technologies Co., Ltd. 231

Sx300 Series Switches
Typical Configuration Examples 4 Typical Device Management Configuration

Parent Version Required AS Version

V200R019C10 V200R012C00, V200R013C00, V200R019C00,

V200R019C10

V200R020C00 V200R013C00, V200R019C00, V200R019C10,

V200R020C00

V200R020C10 V200R013C00, V200R019C00, V200R019C10,

V200R020C00, V200R020C10

Table 4-11 Supported parent and AS switch models

Softwar Supported Parent Switch Supported AS Switch Models
e Models
Version

V200R0 ● S9303, S9306, S9310, S9312 ● S2720-EI, S2750-EI, S5700-LI,

11C10 ● S9303E, S9306E, S9312E S5700S-LI, S5710-X-LI, S5720-
LI, S5720S-LI, S5720-SI,
● S9310X S5720S-SI, S5720-EI, S5730-SI,
S5730S-EI, S6720-EI, S6720S-
EI, S6720-LI, S6720S-LI, S6720-
SI, S6720S-SI
● S2320-EI, S5320-LI, S5320-SI,
S5320-EI, S5330-SI, S6320-EI,
S6320-SI
● S600-E

V200R0 ● S9303, S9306, S9310, S9312 ● S2720-EI, S2750-EI, S5700-LI,

12C00 ● S9303E, S9306E, S9312E S5700S-LI, S5710-X-LI, S5720-
LI, S5720S-LI, S5720-SI,
● S9310X S5720S-SI, S5720I-SI, S5720-
EI, S5730-SI, S5730S-EI,
S5730-HI, S6720-EI, S6720S-EI,
S6720-LI, S6720S-LI, S6720-SI,
S6720S-SI
● S2320-EI, S5320-LI, S5320-SI,
S5320-EI, S5330-SI, S6320-EI,
S6320-SI
● S600-E

Issue 38 (2023-11-30) Copyright © Huawei Technologies Co., Ltd. 232

Sx300 Series Switches
Typical Configuration Examples 4 Typical Device Management Configuration

Softwar Supported Parent Switch Supported AS Switch Models

e Models
Version

V200R0 ● S9303, S9306, S9310, S9312 ● S2720-EI, S5720-LI, S5720S-LI,

13C00 ● S9303E, S9306E, S9312E S5720-SI, S5720S-SI, S5720I-
SI, S5720-EI, S5730-SI,
● S9310X S5730S-EI, S5730-HI, S6720-EI,
S6720S-EI, S6720-LI, S6720S-
LI, S6720-SI, S6720S-SI
● S2320-EI, S5320-LI, S5320-SI,
S5320-EI, S5330-HI, S5330-SI,
S6320-EI, S6320-SI
● S600-E

V200R0 ● S9303, S9306, S9310, S9312 ● S2720-EI, S5720-LI, S5735-L,

19C00 ● S9310X, S9300X-4, S9300X-8, S5735S-L, S5735S-L-M,
S9300X-12 S5720S-LI, S5720-SI, S5735-S,
S5735S-S, S5720S-SI, S5720I-
SI, S5720-EI, S5730-SI,
S5730S-EI, S5730-HI, S5731-H,
S5731S-H, S5732-H, S5731-S,
S5731S-S, S6730-H, S6730-S,
S6730S-S, S6720-EI, S6720S-EI,
S6720-LI, S6720S-LI, S6720-SI,
S6720S-SI
● S2320-EI, S5320-LI, S5335-L,
S5320-SI, S5335-S, S5320-EI,
S5330-HI, S5330-SI, S5331-H,
S5332-H, S6320-EI, S6320-SI,
S6330-H
● S600-E

V200R0 ● S9303, S9306, S9310, S9312 ● S2720-EI, S5720-LI, S5735-L,

19C10 ● S9310X, S9300X-4, S9300X-8, S5735S-L, S5735S-L-M,
S9300X-12 S5720S-LI, S5720-SI, S5735-S,
S5735S-S, S5735-S-I, S5720S-
SI, S5720I-SI, S5720-EI, S5730-
SI, S5730S-EI, S5730-HI,
S5731-H, S5731S-H, S5732-H,
S5731-S, S5731S-S, S6730-H,
S6730S-H, S6730-S, S6730S-S,
S6720-EI, S6720S-EI, S6720-LI,
S6720S-LI, S6720-SI, S6720S-SI
● S2320-EI, S5320-LI, S5335-L,
S5320-SI, S5335-S, S5320-EI,
S5330-HI, S5330-SI, S5331-H,
S5332-H, S6320-EI, S6320-SI,
S6330-H
● S600-E

Issue 38 (2023-11-30) Copyright © Huawei Technologies Co., Ltd. 233

Sx300 Series Switches
Typical Configuration Examples 4 Typical Device Management Configuration

Softwar Supported Parent Switch Supported AS Switch Models

e Models
Version

V200R0 ● S9303, S9306, S9310, S9312 ● S2720-EI, S5720-LI, S5720S-LI,

20C00 ● S9310X, S9300X-4, S9300X-8, S5720I-SI, S5731-H, S5731S-H,
S9300X-12 S5731-S, S5731S-S, S5732-H,
S5735-L, S5735S-L, S5735S-L-
M, S5735-S, S5735S-S, S5735-
S-I, S5735S-H, S5736-S,
S6720S-S, S6720-EI, S6720S-EI,
S6730-H, S6730S-H, S6730-S,
S6730S-S
● S5320-LI, S5331-H, S5332-H,
S5335-L, S5335-S, S5336-S,
S6330-H
● S600-E

V200R0 ● S9303, S9306, S9310, S9312 ● S2720-EI, S5720-LI, S5720S-LI,

20C10 ● S9310X, S9300X-4, S9300X-8, S5720I-SI, S5731-H, S5731S-H,
S9300X-12 S5731-S, S5731S-S, S5732-H,
S5735-L, S5735-L1, S5735S-L,
S5735S-L1, S5735S-L-M,
S5735-S, S5735S-S, S5735-S-I,
S5735S-H, S5736-S, S6720S-S,
S6720-EI, S6720S-EI, S6730-H,
S6730S-H, S6730-S, S6730S-S
● S5320-LI, S5331-H, S5332-H,
S5335-L, S5335-L1, S5335-S,
S5336-S, S6330-H
● S600-E

4.3.1.2 Application Scenarios for SVF

Based on SVF technical characteristics, the parent must be connected to ASs and
APs across a Layer 2 network and ASs must be deployed at the access layer of a
campus network and directly connected to users. ASs cannot be used as
aggregation devices. In versions earlier than V200R011C10, user-side ports of ASs
cannot be added to an Eth-Trunk. In V200R011C10 or later versions, user-side
ports of ASs can be added to an Eth-Trunk. Due to these limitations, SVF applies to
the following scenarios. If your network does not meet the following SVF
networking requirements, SVF cannot be deployed on your network. You are
advised to log in to each device to configure services.

Scenario 1: Wired Campus Network Access

In a wired campus network access scenario, all user terminals access a campus
network through wired links. In such a scenario, user terminals are directly
connected to ASs, and the parent functions as the access gateway of users. SVF
supports two types of networking, depending on whether the parent and ASs are
directly connected or connected across an intermediate network:

Issue 38 (2023-11-30) Copyright © Huawei Technologies Co., Ltd. 234

Sx300 Series Switches
Typical Configuration Examples 4 Typical Device Management Configuration

● Networking in which the parent and ASs are directly connected, as shown in
Figure 4-33
a. The parent can be a standalone device, a cluster switch system (CSS) of
two modular devices, or a stack of multiple member devices.
b. At most two levels of ASs are supported in an SVF system. Each AS can
be a standalone device or a stack of multiple member devices.ach AS can
be a stack of up to five member devices that are the same model and
provide the same number or different numbers of ports.
c. User terminals can access the network through level-1 or level-2 ASs. The
parent functions as the access gateway of users.
If a new campus network is built with unconfigured devices, this networking
is recommended.

Figure 4-33 Networking in which the parent and ASs are directly connected
on a wired campus network

● Networking in which the parent and ASs are connected across an

intermediate network, as shown in Figure 4-34
a. The parent can be a standalone device, a cluster switch system (CSS) of
two modular devices, or a stack of multiple member devices.
b. An SVF system supports at most one level of ASs. Each AS can be a
standalone device or a stack of multiple member devices.ach AS can be a
stack of up to five member devices that are the same model and provide
the same number or different numbers of ports.
c. User terminals can access the network through ASs. The parent functions
as the access gateway of users.
If a campus network is reconstructed and devices of different vendors are
deployed on the campus network, this networking is recommended.

Issue 38 (2023-11-30) Copyright © Huawei Technologies Co., Ltd. 235

Sx300 Series Switches
Typical Configuration Examples 4 Typical Device Management Configuration

Figure 4-34 Networking in which the parent and ASs are connected across an
intermediate network on a wired campus network

Scenario 2: Campus Network of Multiple SVF Systems

On a campus network with more than 200 access devices, you can set up multiple
SVF systems to simplify campus network management, as shown in Figure 4-35.

Figure 4-35 Campus network of multiple SVF systems

4.3.1.3 SVF Service Deployment Limitations

SVF supports two service configuration modes: centralized mode and independent
mode.

Issue 38 (2023-11-30) Copyright © Huawei Technologies Co., Ltd. 236

Sx300 Series Switches
Typical Configuration Examples 4 Typical Device Management Configuration

● In centralized mode, all service configurations of ASs are performed on the

parent. Therefore, which services can be configured on ASs depends on which
services can be configured on the parent, rather than depending on which
services are supported by a standalone access switch. AS-supported services
apply to most access switches.
In centralized mode, you can either deliver service configurations to multiple
ASs using profiles or global batch configuration or configure a single AS
directly.
● In independent mode, you need to log in to an AS to configure this AS using
commands.
The independent mode supports more service configurations than the
centralized mode. When services cannot be batch configured on the parent
for an AS, log in to the AS to configure this AS separately. After the AS
changes from the centralized mode to independent mode, the configuration
file generated using profiles or directly configured before the mode switchover
will be retained.
The following describes the configurable functions in different service
configuration modes.

Centralized Mode (Batch Configuration: Functions Globally Delivered)

Function Description

Configure the SVF An SVF system supports two forwarding modes: centralized
forwarding mode. forwarding and distributed forwarding.
● In centralized forwarding mode, traffic forwarded by the
local AS and forwarded between ASs is sent to the
parent for forwarding.
● In distributed forwarding mode, an AS directly forwards
local traffic and the parent forwards traffic between
ASs.
NOTE
● In centralized forwarding mode, ports of the ASs connected to
the same fabric port of the parent are isolated and so cannot
communicate at Layer 2, and need to have proxy ARP in the
corresponding VLAN configured using the arp-proxy inner-
sub-vlan-proxy enable command to communicate at Layer 3.
● In centralized forwarding mode, after an AS goes offline, traffic
of its attached network cannot be forwarded by the parent and
will be interrupted.
● In distributed forwarding mode, after an AS goes offline, in
versions earlier than V200R012C00, downlink ports of the AS
are automatically shut down. As a result, traffic of the AS
attached network will be interrupted. In V200R012C00 and
later versions, downlink ports of the AS will not be shut down,
and traffic of the AS attached network will be forwarded as
usual.
By default, the forwarding mode of an SVF system is
distributed forwarding.

Issue 38 (2023-11-30) Copyright © Huawei Technologies Co., Ltd. 237

Sx300 Series Switches
Typical Configuration Examples 4 Typical Device Management Configuration

Function Description

Configure the URL To improve web application security, data from

encoding function untrustworthy sources must be encoded before being sent
for an AS. to clients. URL encoding is most commonly used in web
applications. After URL encoding is enabled for ASs, special
characters in redirect URLs are converted to secure
formats, preventing clients from mistaking them for syntax
signs or instructions and unexpectedly modifying the
original syntax. In this way, cross-site scripting attacks and
injection attacks are prevented. By default, URL encoding is
enabled in ASs. This function can be disabled using the
portal url-encode disable command.

Configure In addition to the configurations in service profiles, the

authentication- parent delivers the configured Portal authentication-free
free rules. rules to ASs. Authentication-free rules 0 to 127 can be
delivered to ASs of the S5320-EI or S5720-EI model;
authentication-free rules 0 to 31 can be delivered to ASs of
other models; authentication-free rules outside the two
ranges will not be delivered to ASs.

Enable IGMP By default, IGMP snooping is disabled for service VLANs on

snooping for a an AS.
service VLAN on
an AS.

Enable the By default, the authentication configuration is cleared after

function of an AS goes offline.
retaining the
authentication
configuration after
an AS goes offline.
(This function is
supported in
V200R019 and
later versions.)

Centralized Mode (Batch Configuration: Functions Delivered Using Profiles)

Function Sub-function Service

Device Administrator User name and password of the local

management administrator

Traffic policing Rate limit for outgoing ARP and DHCP

packets on an uplink fabric port

BPDU BPDU protection on ASs (supported only

protection in V200R013C00 and later versions)

Issue 38 (2023-11-30) Copyright © Huawei Technologies Co., Ltd. 238

Sx300 Series Switches
Typical Configuration Examples 4 Typical Device Management Configuration

Function Sub-function Service

Basic network VLAN Addition and removal of ports to or from

service management a VLAN

Voice VLAN based on LLDP negotiation

Enhanced Traffic Broadcast, multicast, and unknown

network service suppression unicast traffic suppression on a port

Rate limiting Port rate limiting

STP STP edge port

Port security Port security, aging time of secure

(supported only dynamic MAC addresses, and sticky MAC.
in
V200R019C00
and later
versions)

Access security DHCP snooping, IPSG, and DAI

MAC Action taken on an interface in case of

management MAC address flapping
(supported only Alarm function for MAC address learning
in and aging
V200R013C00
and later
versions)

Access service Access ● 802.1X authentication, MAC address

authentication authentication, and Portal
authentication
● Access control over IPv6 users and
single-stack authentication (supported
in V200R019 and later versions)

Access control MAC address limiting

Maximum number of access users on an

AS port (This function is supported in
V200R010 and later versions)

Traffic policing Rate limit for incoming ARP and DHCP

packets on an AS port

QoS service Priority To configure priority mapping based on

(supported only mapping DSCP priorities, run the trust dscp
in V200R013C00 command.
and later Queue To configure a queue scheduling mode,
versions) scheduling run the qos { pq | wrr | drr } command.
mode

Issue 38 (2023-11-30) Copyright © Huawei Technologies Co., Ltd. 239

Sx300 Series Switches
Typical Configuration Examples 4 Typical Device Management Configuration

Function Sub-function Service

Queue To configure a queue scheduling weight,

scheduling run the qos queue command.
weight

Centralized Mode (Single Configuration: Functions Delivered Using the

direct-command Command)
NOTE

The interface view cannot be the Eth-Trunk interface view.

In versions earlier than V200R019C00, a maximum of 4096 commands can be configured. In
V200R019C00 and later versions, a maximum of 8192 commands can be configured.

Servic Format View Function Configuratio

e n
Categ Dependency
ory and
Restriction

Energy port-auto-sleep enable Interface Enables the This

- view port sleeping command
saving function on can be used
manag an electrical on electrical
ement interface. interfaces
and combo
interfaces
working as
electrical
interfaces.

PoE poe force-power Interface Enables -

view forcible PoE
power supply
on an
interface.

poe legacy enable Interface Enables an -

view interface to
check
compatibility
of PDs.

poe priority { critical | Interface Sets the -

high | low } view power supply
priority of a
PoE
interface.

Issue 38 (2023-11-30) Copyright © Huawei Technologies Co., Ltd. 240

Sx300 Series Switches
Typical Configuration Examples 4 Typical Device Management Configuration

Servic Format View Function Configuratio

e n
Categ Dependency
ory and
Restriction

poe af-inrush enable slot System Configures -

slot-id view the IEEE
802.3at-
compliant
device to
provide
power in
accordance
with IEEE
802.3af.

poe high-inrush enable System Configures a -

slot slot-id view device to
allow high
inrush
current
during
power-on.

undo poe enable Interface Disables the -

view PoE function
on an
interface.

Ethern undo negotiation auto Interface Configures ● This

et view an interface command
interfa to work in cannot be
ces non-auto configured
negotiation on combo
mode. interfaces.
After you run ● Do not
the undo cancel the
direct- undo
command negotiati
command, on auto
the interface command
works in when
auto speed or
negotiation duplex is
mode. specified.

Issue 38 (2023-11-30) Copyright © Huawei Technologies Co., Ltd. 241

Sx300 Series Switches
Typical Configuration Examples 4 Typical Device Management Configuration

Servic Format View Function Configuratio

e n
Categ Dependency
ory and
Restriction

speed { 10 | 100 | 1000 | Interface Sets the rate ● This

2500 | 5000 | 10000 } view in non-auto command
negotiation cannot be
mode. configured
on combo
interfaces.
● Ensure
that the
interface
works in
non-auto
negotiatio
n mode
before
configurin
g this
command.

Issue 38 (2023-11-30) Copyright © Huawei Technologies Co., Ltd. 242

Sx300 Series Switches
Typical Configuration Examples 4 Typical Device Management Configuration

Servic Format View Function Configuratio

e n
Categ Dependency
ory and
Restriction

speed auto-negotiation Interface Enables ● Support

view auto- for this
negotiation command
on a GE varies
optical depending
interface. on switch
models.
For
details,
see the
speed
auto-
negotiati
on
command
in the
Command
Reference
- Interface
Managem
ent
Command
s-
Ethernet
Interface
Configurat
ion
Command
s.
● Ensure
that the
interface
works in
auto-
negotiatio
n mode
before
configurin
g this
command.

Issue 38 (2023-11-30) Copyright © Huawei Technologies Co., Ltd. 243

Sx300 Series Switches
Typical Configuration Examples 4 Typical Device Management Configuration

Servic Format View Function Configuratio

e n
Categ Dependency
ory and
Restriction

duplex { full | half } Interface Sets the ● This

view duplex mode command
for an cannot be
electrical configured
interface in on combo
non-auto interfaces.
negotiation ● Ensure
mode. that the
interface
works in
non-auto
negotiatio
n mode
before
configurin
g this
command.
● When the
working
rate of a
GE
electrical
interface
is 1000
Mbit/s,
the
interface
supports
only the
full duplex
mode.

loopback internal Interface Configures a -

view loopback
detection
mode on an
interface.

Issue 38 (2023-11-30) Copyright © Huawei Technologies Co., Ltd. 244

Sx300 Series Switches
Typical Configuration Examples 4 Typical Device Management Configuration

Servic Format View Function Configuratio

e n
Categ Dependency
ory and
Restriction

description description Interface Configures The

view the description
description contains a
for an maximum of
interface. 52 characters
in
V200R011C1
0, and the
description
contains a
maximum of
116
characters in
V200R012C0
0 and later
versions.

Eth- description description Eth-Trunk Configures The

Trunk interface the description
interfa view description contains a
ce for an Eth- maximum of
Trunk 116
interface. characters.
The
description
can be
configured
for a service
Eth-Trunk
interface or
an Eth-Trunk
interface
used in an
SVF system
to connect
upstream
and
downstream
devices. The
description
cannot be
configured
for Eth-
Trunk0.

Issue 38 (2023-11-30) Copyright © Huawei Technologies Co., Ltd. 245

Sx300 Series Switches
Typical Configuration Examples 4 Typical Device Management Configuration

Servic Format View Function Configuratio

e n
Categ Dependency
ory and
Restriction

Port port bridge enable Interface Enables the -

bridge view bridging
function on
an interface.

Issue 38 (2023-11-30) Copyright © Huawei Technologies Co., Ltd. 246

Sx300 Series Switches
Typical Configuration Examples 4 Typical Device Management Configuration

Servic Format View Function Configuratio

e n
Categ Dependency
ory and
Restriction

Port port-security max-mac- Interface Sets the ● The port-

Securit num max-number view maximum security
y number of max-mac-
(suppo secure MAC num max-
rted in addresses number
V200R that can be command
019C0 learned on in direct
0 and an interface. configurat
later ion mode
version is
s) mutually
exclusive
with the
mac-limit
maximum
max-num
command
configured
in a user
access
profile
and
cannot be
both
configured
.
● Port
security
(and
sticky
MAC if
needed)
must be
enabled in
a network
enhanced
profile,
and then
run the
direct-
command
command
to deliver
this
command.

Issue 38 (2023-11-30) Copyright © Huawei Technologies Co., Ltd. 247

Sx300 Series Switches
Typical Configuration Examples 4 Typical Device Management Configuration

Servic Format View Function Configuratio

e n
Categ Dependency
ory and
Restriction

port-security mac- Interface Configures a Port security

address sticky mac- view sticky MAC and sticky
address vlan vlan-id address MAC must be
entry. enabled in a
network
enhanced
profile, and
then run the
direct-
command
command to
deliver this
command.

save sticky-mac System Saves the -

configuration view sticky MAC
addresses on
an AS to a
file named
unimng-
xxxx.ztbl.
xxxx in the
file name
represents
the
management
MAC address
of the AS.

Voice voice-vlan mac-address System Configures -

VLAN mac-address mask mask view the OUI
address of
the voice
VLAN.

LBDT loopback-detect enable Interface Enables -

view loopback
detection on
an interface.

Issue 38 (2023-11-30) Copyright © Huawei Technologies Co., Ltd. 248

Sx300 Series Switches
Typical Configuration Examples 4 Typical Device Management Configuration

Servic Format View Function Configuratio

e n
Categ Dependency
ory and
Restriction

loopback-detect packet Interface Enables If you

vlan vlan-id view loopback configure this
detection for command
a specified multiple
VLAN. times,
loopback
detection is
enabled for
multiple
VLANs.

Issue 38 (2023-11-30) Copyright © Huawei Technologies Co., Ltd. 249

Sx300 Series Switches
Typical Configuration Examples 4 Typical Device Management Configuration

Servic Format View Function Configuratio

e n
Categ Dependency
ory and
Restriction

ARP arp speed-limit source- System Configures ● Only some

rate mac maximum maximum view ARP rate models
limitin limiting support
g based on this
source MAC command.
addresses. For
details,
see the
arp
speed-
limit
source-
mac
command
in the
Command
Reference
- Security
Command
s - ARP
Security
Configurat
ion
Command
s.
● The value
of
maximum
maximum
ranges
from 0 to
256.
● This
function
takes
effect only
for the
ARP
packets
sent to
the CPU.

