Huawei Introduction

Basis of VRP CLI

July 2006

1
Contents
 Introduction to the platform and SO
 IP address configuration
 Static routing
 Dynamic routing (Distance vector algorithms)
 Dynamic routing (Link state algorithms)
 Summarization and classless routing
 Redistribution
 Link protocols (hdlc & ppp frame-relay)
 Link protocols (frame-relay)
 Access lists
 NAT
 LAN switching
 VLAN switching
2
VRP Introduction

 Versatile Routing Platform (VRP):

 Core: TCP/IP stack
 Integrated Technologies: Routing, QoS,
VPN, security, and VoIP
 Data Forwarding: IP TurboEngine
technology

3
VRP Functionality
Attribute Description
Ethernet_II
LAN protocols Ethernet_SNAP
VLAN
Bridge
PPP, MP
SLIP
ISDN
PPPoE
IPoA
PPPoA
Link layer PPPoEoA
protocols HDLC
Frame Relay
LAPB
Network X.25
ATM
interconnectivity
L2TP VPN
GRE VPN
VPN IPSec VPN
MPLS VPN (L2/L3)
DVPN

4
VRP Functionality
(Continued)
Attribute Description
ARP
Static domain name resolution
IP services IP UNNUMBERED
DHCP Relay
DHCP Server
DHCP Client

DLSw
Non-IP services IPX
Network
protocols Static routing management
Dynamic routing protocols
• RIP-1/RIP-2
• OSPF
• BGP
• IS-IS
Routing policy
IP Routing Policy routing
Multicast routing protocols
• IGMP
• PIM-DM
• PIM-SM
• MBGP
• MSDP

5
VRP Functionality
(Continued)
Attribute Description
Authentication, RADIUS
Authorization, CHAP authentication
Accounting (AAA) PAP authentication
services
Packet filter
• Interface-based ACL
• Period-based ACL
Firewalls Firewall
• Packet filtering firewall
Network ASPF (status firewall)
security
Support terminal access security
Data security IPSec & IKE
Allow the LAN users to access external networks
by using the IP addresses in the address pool
Support the operation of associating an ACL with
an address pool
Support the operation of associating an ACL with
NAT an interface
Allow the hosts on external networks to access
the internal server
Allow configuring the valid time period that the
address translation is supported
Support multiple ALGs

6
VRP Functionality
(Continued)
Attribute Description
Basic MPLS functions
MPLS VPN
MPLS MPLS QoS
MPLS TE
Network Backup center
reliability VRRP
Interface card/fan/power module hot swappable
Traffic policing Traffic Policing
Congestion FIFO, PQ, CQ, WFQ, CBW/LLQ, RTP
management
QoS Congestion WRED
avoidance
Traffic shaping TS
Interface rate limit LR
FR QoS
MPLS QoS
Dialup DCC configuration
network Modem management configuration

7
VRP Functionality
(Continued)
Attribute Description
Make local configuration via Console
Make remote configuration via the AUX port
Command Make local or remote configuration via Telnet or SSH
Line Interface Configure hierarchical command protection to
(CLI) safeguard the router against the intrusion of
unauthorized users
Provide detailed debugging information to help you
make network troubleshooting
Provide the network testing tools like tracert and ping
commands to help you quickly diagnose whether the
Configuration network is correctly running
management Directly log in by using the telnet command to manage
other routers
Adopt the FTP Server/Client model, which makes it
possible to download and upload the configuration files
and applications by making use of FTP
Support file uploading and downloading with TFTP
Support log function
Provide file system management
Support user-interface configuration and provide
multiple approaches in authentication and authorization
of the login users

Support the standard SNMPV3, and be compatible with SNMP V2C,

SNMP V1
Support Network Time Protocol (NTP)
8
Setup via Console
Console Port

Console Cable
Router

RS-232 Serial Port PC

9
Setup via Telnet
Workstation
Router

100BASE-TX
Ethernet

Server Laptop PC

10
Command Views
Command lines are associated with command views:
 User view like in <Quidway>
 System view like in [Quidway]
 Routing protocol views: OSPF, RIP, BGP,