Issue 38 (2023-11-30) Copyright © Huawei Technologies Co., Ltd. 250

Sx300 Series Switches
Typical Configuration Examples 4 Typical Device Management Configuration

Servic Format View Function Configuratio

e n
Categ Dependency
ory and
Restriction

arp speed-limit source-ip System Configures ● The value

maximum maximum view ARP rate of
limiting maximum
based on maximum
source IP ranges
addresses. from 0 to
256.
● This
function
takes
effect only
for the
ARP
packets
sent to
the CPU.

Stack port interface { interface- Stack Configures a Before

type interface-number1 interface service restoring the
[ to interface-type view: interface as stack
interface-number2 ] } stack- a stack member
enable port member port ports that are
member- and adds it added to a
id/port-id to a stack stack port in
port. direct
configuration
mode as
common
service
interfaces,
you do not
need to run
the
shutdown
interface
command in
the stack
interface
view.

stack slot slot-id priority System Sets a stack -

priority view priority for a
member
switch in a
stack.

Issue 38 (2023-11-30) Copyright © Huawei Technologies Co., Ltd. 251

Sx300 Series Switches
Typical Configuration Examples 4 Typical Device Management Configuration

Servic Format View Function Configuratio

e n
Categ Dependency
ory and
Restriction

stack slot slot-id System Changes the A stack ID

renumber new-slot-id view stack ID of a cannot be
specified changed in
member the following
switch in a situations:
stack. ● The switch
NOTICE is a
If there are standalon
services
e switch
running,
delivering that does
this not join
command any stack.
may cause
● The newly
service
interruptions configured
and stack ID is
configuration an
loss. existing
Therefore, stack ID of
you are
a specified
advised to
deliver this member
command switch in a
when an AS stack.
is
unconfigured
● Ports with
. the
specified
slot-id
have been
configured
as
member
ports of
an uplink
fabric
port.
● Ports with
the
specified
slot-id
have been
configured
as
member
ports of a
downlink

Issue 38 (2023-11-30) Copyright © Huawei Technologies Co., Ltd. 252

Sx300 Series Switches
Typical Configuration Examples 4 Typical Device Management Configuration

Servic Format View Function Configuratio

e n
Categ Dependency
ory and
Restriction

fabric
port.

Issue 38 (2023-11-30) Copyright © Huawei Technologies Co., Ltd. 253

Sx300 Series Switches
Typical Configuration Examples 4 Typical Device Management Configuration

Servic Format View Function Configuratio

e n
Categ Dependency
ory and
Restriction

User access-user arp-detect System Sets the ● In

Access vlan vlan-id ip-address ip- view source IP V200R012
and address mac-address mac- address and C00, this
Authe address source MAC command
nticati address of can be
on offline configured
(suppo detection only one.
rted in packets in a If you
V200R VLAN. want to
012C0 modify
0 and the
later configurat
version ion, delete
s) the
existing
configurat
ion and
then
perform
the
configurat
ion again.
● In
V200R013
C00, when
vlan, ip-
address,
and mac-
address
are all
different,
multiple
configurat
ions of
this
command
can be
generated.
If any one
of vlan,
ip-
address,
and mac-
address
has been
configured

Issue 38 (2023-11-30) Copyright © Huawei Technologies Co., Ltd. 254

Sx300 Series Switches
Typical Configuration Examples 4 Typical Device Management Configuration

Servic Format View Function Configuratio

e n
Categ Dependency
ory and
Restriction

, delete
the
existing
configurat
ion before
reconfigur
ing them.
● In
V200R019
and later
versions,
multiple
configurat
ions of
this
command
can be
generated
regardless
of
whether
the VLAN,
IP address,
and MAC
address
are the
same. You
do not
need to
delete the
existing
configurat
ion. If the
newly
configured
VLAN is
the same
as the
existing
one, the IP
address
and MAC
address in
the
original
configurat

Issue 38 (2023-11-30) Copyright © Huawei Technologies Co., Ltd. 255

Sx300 Series Switches
Typical Configuration Examples 4 Typical Device Management Configuration

Servic Format View Function Configuratio

e n
Categ Dependency
ory and
Restriction

ion are
replaced
with the
newly
configured
IP address
and MAC
address. If
the newly
configured
VLAN is
different
from the
existing
one, a
new
configurat
ion is
generated.

access-user arp-detect System Sets the -

default ip-address ip- view default
address source IP
address of
offline
detection
packets.

undo user-detect System Disables the -

view online user
detection
function.

authentication speed- System Configures -

limit max-num max-num- view the rate limit
value interval interval- for an access
value (supported in device to
V200R013C00 and later send user
versions) association
and
disassociatio
n request
messages.

Issue 38 (2023-11-30) Copyright © Huawei Technologies Co., Ltd. 256

Sx300 Series Switches
Typical Configuration Examples 4 Typical Device Management Configuration

Servic Format View Function Configuratio

e n
Categ Dependency
ory and
Restriction

access-user arp-detect System Configures If you run

fallback ip-address mask- view an IP address this
length (supported in required for command
V200R013C00 and later calculating multiple
versions) the source times, only
address of the latest
offline configuration
detection takes effect.
packets.

access-user arp-detect System Configures -

delay delay (supported in view the delay for
V200R013C00 and later sending
versions) offline
detection
packets.

static-user start-ip- System Configures a If the IP

address [ end-ip-address ] view static user. address of a
[ mac-address mac- static user is
address | vlan vlan-id ] set to an IP
(supported in address
V200R019C00 and later range, any IP
versions) address in
this address
range cannot
be modified
or deleted.

Centralized Mode (Configurable Commands After Logins to ASs Using the

attach-as Command or Console Port)
Commands that can be configured after you log in to an AS in centralized
configuration mode are mainly used for fault diagnosis.

● In the user view and diagnostic view, all commands are supported except the
commands listed in Table 4-12.

Table 4-12 Commands not supported in the user view and diagnostic view of
ASs

Command View

configuration copy file file-name to User view

running

Issue 38 (2023-11-30) Copyright © Huawei Technologies Co., Ltd. 257

Sx300 Series Switches
Typical Configuration Examples 4 Typical Device Management Configuration

Command View

configuration copy startup to file User view

file-name
configuration exclusive User view

format drive User view

lldp clear neighbor [ interface User view

interface-type interface-number ]
local-user change-password User view

lock User view

startup patch patch-name [ slave- User view

board | slot slot-id ]

startup saved-configuration User view

configuration-file [ slot slot-id ]
startup system-software system-file User view
[ all | slave-board | slot slot-id ]

save [ all ] [ configuration-file ] User view

save logfile [ all ] User view

reboot [ fast | save diagnostic- User view

information ]

schedule reboot { at time | delay User view

interval [ force ] }
rollback User view

cli enable-config Diagnostic view

configuration datasync start script- Diagnostic view

file script-file { result-file result-file }

test-device port loopback slot { slot- Diagnostic view

id | interface { interface-type
interface-number1 [ to interface-
type interface-number2 ] }
&<1-10> }

stack enable Diagnostic view

undo stack enable

undo startup system-software Diagnostic view

● Commands that are supported in other views are used for service diagnosis
and fault location.

Issue 38 (2023-11-30) Copyright © Huawei Technologies Co., Ltd. 258

Sx300 Series Switches
Typical Configuration Examples 4 Typical Device Management Configuration

Table 4-13 Commands supported in other views

Command Function Configuration Guidelines

port-mirroring Binds a mirrored You are not advised to perform

undo port- port to an service configurations on Eth-Trunk
mirroring observing port. member ports of an AS that are
bound to a fabric port, as doing so
may cause a failure of SVF system
setup.

traffic-mirror Configures the You are not advised to perform

undo traffic- traffic mirroring service configurations on Eth-Trunk
mirror function. member ports of an AS that are
bound to a fabric port, as doing so
may cause a failure of SVF system
setup.

observe-port Configures an Generally, an observing port is

undo observe- observing port. dedicated to monitoring forwarding
port of mirrored traffic. Therefore,
configuring an AS port with service
configurations as an observing port
is not recommended. If a port has
been configured as an observing
port, do not deliver service
configurations to this port through
service profiles or the direct-
command command.
You are not advised to perform
service configurations on Eth-Trunk
member ports of an AS that are
bound to a fabric port, as doing so
may cause a failure of SVF system
setup.

traffic-statistic Enables the If you delete the traffic-statistic

undo traffic- traffic statistics command that is delivered by the
statistic collection parent to an AS, you will fail to
function. obtain traffic statistics about the AS
on the parent.
You are not advised to perform
service configurations on Eth-Trunk
member ports of an AS that are
bound to a fabric port, as doing so
may cause a failure of SVF system
setup.

capture-packet Configures the In an SVF system, an Eth-Trunk

packet header bound to a fabric port cannot
obtaining capture service packets.
function.

Issue 38 (2023-11-30) Copyright © Huawei Technologies Co., Ltd. 259

Sx300 Series Switches
Typical Configuration Examples 4 Typical Device Management Configuration

Command Function Configuration Guidelines

acl 2000-2999 Creates or If the number of traffic policies on

undo acl deletes an ACL an AS reaches the upper limit, the
2000-2999 rule. parent fails to deliver the IPSG or
DAI configurations. Run the display
● Versions uni-mng commit-result profile
earlier than command on the parent to check the
V200R019: configuration delivery result. If the
acl command output shows that the
3000-3998 configuration delivery fails, run the
undo acl display uni-mng execute-failed-
3000-3998 record profile as name as-name
command to check execution failure
● V200R019 records after the configuration is
and later delivered to an AS. The command
versions: output provides detailed information
acl about the delivery failure. You can
3901-3998 log in to the AS to check whether the
undo acl ACL resources are used up.
3901-3998

acl 4000-4997
undo acl
4000-4997

rule Creates an ACL -

undo rule rule.

interface Eth- Displays the Eth- Do not delete Eth-Trunk0 or Eth-

Trunk Trunk interface Trunk interfaces that are bound to
view. the downlink fabric port from an AS.

interface Displays the -

interface-type physical service
interface- interface view.
number
display Displays the -
device status or
configurations.

quit Returns to the -

upper-level view.

return Returns to the -

user view.

interface stack- Displays the -

port stack port view.

Issue 38 (2023-11-30) Copyright © Huawei Technologies Co., Ltd. 260

Sx300 Series Switches
Typical Configuration Examples 4 Typical Device Management Configuration

Command Function Configuration Guidelines

shutdown Shuts down/ This command is configured in the

interface restores a stack stack port view.
undo shutdown member port.
interface

mad restore Restores all the -

blocked
interfaces of a
standby switch
that enters the
Recovery state
after its stack
splits.

reset trace Clears all the -

instance diagnosis
instances on a
device.

save trace Saves diagnosis -

information information in
the buffer area
as a file.

Commands Used for service -

starting with the diagnosis and
trace keyword executed in the
Commands system view.
starting with the
undo trace
keyword

Commands Configures the -

starting with rules for
info-center outputting
source information to
(supported in information
V200R019 and channels in the
later versions) information
center.

Independent Mode (Configurable Commands After Logins to ASs Using the

attach-as Command or Console Port)
In independent mode, the commands listed in the following table can be
configured on ASs. When configuring these commands, pay attention to the
following points:

● These commands vary depending on the AS device type. For details, see the
command reference of these devices.

Issue 38 (2023-11-30) Copyright © Huawei Technologies Co., Ltd. 261

Sx300 Series Switches
Typical Configuration Examples 4 Typical Device Management Configuration

● In independent mode, configuring some commands may cause an AS's failure

to go online. To prevent this problem, some commands listed in the following
table are not supported. If an unsupported command is executed on an AS, an
error message is displayed.
Function Command

Basic Configuration CLI overview commands

File management commands

System startup commands

Device Management Hardware configuration commands

Energy-saving configuration commands

PoE configuration commands

Stack configuration commands (except the smooth

upgrade commands)

Commands for configuring rules for outputting

information to information channels in the
information center (supported in V200R019 and later
versions)

Interface Management Basic interface configuration commands

Ethernet interface configuration commands

Logical interface configuration commands

Ethernet Switching MAC address table configuration commands

Link aggregation commands

VLAN configuration commands

VLAN aggregation configuration commands

MUX VLAN configuration commands

Voice VLAN configuration commands

QinQ configuration commands

VLAN mapping configuration commands

Loopback detection configuration commands

BPDU protection configuration commands

(supported in V200R012C00 and later versions)

Layer 2 protocol tunneling commands

IP Service IPv4 configuration commands

ARP configuration commands

Issue 38 (2023-11-30) Copyright © Huawei Technologies Co., Ltd. 262

Sx300 Series Switches
Typical Configuration Examples 4 Typical Device Management Configuration

Function Command

DHCP policy VLAN configuration commands

Reliability DLDP configuration commands

MAC swap loopback configuration commands

User Access and AAA configuration commands

Authentication
NAC configuration commands (unified mode)

Policy association configuration commands

Security ACL configuration commands

Local attack defense configuration commands

Attack defense configuration commands

MFF configuration commands

Traffic suppression and storm control configuration

commands

ARP security configuration commands

Port security configuration commands

DHCP snooping configuration commands

ND snooping configuration commands

PPPoE+ configuration commands

IP source guard configuration commands

SAVI configuration commands

MPAC configuration commands

QoS MQC configuration commands

Priority mapping commands

Traffic policing, traffic shaping, and interface-based

rate limiting commands

Congestion avoidance and congestion management

commands

Filtering configuration commands

Redirection configuration commands

Statistics configuration commands

ACL-based simplified traffic policy commands

Network Management display and snmp-agent trap enable feature-name

and Monitoring commands in SNMP configuration commands

Issue 38 (2023-11-30) Copyright © Huawei Technologies Co., Ltd. 263

Sx300 Series Switches
Typical Configuration Examples 4 Typical Device Management Configuration

Function Command

LLDP configuration commands

Service diagnosis configuration commands

Mirroring configuration commands

Packet obtaining configuration command

Ping and tracert configuration commands

4.3.2 SVF System Planning

4.3.2.1 Planning SVF System Networking

An SVF system supports at most two levels of ASs and one level of APs. Before
setting up an SVF system, determine the SVF application scenario and select the
required networking based on deployment restrictions, reliability, and system CPU
consumption.

Determining Campus Network Scenarios

When determining campus network scenarios, consider factors such as the
terminal quantity, terminal type, whether to reuse existing devices, and CPU/
memory capabilities of the parent.
1. Calculate the number of required ASs based on the number of terminals.
2. Determine whether to reuse existing devices. These devices can be reused to
transparently transmit packets between the parent and ASs. It is not
recommended to connect users to these existing devices, as doing so may
cause a failure to set up an SVF system.
3. An SVF system is configured and maintained on the parent. If more ASs are
deployed, more terminals can connect to the campus network, requiring more
CPU and memory resources of the parent. Table 4-14 lists the recommended
maximum numbers of ASs and access terminals in an SVF system depending
on CPU and memory capabilities of the parent. If the number of access
terminals exceeds the recommended value, you are advised to divide the
campus network into multiple SVF systems according to Scenario 2: Campus
Network of Multiple SVF Systems.

Table 4-14 Recommended maximum numbers of ASs and access terminals

Model of the Parent Recommended Maximum Number
of ASs

S9312E, S9306E 48

Issue 38 (2023-11-30) Copyright © Huawei Technologies Co., Ltd. 264

Sx300 Series Switches
Typical Configuration Examples 4 Typical Device Management Configuration

Model of the Parent Recommended Maximum Number

of ASs

● S9303: with MCUD 256

● S9306 and S9312: with SRUE,
SRUH1, SRUHA1, SRUHX1,
SRUHD, or SRUH
● S9310

S9306 and S9312: with SRUA or 32

SRUB

S9310X, S9300X-4, S9300X-8, 256

S9300X-12

S9303 (with MCUA) and S9303E 4

S6320-EI, S6320-HI, S6330-H 32

S5330-HI, S5331-S, S5331-H, S5332- 32

4. Select the required networking scenario. Table 4-15 lists the recommended
scenarios.

Table 4-15 Recommended networking scenarios

Number of Terminals Terminal Recommend
Type ed
Networking
Scenario

The number of terminals does not exceed No existing Scenario 1:

the recommended value on the parent. devices need Networking
to be reused. in which the
parent and
ASs are
directly
connected
on a wired
campus
network

Issue 38 (2023-11-30) Copyright © Huawei Technologies Co., Ltd. 265

Sx300 Series Switches
Typical Configuration Examples 4 Typical Device Management Configuration

Number of Terminals Terminal Recommend

Type ed
Networking
Scenario

Existing Scenario 1:
devices need Networking
to be reused. in which the
parent and
ASs are
connected
across an
intermediat
e network
on a wired
campus
network

The number of terminals exceeds the During system planning, you

recommended value on the parent. are advised to divide the
campus network into
multiple SVF systems.
Scenario 2: Campus
Network of Multiple SVF
Systems shows networking
scenarios. In each SVF
system, ensure that the
number of terminals does
not exceed the
recommended value on the
parent, and select the
recommended scenario
according to the terminal
type.

Networking deployment recommendations

Figure 4-36 Ideal SVF networking

Issue 38 (2023-11-30) Copyright © Huawei Technologies Co., Ltd. 266

Sx300 Series Switches
Typical Configuration Examples 4 Typical Device Management Configuration

Figure 4-36 shows an ideal SVF networking. It has the following characteristics:
1. The parent is a CSS of two member devices.
2. Each Level-1 AS is dual-homed to two member devices of the parent through
uplink ports.
3. When an AS is a stack of multiple member devices, each member device is
connected to its upstream device through at least one link.
4. ASs are connected to upstream devices through uplink optical ports or uplink
combo ports.
This SVF networking has the following advantages:
1. A failure of a single link between two devices affects only the bandwidth but
not services.
2. An AS performs multi-active detection (MAD), and its upstream device
functions as the MAD relay agent. When the AS splits as a stack, it can work
with the upstream device to perform MAD without affecting the system
stability.
Implementing the ideal SVF networking may fail because of restrictions such as
the distance between devices and cabling difficulties. You need to identify these
networking restrictions in advance and take appropriate measures. The following
provides suggestions on SVF deployment in different situations:
1. If the parent is a standalone device:
a. Deploy two MPUs on the parent to ensure reliability.
b. Connect each AS to the parent using at least two links and ensure that
the links are connected to at least two different LPUs of the parent.
2. If a level-1 AS cannot be dual-homed to the parent:
– Use a standalone device as a level-1 AS. If the AS needs to be a stack,
deploy member devices in the same physical location and ensure stack
cable reliability. Otherwise, device conflicts cannot be resolved after the
stack splits, affecting system reliability.
3. If the AS is a stack of multiple member devices and you cannot ensure that
each member device connects to its upstream device through at least one
link:
– Deploy member devices in the same physical location and ensure stack
cable reliability. Otherwise, device conflicts cannot be resolved after the
stack splits, affecting system reliability.
4. If member ports of the fabric port that connects an AS to an upstream device
can only be connected through twisted pairs:
– Use copper modules to convert the optical/electrical attributes of ports
when uplink ports of ASs are GE ports.
– Select ASs that have uplink combo ports.

Improving System Reliability

1. Improve reliability of the parent using the following methods:
a. Set up a CSS of two member devices for the parent.
b. Deploy MAD to take recovery actions when the CSS splits.

Issue 38 (2023-11-30) Copyright © Huawei Technologies Co., Ltd. 267

Sx300 Series Switches
Typical Configuration Examples 4 Typical Device Management Configuration

2. Improve reliability of an AS using the following methods:

a. If the parent is a CSS of two member devices, dual-home the level-1 AS
to two member devices of the parent.
b. If the AS is a stack of multiple member devices, ensure that each member
device is connected to its upstream device through at least one link.
c. If the AS is a stack of multiple member devices, set up the stack in ring
topology.
d. If the AS is a stack of multiple member devices, deploy all the member
devices in the same physical location to reduce the risk of a stack split
caused by link failures.

4.3.2.2 Planning Member Devices of an SVF System

After determining networking of an SVF system, you need to select member
devices for the SVF system.

Determining the Parent

1. Determine the parent device type.
The parent device type is determined by the campus network scale. For
details, see Determining Campus Network Scenarios.
2. Determine the number of devices for the parent.
The parent manages and maintains the entire SVF system. You are advised to
deploy a CSS of two modular switches as the parent to ensure reliability of
the SVF system.
3. Determine the card type on the parent.
a. In a wired and wireless convergence scenario, you need to deploy X series
cards on the parent.
b. If an AS needs to connect to two LPUs of the parent, you are advised to
connect the AS to LPUs of the same type.
c. If the campus network provides only wired access and does not require
access authentication, you do not need to deploy X series cards on the
parent. If access terminals need to be authenticated, you are advised to
deploy X series cards on the parent because X series cards support a large
number of user entries and allow more flexible access control policies.
d. You need to use optical interface cards to connect the parent to ASs
because uplink ports of most AS types are optical ports. If an AS uses a
10GE optical port to connect to a GE port of the parent, the 10GE optical
port must be able to switch to the GE mode through auto sensing.
e. If the parent connects to ASs only through twisted pairs, you are advised
to use ASs with uplink combo ports to connect to the electrical interface
cards of the parent. Otherwise, you need to use copper modules to
ensure the connectivity between ASs and the parent.

Determining ASs
Select level-1 and level-2 ASs according to the following requirements:
1. ASs can connect to the parent only through uplink ports, and uplink ports of
most ASs are optical ports. Therefore, when an SVF system has two levels of

Issue 38 (2023-11-30) Copyright © Huawei Technologies Co., Ltd. 268

Sx300 Series Switches
Typical Configuration Examples 4 Typical Device Management Configuration

ASs, use ASs with downlink optical ports as level-1 ASs. Otherwise, you need
to use copper modules to ensure the connectivity between level-1 and level-2
ASs.
2. When services in an SVF system are similar, use ASs of the same type so that
faulty ASs can be replaced.
Select ASs according to hardware characteristics and the following table to meet
different networking requirements.

Table 4-16 Recommended AS types in different networking modes

Networking Device Positioning Recommended Device
Type

Two levels of ASs exist, Level-1 AS ● S6720-EI, S6720S-EI,

and level-1 ASs are S6720-SI, S6720S-SI,
directly connected to the S6730-H, S6730S-H,
parent S5730-HI, S5731-H,
S5731S-H, S5732-H,
S5720-EI with
downlink optical ports
● S6320-EI, S6320-SI,
S6330-H, S5330-HI,
S5331-S, S5331-H,
S5332-H, S5320-EI
with downlink optical
ports

Issue 38 (2023-11-30) Copyright © Huawei Technologies Co., Ltd. 269

Sx300 Series Switches
Typical Configuration Examples 4 Typical Device Management Configuration

Networking Device Positioning Recommended Device

Type

Level-2 AS ● S6730-S, S6730S-S,

S6720-LI, S6720S-LI,
S6720-SI, S6720S-SI,
S5700-LI with uplink
GE optical ports,
S5700S-LI, S5730-SI,
S5736-S, S5735S-H,
S5730S-EI, S5720-LI,
S2730S-S, S5735-L-I,
S5735-L1,S300,
S5735-L, S5735S-L,
S5735S-L1, S5735S-L-
M, S5720S-LI, S2750-
EI, S2720-EI, S5720-SI,
S5735-S, S500,
S5735S-S, S5735-S-I,
S5720S-SI, S5720I-SI,
S5710-X-LI, S5731-S,
S5731S-S, S600-E
● S6320-SI, S5330-SI,
S5336-S, S5320-LI,
S5335-L, S5335-L1,
S5320-SI, S5335-S,
S5320-EI with
downlink optical
ports, S2320-EI

Sx300 Series Switches
Typical Configuration Examples 4 Typical Device Management Configuration

Networking Device Positioning Recommended Device

Type

ASs are directly AS ● S6720-LI, S6720S-LI,

connected to the parent S6720-SI, S6720S-SI,
S6720-EI, S6720S-EI,
S6730-S, S6730S-S,
S5720-EI, S5700-LI,
S5700S-LI, S6730-H,
S6730S-H, S5730-HI,
S5731-H, S5731S-H,
S5732-H, S5731-S,
S5731S-S, S5730-SI,
S5736-S, S5735S-H,
S5730S-EI, S5720-LI,
S2730S-S, S5735-L-I,
S5735-L1,S300,
S5735-L, S5735S-L,
S5735S-L1, S5735S-L-
M, S5720S-LI, S2750-
EI, S2720-EI, S5720-SI,
S5735-S, S500,
S5735S-S, S5735-S-I,
S5720S-SI, S5720I-SI,
S5710-X-LI, S600-E
● S6320-EI, S6320-SI,
S6330-H, S5330-HI,
S5331-S, S5331-H,
S5332-H, S5330-SI,
S5336-S, S5320-LI,
S5335-L, S5335-L1,
S5320-SI, S5335-S,
S5320-EI, S2320-EI

Sx300 Series Switches
Typical Configuration Examples 4 Typical Device Management Configuration

Networking Device Positioning Recommended Device

Type

ASs are connected to the AS ● S6720-LI, S6720S-LI,

parent across an S6720-SI, S6720S-SI,
intermediate network S6720-EI, S6720S-EI,
S6730-S, S6730S-S,
S5720-EI, S5700-LI,
S5700S-LI, S6730-H,
S6730S-H, S5730-HI,
S5731-H, S5731S-H,
S5732-H, S5731-S,
S5731S-S, S5730-SI,
S5736-S, S5735S-H,
S5730S-EI, S5720-LI,
S2730S-S, S5735-L-I,
S5735-L1,S300,
S5735-L, S5735S-L,
S5735S-L1, S5735S-L-
M, S5720S-LI, S2750-
EI, S2720-EI, S5720-SI,
S5735-S, S500,
S5735S-S, S5735-S-I,
S5720S-SI, S5720I-SI,
S5710-X-LI, S600-E
● S6320-EI, S6320-SI,
S6330-H, S5330-HI,
S5331-S, S5331-H,
S5332-H, S5330-SI,
S5336-S, S5320-LI,
S5335-L, S5335-L1,
S5320-SI, S5335-S,
S5320-EI, S2320-EI

Devices that do not join Devices with downlink

the SVF system optical ports and
(intermediate network supporting Eth-Trunk
devices)

4.3.3 AS Service Configuration

4.3.3.1 AS Service Configuration Method and Roadmap

Configuration Method
In an SVF system, two AS service configuration modes are available: centralized
mode and independent mode. The two modes cannot be used on the same AS.
In centralized mode, all service configurations for ASs are performed on the
parent. Therefore, which services can be configured on ASs depends on the

Sx300 Series Switches
Typical Configuration Examples 4 Typical Device Management Configuration

services that can be configured on the parent, but not depend on the services
supported by a standalone access switch.

Table 4-17 Configurations in centralized mode

Method Description

Global Configure service functions in the uni-mng view of the parent

configura (except that authentication-free rules need to be configured in the
tion system view), and then run the commit as { name as-name | all }
command to deliver AS service configurations. This mode supports
few configurations.

Profile- Create service profiles and specified device and port groups on the
based parent, bind the service profiles to the device and port groups, and
configura then run the commit as { name as-name | all } command to deliver
tion AS service configurations. If multiple ASs or ports in an SVF system
need the same configurations, you can add these ASs or ports to the
same group for batch configuration. In this manner, the
configuration efficiency is improved.

Direct Run the direct-command command on the parent to directly

configura deliver configurations to an AS. These configurations will take effect
tion on the AS immediately.

In independent mode, you can log in to an AS to configure services on the AS

using commands. After the configuration is complete, run the upload config
command to save the configuration file to the AS and upload it to the parent. The
independent mode supports more service configurations than the centralized
mode. When services cannot be batch configured on the parent for an AS, log in
to the AS to configure this AS. After the AS changes from the centralized mode to
independent mode, all the service configurations performed using profiles or
directly delivered before mode switching will be retained.

Configuration Roadmap
1. Determine the services to be configured for an AS.
2. Determine the configuration method based on 4.3.1.3 SVF Service
Deployment Limitations. For example, you need to configure SNMP on an
AS. According to "Service Configuration Supported on an AS", you determine
that SNMP can be configured only in independent mode.
3. Configure services based on the configuration method. Figure 4-37 illustrates
the process of delivering configurations from the parent to AS ports using
service profiles.

Sx300 Series Switches
Typical Configuration Examples 4 Typical Device Management Configuration

Figure 4-37 Process of delivering configurations from the parent to AS ports

using service profiles

The configuration delivery process has the following phases:

a. Create port groups and add AS ports into port groups. Each port group is
a set of ports, which are connected to users with the same service
characteristics.
b. Create service profiles. Each service profile is a set of services to be
delivered.
c. Bind service profiles to port groups.
d. Commit the configurations on the parent so that services can be
automatically delivered to ASs.

Sx300 Series Switches
Typical Configuration Examples 4 Typical Device Management Configuration

When configuring services for ASs through port groups, you only need to
focus on user ports on ASs. Whether services of fabric ports need to be
manually configured depends on networking scenarios:
– When the parent is directly connected to ASs, service configurations of
fabric ports on the parent and ASs will be automatically generated
according to service configurations of user ports.
– When the parent is connected to ASs across an intermediate network,
you need to configure services for the fabric port of the parent.

4.3.3.2 AS Access User Network Partitioning Configuration

During access user network partitioning, you need to add user ports to VLANs.
In a campus network, you can classify users based on departments and configure
same services for the same type of users. AS ports are directly connected to users,
so you can add AS ports connected to the same type of users to the same port
group. This operation simplifies the port configuration and greatly reduces the
configuration workload. When configuring a port group, pay attention to the
following:
● When configuring port groups, ensure that the port groups meet the
specifications listed in Table 4-18.

Table 4-18 Port group specifications

Port Group Type Maximum Number of Restrictions on AS

Port Groups Ports and Port Groups
Supported by an SVF
System

Port group directly 256 Ports on an AS can be

connected to users added to a maximum
of sixteen directly
connected user port
groups.

● User ports on each AS can have a maximum of 1 default VLAN, 1 voice VLAN,
and 32 allowed VLANs.
● In versions earlier than V200R011C10, user ports on an AS cannot be
configured as Eth-Trunk member ports. In V200R011C10 or later versions, user
ports on an AS can be configured as Eth-Trunk member ports.

4.3.3.3 AS Access User Authentication Configuration

NOTE

If access users do not need to be authenticated, skip this section.

In an SVF system shown in Figure 4-38, the parent functions as the access control
authentication point of all users, and so services of the authentication server only
need to be configured on the parent once, simplifying deployment. The access
control enforcement points of all users are deployed on ASs. To ensure security,
users who fail authentication cannot access ASs.

Sx300 Series Switches
Typical Configuration Examples 4 Typical Device Management Configuration

Figure 4-38 Access control authentication point and enforcement points

An SVF system supports three access user authentication modes: MAC, 802.1X,
and Portal. Table 4-19 lists the characteristics and application scenarios of the
three authentication modes.

Table 4-19 Characteristics and application scenarios of authentication modes

Authenticatio Characteristics Applicable Scenario
n Mode

MAC ● No client software needs Dumb terminals, such as

to be installed. printers and fax machines,
● Users do not need to enter need to connect to the
user names and passwords network.
when logging in to the
network.
● MAC addresses of all users
need to be configured,
complicating the
configurations.

802.1X ● The 802.1X client software The network is newly built,

needs to be installed. users are densely distributed,
● Easy-to-remember user and high information security
names can be configured. is required.
● Users need to enter user
names and passwords
when logging in to the
network.

Sx300 Series Switches
Typical Configuration Examples 4 Typical Device Management Configuration

Authenticatio Characteristics Applicable Scenario

n Mode

Portal ● No client software needs Users are sparsely distributed

to be installed. or move freely.
● Easy-to-remember user
names can be configured.
● Users need to enter user
names and passwords
when logging in to the
network.

An SVF system supports only one combination of authentication modes. The

combination can contain one or more of MAC, 802.1X, and Portal authentication
modes according to scenario requirements.
● Access terminal authentication mode

Sx300 Series Switches
Typical Configuration Examples 4 Typical Device Management Configuration

Table 4-20 Recommended authentication modes in an access terminal

authentication scenario
Scenario Scenario Typical Recommend Remarks
Characteristi Terminal ed
cs Authenticati
on Mode

Campus ● The Laptops and 802.1X ● Configure

office network is printers dumb
network closed, terminals
users such as
seldom printers as
change static
their users on
locations, the
and high parent.
security is ● Configure
required. 802.1X
● Locations authentic
of some ation on
laptops all AS
may ports to
change. which
For access
example, terminals
these are
laptops connected
are .
moved ● Use
from centralize
offices to d
meeting forwardin
rooms or g of user
moved traffic and
between UCL to
departme implemen
nts. t inter-
● A few departme
dumb ntal user
terminals isolation.
such as
printers
exist.

Sx300 Series Switches
Typical Configuration Examples 4 Typical Device Management Configuration

Scenario Scenario Typical Recommend Remarks

Characteristi Terminal ed
cs Authenticati
on Mode

Educational ● The Laptops Portal If terminals

institution network is need to be
closed, isolated, use
and centralized
terminals forwarding.
are Otherwise,
densely use
distribute distributed
d. forwarding
● Locations to improve
of wired bandwidth
terminals forwarding
seldom efficiency.
change,
and
communic
ation
between
local users
generally
does not
need to
be
restricted.

● Precautions for configuring access terminal authentication

a. It is not recommended to configure the combination of MAC and 802.1X
(or Portal) authentication modes. If such combination is configured,
concurrent access performance is reduced for terminals requiring 802.1X
authentication when the system first performs MAC authentication on
these terminals.
b. When Portal authentication is configured, the built-in Portal server is not
supported.
c. Terminals cannot send DHCPv6 and neighbor discovery (ND) packets to
trigger authentication.
d. When authentication-free rules are configured on the parent, the parent
delivers the authentication-free rules within the specified range to all ASs.
For example, the parent can deliver authentication-free rules 0 to 127 to
ASs of the S5320-EI or S5720-EI model and 0 to 31 to ASs of other switch
models. Authentication-free rules delivered to ASs do not carry interface
information.
e. In an SVF system, network access rights can be authorized through
authentication-free rules but not a UCL group before users pass NAC
authentication.

Sx300 Series Switches
Typical Configuration Examples 4 Typical Device Management Configuration

● Precautions for authorizing access terminals

– In an SVF system running a version earlier than V200R011C10,
authorization VLANs cannot be assigned to wired users. In an SVF system
running V200R011C10 or later, authorization VLANs can be assigned to
wired users.

4.3.3.4 AS Security Configuration

Common Attack Scenarios in the Campus Network

Security configurations are used to prevent an SVF system against various attacks.
Common attacks in a campus network include attacks on the control plane and
forwarding plane. Table 4-21 lists attack types and their impacts on the campus
network.

Table 4-21 Attack types and scenarios

Attack Type Attack Subtype Impact

Attack on the ARP attack with fixed source The CPU usage of the
control plane MAC address parent becomes high, and
traffic of some users is
ARP attack with fixed source interrupted.
IP address

ARP attack from bogus A large number of gateway

gateways collision alarms will be
generated on the parent.

ARP spoofing gateway Users cannot access the

attack network.

ARP flooding attack Users cannot learn ARP

entries and even cannot
access the network.

Bogus DHCP server attack Users cannot obtain

expected IP addresses.

DHCP flooding attack When terminals are not

authenticated, users cannot
obtain IP addresses.

Attack on the ARP Miss attack with fixed The parent has a high CPU
forwarding plane source IP address usage and cannot learn ARP
entries.

Sx300 Series Switches
Typical Configuration Examples 4 Typical Device Management Configuration

Attack Type Attack Subtype Impact

IP packet attack with the The CPU usage of the

device IP address as parent becomes high.
destination IP address Packet loss occurs or traffic
forwarding is interrupted
when the parent pings the
gateway. The parent
responds slowly during a
Telnet login to the parent.
Unicast IP packets of
protocols such as BGP and
LDP cannot be processed in
a timely manner, preventing
these protocols from
working normally.

DDoS attack Uplink ports are congested,

and user traffic is
interrupted.

Attack Defense Methods and Recommendations

In an SVF system, ASs are connected to terminals, and AS ports are directly
connected to terminals. By default, some device security measures have been
deployed in an SVF system. For example, packet rate limiting has been configured
in the inbound or outbound direction of AS ports. You can also run commands to
perform security configurations on the ports to which terminals are connected.
Table 4-22 lists attack defense methods and recommendations.

Table 4-22 Attack defense methods and recommendations

Attack Attack Attack Defense Method Attack Defense Method
Type Subtype Used When Terminals Used When Terminals
Need to Be Do Not Need to Be
Authenticated Authenticated

Attack ARP attack Automatic defense Configure ARP packet rate

on the with fixed against ARP packet limiting on AS ports.
control source MAC attacks has been
plane address supported.

ARP attack
with fixed
source IP
address

ARP attack Configure the ARP gateway anti-collision function on

from bogus the parent.
gateways

Sx300 Series Switches
Typical Configuration Examples 4 Typical Device Management Configuration

Attack Attack Attack Defense Method Attack Defense Method

Type Subtype Used When Terminals Used When Terminals
Need to Be Do Not Need to Be
Authenticated Authenticated

ARP Set the forwarding mode to centralized forwarding.

spoofing
gateway
attack

ARP The ARP anti-flooding function is automatically

flooding enabled in the outbound direction of ASs. Therefore,
attack ARP flooding attacks can only affect attacked ASs.
Configure rate limiting for incoming ARP packets on
AS ports to which terminals are connected after attack
sources are identified.

Bogus None Configure DHCP snooping

DHCP on ASs.
server
attack

DHCP Enable the DHCP anti-flooding function in the

flooding outbound direction of ASs automatically. Therefore,
attack ARP flooding attacks can only affect attacked ASs.
Configure rate limiting for incoming DHCP packets on
AS ports to which terminals are connected after attack
sources are identified.

Attack ARP Miss Configure rate limiting for ARP Miss packets on the
on the attack with parent to limit the packets based on the source IP
forwardi fixed source address.
ng plane IP address

IP packet Configure a blacklist on the parent.

attack with
the device
IP address
as
destination
IP address

DDoS Configure rate limiting, broadcast, multicast, and

attack unknown unicast traffic suppression on ports.

4.3.4 Example for Configuring SVF (S9300 as the Parent)

Sx300 Series Switches
Typical Configuration Examples 4 Typical Device Management Configuration

● After the SVF function is enabled, switches do not support the In-Service
Software Upgrade (ISSU) function.
● When the parent version is earlier than V200R011C10, the AS version must be
the same as the parent version. Otherwise, this AS cannot go online. For
example, if the parent version is V200R010C00, the AS version must also be
V200R010C00.
● When the parent version is V200R011C10 or later, the parent version and AS
version can be different, but the parent version must be higher than or the
same as the AS version and the AS version must also be V200R011C10 or
later.
● When GE optical interfaces are connected to XGE optical interfaces to connect
level-1 ASs to the parent or connect level-2 ASs to level-1 ASs, these
interfaces must use GE instead of XGE optical modules.
● If an AS is a stack set up using service ports, the AS must join an SVF system
after having the stacking function configured. This limitation does not apply
to an AS that is a stack set up using stack cards.
● When a cluster switch system (CSS) functioning as the parent is faulty:
– If one member switch in the CSS is faulty, the SVF function is not
affected.
– If the CSS splits but two member switches are working normally, the SVF
function becomes unavailable because ASs do not know which switch is
the parent. In this situation, you are advised to configure the dual-active
detection (DAD) function.

Networking Requirements
A new campus network has a large number of wired and wireless access devices.
The widely distributed access devices complicate management and configuration
of the access layer. Unified management and configuration of wired and wireless
access devices is required to reduce the management cost.
In this example, complete the following operations on access devices:
● Configure the administrator user name and password for access devices.
● Assign VLANs to ports of access devices.
● Set the user access authentication mode to 802.1X authentication.
As shown in Figure 4-39, two aggregation switches (SwitchA and SwitchB) set up
a Cluster Switching System (CSS) to improve reliability and function as the parent
to connect to multiple ASs. Multiple active detection (MAD) in direct mode must
be configured on the parent to avoid conflicts when the CSS splits.
In this example, two S9300s function as the parent, an S5320-28P-SI-AC functions
as a level-1 AS, an S5320-12TP-LI-AC functions as a level-2 AS.

Sx300 Series Switches
Typical Configuration Examples 4 Typical Device Management Configuration

Figure 4-39 SVF networking

Data Plan
Item Data Description

Parent CSS of two S9300s Set the CSS connection

(SwitchA and SwitchB) mode to CSS card.

Directly connected MAD GE1/2/0/1 and –

ports on the parent GE2/2/0/1

Cards that connect the 1/1 and 2/1 cards: X1E –

parent to ASs cards of the same type

MAC addresses of the Parent: 00e0-fc00-1100 –

parent, ASs 1 to 5 AS1: 00e0-fc00-0011
AS2: 00e0-fc00-0022
AS3: 00e0-fc00-0033
AS4: 00e0-fc00-0044
AS5: 00e0-fc00-0055

SVF management VLAN VLAN 11 –

IP address of the 192.168.11.1 –

management VLANIF
interface

Sx300 Series Switches
Typical Configuration Examples 4 Typical Device Management Configuration

Item Data Description

Ports that connect the GE1/1/0/1 and Add the two ports to
parent to AS1 GE2/1/0/1 Eth-Trunk1 and bind
them to Fabric-port 1.

Ports that connect the GE1/1/0/2 and Add the two ports to
parent to AS2 GE2/1/0/2 Eth-Trunk2 and bind
them to Fabric-port 2.

Ports that connect the GE1/1/0/3 and Add the two ports to
parent to AS3 GE2/1/0/3 Eth-Trunk3 and bind
them to Fabric-port 3.

Ports that connect AS1 GE0/0/23 and GE0/0/24 Add the two ports to
to AS4 Eth-Trunk4 and bind
them to Fabric-port 4.

Ports that connect AS3 GE0/0/23 and GE0/0/24 Add the two ports to
to AS5 Eth-Trunk5 and bind
them to Fabric-port 5.

AS authentication mode Whitelist authentication –

Service configuration for Administrator profile: Bind admin_profile to

the AS administrator admin_profile, in which admin_group.
profile you can configure the
administrator user name
and password
AS group: admin_group,
which includes all the
ASs

Service configuration for Network basic profile: Bind basic_profile_1 to

the AS network basic basic_profile_1, in which port_group_1.
profile you can configure Bind basic_profile_2 to
default VLAN 10 port_group_2.
Network basic profile:
basic_profile_2, in which
you can configure
default VLAN 20
Port group:
port_group_1, which
includes all AS1 and AS4
ports and all AS2 ports
Port group:
port_group_2, which
includes all AS3 and AS5
ports

Sx300 Series Switches
Typical Configuration Examples 4 Typical Device Management Configuration

Item Data Description

Service configuration for User access profile: Bind access_profile to

the AS user access access_profile, in which port_group_1 and
profile you can set the user port_group_2.
access authentication
mode to 802.1X
authentication.

Configuration Roadmap
1. Configure SwitchA and SwitchB in the parent to set up a CSS using CSS cards
and configure MAD in direct mode to ensure high reliability of the SVF
system.
2. Enable the SVF function on the parent.
3. Configure AS access parameters, including AS names (optional),
authentication mode, and fabric ports that connect the parent to level-1 ASs
and level-1 ASs to level-2 ASs.
4. Connect level-1 ASs to the parent and level-2 ASs using cables.
5. Configure service profiles and bind them to ASs.
6. Log in to ASs to check the service configurations of the ASs.