IS-IS…
 Interface views: FE, GE, synchronous serial, cE1, E3,

cT1, T3, ATM, POS, CPOS, virtual-template, virtual

Ethernet, loopback, null, tunnel
 User interface view

 L2TP group view

 Route mapping view

11
Command Line On-line Help
 Enter “?” in any views and you will
obtain all the commands in this view
and their simple descriptions as well.
<Quidway> ?
User view commands:
cd Change current directory
clock Specify the system clock
……

[Quidway] ?
System view commands:
configure Enter configuration mode
delete Erase the configuration file in flash or nvram
reboot Reboot the router
save Write running configuration to flash or nvram
…… 12
Command Line On-line Help

 Enter a command and a “?” separated

by a space. If "?" stands for a key word,
all the keywords and their simple
descriptions will be given.
<Quidway> display ?
aaa AAA status and configuration information
acl Acl status and configuration information
……

13
Command Line On-line Help
 Enter a command and a “?” separated by a
space. If "?" stands for a parameter,
descriptions of these parameters will be given.

[Quidway] interface ethernet ?

<3-3> Slot number
[Quidway] interface ethernet 3?
/
[Quidway] interface ethernet 3/?
<0-0>
[Quidway] interface ethernet 3/0?
/
[Quidway] interface ethernet 3/0/?
<0-0>
[Quidway] interface ethernet 3/0/0 ?
<cr> 14
Command Line On-line Help

 Enter a character string followed by a

“?”. All the commands starting with this
string will be displayed.
<Quidway> d?
debugging delete dir display

 Press <tab> after entering the first several letters

of a keyword to display the complete keyword,
given that these letters can uniquely identify the
keyword in this command.

15
Error Information

Wrong Informantion Cause

No such command

No such parameter
Unrecognized command
Parameter type wrong

Invalid parameter value

Incomplete command Command incomplete

Too many parameters Too many parameters

The string you input can’t indicate a
Ambiguous command
command uniquely

16
History Command

Operation Key Result

Display the history display history- Display the history commands that
commands command the user has entered

Access the last Up-arrow key or Display the earlier history command,
history command <Ctrl+P> if there is any. Otherwise, the system
will ring the alarm.

Access the next Down-arrow key Display the next history command, if
history command or <Ctrl+N> there is any. Otherwise, the system
will clear the commands and ring the
alarm.

17
Entering/Exiting System View

 Enter the system view from the user view

 system-view
 Return to the user view from the system view
 quit
 Return to the user view from any other view
 return

18
Command Levels

 The system commands are divided into four

levels:
 Visit: includes the commands of network diagnosis tools such as
ping, and the commands for visit to external devices, such as
Telnet client
 Monitor: Commands used for system maintenance and service
fault diagnosis, including display and debugging commands
 Config: Service configuration commands including routing
commands and the commands at the network layer.
 Manage: Commands essential to the system operations and the
system support modules. They provide support to services that
concerns file system, FTP, TFTP, XModem download, configuration
file switch, power control, standby board control, user
management, level setting, as well as the parameter setting within
a system (the last case involves those non-protocol or non-RFC
provisioned commands).
19
Visit Level
 The commands in visit level:

Visit: includes the commands of network

diagnosis tools such as ping and tracert, and the
commands for visit to external devices, such as
Telnet client, SSH client, and RLOGIN.
20
Monitor Level
 The commands in monitor level:

Commands used for system maintenance and

service fault diagnosis, including display and
debugging commands. 21
Config Level
 The commands in config level:

Config: Service configuration commands including

routing commands and the commands at the
22
network layer.
Manage Level
 The commands in
manage level:

Manage: Commands essential to

the system operations and the
system support modules. They
provide support to services that
concerns file system, FTP, TFTP,
XModem download,
configuration file switch, power
control, standby board control,
user management, level setting,
as well as the parameter setting
within a system (the last case
involves those non-protocol or
non-RFC provisioned 23
commands).
Huawei Introduction
Configuration Basics