Procedure
1. Configure SwitchA and SwitchB in the parent to set up a CSS.
# Set the CSS connection mode, CSS ID, and CSS priority to CSS card
connection, 1, and 100 for SwitchA.
<Quidway> system-view
[Quidway] sysname SwitchA
[SwitchA] set css mode css-card
[SwitchA] set css id 1
[SwitchA] set css priority 100

# Set the CSS connection mode, CSS ID, and CSS priority to CSS card
connection, 2, and 10 for SwitchB.
<Quidway> system-view
[Quidway] sysname SwitchB
[SwitchB] set css mode css-card
[SwitchB] set css id 2
[SwitchB] set css priority 10

# Enable the CSS function on SwitchA and restart SwitchA.

[SwitchA] css enable

# Enable the CSS function on SwitchB and restart SwitchB.

[SwitchB] css enable

# Log in to the CSS and configure MAD in direct mode.

<SwitchA> system-view
[SwitchA] interface gigabitethernet 1/2/0/1
[SwitchA-GigabitEthernet1/2/0/1] mad detect mode direct
[SwitchA-GigabitEthernet1/2/0/1] quit
[SwitchA] interface gigabitethernet 2/2/0/1
[SwitchA-GigabitEthernet2/2/0/1] mad detect mode direct
[SwitchA-GigabitEthernet2/2/0/1] quit

Sx300 Series Switches
Typical Configuration Examples 4 Typical Device Management Configuration

2. Configure the management VLAN in the SVF system and enable the SVF
function on the parent.
[SwitchA] vlan batch 11
[SwitchA] dhcp enable
[SwitchA] interface vlanif 11
[SwitchA-Vlanif11] ip address 192.168.11.1 24
[SwitchA-Vlanif11] dhcp select interface
[SwitchA-Vlanif11] dhcp server option 43 ip-address 192.168.11.1
[SwitchA-Vlanif11] quit
[SwitchA] capwap source interface vlanif 11
[SwitchA] stp mode rstp
[SwitchA] uni-mng
Warning: This operation will enable the uni-mng mode and disconnect all ASs. STP calculation may
be triggered and service traffic will be affected. Continue? [Y/N]:y
3. Configure AS access parameters.
# (Optional) Configure a name for each AS.
NOTE

● If you do not perform this step, the system will generate AS device information when
ASs connect to the SVF system. An AS name is in the format of system default name-
system MAC address.
● If you need to perform this step, ensure that the configured model and mac-address
parameters are consistent with the actual AS information. The value of mac-address
must be the AS management MAC address or system MAC address. To view the AS
management MAC address, run the display as access configuration command on the
AS. If the management MAC displays --, the value of mac-address is the system MAC
address. If the configured parameters are inconsistent with the actual AS information,
the AS cannot go online.
[SwitchA-um] as name as1 model S5320-28P-SI-AC mac-address 00e0-fc00-0011
[SwitchA-um-as-as1] quit
[SwitchA-um] as name as2 model S5320-28P-SI-AC mac-address 00e0-fc00-0022
[SwitchA-um-as-as2] quit
[SwitchA-um] as name as3 model S5320-28P-SI-AC mac-address 00e0-fc00-0033
[SwitchA-um-as-as3] quit
[SwitchA-um] as name as4 model S5320-12TP-LI-AC mac-address 00e0-fc00-0044
[SwitchA-um-as-as4] quit
[SwitchA-um] as name as5 model S5320-12TP-LI-AC mac-address 00e0-fc00-0055
[SwitchA-um-as-as5] quit
# Configure the fabric port that connects the parent to AS1.
[SwitchA-um] interface fabric-port 1
[SwitchA-um-fabric-port-1] port member-group interface eth-trunk 1
[SwitchA-um-fabric-port-1] quit
[SwitchA-um] quit
[SwitchA] interface gigabitethernet 1/1/0/1
[SwitchA-GigabitEthernet1/1/0/1] eth-trunk 1
[SwitchA-GigabitEthernet1/1/0/1] quit
[SwitchA] interface gigabitethernet 2/1/0/1
[SwitchA-GigabitEthernet2/1/0/1] eth-trunk 1
[SwitchA-GigabitEthernet2/1/0/1] quit
# Configure the fabric port that connects the parent to AS2.
[SwitchA] uni-mng
[SwitchA-um] interface fabric-port 2
[SwitchA-um-fabric-port-2] port member-group interface eth-trunk 2
[SwitchA-um-fabric-port-2] quit
[SwitchA-um] quit
[SwitchA] interface gigabitethernet 1/1/0/2
[SwitchA-GigabitEthernet1/1/0/2] eth-trunk 2
[SwitchA-GigabitEthernet1/1/0/2] quit
[SwitchA] interface gigabitethernet 2/1/0/2
[SwitchA-GigabitEthernet2/1/0/2] eth-trunk 2
[SwitchA-GigabitEthernet2/1/0/2] quit
# Configure the fabric port that connects the parent to AS3.

Sx300 Series Switches
Typical Configuration Examples 4 Typical Device Management Configuration

[SwitchA] uni-mng
[SwitchA-um] interface fabric-port 3
[SwitchA-um-fabric-port-3] port member-group interface eth-trunk 3
[SwitchA-um-fabric-port-3] quit
[SwitchA-um] quit
[SwitchA] interface gigabitethernet 1/1/0/3
[SwitchA-GigabitEthernet1/1/0/3] eth-trunk 3
[SwitchA-GigabitEthernet1/1/0/3] quit
[SwitchA] interface gigabitethernet 2/1/0/3
[SwitchA-GigabitEthernet2/1/0/3] eth-trunk 3
[SwitchA-GigabitEthernet2/1/0/3] quit
# Configure the fabric ports that connect AS1 to AS4 and AS3 to AS5.
[SwitchA] uni-mng
[SwitchA-um] as name as1
[SwitchA-um-as-as1] down-direction fabric-port 4 member-group interface eth-trunk 4
[SwitchA-um-as-as1] port eth-trunk 4 trunkmember interface gigabitethernet 0/0/23 to 0/0/24
[SwitchA-um-as-as1] quit
[SwitchA-um] as name as3
[SwitchA-um-as-as3] down-direction fabric-port 5 member-group interface eth-trunk 5
[SwitchA-um-as-as3] port eth-trunk 5 trunkmember interface gigabitethernet 0/0/23 to 0/0/24
[SwitchA-um-as-as3] quit
[SwitchA-um] quit
# Configure whitelist authentication for ASs to connect to an SVF system.
To view the AS management MAC address, run the display as access
configuration command on the AS. If the management MAC displays --, the
MAC address configured in the whitelist is the AS system MAC address.
Otherwise, the MAC address configured in the whitelist is the AS
management MAC address.
[SwitchA] as-auth
[SwitchA-as-auth] undo auth-mode
[SwitchA-as-auth] whitelist mac-address 00e0-fc00-0011
[SwitchA-as-auth] whitelist mac-address 00e0-fc00-0022
[SwitchA-as-auth] whitelist mac-address 00e0-fc00-0033
[SwitchA-as-auth] whitelist mac-address 00e0-fc00-0044
[SwitchA-as-auth] whitelist mac-address 00e0-fc00-0055
[SwitchA-as-auth] quit
4. Run the reset saved-configuration command to clear the configurations of
ASs, restart the ASs, and then connect level-1 ASs to the parent and level-2
ASs using cables. Subsequently, an SVF system is set up.
NOTE

Sx300 Series Switches
Typical Configuration Examples 4 Typical Device Management Configuration

When the State field in the command output displays normal for an AS, the
AS has connected to the SVF system.
# Run the display uni-mng topology information command to view SVF
topology information.
[SwitchA] display uni-mng topology information
The topology information of uni-mng network:
<-->: direct link <??>: indirect link
T: Trunk ID *: independent AS
------------------------------------------------------------------------------
Local MAC Hop Local Port T || T Peer Port Peer MAC
------------------------------------------------------------------------------
00e0-fc00-1100 0 GE1/1/0/1 1 <-->0 GE0/0/27 00e0-fc00-0011
00e0-fc00-1100 0 GE2/1/0/1 1 <-->0 GE0/0/28 00e0-fc00-0011
00e0-fc00-1100 0 GE1/1/0/2 2 <-->0 GE0/0/27 00e0-fc00-0022
00e0-fc00-1100 0 GE2/1/0/2 2 <-->0 GE0/0/28 00e0-fc00-0022
00e0-fc00-1100 0 GE1/1/0/3 3 <-->0 GE0/0/27 00e0-fc00-0033
00e0-fc00-1100 0 GE2/1/0/3 3 <-->0 GE0/0/28 00e0-fc00-0033
00e0-fc00-0011 1 GE0/0/23 4 <-->0 GE0/0/11 00e0-fc00-0044
00e0-fc00-0011 1 GE0/0/24 4 <-->0 GE0/0/12 00e0-fc00-0044
00e0-fc00-0033 1 GE0/0/23 5 <-->0 GE0/0/11 00e0-fc00-0055
00e0-fc00-0033 1 GE0/0/24 5 <-->0 GE0/0/12 00e0-fc00-0055
------------------------------------------------------------------------------
Total items displayed : 10

# Run the display uni-mng upgrade-info verbose command to view all AS

version information.
[SwitchA] display uni-mng upgrade-info verbose
The total number of AS is : 5
----------------------------------------------------------------------------
AS name : as1
Work status : NO-UPGRADE
Startup system-software : flash:/s5320si.cc
Startup version : V200R011C10
Startup patch : --
Next startup system-software : --
Next startup patch : --
Download system-software : --
Download version : --
Download patch : --
Method : --
Upgrading phase : --
Last operation result : --
Error reason : --
Last operation time : --
----------------------------------------------------------------------------
AS name : as2
Work status : NO-UPGRADE
Startup system-software : flash:/s5320si.cc
Startup version : V200R011C10
Startup patch : --
Next startup system-software : --
Next startup patch : --
Download system-software : --
Download version : --
Download patch : --
Method : --
Upgrading phase : --
Last operation result : --
Error reason : --
Last operation time : --
----------------------------------------------------------------------------
AS name : as3
Work status : NO-UPGRADE
Startup system-software : flash:/s5320si.cc
Startup version : V200R011C10
Startup patch : --
Next startup system-software : --

Sx300 Series Switches
Typical Configuration Examples 4 Typical Device Management Configuration

Next startup patch : --

Download system-software : --
Download version : --
Download patch : --
Method : --
Upgrading phase : --
Last operation result : --
Error reason : --
Last operation time : --
----------------------------------------------------------------------------
AS name : as4
Work status : NO-UPGRADE
Startup system-software : flash:/s5320li.cc
Startup version : V200R011C10
Startup patch : --
Next startup system-software : --
Next startup patch : --
Download system-software : --
Download version : --
Download patch : --
Method : --
Upgrading phase : --
Last operation result : --
Error reason : --
Last operation time : --
----------------------------------------------------------------------------
AS name : as5
Work status : NO-UPGRADE
Startup system-software : flash:/s5320li.cc
Startup version : V200R011C10
Startup patch : --
Next startup system-software : --
Next startup patch : --
Download system-software : --
Download version : --
Download patch : --
Method : --
Upgrading phase : --
Last operation result : --
Error reason : --
Last operation time : --
----------------------------------------------------------------------------
5. Configure service profiles and bind them to ASs.
# Configure an AS administrator profile and bind it to all ASs.
[SwitchA] uni-mng
[SwitchA-um] as-admin-profile name admin_profile
[SwitchA-um-as-admin-admin_profile] user asuser password YsHsjx_202206
[SwitchA-um-as-admin-admin_profile] quit
[SwitchA-um] as-group name admin_group
[SwitchA-um-as-group-admin_group] as name-include as
[SwitchA-um-as-group-admin_group] as-admin-profile admin_profile
[SwitchA-um-as-group-admin_group] quit
# Configure network basic profiles and bind them to AS ports.
[SwitchA-um] network-basic-profile name basic_profile_1
[SwitchA-um-net-basic-basic_profile_1] user-vlan 10
[SwitchA-um-net-basic-basic_profile_1] quit
[SwitchA-um] network-basic-profile name basic_profile_2
[SwitchA-um-net-basic-basic_profile_2] user-vlan 20
[SwitchA-um-net-basic-basic_profile_2] quit
[SwitchA-um] port-group name port_group_1
[SwitchA-um-portgroup-port_group_1] as name as1 interface all
[SwitchA-um-portgroup-port_group_1] as name as2 interface gigabitethernet 0/0/1 to 0/0/24
[SwitchA-um-portgroup-port_group_1] as name as4 interface all
[SwitchA-um-portgroup-port_group_1] network-basic-profile basic_profile_1
[SwitchA-um-portgroup-port_group_1] quit
[SwitchA-um] port-group name port_group_2
[SwitchA-um-portgroup-port_group_2] as name as3 interface all
[SwitchA-um-portgroup-port_group_2] as name as5 interface all

Sx300 Series Switches
Typical Configuration Examples 4 Typical Device Management Configuration

[SwitchA-um-portgroup-port_group_2] network-basic-profile basic_profile_2

[SwitchA-um-portgroup-port_group_2] quit
[SwitchA-um] quit

# Configure a user access profile and bind it to all AS ports.

[SwitchA] dot1x-access-profile name 1
[SwitchA-dot1x-access-profile-1] quit
[SwitchA] authentication-profile name dot1x_auth
[SwitchA-authen-profile-dot1x_auth] dot1x-access-profile 1
[SwitchA-authen-profile-dot1x_auth] quit
[SwitchA] uni-mng
[SwitchA-um] user-access-profile name access_profile
[SwitchA-um-user-access-access_profile] authentication-profile dot1x_auth
[SwitchA-um-user-access-access_profile] quit
[SwitchA-um] port-group name port_group_1
[SwitchA-um-portgroup-port_group_1] user-access-profile access_profile
[SwitchA-um-portgroup-port_group_1] quit
[SwitchA-um] port-group name port_group_2
[SwitchA-um-portgroup-port_group_2] user-access-profile access_profile
[SwitchA-um-portgroup-port_group_2] quit

# Commit the configurations so that the configurations in service profiles can

be delivered to ASs.
[SwitchA-um] commit as all
Warning: Committing the configuration will take a long time. Continue?[Y/N]: y

# Run the display uni-mng commit-result profile command to check

whether the configurations in service profiles have been delivered to ASs.
[SwitchA-um] display uni-mng commit-result profile
Result of profile:
--------------------------------------------------------------------------------
AS Name Commit Time Commit/Execute Result
--------------------------------------------------------------------------------
as1 2014-08-25 22:29:18 Success/Success
as2 2014-08-25 22:29:18 Success/Success
as3 2014-08-25 22:29:20 Success/Success
as4 2014-08-25 22:29:20 Success/Success
as5 2014-08-25 22:29:20 Success/Success
--------------------------------------------------------------------------------

When the Commit/Execute Result field in the command output displays

Success/Success for an AS, the configurations in service profiles have been
delivered to the AS.
6. Log in to ASs to check the service configurations of the ASs. The following
uses the login to AS1 as example.
# Run the attach as name as-name command on the parent to log in to AS1
and check whether the configured login user name and password are correct.
[SwitchA] uni-mng
[SwitchA-um] attach as name as1
Info: Connecting to the remote AS now. Use the quit command to return to the user view.
Trying 192.168.11.254 ...
Press CTRL+K to abort
Connected to 192.168.11.254 ...

Info: The max number of VTY users is 10, and the number
of current VTY users on line is 1.
The current login time is 2016-06-25 22:31:18+00:00.
<HUAWEI>

# Check whether service configurations of AS ports are generated.

NOTE

To check access authentication configuration, you need to run the display authentication
interface interface-type interface-number command on an AS.

Sx300 Series Switches
Typical Configuration Examples 4 Typical Device Management Configuration

<HUAWEI> display current-configuration

......
#
interface Eth-Trunk0
port link-type hybrid
port hybrid tagged vlan 1 11
stp instance 0 cost 200
traffic-filter outbound acl 4998
traffic-limit outbound acl 3999 cir 128 pir 128 cbs 16000 pbs 16000
traffic-statistic outbound acl 3999
traffic-limit outbound acl 4999 cir 32 pir 32 cbs 4000 pbs 4000
traffic-statistic outbound acl 4999
mode lacp
mad detect mode relay
#
interface GigabitEthernet0/0/1
stp root-protection
#
interface GigabitEthernet0/0/26
eth-trunk 0
broadcast-suppression 100
#
......

Configuration Summary
1. When setting up a CSS for a parent, use the CSS card or service port
connection mode according to networking requirements. This example uses
the CSS card connection.
2. You can configure service profiles and bind them to ASs before or after the
ASs connect to the SVF system. The AS service configuration mode includes
the pre-configured and non-pre-configured modes depending on the time
services are configured. Whatever configuration mode you use, you must run
the commit as { name as-name | all } command to commit the configuration
after completing it.
– Pre-configured mode: Before ASs connect to the SVF system, pre-
configure service profiles, bind them to the ASs, save the configuration on
the parent, and then run the commit as { name as-name | all }
command to commit the configuration. When the ASs connect to the SVF
system, configurations in the service profiles are automatically delivered
to the ASs.
– Non-pre-configured mode: After ASs connect to the SVF system,
configure service profiles, bind them to the ASs, and then run the
commit as { name as-name | all } command to commit the
configuration so that configurations in the service profiles can be
delivered to the ASs.
3. After the SVF function is enabled, the Spanning Tree Protocol (STP) and Link
Layer Discovery Protocol (LLDP) functions are enabled globally on the parent.
Pay attention to the following points when using the STP and LLDP functions
in an SVF system:
– You can disable the STP and LLDP functions only on ports, not globally.
– Do not disable the LLDP function on member ports of a fabric port.
Otherwise, the SVF topology will become abnormal.
4. After the SVF function is enabled, the parent will change STP to Rapid
Spanning Tree Protocol (RSTP) and set the priority of instance 0 to 28762
using the stp instance 0 priority 28672 command. Note that the priority of
instance 0 cannot be set to a value greater than 28672. After the SVF function

Sx300 Series Switches
Typical Configuration Examples 4 Typical Device Management Configuration

is disabled, the default priority of instance 0 is restored. When the SVF

function is enabled or disabled, STP recalculates the port roles and changes
the port status. Traffic on the ports will be interrupted temporarily.
5. The MAD relay function is automatically enabled on the Eth-Trunk to which a
downlink fabric port is bound, and the MAD function is automatically enabled
on the Eth-Trunk to which an uplink fabric port is bound to perform MAD in
an AS that is a stack. When the standby switch in the AS is removed, MAD
cannot be performed because the standby switch restarts automatically
without saving the configuration.
6. To prevent the SVF function from being affected, do not perform MIB
operations to modify the configuration automatically generated in an SVF
system, for example, the configuration of STP, LLDP, and Eth-Trunk to which a
fabric port is bound.
7. On the parent, there may be a delay in displaying the output of some
commands executed on ASs, including the patch delete all and patch load
filename all [ active | run ] commands.
8. In an SVF system, the maximum frame length allowed by ports cannot be
configured on an AS. Therefore, the maximum frame length is the default
value 9216 (including the CRC field).
9. Internal attacks of a management VLAN will cause ASs to disconnect from
the SVF system. You need to shut down the attacked ports or remove the
ports from the management VLAN after identifying the attack source.
10. After an AS disconnects from the SVF system, in versions earlier than
V200R012C00, all downlink ports of the AS will be shut down. In
V200R012C00 and later versions, to ensure that downlink networks of the AS
can communicate with each other, downlink ports of the AS will not be shut
down.
11. Configured Control and Provisioning of Wireless Access Points (CAPWAP)
tunnel parameters apply to the SVF system. To ensure that the CAPWAP
tunnel of the SVF system works normally, you are advised to retain the
default CAPWAP tunnel parameters.
12. In the SVF system, network access rights available before users pass network
admission control (NAC) authentication can be authorized through
authentication-free rules instead of a user control list (UCL) group.
13. SVF does not support built-in Portal servers.

Parent Configuration File (configuration in V200R011C10 as an example)

#
sysname SwitchA
#
vlan batch 11
#
stp mode rstp
stp instance 0 priority 28672
#
authentication-profile name dot1x_auth
dot1x-access-profile 1
#
lldp enable
#
dhcp enable
#
interface Vlanif11
ip address 192.168.11.1 255.255.255.0

Sx300 Series Switches
Typical Configuration Examples 4 Typical Device Management Configuration

dhcp select interface

dhcp server option 43 ip-address 192.168.11.1
#
interface Eth-Trunk1
port link-type hybrid
port hybrid tagged vlan 1 10 to 11
stp root-protection
stp edged-port disable
mode lacp
loop-detection disable
mad relay
#
interface Eth-Trunk2
port link-type hybrid
port hybrid tagged vlan 1 10 to 11
stp root-protection
stp edged-port disable
mode lacp
loop-detection disable
mad relay
#
interface Eth-Trunk3
port link-type hybrid
port hybrid tagged vlan 1 11 20
stp root-protection
stp edged-port disable
mode lacp
loop-detection disable
mad relay
#
interface GigabitEthernet1/1/0/1
eth-trunk 1
#
interface GigabitEthernet1/1/0/2
eth-trunk 2
#
interface GigabitEthernet1/1/0/3
eth-trunk 3
#
interface GigabitEthernet1/2/0/1
mad detect mode direct
#
interface GigabitEthernet2/1/0/1
eth-trunk 1
#
interface GigabitEthernet2/1/0/2
eth-trunk 2
#
interface GigabitEthernet2/1/0/3
eth-trunk 3
#
interface GigabitEthernet2/2/0/1
mad detect mode direct
#
capwap source interface vlanif11
#
as-auth
whitelist mac-address 00e0-fc00-0011
whitelist mac-address 00e0-fc00-0022
whitelist mac-address 00e0-fc00-0033
whitelist mac-address 00e0-fc00-0044
whitelist mac-address 00e0-fc00-0055
#
uni-mng
as name as1 model S5320-28P-SI-AC mac-address 00e0-fc00-0011 //Check whether the configurations of
ASs and ports connected to ASs are correct.
down-direction fabric-port 4 member-group interface Eth-Trunk 4
port Eth-Trunk 4 trunkmember interface GigabitEthernet 0/0/23
port Eth-Trunk 4 trunkmember interface GigabitEthernet 0/0/24

Sx300 Series Switches
Typical Configuration Examples 4 Typical Device Management Configuration

as name as2 model S5320-28P-SI-AC mac-address 00e0-fc00-0022

as name as3 model S5320-28P-SI-AC mac-address 00e0-fc00-0033
down-direction fabric-port 5 member-group interface Eth-Trunk 5
port Eth-Trunk 5 trunkmember interface GigabitEthernet 0/0/23
port Eth-Trunk 5 trunkmember interface GigabitEthernet 0/0/24
as name as4 model S5320-12TP-LI-AC mac-address 00e0-fc00-0044
as name as5 model S5320-12TP-LI-AC mac-address 00e0-fc00-0055
interface fabric-port 1
port member-group interface Eth-Trunk 1
interface fabric-port 2
port member-group interface Eth-Trunk 2
interface fabric-port 3
port member-group interface Eth-Trunk 3
as-admin-profile name admin_profile //Check the administrator profile configuration.
user asuser password %^%#Ky,WNqWh_DZ[(V96yvSEph)VLMc/+U}>]i2:"9n:%^%#
network-basic-profile name basic_profile_1 //Check the network basic profile configuration.
user-vlan 10
network-basic-profile name basic_profile_2
user-vlan 20
user-access-profile name access_profile //Check the user access profile configuration.
authentication-profile dot1x_auth
as-group name admin_group //Check whether an AS group has been created and whether it has
been bound to the AS administrator profile.
as-admin-profile admin_profile
as name as1
as name as2
as name as3
as name as4
as name as5
port-group name port_group_1 //Check whether a port group has been bound to service profiles
and whether service ports of ASs have been added to the port group.
network-basic-profile basic_profile_1
user-access-profile access_profile
as name as1 interface GigabitEthernet 0/0/1 to 0/0/24
as name as2 interface GigabitEthernet 0/0/1 to 0/0/23
as name as4 interface GigabitEthernet 0/0/1 to 0/0/8
port-group name port_group_2 //Check whether a port group has been bound to service profiles
and whether service ports of ASs have been added to the port group.
network-basic-profile basic_profile_2
user-access-profile access_profile
as name as3 interface GigabitEthernet 0/0/1 to 0/0/24
as name as5 interface GigabitEthernet 0/0/1 to 0/0/8
#
dot1x-access-profile name 1
#
return

4.3.5 Example for Configuring SVF (S12700 as the Parent)

Precautions
● The Super Virtual Fabric (SVF) function on a parent is license controlled. The
license only enables the SVF function but does not control SVF service
specifications and only needs to be loaded on the parent.
● After the SVF function is enabled, switches do not support the In-Service
Software Upgrade (ISSU) function.
● When the parent version is earlier than V200R011C10, the AS version must be
the same as the parent version. Otherwise, this AS cannot go online. For
example, if the parent version is V200R010C00, the AS version must also be
V200R010C00.
● When the parent version is V200R011C10 or later, the parent version and AS
version can be different, but the parent version must be higher than or the

Sx300 Series Switches
Typical Configuration Examples 4 Typical Device Management Configuration

same as the AS version and the AS version must also be V200R011C10 or

later.
● When GE optical interfaces are connected to XGE optical interfaces to connect
level-1 ASs to the parent or connect level-2 ASs to level-1 ASs, these
interfaces must use GE instead of XGE optical modules.
● If an AS is a stack set up using service ports, the AS must join an SVF system
after having the stacking function configured. This limitation does not apply
to an AS that is a stack set up using stack cards.
● When a cluster switch system (CSS) functioning as the parent is faulty:
– If one member switch in the CSS is faulty, the SVF function is not
affected.
– If the CSS splits but two member switches are working normally, the SVF
function becomes unavailable because ASs do not know which switch is
the parent. In this situation, you are advised to configure the dual-active
detection (DAD) function.