24
Basic Configuration Commands
 Name devices
[Quidway] sysname NE16-A
 Erase the configuration saved in flash
<Quidway> reset saved-configuration
 Reset router
<Quidway> reboot
 Write the description of a interface
[Quidway-Ethernet1/0/0] description NE ethernet
interface
 Configure the IP address of a interface
[Quidway-Atm1/0/0] ip address 129.102.0.1
255.255.255.0

25
Configuring System Clock
 Set standard time
clock datetime HH:MM:SS YYYY/MM/DD
 Set time zone
clock timezone time-zone-name { add | minus } offset
 Remove time zone setting
undo clock timezone
 Import summer-time scheme
clock summer-time summer-time-zone-name { one-off |
repeating } start-time end-time add-time
 Cancel summer-time scheme
undo clock summer-time

26
Popular Display Command

Operation Command
Display system
display version [ slot-id ]
version
Display system clock display clock
Display terminal user display users [ all ]
Display original
display saved-configuration
configuration
Display current
display current-configuration
configuration
display debugging [ interface { interface-type
Display the state of
interface-number | interface-name } ]
debugging switch
[ module-name ]
…… ……

27
Display filters
 A lot of display commands are available for
showing system status information. When
outputting information, you can add "|" in the
command to filter information. Three options
are available:
 begin text: to display information starting from
the line with "text"
 exclude text: to display information of the lines
with no "text"
 include text: to display information of the lines
with "text"
For example, if you enter the
display current-configuration | include ip command,
the configuration information of the line with "ip" are
displayed.
28
Console – first steps
<Quidway>display users
UI Delay Type Ipaddress Username Userlevel
+ 0 CON 0 00:00:00 3
<Quidway>display clock
03:13:49 UTC Fri 09/30/2005
<Quidway>display cpu-usage
info-
===== Current CPU usage info =====center configuratione Crea
CPU Usage Stat. Cycle: 28 (Second)
CPU Usage : 8%
CPU Usage Stat. Time : 2005-09-30 03:16:03 Enter interface command modesplay
CPU Usage Stat. Tick : 0x4(CPU Tick High) 0x5336e964(CPU Tick Low)

Actual Stat. Cycle : 0x0(CPU Tick High) 0x29ca1bc3(CPU Tick Low)

dlsw

TaskName CPU Runtime(CPU Tick High/CPU Tick Low) ipsec Specify IPSec
configure informationd
VIDL 92% 0/26989bc6
INFO 0% 0/ 3398
ROUT 0% 0/ cc1bf
SOCK 0% 0/ e7926
VTYD 0% 0/ 9d294
IPSP 0% 0/ 4162
IKE 0% 0/ 38d8
TAC 0% 0/ c2a29
SC 0% 0/ a0ba1
… 29
Display version
<Quidway>display version
Copyright Notice:
All rights reserved (Dec 10 2004).
Without the owner's prior written consent, no decompiling
nor reverse-engineering shall be allowed.
Huawei-3Com Versatile Routing Platform Software
VRP(R) software, Version 3.40, Release 0006
Copyright (c) 2003-2004 Hangzhou Huawei-3Com Tech. Co.,Ltd. All rights reserved
.
Copyright (c) 2000-2003 Huawei Tech. Co.,Ltd. All rights reserved.
Quidway AR28-09 uptime is 0 week, 0 day, 0 hour, 5 minutes

CPU type: PowerPC 8241 200MHz

128M bytes SDRAM Memory
32M bytes Flash Memory
Pcb Version:1.0
Logic Version:1.0
BootROM Version:9.07
[SLOT 0] AUX (Hardware)1.0, (Driver)1.0, (Cpld)1.0
[SLOT 0] 1FE (Hardware)2.0, (Driver)2.0, (Cpld)0.0
[SLOT 0] WAN (Hardware)1.0, (Driver)1.0, (Cpld)1.0
<Quidway> 30
Configuring a Banner
 A banner shows information displayed
at login, login authentication, or
configuration.
Operation Command
Configure the banner to be
header incoming incoming-text
displayed at login.
Configure the banner to be
displayed at login header login login-text
authentication.
Configure the banner to be
displayed when a user enters header shell shell-text
user view.
undo header { incoming | login
Cancel the banner setting.
| shell } 31
Configuring Password for
User Level Switching

 You may set user level switching passwords. After

that, a user that logs onto the router with a lower
user level is required to provide the password before
operating on higher level commands.