Networking Requirements
A new campus network has a large number of wired and wireless access devices.
The widely distributed access devices complicate management and configuration
of the access layer. Unified management and configuration of wired and wireless
access devices is required to reduce the management cost.
In this example, complete the following operations on access devices:
● Configure the administrator user name and password for access devices.
● Assign VLANs to ports of access devices.
● Set the user access authentication mode to 802.1X authentication.
As shown in Figure 4-40, two aggregation switches (SwitchA and SwitchB) set up
a Cluster Switching System (CSS) to improve reliability and function as the parent
to connect to multiple ASs and APs. Multiple active detection (MAD) in direct
mode must be configured on the parent to avoid conflicts when the CSS splits.
In this example, two S12700s function as the parent, an S5320-28P-SI-AC
functions as a level-1 AS, an S5320-12TP-LI-AC functions as a level-2 AS, and an
AP5010DN-AGN functions as an AP.

Sx300 Series Switches
Typical Configuration Examples 4 Typical Device Management Configuration

Figure 4-40 SVF networking

Data Plan
Item Data Description

Parent CSS of two S12700s Set the CSS connection

(SwitchA and SwitchB) mode to CSS card.

Directly connected MAD GE1/2/0/1 and –

ports on the parent GE2/2/0/1

Cards that connect the 1/1 and 2/1 cards: X1E –

parent to ASs cards of the same type

MAC addresses of the Parent: 00e0-fc00-3456 –

parent, ASs 1 to 5, and AS1: 00e0-fc00-0011
AP
AS2: 00e0-fc00-0022
AS3: 00e0-fc00-0033
AS4: 00e0-fc00-0044
AS5: 00e0-fc00-0055
AP: 00e0-fc00-0005

SVF management VLAN VLAN 11 –

IP address of the 192.168.11.1 –

management VLANIF
interface

Sx300 Series Switches
Typical Configuration Examples 4 Typical Device Management Configuration

Item Data Description

Ports that connect the GE1/1/0/1 and Add the two ports to
parent to AS1 GE2/1/0/1 Eth-Trunk1 and bind
them to Fabric-port 1.

Ports that connect the GE1/1/0/2 and Add the two ports to
parent to AS2 GE2/1/0/2 Eth-Trunk2 and bind
them to Fabric-port 2.

Ports that connect the GE1/1/0/3 and Add the two ports to
parent to AS3 GE2/1/0/3 Eth-Trunk3 and bind
them to Fabric-port 3.

Ports that connect AS1 GE0/0/23 and GE0/0/24 Add the two ports to
to AS4 Eth-Trunk4 and bind
them to Fabric-port 4.

Ports that connect AS3 GE0/0/23 and GE0/0/24 Add the two ports to
to AS5 Eth-Trunk5 and bind
them to Fabric-port 5.

Port that connects AS2 GE0/0/24 Add the port to the AP

to the AP port group.

AS authentication mode Whitelist authentication –

Service configuration for Administrator profile: Bind admin_profile to

the AS administrator admin_profile, in which admin_group.
profile you can configure the
administrator user name
and password
AS group: admin_group,
which includes all the
ASs

Sx300 Series Switches
Typical Configuration Examples 4 Typical Device Management Configuration

Item Data Description

Service configuration for Network basic profile: Bind basic_profile_1 to

the AS network basic basic_profile_1, in which port_group_1.
profile you can configure Bind basic_profile_2 to
default VLAN 10 port_group_2.
Network basic profile:
basic_profile_2, in which
you can configure
default VLAN 20
Port group:
port_group_1, which
includes all AS1 and AS4
ports and all AS2 ports
(except GE0/0/24 that
directly connects to the
AP)
Port group:
port_group_2, which
includes all AS3 and AS5
ports

Service configuration for User access profile: Bind access_profile to

the AS user access access_profile, in which port_group_1 and
profile you can set the user port_group_2.
access authentication
mode to 802.1X
authentication.

Configuration Roadmap
1. Configure SwitchA and SwitchB in the parent to set up a CSS using CSS cards
and configure MAD in direct mode to ensure high reliability of the SVF
system.
2. Enable the SVF function on the parent.
3. Configure AS access parameters, including AS names (optional),
authentication mode, and fabric ports that connect the parent to level-1 ASs
and level-1 ASs to level-2 ASs.
4. Connect level-1 ASs to the parent and level-2 ASs using cables.
5. Configure service profiles and bind them to ASs.
6. Configure the downlink port (GE0/0/24) that connects AS2 to the AP,
configure AP access parameters, power on the AP, and connect the AP and
AS2 using cables to ensure that the AP can connect to the SVF system.
7. Log in to ASs to check the service configurations of the ASs.

Procedure
1. Configure SwitchA and SwitchB in the parent to set up a CSS.

Sx300 Series Switches
Typical Configuration Examples 4 Typical Device Management Configuration

# Set the CSS connection mode, CSS ID, and CSS priority to CSS card
connection, 1, and 100 for SwitchA.
<Quidway> system-view
[Quidway] sysname SwitchA
[SwitchA] set css mode css-card
[SwitchA] set css id 1
[SwitchA] set css priority 100

# Enable the CSS function on SwitchA and restart SwitchA.

[SwitchA] css enable

# Enable the CSS function on SwitchB and restart SwitchB.

[SwitchB] css enable

# Log in to the CSS and configure MAD in direct mode.

3. Configure AS access parameters.

# (Optional) Configure a name for each AS.
NOTE

Sx300 Series Switches
Typical Configuration Examples 4 Typical Device Management Configuration

[SwitchA-um] as name as3 model S5320-28P-SI-AC mac-address 00e0-fc00-0033

[SwitchA-um-as-as3] quit
[SwitchA-um] as name as4 model S5320-12TP-LI-AC mac-address 00e0-fc00-0044
[SwitchA-um-as-as4] quit
[SwitchA-um] as name as5 model S5320-12TP-LI-AC mac-address 00e0-fc00-0055
[SwitchA-um-as-as5] quit

# Configure the fabric port that connects the parent to AS1.

[SwitchA-um] interface fabric-port 1
[SwitchA-um-fabric-port-1] port member-group interface eth-trunk 1
[SwitchA-um-fabric-port-1] quit
[SwitchA-um] quit
[SwitchA] interface gigabitethernet 1/1/0/1
[SwitchA-GigabitEthernet1/1/0/1] eth-trunk 1
[SwitchA-GigabitEthernet1/1/0/1] quit
[SwitchA] interface gigabitethernet 2/1/0/1
[SwitchA-GigabitEthernet2/1/0/1] eth-trunk 1
[SwitchA-GigabitEthernet2/1/0/1] quit

# Configure the fabric port that connects the parent to AS2.

[SwitchA] uni-mng
[SwitchA-um] interface fabric-port 2
[SwitchA-um-fabric-port-2] port member-group interface eth-trunk 2
[SwitchA-um-fabric-port-2] quit
[SwitchA-um] quit
[SwitchA] interface gigabitethernet 1/1/0/2
[SwitchA-GigabitEthernet1/1/0/2] eth-trunk 2
[SwitchA-GigabitEthernet1/1/0/2] quit
[SwitchA] interface gigabitethernet 2/1/0/2
[SwitchA-GigabitEthernet2/1/0/2] eth-trunk 2
[SwitchA-GigabitEthernet2/1/0/2] quit

# Configure the fabric port that connects the parent to AS3.

# Configure the fabric ports that connect AS1 to AS4 and AS3 to AS5.
[SwitchA] uni-mng
[SwitchA-um] as name as1
[SwitchA-um-as-as1] down-direction fabric-port 4 member-group interface eth-trunk 4
[SwitchA-um-as-as1] port eth-trunk 4 trunkmember interface gigabitethernet 0/0/23 to 0/0/24
[SwitchA-um-as-as1] quit
[SwitchA-um] as name as3
[SwitchA-um-as-as3] down-direction fabric-port 5 member-group interface eth-trunk 5
[SwitchA-um-as-as3] port eth-trunk 5 trunkmember interface gigabitethernet 0/0/23 to 0/0/24
[SwitchA-um-as-as3] quit
[SwitchA-um] quit

# Configure whitelist authentication for ASs to connect to an SVF system.

To view the AS management MAC address, run the display as access
configuration command on the AS. If the management MAC displays --, the
MAC address configured in the whitelist is the AS system MAC address.
Otherwise, the MAC address configured in the whitelist is the AS
management MAC address.
[SwitchA] as-auth
[SwitchA-as-auth] undo auth-mode
[SwitchA-as-auth] whitelist mac-address 00e0-fc00-0011
[SwitchA-as-auth] whitelist mac-address 00e0-fc00-0022

Sx300 Series Switches
Typical Configuration Examples 4 Typical Device Management Configuration

[SwitchA-as-auth] whitelist mac-address 00e0-fc00-0033

[SwitchA-as-auth] whitelist mac-address 00e0-fc00-0044
[SwitchA-as-auth] whitelist mac-address 00e0-fc00-0055
[SwitchA-as-auth] quit
4. Run the reset saved-configuration command to clear the configurations of
ASs, restart the ASs, and then connect level-1 ASs to the parent and level-2
ASs using cables. Subsequently, an SVF system is set up.
NOTE

● Before restarting an AS, check whether the port that connects this AS to the parent is a
downlink port. You can run the display port connection-type access all command on
this AS to view all downlink ports on it. If this port is a downlink port, run the uni-mng
up-direction fabric-port command on this AS to configure this port as an uplink port
before restarting this AS. Otherwise, this AS cannot go online.
● Before connecting an AS to the parent, ensure that the AS has no configuration file and
no input on the console port.
# After connecting cables, run the display as all command to check whether
ASs have connected to the SVF system.
[SwitchA] display as all
Total: 5, Normal: 5, Fault: 0, Idle: 0, Version mismatch: 0
--------------------------------------------------------------------------------
No. Type MAC IP State Name
--------------------------------------------------------------------------------
0 S5320-SI 00e0-fc00-0011 192.168.11.254 normal as1
1 S5320-SI 00e0-fc00-0022 192.168.11.253 normal as2
2 S5320-SI 00e0-fc00-0033 192.168.11.252 normal as3
3 S5320-LI 00e0-fc00-0044 192.168.11.251 normal as4
4 S5320-LI 00e0-fc00-0055 192.168.11.250 normal as5
--------------------------------------------------------------------------------
When the State field in the command output displays normal for an AS, the
AS has connected to the SVF system.
# Run the display uni-mng topology information command to view SVF
topology information.
[SwitchA] display uni-mng topology information
The topology information of uni-mng network:
<-->: direct link <??>: indirect link
T: Trunk ID *: independent AS
------------------------------------------------------------------------------
Local MAC Hop Local Port T || T Peer Port Peer MAC
------------------------------------------------------------------------------
00e0-fc00-3456 0 GE1/1/0/1 1 <-->0 GE0/0/27 00e0-fc00-0011
00e0-fc00-3456 0 GE2/1/0/1 1 <-->0 GE0/0/28 00e0-fc00-0011
00e0-fc00-3456 0 GE1/1/0/2 2 <-->0 GE0/0/27 00e0-fc00-0022
00e0-fc00-3456 0 GE2/1/0/2 2 <-->0 GE0/0/28 00e0-fc00-0022
00e0-fc00-3456 0 GE1/1/0/3 3 <-->0 GE0/0/27 00e0-fc00-0033
00e0-fc00-3456 0 GE2/1/0/3 3 <-->0 GE0/0/28 00e0-fc00-0033
00e0-fc00-0011 1 GE0/0/23 4 <-->0 GE0/0/11 00e0-fc00-0044
00e0-fc00-0011 1 GE0/0/24 4 <-->0 GE0/0/12 00e0-fc00-0044
00e0-fc00-0033 1 GE0/0/23 5 <-->0 GE0/0/11 00e0-fc00-0055
00e0-fc00-0033 1 GE0/0/24 5 <-->0 GE0/0/12 00e0-fc00-0055
------------------------------------------------------------------------------
Total items displayed : 10
# Run the display uni-mng upgrade-info verbose command to view all AS
version information.
[SwitchA] display uni-mng upgrade-info verbose
The total number of AS is : 5
----------------------------------------------------------------------------
AS name : as1
Work status : NO-UPGRADE
Startup system-software : flash:/s5320si.cc
Startup version : V200R010C00

Sx300 Series Switches
Typical Configuration Examples 4 Typical Device Management Configuration

Startup patch : --
Next startup system-software : --
Next startup patch : --
Download system-software : --
Download version : --
Download patch : --
Method : --
Upgrading phase : --
Last operation result : --
Error reason : --
Last operation time : --
----------------------------------------------------------------------------
AS name : as2
Work status : NO-UPGRADE
Startup system-software : flash:/s5320si.cc
Startup version : V200R010C00
Startup patch : --
Next startup system-software : --
Next startup patch : --
Download system-software : --
Download version : --
Download patch : --
Method : --
Upgrading phase : --
Last operation result : --
Error reason : --
Last operation time : --
----------------------------------------------------------------------------
AS name : as3
Work status : NO-UPGRADE
Startup system-software : flash:/s5320si.cc
Startup version : V200R010C00
Startup patch : --
Next startup system-software : --
Next startup patch : --
Download system-software : --
Download version : --
Download patch : --
Method : --
Upgrading phase : --
Last operation result : --
Error reason : --
Last operation time : --
----------------------------------------------------------------------------
AS name : as4
Work status : NO-UPGRADE
Startup system-software : flash:/s5320li.cc
Startup version : V200R010C00
Startup patch : --
Next startup system-software : --
Next startup patch : --
Download system-software : --
Download version : --
Download patch : --
Method : --
Upgrading phase : --
Last operation result : --
Error reason : --
Last operation time : --
----------------------------------------------------------------------------
AS name : as5
Work status : NO-UPGRADE
Startup system-software : flash:/s5320li.cc
Startup version : V200R010C00
Startup patch : --
Next startup system-software : --
Next startup patch : --
Download system-software : --
Download version : --

Sx300 Series Switches
Typical Configuration Examples 4 Typical Device Management Configuration

Download patch : --
Method : --
Upgrading phase : --
Last operation result : --
Error reason : --
Last operation time : --
----------------------------------------------------------------------------
5. Configure service profiles and bind them to ASs.
# Configure an AS administrator profile and bind it to all ASs.
[SwitchA] uni-mng
[SwitchA-um] as-admin-profile name admin_profile
[SwitchA-um-as-admin-admin_profile] user asuser password YsHsjx_202206
[SwitchA-um-as-admin-admin_profile] quit
[SwitchA-um] as-group name admin_group
[SwitchA-um-as-group-admin_group] as name-include as
[SwitchA-um-as-group-admin_group] as-admin-profile admin_profile
[SwitchA-um-as-group-admin_group] quit
# Configure network basic profiles and bind them to AS ports.
[SwitchA-um] network-basic-profile name basic_profile_1
[SwitchA-um-net-basic-basic_profile_1] user-vlan 10
[SwitchA-um-net-basic-basic_profile_1] quit
[SwitchA-um] network-basic-profile name basic_profile_2
[SwitchA-um-net-basic-basic_profile_2] user-vlan 20
[SwitchA-um-net-basic-basic_profile_2] quit
[SwitchA-um] port-group name port_group_1
[SwitchA-um-portgroup-port_group_1] as name as1 interface all
[SwitchA-um-portgroup-port_group_1] as name as2 interface gigabitethernet 0/0/1 to 0/0/23 //
GigabitEthernet0/0/24 connects AS2 to the AP.
[SwitchA-um-portgroup-port_group_1] as name as4 interface all
[SwitchA-um-portgroup-port_group_1] network-basic-profile basic_profile_1
[SwitchA-um-portgroup-port_group_1] quit
[SwitchA-um] port-group name port_group_2
[SwitchA-um-portgroup-port_group_2] as name as3 interface all
[SwitchA-um-portgroup-port_group_2] as name as5 interface all
[SwitchA-um-portgroup-port_group_2] network-basic-profile basic_profile_2
[SwitchA-um-portgroup-port_group_2] quit
[SwitchA-um] quit
# Configure a user access profile and bind it to all AS ports.
[SwitchA] dot1x-access-profile name 1
[SwitchA-dot1x-access-profile-1] quit
[SwitchA] authentication-profile name dot1x_auth
[SwitchA-authen-profile-dot1x_auth] dot1x-access-profile 1
[SwitchA-authen-profile-dot1x_auth] quit
[SwitchA] uni-mng
[SwitchA-um] user-access-profile name access_profile
[SwitchA-um-user-access-access_profile] authentication-profile dot1x_auth
[SwitchA-um-user-access-access_profile] quit
[SwitchA-um] port-group name port_group_1
[SwitchA-um-portgroup-port_group_1] user-access-profile access_profile
[SwitchA-um-portgroup-port_group_1] quit
[SwitchA-um] port-group name port_group_2
[SwitchA-um-portgroup-port_group_2] user-access-profile access_profile
[SwitchA-um-portgroup-port_group_2] quit
# Commit the configurations so that the configurations in service profiles can
be delivered to ASs.
[SwitchA-um] commit as all
Warning: Committing the configuration will take a long time. Continue?[Y/N]: y
# Run the display uni-mng commit-result profile command to check
whether the configurations in service profiles have been delivered to ASs.
[SwitchA-um] display uni-mng commit-result profile
Result of profile:
--------------------------------------------------------------------------------
AS Name Commit Time Commit/Execute Result
--------------------------------------------------------------------------------

Sx300 Series Switches
Typical Configuration Examples 4 Typical Device Management Configuration

as1 2014-08-25 22:29:18 Success/Success

as2 2014-08-25 22:29:18 Success/Success
as3 2014-08-25 22:29:20 Success/Success
as4 2014-08-25 22:29:20 Success/Success
as5 2014-08-25 22:29:20 Success/Success
--------------------------------------------------------------------------------
When the Commit/Execute Result field in the command output displays
Success/Success for an AS, the configurations in service profiles have been
delivered to the AS.
6. Connect the AP to AS2.
# Add the port that connects AS2 to the AP to an AP port group.
[SwitchA] uni-mng
[SwitchA-um] port-group connect-ap name ap
[SwitchA-um-portgroup-ap-ap] as name as2 interface gigabitethernet 0/0/24
[SwitchA-um-portgroup-ap-ap] quit
[SwitchA-um] commit as all
Warning: Committing the configuration will take a long time. Continue?[Y/N]: y
[SwitchA-um] quit
# Configure an AP ID.
[SwitchA] wlan
[SwitchA-wlan-view] ap-id 1 ap-type ap5010dn-agn ap-mac 00e0-fc00-0005
[SwitchA-wlan-ap-1] ap-name ap-1
[SwitchA-wlan-ap-1] quit
# Configure no authentication for the AP to connect to an SVF system.
[SwitchA-wlan-view] ap auth-mode no-auth
Warning: This operation may cause AP reset. Continue? [Y/N]y
[SwitchA-wlan-view] quit
# Power on the AP and connect the AP to AS2 using cables. Then run the
display ap all command to check whether the AP has connected to the SVF
system.
[SwitchA] display ap all
Total AP information:
nor : normal [1]
-----------------------------------------------------------------------------------------
ID MAC Name Group IP Type State STA Uptime
-----------------------------------------------------------------------------------------
1 00e0-fc00-0005 ap-1 default 192.168.11.249 AP5010DN-AGN nor 0 6H:3M:40S
-----------------------------------------------------------------------------------------
Total: 1
7. Log in to ASs to check the service configurations of the ASs. The following
uses the login to AS1 as example.
# Run the attach as name as-name command on the parent to log in to AS1
and check whether the configured login user name and password are correct.
[SwitchA] uni-mng
[SwitchA-um] attach as name as1
Info: Connecting to the remote AS now. Use the quit command to return to the user view.
Trying 192.168.11.254 ...
Press CTRL+K to abort
Connected to 192.168.11.254 ...

Info: The max number of VTY users is 10, and the number
of current VTY users on line is 1.
The current login time is 2016-06-25 22:31:18+00:00.
<HUAWEI>
# Check whether service configurations of AS ports are generated.
NOTE

To check access authentication configuration, you need to run the display authentication
interface interface-type interface-number command on an AS.

Sx300 Series Switches
Typical Configuration Examples 4 Typical Device Management Configuration

<HUAWEI> display current-configuration

Configuration Summary
1. When setting up a CSS for a parent, use the CSS card or service port
connection mode according to networking requirements. This example uses
the CSS card connection.
2. You can configure service profiles and bind them to ASs before or after the
ASs connect to the SVF system. The AS service configuration mode includes
the pre-configured and non-pre-configured modes depending on the time
services are configured. Whatever configuration mode you use, you must run
the commit as { name as-name | all } command to commit the configuration
after completing it.
– Pre-configured mode: Before ASs connect to the SVF system, pre-
configure service profiles, bind them to the ASs, save the configuration on
the parent, and then run the commit as { name as-name | all }
command to commit the configuration. When the ASs connect to the SVF
system, configurations in the service profiles are automatically delivered
to the ASs.
– Non-pre-configured mode: After ASs connect to the SVF system,
configure service profiles, bind them to the ASs, and then run the
commit as { name as-name | all } command to commit the
configuration so that configurations in the service profiles can be
delivered to the ASs.
3. After the SVF function is enabled, the Spanning Tree Protocol (STP) and Link
Layer Discovery Protocol (LLDP) functions are enabled globally on the parent.
Pay attention to the following points when using the STP and LLDP functions
in an SVF system:
– You can disable the STP and LLDP functions only on ports, not globally.
– Do not disable the LLDP function on member ports of a fabric port, ports
connected to APs, and AP uplink ports. Otherwise, the SVF topology will
become abnormal.
4. After the SVF function is enabled, the parent will change STP to Rapid
Spanning Tree Protocol (RSTP) and set the priority of instance 0 to 28762
using the stp instance 0 priority 28672 command. Note that the priority of

Sx300 Series Switches
Typical Configuration Examples 4 Typical Device Management Configuration

instance 0 cannot be set to a value greater than 28672. After the SVF function
is disabled, the default priority of instance 0 is restored. When the SVF
function is enabled or disabled, STP recalculates the port roles and changes
the port status. Traffic on the ports will be interrupted temporarily.
5. The MAD relay function is automatically enabled on the Eth-Trunk to which a
downlink fabric port is bound, and the MAD function is automatically enabled
on the Eth-Trunk to which an uplink fabric port is bound to perform MAD in
an AS that is a stack. When the standby switch in the AS is removed, MAD
cannot be performed because the standby switch restarts automatically
without saving the configuration.
6. To prevent the SVF function from being affected, do not perform MIB
operations to modify the configuration automatically generated in an SVF
system, for example, the configuration of STP, LLDP, and Eth-Trunk to which a
fabric port is bound.
7. If an AP has connected to the parent before the SVF function is enabled, the
parent cannot collect topology information about the AP after the uni-mng
command is used to enable the SVF function. You need to run the commit
{ all | ap ap-id } command in the WLAN view to commit the AP configuration.
Subsequently, the parent can collect topology information about the AP.
8. On the parent, there may be a delay in displaying the output of some
commands executed on ASs, including the patch delete all and patch load
filename all [ active | run ] commands.
9. In an SVF system, the maximum frame length allowed by ports cannot be
configured on an AS. Therefore, the maximum frame length is the default
value 9216 (including the CRC field).
10. Internal attacks of a management VLAN will cause ASs to disconnect from
the SVF system. You need to shut down the attacked ports or remove the
ports from the management VLAN after identifying the attack source.
11. After an AS disconnects from the SVF system, in versions earlier than
V200R012C00, all downlink ports of the AS will be shut down. In
V200R012C00 and later versions, to ensure that downlink networks of the AS
can communicate with each other, downlink ports of the AS will not be shut
down.
12. Configured Control and Provisioning of Wireless Access Points (CAPWAP)
tunnel parameters apply to the SVF system. To ensure that the CAPWAP
tunnel of the SVF system works normally, you are advised to retain the
default CAPWAP tunnel parameters.
13. In the SVF system, network access rights available before users pass network
admission control (NAC) authentication can be authorized through
authentication-free rules instead of a user control list (UCL) group.
14. SVF does not support built-in Portal servers.

Parent Configuration File

#
sysname SwitchA
#
vlan batch 11
#
stp mode rstp
stp instance 0 priority 28672
#

Sx300 Series Switches
Typical Configuration Examples 4 Typical Device Management Configuration

authentication-profile name dot1x_auth

dot1x-access-profile 1
#
lldp enable
#
dhcp enable
#
interface Vlanif11
ip address 192.168.11.1 255.255.255.0
dhcp select interface
dhcp server option 43 ip-address 192.168.11.1
#
interface Eth-Trunk1
port link-type hybrid
port hybrid tagged vlan 1 10 to 11
stp root-protection
authentication dot1x
mode lacp
loop-detection disable
mad relay
#
interface Eth-Trunk2
port link-type hybrid
port hybrid tagged vlan 1 10 to 11
stp root-protection
authentication dot1x
mode lacp
loop-detection disable
mad relay
#
interface Eth-Trunk3
port link-type hybrid
port hybrid tagged vlan 1 11 20
stp root-protection
authentication dot1x
mode lacp
loop-detection disable
mad relay
#
interface GigabitEthernet1/1/0/1
eth-trunk 1
#
interface GigabitEthernet1/1/0/2
eth-trunk 2
#
interface GigabitEthernet1/1/0/3
eth-trunk 3
#
interface GigabitEthernet1/2/0/1
mad detect mode direct
#
interface GigabitEthernet2/1/0/1
eth-trunk 1
#
interface GigabitEthernet2/1/0/2
eth-trunk 2
#
interface GigabitEthernet2/1/0/3
eth-trunk 3
#
interface GigabitEthernet2/2/0/1
mad detect mode direct
#
capwap source interface vlanif11
#
wlan wlan ap lldp enable ap auth-mode no-auth ap-id 1 type-id 30 ap-mac 00e0-fc00-0005 ap-sn
2102355547W0E3000316 wlan work-group default # as-auth
whitelist mac-address 00e0-fc00-0011
whitelist mac-address 00e0-fc00-0022

Sx300 Series Switches
Typical Configuration Examples 4 Typical Device Management Configuration

whitelist mac-address 00e0-fc00-0033

whitelist mac-address 00e0-fc00-0044
whitelist mac-address 00e0-fc00-0055
#
uni-mng
as name as1 model S5320-28P-SI-AC mac-address 00e0-fc00-0011 //Check whether the configurations of
ASs and ports connected to ASs are correct.
down-direction fabric-port 4 member-group interface Eth-Trunk 4
port Eth-Trunk 4 trunkmember interface GigabitEthernet 0/0/23
port Eth-Trunk 4 trunkmember interface GigabitEthernet 0/0/24
as name as2 model S5320-28P-SI-AC mac-address 00e0-fc00-0022
as name as3 model S5320-28P-SI-AC mac-address 00e0-fc00-0033
down-direction fabric-port 5 member-group interface Eth-Trunk 5
port Eth-Trunk 5 trunkmember interface GigabitEthernet 0/0/23
port Eth-Trunk 5 trunkmember interface GigabitEthernet 0/0/24
as name as4 model S5320-12TP-LI-AC mac-address 00e0-fc00-0044
as name as5 model S5320-12TP-LI-AC mac-address 00e0-fc00-0055
interface fabric-port 1
port member-group interface Eth-Trunk 1
interface fabric-port 2
port member-group interface Eth-Trunk 2
interface fabric-port 3
port member-group interface Eth-Trunk 3
as-admin-profile name admin_profile //Check the administrator profile configuration.
user asuser password %^%#Ky,WNqWh_DZ[(V96yvSEph)VLMc/+U}>]i2:"9n:%^%#
network-basic-profile name basic_profile_1 //Check the network basic profile configuration.
user-vlan 10
network-basic-profile name basic_profile_2
user-vlan 20
user-access-profile name access_profile //Check the user access profile configuration.
authentication-profile dot1x_auth
as-group name admin_group //Check whether an AS group has been created and whether it has
been bound to the AS administrator profile.
as-admin-profile admin_profile
as name as1
as name as2
as name as3
as name as4
as name as5
port-group name port_group_1 //Check whether a port group has been bound to service profiles
and whether service ports of ASs have been added to the port group.
network-basic-profile basic_profile_1
user-access-profile access_profile
as name as1 interface GigabitEthernet 0/0/1 to 0/0/24
as name as2 interface GigabitEthernet 0/0/1 to 0/0/23
as name as4 interface GigabitEthernet 0/0/1 to 0/0/8
port-group name port_group_2 //Check whether a port group has been bound to service profiles
and whether service ports of ASs have been added to the port group.
network-basic-profile basic_profile_2
user-access-profile access_profile
as name as3 interface GigabitEthernet 0/0/1 to 0/0/24
as name as5 interface GigabitEthernet 0/0/1 to 0/0/8
port-group connect-ap name ap as name as2 interface GigabitEthernet 0/0/24
#
dot1x-access-profile name 1
#
return

4.3.6 Example for Configuring SVF (S6320-EI as the Parent)

Precautions
● The Super Virtual Fabric (SVF) function on a parent is license controlled. The
license only enables the SVF function but does not control SVF service
specifications and only needs to be loaded on the parent.
● The SVF function is mutually exclusive with the web initial login mode,
EasyDeploy, USB-based deployment, and NETCONF functions.

Sx300 Series Switches
Typical Configuration Examples 4 Typical Device Management Configuration

● When the parent version is earlier than V200R011C10, the AS version must be
the same as the parent version. Otherwise, this AS cannot go online. For
example, if the parent version is V200R010C00, the AS version must also be
V200R010C00.
● When the parent version is V200R011C10 or later, the parent version and AS
version can be different, but the parent version must be higher than or the
same as the AS version and the AS version must also be V200R011C10 or
later.
● When GE optical interfaces are connected to XGE optical interfaces to connect
level-1 ASs to the parent or connect level-2 ASs to level-1 ASs, these
interfaces must use GE instead of XGE optical modules.
● If an AS is a stack set up using service ports, the AS must join an SVF system
after having the stacking function configured. This limitation does not apply
to an AS that is a stack set up using stack cards.
● When a cluster switch system (CSS) functioning as the parent is faulty:
– If one member switch in the CSS is faulty, the SVF function is not
affected.
– If the CSS splits but two member switches are working normally, the SVF
function becomes unavailable because ASs do not know which switch is
the parent. In this situation, you are advised to configure the dual-active
detection (DAD) function.

Networking Requirements
A new campus network has a large number of wired access devices. The widely
distributed access devices complicate management and configuration of the
access layer. Unified management and configuration of wired access devices is
required to reduce the management cost.
In this example, complete the following operations on access devices:
● Configure the administrator user name and password for access devices.
● Assign VLANs to ports of access devices.
● Set the user access authentication mode to 802.1X authentication.
As shown in Figure 4-41, two aggregation switches (SwitchA and SwitchB) set up
a stack to improve reliability and function as the parent to connect to multiple
ASs. Multiple active detection (MAD) in direct mode must be configured on the
parent to avoid conflicts when the stack splits.
In this example, the parent is S6320-26Q-EI-24S-AC, and ASs are S5300-28P-LI-AC.

Sx300 Series Switches
Typical Configuration Examples 4 Typical Device Management Configuration

Figure 4-41 SVF networking

Data plan
Item Data Description

Parent A stack established by The service port

SwitchA and SwitchB connection mode is used
(twoS6320-26Q-EI-24S- to set up the stack, and
AC switches) the two 40GE ports on
each member switch are
used as physical member
ports of the logical stack
port.

Directly connected MAD XGE0/0/4 and XGE1/0/4 –

ports on the parent

MAC addresses of the Parent: 00e0-fc00-1100 –

parent, ASs 1 to 3 AS1: 00e0-fc00-0011
AS2: 00e0-fc00-0022
AS3: 00e0-fc00-0033

SVF management VLAN VLAN 11 –

IP address of the 192.168.11.1 –

management VLANIF
interface

Ports that connect the XGE0/0/1 and XGE1/0/1 Add the two ports to
parent to AS1 Eth-Trunk1 and bind
them to Fabric-port 1.

Ports that connect the XGE0/0/2 and XGE1/0/2 Add the two ports to
parent to AS2 Eth-Trunk2 and bind
them to Fabric-port 2.

Sx300 Series Switches
Typical Configuration Examples 4 Typical Device Management Configuration

Item Data Description

Ports that connect the XGE0/0/3 and XGE1/0/3 Add the two ports to
parent to AS3 Eth-Trunk3 and bind
them to Fabric-port 3.

AS authentication mode Whitelist authentication –

Service configuration for Administrator profile: Bind admin_profile to

the AS administrator admin_profile, in which admin_group.
profile you can configure the
administrator user name
and password
AS group: admin_group,
which includes all the
ASs

Service configuration for Network basic profile: Bind basic_profile to

the AS network basic basic_profile, in which port_group.
profile you can configure
default VLAN 10
Port group: port_group,
which includes all AS1
ports, all AS2 ports, and
all AS3 ports

Service configuration for User access profile: Bind access_profile to

the AS user access access_profile, in which port_group and
profile you can set the user port_group.
access authentication
mode to 802.1X
authentication.

Configuration Roadmap
1. Set up a stack between the parent switches using the service port connection
mode. Then set the stack working mode to parent and configure MAD in
direct mode to ensure high reliability of the SVF system.
2. Enable the SVF function on the parent.
3. Configure AS access parameters, including AS names (optional),
authentication mode, and fabric ports that connect the parent to ASs.
4. Connect ASs to the parent using cables.
5. Configure service profiles and bind them to ASs.
6. Log in to ASs to check the service configurations of the ASs.

Procedure
Step 1 Set up a stack between the two switches used as the parent. Set the stack working
mode to parent and configure MAD in direct mode.

Sx300 Series Switches
Typical Configuration Examples 4 Typical Device Management Configuration

# Configure service ports 40GE0/0/1 and 40GE0/0/2 of SwitchA as physical

member ports and add them to the logical stack ports.
<Quidway> system-view
[Quidway] sysname SwitchA
[SwitchA] interface stack-port 0/1
[SwitchA-stack-port0/1] port interface 40ge 0/0/1 enable
[SwitchA-stack-port0/1] quit
[SwitchA] interface stack-port 0/2
[SwitchA-stack-port0/2] port interface 40ge 0/0/2 enable
[SwitchA-stack-port0/2] quit

# Configure service ports 40GE0/0/1 and 40GE0/0/2 of SwitchB as physical

member ports and add them to the logical stack ports.
<Quidway> system-view
[Quidway] sysname SwitchB
[SwitchB] interface stack-port 0/1
[SwitchB-stack-port0/1] port interface 40ge 0/0/1 enable
[SwitchB-stack-port0/1] quit
[SwitchB] interface stack-port 0/2
[SwitchB-stack-port0/2] port interface 40ge 0/0/2 enable
[SwitchB-stack-port0/2] quit

# Set the stack priority of SwitchA to 200.

[SwitchA] stack slot 0 priority 200

# Set the stack ID of SwitchB to 1.

[SwitchB] stack slot 0 renumber 1

# Power off SwitchA and SwitchB, connect the physical member ports with QSFP+
copper ports, and then power on the switches. Connect the member port of logical
stack port 1 on one switch to the member port of logical stack port 2 on the other
switch.
# Log in to the stack and configure it to work in parent mode.

NOTE

If the S5732-H24UM2CC, S5732-H48UM2CC, S5732-H48XUM2CC, S6730-S, S6730S-S,

S6720-SI, S6720S-SI, S6720-EI, S6720S-EI, S5332-H24UM2CC, S6320-EI, and S6320-SI
function as the parent, change the working mode of the switch to the parent mode first. By
default, a switch works in AS mode. The configured working mode takes effect after the
switch restarts.
<SwitchA> system-view
[SwitchA] as-mode disable
Warning: Switching the AS mode will clear current configuration and reboot the system. Continue? [Y/N]:y

# Log in to the stack and configure MAD in direct mode.

<Quidway> system-view
[Quidway] sysname SwitchA
[SwitchA] interface xgigabitethernet 0/0/4
[SwitchA-XGigabitEthernet0/0/4] mad detect mode direct
[SwitchA-XGigabitEthernet0/0/4] quit
[SwitchA] interface xgigabitethernet 1/0/4
[SwitchA-XGigabitEthernet1/0/4] mad detect mode direct
[SwitchA-XGigabitEthernet1/0/4] quit

Step 2 Configure the management VLAN in the SVF system and enable the SVF function
on the parent.
[SwitchA] vlan batch 11
[SwitchA] dhcp enable
[SwitchA] interface vlanif 11

Sx300 Series Switches
Typical Configuration Examples 4 Typical Device Management Configuration

[SwitchA-Vlanif11] ip address 192.168.11.1 24

[SwitchA-Vlanif11] dhcp select interface
[SwitchA-Vlanif11] dhcp server option 43 ip-address 192.168.11.1
[SwitchA-Vlanif11] quit
[SwitchA] capwap source interface vlanif 11
[SwitchA] stp mode rstp
[SwitchA] uni-mng
Warning: This operation will enable the uni-mng mode and disconnect all ASs. STP calculation may be
triggered and service traffic will be affected. Continue? [Y/N]:y

Step 3 Configure AS access parameters.

# (Optional) Configure a name for each AS.
NOTE

# Configure the fabric port that connects the parent to AS1.

[SwitchA-um] interface fabric-port 1
[SwitchA-um-fabric-port-1] port member-group interface eth-trunk 1
[SwitchA-um-fabric-port-1] quit
[SwitchA-um] quit
[SwitchA] interface xgigabitethernet 0/0/1
[SwitchA-XGigabitEthernet0/0/1] eth-trunk 1
[SwitchA-XGigabitEthernet0/0/1] quit
[SwitchA] interface xgigabitethernet 1/0/1
[SwitchA-XGigabitEthernet1/0/1] eth-trunk 1
[SwitchA-XGigabitEthernet1/0/1] quit

# Configure the fabric port that connects the parent to AS2.

[SwitchA] uni-mng
[SwitchA-um] interface fabric-port 2
[SwitchA-um-fabric-port-2] port member-group interface eth-trunk 2
[SwitchA-um-fabric-port-2] quit
[SwitchA-um] quit
[SwitchA] interface xgigabitethernet 0/0/2
[SwitchA-XGigabitEthernet0/0/2] eth-trunk 2
[SwitchA-XGigabitEthernet0/0/2] quit
[SwitchA] interface gigabitethernet 1/0/2
[SwitchA-XGigabitEthernet1/0/2] eth-trunk 2
[SwitchA-XGigabitEthernet1/0/2] quit

# Configure the fabric port that connects the parent to AS3.

[SwitchA] uni-mng
[SwitchA-um] interface fabric-port 3
[SwitchA-um-fabric-port-3] port member-group interface eth-trunk 3
[SwitchA-um-fabric-port-3] quit
[SwitchA-um] quit

Sx300 Series Switches
Typical Configuration Examples 4 Typical Device Management Configuration

[SwitchA] interface xgigabitethernet 0/0/3

[SwitchA-XGigabitEthernet0/0/3] eth-trunk 3
[SwitchA-XGigabitEthernet0/0/3] quit
[SwitchA] interface gigabitethernet 1/0/3
[SwitchA-XGigabitEthernet1/0/3] eth-trunk 3
[SwitchA-XGigabitEthernet1/0/3] quit

# Configure whitelist authentication for ASs to connect to an SVF system.

To view the AS management MAC address, run the display as access
configuration command on the AS. If the management MAC displays --, the MAC
address configured in the whitelist is the AS system MAC address. Otherwise, the
MAC address configured in the whitelist is the AS management MAC address.
[SwitchA] as-auth
[SwitchA-as-auth] undo auth-mode
[SwitchA-as-auth] whitelist mac-address 00e0-fc00-0011
[SwitchA-as-auth] whitelist mac-address 00e0-fc00-0022
[SwitchA-as-auth] whitelist mac-address 00e0-fc00-0033
[SwitchA-as-auth] quit

Step 4 Run the reset saved-configuration command to clear the configurations of ASs,
restart the ASs, and then connect ASs to the parent using cables. Subsequently, an
SVF system is set up.
NOTE

# After connecting cables, run the display as all command to check whether ASs
have connected to the SVF system.
[SwitchA] display as all
Total: 3, Normal: 3, Fault: 0, Idle: 0, Version mismatch: 0
--------------------------------------------------------------------------------
No. Type MAC IP State Name
--------------------------------------------------------------------------------
0 S5300-P-LI 00e0-fc00-0011 192.168.11.254 normal as1
1 S5300-P-LI 00e0-fc00-0022 192.168.11.253 normal as2
2 S5300-P-LI 00e0-fc00-0033 192.168.11.252 normal as3
--------------------------------------------------------------------------------

Sx300 Series Switches
Typical Configuration Examples 4 Typical Device Management Configuration

00e0-fc00-1100 0 XGE1/0/3 3 <-->0 GE0/0/28 00e0-fc00-0033

------------------------------------------------------------------------------
Total items displayed : 6

# Run the display uni-mng upgrade-info verbose command to view all AS

version information.
[SwitchA] display uni-mng upgrade-info verbose
The total number of AS is : 3
----------------------------------------------------------------------------
AS name : as1
Work status : NO-UPGRADE
Startup system-software : flash:/s5300-p-li.cc
Startup version : V200R009C00
Startup patch : --
Next startup system-software : --
Next startup patch : --
Download system-software : --
Download version : --
Download patch : --
Method : --
Upgrading phase : --
Last operation result : --
Error reason : --
Last operation time : --
----------------------------------------------------------------------------
AS name : as2
Work status : NO-UPGRADE
Startup system-software : flash:/s5300-p-li.cc
Startup version : V200R009C00
Startup patch : --
Next startup system-software : --
Next startup patch : --
Download system-software : --
Download version : --
Download patch : --
Method : --
Upgrading phase : --
Last operation result : --
Error reason : --
Last operation time : --
----------------------------------------------------------------------------
AS name : as3
Work status : NO-UPGRADE
Startup system-software : flash:/s5300-p-li.cc
Startup version : V200R009C00
Startup patch : --
Next startup system-software : --
Next startup patch : --
Download system-software : --
Download version : --
Download patch : --
Method : --
Upgrading phase : --
Last operation result : --
Error reason : --
Last operation time : --
----------------------------------------------------------------------------

Step 5 Configure service profiles and bind them to ASs.

# Configure an AS administrator profile and bind it to all ASs.
[SwitchA] uni-mng
[SwitchA-um] as-admin-profile name admin_profile
[SwitchA-um-as-admin-admin_profile] user asuser password YsHsjx_202206
[SwitchA-um-as-admin-admin_profile] quit
[SwitchA-um] as-group name admin_group
[SwitchA-um-as-group-admin_group] as name-include as
[SwitchA-um-as-group-admin_group] as-admin-profile admin_profile
[SwitchA-um-as-group-admin_group] quit

Sx300 Series Switches
Typical Configuration Examples 4 Typical Device Management Configuration

# Configure network basic profiles and bind them to AS ports.

[SwitchA-um] network-basic-profile name basic_profile
[SwitchA-um-net-basic-basic_profile] user-vlan 10
[SwitchA-um-net-basic-basic_profile] quit
[SwitchA-um] port-group name port_group
[SwitchA-um-portgroup-port_group] as name as1 interface all
[SwitchA-um-portgroup-port_group] as name as2 interface all
[SwitchA-um-portgroup-port_group] as name as3 interface all
[SwitchA-um-portgroup-port_group] network-basic-profile basic_profile
[SwitchA-um-portgroup-port_group] quit
[SwitchA-um] quit

# Configure a user access profile and bind it to all AS ports.

[SwitchA] dot1x-access-profile name 1
[SwitchA-dot1x-access-profile-1] quit
[SwitchA] authentication-profile name dot1x_auth
[SwitchA-authen-profile-dot1x_auth] dot1x-access-profile 1
[SwitchA-authen-profile-dot1x_auth] quit
[SwitchA] uni-mng
[SwitchA-um] user-access-profile name access_profile
[SwitchA-um-user-access-access_profile] authentication-profile dot1x_auth
[SwitchA-um-user-access-access_profile] quit
[SwitchA-um] port-group name port_group
[SwitchA-um-portgroup-port_group] user-access-profile access_profile
[SwitchA-um-portgroup-port_group] quit

# Commit the configurations so that the configurations in service profiles can be

delivered to ASs.
[SwitchA-um] commit as all
Warning: Committing the configuration will take a long time. Continue?[Y/N]: y

# Run the display uni-mng commit-result profile command to check whether

the configurations in service profiles have been delivered to ASs.
[SwitchA-um] display uni-mng commit-result profile
Result of profile:
--------------------------------------------------------------------------------
AS Name Commit Time Commit/Execute Result
--------------------------------------------------------------------------------
as1 2016-03-23 21:27:35 Success/Success
as2 2016-03-23 21:27:35 Success/Success
as3 2016-03-23 21:27:37 Success/Success
--------------------------------------------------------------------------------

When the Commit/Execute Result field in the command output displays Success/
Success for an AS, the configurations in service profiles have been delivered to the
AS.
Step 6 Log in to ASs to check the service configurations of the ASs. The following uses
the login to AS1 as example.
# Run the attach as name as-name command on the parent to log in to AS1 and
check whether the configured login user name and password are correct.
[SwitchA-um] attach as name as1
Info: Connecting to the remote AS now. Use the quit command to return to the user view.
Trying 192.168.11.254 ...
Press CTRL+K to abort
Connected to 192.168.11.254 ...

Info: The max number of VTY users is 10, and the number
of current VTY users on line is 1.
The current login time is 2016-03-25 22:31:18+00:00.
<HUAWEI>

# Check whether service configurations of AS ports are generated.

Sx300 Series Switches
Typical Configuration Examples 4 Typical Device Management Configuration

<HUAWEI> display current-configuration

......
#
interface Eth-Trunk0
port link-type hybrid
port hybrid tagged vlan 1 11
stp instance 0 cost 200
traffic-filter outbound acl 4998
traffic-limit outbound acl 3999 cir 128 pir 128 cbs 16000 pbs 16000
traffic-statistic outbound acl 3999
traffic-limit outbound acl 4999 cir 32 pir 32 cbs 4000 pbs 4000
traffic-statistic outbound acl 4999
mode lacp
mad detect mode relay
#
interface GigabitEthernet0/0/1
stp root-protection
authentication access-point
authentication dot1x
#
interface GigabitEthernet0/0/26
eth-trunk 0
broadcast-suppression 100
#
......

----End

Configuration Summary
1. You can configure service profiles and bind them to ASs before or after the
ASs connect to the SVF system. The AS service configuration mode includes
the pre-configured and non-pre-configured modes depending on the time
services are configured. Whatever configuration mode you use, you must run
the commit as { name as-name | all } command to commit the configuration
after completing it.
– Pre-configured mode: Before ASs connect to the SVF system, pre-
configure service profiles, bind them to the ASs, save the configuration on
the parent, and then run the commit as { name as-name | all }
command to commit the configuration. When the ASs connect to the SVF
system, configurations in the service profiles are automatically delivered
to the ASs.
– Non-pre-configured mode: After ASs connect to the SVF system,
configure service profiles, bind them to the ASs, and then run the
commit as { name as-name | all } command to commit the
configuration so that configurations in the service profiles can be
delivered to the ASs.
2. After the SVF function is enabled, the Spanning Tree Protocol (STP) and Link
Layer Discovery Protocol (LLDP) functions are enabled globally on the parent.
Pay attention to the following points when using the STP and LLDP functions
in an SVF system:
– You can disable the STP and LLDP functions only on ports, not globally.
– Do not disable the LLDP function on member ports of a fabric port.
Otherwise, the SVF topology will become abnormal.
3. After the SVF function is enabled, the parent will change STP to Rapid
Spanning Tree Protocol (RSTP) and set the priority of instance 0 to 28762
using the stp instance 0 priority 28672 command. Note that the priority of
instance 0 cannot be set to a value greater than 28672. After the SVF function

Sx300 Series Switches
Typical Configuration Examples 4 Typical Device Management Configuration

is disabled, the default priority of instance 0 is restored. When the SVF

function is enabled or disabled, STP recalculates the port roles and changes
the port status. Traffic on the ports will be interrupted temporarily.
4. The MAD relay function is automatically enabled on the Eth-Trunk to which a
downlink fabric port is bound, and the MAD function is automatically enabled
on the Eth-Trunk to which an uplink fabric port is bound to perform MAD in
an AS that is a stack. When the standby switch in the AS is removed, MAD
cannot be performed because the standby switch restarts automatically
without saving the configuration.
5. To prevent the SVF function from being affected, do not perform MIB
operations to modify the configuration automatically generated in an SVF
system, for example, the configuration of STP, LLDP, and Eth-Trunk to which a
fabric port is bound.
6. On the parent, there may be a delay in displaying the output of some
commands executed on ASs, including the patch delete all and patch load
filename all [ active | run ] commands.
7. In an SVF system, the maximum frame length allowed by ports cannot be
configured on an AS. Therefore, the maximum frame length is the default
value 9216 (including the CRC field).
8. Internal attacks of a management VLAN will cause ASs to disconnect from
the SVF system. You need to error down the attacked ports or remove the
ports from the management VLAN after identifying the attack source.
9. After an AS disconnects from the SVF system, in versions earlier than
V200R012C00, all downlink ports of the AS will be error down. In
V200R012C00 and later versions, to ensure that downlink networks of the AS
can communicate with each other, downlink ports of the AS will not be error
down.
10. Configured Control and Provisioning of Wireless Access Points (CAPWAP)
tunnel parameters apply to the SVF system. To ensure that the CAPWAP
tunnel of the SVF system works normally, you are advised to retain the
default CAPWAP tunnel parameters.
11. In the SVF system, network access rights available before users pass network
admission control (NAC) authentication can be authorized through
authentication-free rules instead of a user control list (UCL) group.
12. SVF does not support built-in Portal servers.

Parent Configuration File (configuration in V200R011C10 as an example)

Sx300 Series Switches
Typical Configuration Examples 4 Typical Device Management Configuration

dhcp select interface

dhcp server option 43 ip-address 192.168.11.1
#
interface Eth-Trunk1
port link-type hybrid
port hybrid tagged vlan 1 10 to 11
stp root-protection
stp edged-port disable
mode lacp
mad relay
#
interface Eth-Trunk2
port link-type hybrid
port hybrid tagged vlan 1 10 to 11
stp root-protection
stp edged-port disable
mode lacp
mad relay
#
interface Eth-Trunk3
port link-type hybrid
port hybrid tagged vlan 1 10 to 11
stp root-protection
stp edged-port disable
mode lacp
mad relay
#
interface XGigabitEthernet0/0/1
eth-trunk 1
#
interface XGigabitEthernet0/0/2
eth-trunk 2
#
interface XGigabitEthernet0/0/3
eth-trunk 3
#
interface XGigabitEthernet0/0/4
mad detect mode direct
#
interface XGigabitEthernet1/0/1
eth-trunk 1
#
interface XGigabitEthernet1/0/2
eth-trunk 2
#
interface XGigabitEthernet1/0/3
eth-trunk 3
#
interface XGigabitEthernet1/0/4
mad detect mode direct
#
capwap source interface vlanif11
#
as-auth
whitelist mac-address 00e0-fc00-0011
whitelist mac-address 00e0-fc00-0022
whitelist mac-address 00e0-fc00-0033
#
uni-mng
as name as1 model S5300-28P-LI-AC mac-address 00e0-fc00-0011 //Check whether the AS configuration
and ports connected to the ASs are correct.
as name as2 model S5300-28P-LI-AC mac-address 00e0-fc00-0022
as name as3 model S5300-28P-LI-AC mac-address 00e0-fc00-0033
interface fabric-port 1
port member-group interface Eth-Trunk 1
interface fabric-port 2
port member-group interface Eth-Trunk 2
interface fabric-port 3
port member-group interface Eth-Trunk 3

Sx300 Series Switches
Typical Configuration Examples 4 Typical Device Management Configuration

as-admin-profile name admin_profile //Check the administrator profile configuration.

user asuser password %^%#Ky,WNqWh_DZ[(V96yvSEph)VLMc/+U}>]i2:"9n:%^%#
network-basic-profile name basic_profile //Check the network basic profile configuration.
user-vlan 10
user-access-profile name access_profile //Check the user access profile configuration.
authentication-profile dot1x_auth
as-group name admin_group //Check whether an AS group has been created and bound to the
AS administrator profile.
as-admin-profile admin_profile
as name as1
as name as2
as name as3
port-group name port_group //Check whether the port group has been bound to service profiles
and whether ports connected to ASs have been added to the port group.
network-basic-profile basic_profile
user-access-profile access_profile
as name as1 interface GigabitEthernet 0/0/1 to 0/0/24
as name as2 interface GigabitEthernet 0/0/1 to 0/0/24
as name as3 interface GigabitEthernet 0/0/1 to 0/0/24
#
dot1x-access-profile name 1
#
return

4.3.7 Example for Configuring Services for ASs

AS Service Configuration Overview

In an SVF system, two AS service configuration modes are available: centralized
mode and independent mode. The two modes cannot be used on the same AS.

In centralized mode, all service configurations for ASs are performed on the
parent. Therefore, which services can be configured on ASs depends on the
services that can be configured on the parent, but not depend on the services
supported by a standalone access switch.

Table 4-23 Configurations in centralized mode

Method Description

Global Configure service functions in the uni-mng view of the parent

Direct Run the direct-command command on the parent to directly

configura deliver configurations to an AS. These configurations will take effect
tion on the AS immediately.

Sx300 Series Switches
Typical Configuration Examples 4 Typical Device Management Configuration

In independent mode, you can log in to an AS to configure services on the AS

Precautions
● Not all services can be configured on an AS. For the services that can be
configured on an AS, see 4.3.1.3 SVF Service Deployment Limitations.
● In versions earlier than V200R020C00, you do not need to configure an AS
administrator before configuring services for an AS in centralized mode. In
V200R020C00 and later versions, before configuring services for an AS in
centralized mode, configure an AS administrator and deliver the configuration
to the AS.
● Before configuring services for an AS, ensure that the AS has gone online.
● In this example, services for ASs are configured in centralized mode.

Networking Requirements
As shown in Figure 4-42, to facilitate management and configuration of a new
campus network, devices at the access, aggregation, and core layers have set up
an SVF system. In this system, two core switches set up a CSS and function as the
parent, aggregation switches function as level-1 ASs, and access switches function
as level-2 ASs. The gateway is deployed on the parent. You need to perform the
following operations on the parent to configure services for ASs:
● Configure the administrator user name and password for each AS.
● Add interfaces on each AS to VLANs.
● Connect an access switch to a server using an Eth-Trunk.
● Set the authentication mode for PCs and printers to MAC address
authentication.
● Configure traffic suppression, traffic rate limiting, and port security for ASs to
improve security.
● Configure descriptions for AS interfaces to identify the interface usage.
In this example, the S9300 functions as the parent, the S5320-28P-SI-AC functions
as a level-1 AS, and the S5320-12TP-LI-AC functions as a level-2 AS.

Sx300 Series Switches
Typical Configuration Examples 4 Typical Device Management Configuration

Figure 4-42 SVF networking

Data Plan
Item Data Description

VLAN used VLAN 20, VLAN 30, VLAN 40, -

for user and VLAN 50
communic
ation

Eth-Trunk Eth-Trunk10 This interface cannot be a fabric

interface port in the SVF system.
connecting
access
switches to
servers

AS Group AS group admin_group, -

containing all ASs in the SVF
system.

Sx300 Series Switches
Typical Configuration Examples 4 Typical Device Management Configuration

Item Data Description

Port Group ● Port group port_group_1, -

containing GE0/0/2 on AS 4.
● Port group port_group_2,
containing GE0/0/3 on AS 4.
● Port group port_group_3,
containing GE0/0/2 and
GE0/0/3 on AS 5.
● Port group port_group_4,
containing GE0/0/4 on AS 5.

AS Administrator profile Bind the administrator profile

administra admin_profile, in which the admin_profile to the AS group
tor profile administrator user name and admin_group.
password are configured

Network ● Network basic profile ● Bind network basic profile

basic basic_profile_1, in which the basic_profile_1 to port
profile default VLAN is set to VLAN group port_group_1.
20. ● Bind network basic profile
● Network basic profile basic_profile_2 to port
basic_profile_2, in which the group port_group_2.
default VLAN is set to VLAN ● Bind network basic profile
30. basic_profile_3 to port
● Network basic profile group port_group_3.
basic_profile_3, in which the ● Bind network basic profile
default VLAN is set to VLAN basic_profile_4 to port
40. group port_group_4.
● Network basic profile
basic_profile_4, in which the
default VLAN is set to VLAN
50.

Network ● Network enhanced profile ● Bind network enhanced

enhanced network_profile_1, in which profile network_profile_1 to
profile traffic suppression and traffic port_group_1 and
rate limiting are configured. port_group_2.
● Network enhanced profile ● Bind network enhanced
network_profile_2, in which profile network_profile_2 to
port security is configured. port_group_4.

User User access profile Bind user access profile

access access_profile_1, in which the access_profile_1 to
profile user access authentication port_group_1, port_group_2,
mode is set to MAC address and port_group_4.
authentication.

Sx300 Series Switches
Typical Configuration Examples 4 Typical Device Management Configuration

Configuration Roadmap
1. Configure the user name and password of the AS administrator in an AS
administrator profile.
2. Create an Eth-Trunk interface for a level-2 AS to connect to a server and add
physical interfaces to this Eth-Trunk interface.
3. Configure a description for each interface to identify the interface usage.
4. Configure VLANs on ASs in batches.
5. Add interfaces to VLANs using network basic profiles.
6. Configure traffic suppression and traffic rate limiting in a network enhanced
profile.
7. Configure port security in a network enhanced profile and set the maximum
number of secure MAC addresses that can be learned on an interface.
8. Configure the user authentication mode in a user access profile.

Procedure
NOTE

After the configuration is complete, run the commit as { name as-name | all } command in
the uni-mng view to commit the configuration so that the configuration can be delivered to
ASs and take effect.
1. Run the display as all command to check whether each AS has gone online.
If the value of State of an AS is normal, the AS goes online normally.
<Quidway> display as all
Total: 4, Normal: 4, Fault: 0, Idle: 0, Version mismatch: 0
--------------------------------------------------------------------------------
No. Type MAC IP State Name
--------------------------------------------------------------------------------
0 S5320-SI 00e0-fc00-0011 192.168.11.254 normal as1
1 S5320-SI 00e0-fc00-0022 192.168.11.253 normal as2
2 S5320-SI 00e0-fc00-0033 192.168.11.252 normal as3
3 S5320-LI 00e0-fc00-0044 192.168.11.251 normal as4
4 S5320-LI 00e0-fc00-0055 192.168.11.250 normal as5
--------------------------------------------------------------------------------
2. Configure the user name and password of the AS administrator in an AS
administrator profile.
After the user name and password are configured for an AS, you need to
enter the user name and password when logging in to the AS through the
console port. However, when running the attach as command on the parent
to log in to an AS, you can automatically log in to the AS without entering
the user name and password of the AS administrator.
<Quidway> system-view
[Quidway] sysname Parent
[Parent] uni-mng
[Parent-um] as-admin-profile name admin_profile // Create an AS administrator profile.
[Parent-um-as-admin-admin_profile] user asuser password YsHsjx_202206 // Configure the user
name and password of the AS administrator in the AS administrator profile.
[Parent-um-as-admin-admin_profile] quit
[Parent-um] as-group name admin_group // Create an AS group.
[Parent-um-as-group-admin_group] as name-include as // Add ASs of which the name contains as
to the AS group.
[Parent-um-as-group-admin_group] as-admin-profile admin_profile // Bind the AS administrator
profile to the AS group.
[Parent-um-as-group-admin_group] quit
3. Create an Eth-Trunk interface on AS 5 and add physical interfaces to the Eth-
Trunk interface.

Sx300 Series Switches
Typical Configuration Examples 4 Typical Device Management Configuration

[Parent-um] as name as5

[Parent-um-as-as5] uni eth-trunk 10 // Create an Eth-Trunk interface on AS 5.
[Parent-um-as-as5] port eth-trunk 10 trunkmember interface GigabitEthernet 0/0/2 // Add
interfaces to the Eth-Trunk interface.
[Parent-um-as-as5] port eth-trunk 10 trunkmember interface GigabitEthernet 0/0/3
[Parent-um-as-as5] quit

4. Configure a description for each interface on AS 4 and AS 5.

[Parent-um] as name as4
[Parent-um-as-as4] direct-command view GigabitEthernet 0/0/2 command description connect-
to-pc1
[Parent-um-as-as4] direct-command view GigabitEthernet 0/0/3 command description connect-
to-pc2
[Parent-um-as-as4] quit
[Parent-um] as name as5
[Parent-um-as-as5] direct-command view Eth-Trunk 10 command description connect-to-server
[Parent-um-as-as5] direct-command view GigabitEthernet 0/0/4 command description connect-
to-printer
[Parent-um-as-as5] quit

5. Create VLANs for ASs in batches.

[Parent-um] as service-vlan authorization 20 30 40 50 // Create VLANs on ASs.

6. Create network basic profiles to add interfaces on ASs to VLANs.

# Create network basic profiles.
[Parent-um] network-basic-profile name basic_profile_1 // Create a network basic profile.
[Parent-um-net-basic-basic_profile_1] user-vlan 20 // Configure the default VLAN in the
network basic profile.
[Parent-um-net-basic-basic_profile_1] quit
[Parent-um] network-basic-profile name basic_profile_2
[Parent-um-net-basic-basic_profile_2] user-vlan 30
[Parent-um-net-basic-basic_profile_2] quit
[Parent-um] network-basic-profile name basic_profile_3
[Parent-um-net-basic-basic_profile_3] user-vlan 40
[Parent-um-net-basic-basic_profile_3] quit
[Parent-um] network-basic-profile name basic_profile_4
[Parent-um-net-basic-basic_profile_4] user-vlan 50
[Parent-um-net-basic-basic_profile_4] quit

# Configure port groups and bind a network basic profile to each port group.
[Parent-um] port-group name port_group_1 // Create a port group.
[Parent-um-portgroup-port_group_1] as name as4 interface gigabitethernet 0/0/2 // Add the port
on AS 4 to the port group.
[Parent-um-portgroup-port_group_1] network-basic-profile basic_profile_1 // Bind the network
basic profile basic_profile_1 to this port group.
[Parent-um-portgroup-port_group_1] quit
[Parent-um] port-group name port_group_2
[Parent-um-portgroup-port_group_2] as name as4 interface gigabitethernet 0/0/3
[Parent-um-portgroup-port_group_2] network-basic-profile basic_profile_2
[Parent-um-portgroup-port_group_2] quit
[Parent-um] port-group name port_group_3
[Parent-um-portgroup-port_group_3] as name as5 interface eth-trunk 10
[Parent-um-portgroup-port_group_3] network-basic-profile basic_profile_3
[Parent-um-portgroup-port_group_3] quit
[Parent-um] port-group name port_group_4
[Parent-um-portgroup-port_group_4] as name as5 interface gigabitethernet 0/0/4
[Parent-um-portgroup-port_group_4] network-basic-profile basic_profile_4
[Parent-um-portgroup-port_group_4] quit

7. Create a network enhanced profile to configure traffic suppression and traffic

rate limiting.
# Create a network enhanced profile.
[Parent-um] network-enhanced-profile name network_profile_1 // Create a network enhanced
profile.
[Parent-um-net-enhanced-profile_1] broadcast-suppression packets 1488000 // Configure traffic
suppression.
[Parent-um-net-enhanced-profile_1] multicast-suppression packets 1488000
[Parent-um-net-enhanced-profile_1] unicast-suppression packets 1488000 // Configure traffic rate
limiting.

Sx300 Series Switches
Typical Configuration Examples 4 Typical Device Management Configuration

[Parent-um-net-enhanced-profile_1] rate-limit 10000

[Parent-um-net-enhanced-profile_1] quit
# Bind the network enhanced profile to the desired port group.
[Parent-um] port-group name port_group_1
[Parent-um-portgroup-port_group_1] network-enhanced-profile network_profile_1 // Bind the
network enhanced profile network_profile_1 to port_group_1.
[Parent-um-portgroup-port_group_1] quit
[Parent-um] port-group name port_group_2
[Parent-um-portgroup-port_group_2] network-enhanced-profile network_profile_1
[Parent-um-portgroup-port_group_2] quit
8. Create a network enhanced profile to configure port security. Port security can
be configured only in V200R019C00 and later versions.
# Configure port security in the network enhanced profile.
[Parent-um] network-enhanced-profile name network_profile_2
[Parent-um-net-enhanced-profile_2] port-security enable
[Parent-um-net-enhanced-profile_2] quit
# Bind the network enhanced profile to the desired port group.
[Parent-um] port-group name port_group_4
[Parent-um-portgroup-port_group_4] network-enhanced-profile network_profile_2
[Parent-um-portgroup-port_group_4] quit
[Parent-um] commit as all // You can set the maximum number of secure MAC addresses that can
be learned on an interface after the preceding configuration is delivered to ASs.
Warning: Committing the configuration will take a long time. Continue? [Y/
N]:y
Info: This operation may take a few seconds. Please wait...
# Set the maximum number of secure MAC addresses that can be learned on
an interface.
[Parent-um] as name as5
[Parent-um-as-as5] direct-command view GigabitEthernet 0/0/4 command port-security max-
mac-num 5
[Parent-um-as-as5] quit
[Parent-um] quit
9. Configure the user authentication mode in a user access profile.
# Create and configure a RADIUS server profile.
[Parent] radius-server template test // Create a RADIUS server profile named test.
[Parent-radius-test] radius-server authentication 192.168.100.182 1812 // Configure the IP address
and port number of the RADIUS authentication server.
[Parent-radius-test] radius-server accounting 192.168.100.182 1813 // Configure the IP address and
port number of the RADIUS accounting server.
[Parent-radius-test] radius-server shared-key cipher YsHsjx_202206 // Configure a RADIUS shared
key.
[Parent-radius-test] quit
# Configure an authentication scheme.
[Parent] aaa
[Parent-aaa] authentication-scheme radius // Create an AAA authentication scheme named radius.
[Parent-aaa-authen-radius] authentication-mode radius // Configure RADIUS authentication.
[Parent-aaa-authen-radius] quit
# Create an AAA domain and configure the RADIUS server profile and
authentication scheme.
[Parent-aaa] domain default // Cnfigure the default authentication domain.
[Parent-aaa-domain-default] authentication-scheme radius // Bind AAA authentication scheme
radius to the default domain.
[Parent-aaa-domain-default] radius-server test // Bind RADIUS server profile test to the default
domain.
[Parent-aaa-domain-default] quit
[Parent-aaa] quit
# Configure a MAC access profile.
[Parent] mac-access-profile name mac_1 // Create a MAC access profile.
[Parent-mac-access-profile-mac_1] quit
[Parent] authentication-profile name mac_auth // Create an authentication profile named
mac_auth.

Sx300 Series Switches
Typical Configuration Examples 4 Typical Device Management Configuration

[Parent-authen-profile-mac_auth] mac-access-profile mac_1 // Bind the MAC access profile to the

authentication profile.
[Parent-authen-profile-mac_auth] quit

# Bind the user access profile to the desired port group.

[Parent] uni-mng
[Parent-um] user-access-profile name mac_access_profile // Create a user access profile.
[Parent-um-user-access-mac_access_profile] authentication-profile mac_auth // Bind the
authentication profile mac_auth to the user access profile.
[Parent-um-user-access-mac_access_profile] quit
[Parent-um] port-group name port_group_1
[Parent-um-portgroup-port_group_1] user-access-profile mac_access_profile // Bind the user access
profile to port_group_1.
[Parent-um-portgroup-port_group_1] quit
[Parent-um] port-group name port_group_2
[Parent-um-portgroup-port_group_2] user-access-profile mac_access_profile
[Parent-um-portgroup-port_group_2] quit
[Parent-um] port-group name port_group_4
[Parent-um-portgroup-port_group_4] user-access-profile mac_access_profile
[Parent-um-portgroup-port_group_4] quit
[Parent-um] commit as all // Deliver the configuration to ASs.
Warning: Committing the configuration will take a long time. Continue? [Y/
N]:y
Info: This operation may take a few seconds. Please wait...

10. Log in to ASs to check their service configurations. The following uses AS 4 as
an example.
# On the parent, run the attach as name as-name command to log in to AS
4. You can run the quit command to log out the AS after a successful login.
[Parent-um] attach as name as4
Info: Connecting to the remote AS now. Use the quit command to return to the user
view.
Trying 192.168.11.72 ...
Press CTRL+K to abort
Connected to 192.168.11.72 ...

Info: The max number of VTY users is 10, and the

number
of current VTY users on line is 1.
The current login time is 2020-07-21
08:34:21+00:00.
Info: Lastest accessed IP: Invalid IP address Time: 2020-07-21 07:45:50 Failed: 0
<as4>

# Check whether interface configurations on the AS are generated.

<as4> display current-configuration
......
#
interface Eth-Trunk0
port link-type hybrid
port hybrid tagged vlan 1 11 20 30 40
50
stp instance 0 cost 200
traffic-filter outbound acl 4998
traffic-limit outbound acl 3999 cir 128 pir 128 cbs 16000 pbs
16000
traffic-statistic outbound acl 3999
traffic-limit outbound acl 4999 cir 32 pir 32 cbs 4000 pbs
4000
traffic-statistic outbound acl 4999
mode lacp
mad detect mode relay
#
interface Eth-Trunk10
description connect-to-server
port link-type hybrid
port hybrid pvid vlan 40
port hybrid tagged vlan 1

Sx300 Series Switches
Typical Configuration Examples 4 Typical Device Management Configuration

port hybrid untagged vlan 40

stp root-protection
mixed-rate link enable
#
interface GigabitEthernet0/0/1
stp root-protection
#
......
# Run the display authentication interface interface-type interface-number
command on the AS to check whether the access authentication configuration
is delivered.
<as4> display authentication interface gigabitEthernet 0/0/4
Authentication profile: authentication-
profile
Authentication access-point: Enable
Authentication access-point max-user:
-
Port authentication order:
MAC

Parent Configuration File

#
sysname Parent
#
vlan batch 11
#
stp mode rstp
stp instance 0 priority 28672
#
authentication-profile name mac_auth
mac-access-profile mac_1
#
dhcp enable
#
radius-server template test
radius-server shared-key cipher %^%#e33GK([auIJQ+54M/i7>u5!/M8*A%0]~a@FQ,41K%^%#
radius-server authentication 192.168.100.182 1812 weight 80
radius-server accounting 192.168.100.182 1813 weight 80
#
aaa
authentication-scheme radius
authentication-mode radius
domain default
authentication-scheme radius
radius-server test
#
interface Vlanif11
ip address 192.168.11.1 255.255.255.0
dhcp select interface
dhcp server option 43 ip-address 192.168.11.1
#
interface Eth-Trunk1
port link-type hybrid
port hybrid tagged vlan 1 11 20 30 40 50
stp root-protection
stp edged-port disable
mode lacp
mad relay
#
interface Eth-Trunk2
port link-type hybrid
port hybrid tagged vlan 1 11 20 30 40 50
stp root-protection
stp edged-port disable
mode lacp
mad relay
#

Sx300 Series Switches
Typical Configuration Examples 4 Typical Device Management Configuration

interface Eth-Trunk3
port link-type hybrid
port hybrid tagged vlan 1 11 20 30 40 50
stp root-protection
stp edged-port disable
mode lacp
mad relay
#
interface GigabitEthernet1/1/0/1
eth-trunk 1
#
interface GigabitEthernet1/1/0/2
eth-trunk 2
#
interface GigabitEthernet1/1/0/3
eth-trunk 3
#
interface GigabitEthernet1/2/0/1
mad detect mode direct
#
interface GigabitEthernet2/1/0/1
eth-trunk 1
#
interface GigabitEthernet2/1/0/2
eth-trunk 2
#
interface GigabitEthernet2/1/0/3
eth-trunk 3
#
interface GigabitEthernet2/2/0/1
mad detect mode direct
#
capwap source interface vlanif11
#
as-auth
whitelist mac-address 00e0-fc00-0011
whitelist mac-address 00e0-fc00-0022
whitelist mac-address 00e0-fc00-0033
whitelist mac-address 00e0-fc00-0044
whitelist mac-address 00e0-fc00-0055
#
uni-mng
as name as1 model S5320-28P-SI-AC mac-address 00e0-fc00-0011
down-direction fabric-port 4 member-group interface Eth-Trunk 4
port Eth-Trunk 4 trunkmember interface GigabitEthernet 0/0/23
port Eth-Trunk 4 trunkmember interface GigabitEthernet 0/0/24
as name as2 model S5320-28P-SI-AC mac-address 00e0-fc00-0022
as name as3 model S5320-28P-SI-AC mac-address 00e0-fc00-0033
down-direction fabric-port 5 member-group interface Eth-Trunk 5
port Eth-Trunk 5 trunkmember interface GigabitEthernet 0/0/23
port Eth-Trunk 5 trunkmember interface GigabitEthernet 0/0/24
as name as4 model S5320-12TP-LI-AC mac-address 00e0-fc00-0044
as name as5 model S5320-12TP-LI-AC mac-address 00e0-fc00-0055
uni eth-trunk 10
port eth-trunk 10 trunkmember interface GigabitEthernet 0/0/2
port eth-trunk 10 trunkmember interface GigabitEthernet 0/0/3
direct-command view GigabitEthernet 0/0/2 command description connect-to-pc1
direct-command view GigabitEthernet 0/0/3 command description connect-to-pc2
direct-command view Eth-Trunk 10 command description connect-to-server
direct-command view GigabitEthernet 0/0/4 command description connect-to-printer
direct-command view GigabitEthernet 0/0/4 command port-security max-mac-num 5
interface fabric-port 1
port member-group interface Eth-Trunk 1
interface fabric-port 2
port member-group interface Eth-Trunk 2
interface fabric-port 3
port member-group interface Eth-Trunk 3
as service-vlan authorization 20 30 40 50
as-admin-profile name admin_profile

Sx300 Series Switches
Typical Configuration Examples 4 Typical Device Management Configuration

user asuser password %^%#89K0/.3zL)ytd>4S6DRA]EF1DLRzEQ6|m.P\z8*!%^%#

network-basic-profile name basic_profile_1
user-vlan 20
network-basic-profile name basic_profile_2
user-vlan 30
network-basic-profile name basic_profile_3
user-vlan 40
network-basic-profile name basic_profile_4
user-vlan 50
network-enhanced-profile name network_profile_1
broadcast-suppression packets 1488000
multicast-suppression packets 1488000
unicast-suppression packets 1488000
rate-limit 10000
network-enhanced-profile name network_profile_2
port-security enable
user-access-profile name mac_access_profile
authentication-profile mac_auth
as-group name admin_group
as-admin-profile admin_profile
as name as1
as name as2
as name as3
as name as4
as name as5
port-group name port_group_1
network-basic-profile basic_profile_1
network-enhanced-profile network_profile_1
user-access-profile mac_access_profile
as name as5 interface GigabitEthernet 0/0/2
port-group name port_group_2
network-basic-profile basic_profile_2
network-enhanced-profile network_profile_1
user-access-profile mac_access_profile
as name as5 interface GigabitEthernet 0/0/3
port-group name port_group_3
network-basic-profile basic_profile_3
as name as5 interface Eth-Trunk 10
port-group name port_group_4
network-basic-profile basic_profile_4
network-enhanced-profile network_profile_2
user-access-profile mac_access_profile
as name as5 interface GigabitEthernet 0/0/4
#
mac-access-profile name mac_1
mac-access-profile name mac_access_profile
#
return

(TTI) ReadyAimFreeze Pro - Indicator by TintinTrading - TradingView
100% (1)
(TTI) ReadyAimFreeze Pro - Indicator by TintinTrading - TradingView
4 pages
AI Full Notes
50% (2)
AI Full Notes
81 pages
Big Data Fundamentals
100% (2)
Big Data Fundamentals
235 pages
Sap Basis Work Processes
No ratings yet
Sap Basis Work Processes
3 pages
OMB Form 1 - Application For Ombudsman Clearance
No ratings yet
OMB Form 1 - Application For Ombudsman Clearance
1 page
Chapter 11. Web Scraping
100% (1)
Chapter 11. Web Scraping
57 pages
Networks 511 2021
No ratings yet
Networks 511 2021
147 pages
Stacking-5735 - Huawei
No ratings yet
Stacking-5735 - Huawei
5 pages
Mobile Phones Database by Teoalida SAMPLE
No ratings yet
Mobile Phones Database by Teoalida SAMPLE
57 pages
S1700, S2720, S5700, and S6700 V200R020C00 Alarm Handling
No ratings yet
S1700, S2720, S5700, and S6700 V200R020C00 Alarm Handling
1,924 pages
Coke Template
No ratings yet
Coke Template
30 pages
UserManual warpPLS.7 - 0
No ratings yet
UserManual warpPLS.7 - 0
141 pages
User Guide: Dragonlink V3 Advanced Complete System Dragonlink Osd
No ratings yet
User Guide: Dragonlink V3 Advanced Complete System Dragonlink Osd
71 pages
S1720, S2700, S5700, and S6720 V200R011C10 Configuration Guide - Ethernet Switching
No ratings yet
S1720, S2700, S5700, and S6720 V200R011C10 Configuration Guide - Ethernet Switching
1,274 pages
BIXOLON Utility: Software Manual
No ratings yet
BIXOLON Utility: Software Manual
32 pages
CC - Week 6 - IaaS
No ratings yet
CC - Week 6 - IaaS
51 pages
S300, S500, S2700, S5700, and S6700 V200R020C10 Configuration Guide - IP Unicast Routing
No ratings yet
S300, S500, S2700, S5700, and S6700 V200R020C10 Configuration Guide - IP Unicast Routing
1,090 pages
How JVM Works - JVM Architecture?: Class Loader Subsystem
No ratings yet
How JVM Works - JVM Architecture?: Class Loader Subsystem
5 pages
B 169 STCK MGR Ha 3850
No ratings yet
B 169 STCK MGR Ha 3850
82 pages
Configuration Guide - Ethernet Switching
100% (1)
Configuration Guide - Ethernet Switching
1,226 pages
01-06 Typical Ethernet Switching Configuration
No ratings yet
01-06 Typical Ethernet Switching Configuration
222 pages
IDeliverable - Writing An Orchard Webshop Module From Scratch - Part 4
No ratings yet
IDeliverable - Writing An Orchard Webshop Module From Scratch - Part 4
41 pages
01-02 Campus Networks Typical Configuration Examples
No ratings yet
01-02 Campus Networks Typical Configuration Examples
899 pages
Linux WSL Key Evidence Examples
No ratings yet
Linux WSL Key Evidence Examples
33 pages
2024 Mdpi Sensors
No ratings yet
2024 Mdpi Sensors
21 pages
Extreme Networks Module 06 EXOS Stacking
100% (2)
Extreme Networks Module 06 EXOS Stacking
42 pages
PHP Variables
No ratings yet
PHP Variables
4 pages
S300, S500, S2700, S5700, and S6700 V200R020C10 Configuration Guide - Basic Configuration
No ratings yet
S300, S500, S2700, S5700, and S6700 V200R020C10 Configuration Guide - Basic Configuration
447 pages
01 04 Chassis
No ratings yet
01 04 Chassis
364 pages
07 Eth-Trunk Istack and CSS
No ratings yet
07 Eth-Trunk Istack and CSS
48 pages
01-09 Stack Configuration
No ratings yet
01-09 Stack Configuration
182 pages
Interview
No ratings yet
Interview
51 pages
Module 1 Networking Fundamentals
No ratings yet
Module 1 Networking Fundamentals
104 pages
01-04 Chassis
No ratings yet
01-04 Chassis
433 pages
Sx300 Series Switches Typical Configuration Examples
100% (1)
Sx300 Series Switches Typical Configuration Examples
1,462 pages
Implementing Laravel Framework For E-Commerce: Case Study at Indonesian Farmer Shop Center
No ratings yet
Implementing Laravel Framework For E-Commerce: Case Study at Indonesian Farmer Shop Center
7 pages
Practice Questions - Comp
No ratings yet
Practice Questions - Comp
4 pages
01-05 Typical Ethernet Switching Configuration
No ratings yet
01-05 Typical Ethernet Switching Configuration
103 pages
Sample
No ratings yet
Sample
16 pages
S6720 V200R008C00 Configuration Guide - Interface Management
No ratings yet
S6720 V200R008C00 Configuration Guide - Interface Management
101 pages
JDBC Programs
No ratings yet
JDBC Programs
15 pages
Https - Shellystore - Co.uk - Wp-Content - Uploads - 2022 - 02 - Shelly - TRV - User - Guide - EN
No ratings yet
Https - Shellystore - Co.uk - Wp-Content - Uploads - 2022 - 02 - Shelly - TRV - User - Guide - EN
2 pages
Huawei eKitEngine S620-24T16X8Y2CZ Switch Datasheet
No ratings yet
Huawei eKitEngine S620-24T16X8Y2CZ Switch Datasheet
7 pages
Huawei s6720 Hi Datasheet
No ratings yet
Huawei s6720 Hi Datasheet
8 pages
CN Unit 1
No ratings yet
CN Unit 1
26 pages
Notes of CAAL by Bhavy Sharma
No ratings yet
Notes of CAAL by Bhavy Sharma
22 pages
01-04 Link Aggregation Configuration
No ratings yet
01-04 Link Aggregation Configuration
77 pages
16 Stack and CSS Features of Switches
No ratings yet
16 Stack and CSS Features of Switches
59 pages
Final Paper
No ratings yet
Final Paper
8 pages
MS Word
No ratings yet
MS Word
2 pages
S1720, S2700, S5700, and S6720 V200R011C10 Configuration Guide - Interface Management
No ratings yet
S1720, S2700, S5700, and S6720 V200R011C10 Configuration Guide - Interface Management
121 pages
S2300&S3300 V100R006C05 Configuration Guide - IP Multicast PDF
No ratings yet
S2300&S3300 V100R006C05 Configuration Guide - IP Multicast PDF
276 pages
Abeba
No ratings yet
Abeba
17 pages
01-02 Device Management
No ratings yet
01-02 Device Management
138 pages
Hemant Kulkarni: Work Experience Skills
No ratings yet
Hemant Kulkarni: Work Experience Skills
1 page
Yagya's - Resume (.Net Developer)
No ratings yet
Yagya's - Resume (.Net Developer)
1 page
Link Layer - ALOHA, Multiple Access Protocols, IEEE...
No ratings yet
Link Layer - ALOHA, Multiple Access Protocols, IEEE...
5 pages
Cisco Catalyst 2960-S, 2960-X, and 2960-Xr Stacking With Flexstack and Flexstack-Plus Technology: Description, Usage, and Best Practices
No ratings yet
Cisco Catalyst 2960-S, 2960-X, and 2960-Xr Stacking With Flexstack and Flexstack-Plus Technology: Description, Usage, and Best Practices
25 pages
Switch Stacking - ArubaOS Switch PDF
No ratings yet
Switch Stacking - ArubaOS Switch PDF
41 pages
11 Eth-Trunki Stackand CSS
No ratings yet
11 Eth-Trunki Stackand CSS
44 pages
Advanced Computer Network
No ratings yet
Advanced Computer Network
11 pages
01-03 Logical Interface Configuration
No ratings yet
01-03 Logical Interface Configuration
10 pages
S300, S500, S2700, S5700, and S6700 V200R023C00 Configuration Guide - Interface Management
No ratings yet
S300, S500, S2700, S5700, and S6700 V200R023C00 Configuration Guide - Interface Management
123 pages
01-08 Typical Routing Configuration
No ratings yet
01-08 Typical Routing Configuration
45 pages
20 Introductionto SDNand NFV
No ratings yet
20 Introductionto SDNand NFV
50 pages
BCA Set 1
No ratings yet
BCA Set 1
2 pages
01-03 Link Aggregation Configuration
No ratings yet
01-03 Link Aggregation Configuration
74 pages
Smart-Notes 45
No ratings yet
Smart-Notes 45
3 pages
01-01 Basic Configuration For Interfaces
No ratings yet
01-01 Basic Configuration For Interfaces
12 pages
Module 6
No ratings yet
Module 6
10 pages
07+Eth-Trunk+iStack+and+CSS
No ratings yet
07+Eth-Trunk+iStack+and+CSS
48 pages
EN02 Technical Fundamentals of Data Communications Networks
No ratings yet
EN02 Technical Fundamentals of Data Communications Networks
59 pages
Huawei S6720-HI Series Switches Product Brochure
No ratings yet
Huawei S6720-HI Series Switches Product Brochure
9 pages
11 Eth-Trunk Istack and CSS
No ratings yet
11 Eth-Trunk Istack and CSS
48 pages
01-01 Product Characteristics
No ratings yet
01-01 Product Characteristics
7 pages
Computer Science Undergraduate Study
No ratings yet
Computer Science Undergraduate Study
1 page
00-2 About This Document
No ratings yet
00-2 About This Document
4 pages
00-2 About This Document
No ratings yet
00-2 About This Document
4 pages
HUAWEI S Series Switches After-Sales Documentation Bookshelf (Enterprise)
No ratings yet
HUAWEI S Series Switches After-Sales Documentation Bookshelf (Enterprise)
37 pages
Quidway S5300 Series Manual
No ratings yet
Quidway S5300 Series Manual
46 pages
Huawei S6720-HI Series Switches Brochure
No ratings yet
Huawei S6720-HI Series Switches Brochure
8 pages
Switch Stacking
No ratings yet
Switch Stacking
7 pages
HCS-Field-R&S V1.1 Training Materials (March.4,2016)
No ratings yet
HCS-Field-R&S V1.1 Training Materials (March.4,2016)
821 pages
Ethernet Service Complementary Information
No ratings yet
Ethernet Service Complementary Information
59 pages
CloudEngine S6730-H Series Switches Brochure
No ratings yet
CloudEngine S6730-H Series Switches Brochure
8 pages
Huawei CE Series Switches Stack Configuration Notes
No ratings yet
Huawei CE Series Switches Stack Configuration Notes
12 pages
Stack Management Configuration H3C
No ratings yet
Stack Management Configuration H3C
7 pages
Datasheet Huawei
No ratings yet
Datasheet Huawei
24 pages
Call Center Template
No ratings yet
Call Center Template
8 pages
SPANNING TREE PROTOCOL: Most important topic in switching
From Everand
SPANNING TREE PROTOCOL: Most important topic in switching
Mulayam Singh
No ratings yet