Operation Command

Configure a user
super password [ level user-level ]
level switching
{ simple | cipher } password
password.

Delete the undo super password [ level user-

configured password level ]

To switch the user level use: super [level ]

32
Configuring Command Levels

 All the commands are administratively

assigned to different views and
categorized into four levels: visit,
monitor, system, and manage,
identified respectively by 0 through 3.
Operation Command

Assign a level to
command-privilege level level view
the commands in
view command-key
the specified view.
undo command-privilege view view
Restore the default.
command-key
33
User Interface - console
 Configure the access to the console with a password:
<Quidway>system-view
[Quidway] user-interface console 0
[Quidway-ui-con0] authentication-mode password
[Quidway-ui-con0] set authentication password simple impsat
[Quidway-ui-con0] user priviledge level 1
[Quidway-ui-con0] return
<Quidway> quit
User interface Con 0 is available.

Press ENTER to get started.

password:
%Sep 30 03:07:48:621 2005 Quidway SHELL/5/LOGIN: Console
login from con0
User privilege changes to 1 level, just equal or less this level's
commands can be used.
Privilege note: 0-VISIT, 1-MONITOR, 2-SYSTEM, 3-MANAGE
<Quidway> 34
Privilege level passwords
 Configure the priviledge level passwords :
[Quidway] super password level 1 simple pass1
[Quidway] super password level 2 simple pass2
[Quidway] super password level 3 simple pass3

 So when a user wishes to change level:

<Quidway> super 1
Password:
User privilege changes to 1 level, just equal or less
this level's commands can be used.
Privilege note: 0-VISIT, 1-MONITOR, 2-SYSTEM, 3-
MANAGE
<Quidway>
35
Contents and format of the
configuration file
The configuration file is a text file in the following format:
 Saved in a format of commands.

 Only non-default parameters are saved for space

economy.
 Command mode is the basic frame for organizing these

commands. All commands of the same command mode

are grouped into a section and blank lines or comment
lines (which begin with “#”), are used to separate these
sections. Blank lines or comment lines can be one line
or multiple lines.
 In general, these sections are arranged in the sequence

of global configuration, physical interface configuration,

logical interface configuration, and routing protocol
configuration.
36
Displaying the router configuration

Operation Command
Display the initial configurations of
display saved-configuration
the router
Display the configuration files
display startup
saved in the system for boot.
Display the configurations in the
display this
current view.
display current-configuration
[ controller | interface interface-
type [ interface-number ] |
Display the current configurations
configuration [ isp | post-system |
of the router.
radius-template | system | user-
interface| ] ] [ | [ begin | include |
exclude ] string ]

37
Saving the current configuration
 The user can modify the current configuration of the
router through the command line interface. In order
to make the current configuration as the startup
configuration of the router at the next power-on, the
save command is required to save the current
configuration into the default storage device.

Operation Command
Save the current configuration save [ file-name ] [ safely ]

Executing this command without the safely keyword can make the
speed of saving configuration files fast, but these files cannot
survive a reboot or power-off during the saving process; executing
this command with the safely keyword, however, makes the
saving speed slower, but these files can survive a reboot or
power-off during the saving process. By default, fast saving
applies.
38
Erasing the configuration file

 Using the reset saved-configuration command,

you can erase the configuration file in the current
storage device of the router. After the configuration
file is erased, default configuration parameters will be
used for the initialization at the next power-on of the
router.

Operation Command

Erase the configuration file in

reset saved-configuration
the storage devices

39
Setting the configuration file

 Using the startup saved-

configuration command, you can set
the file to be used at the next boot

Operation Command

Set the configuration file to startup saved-

be used at the next boot. configuration filename

40
Huawei Introduction
User Interface Configuration

41
User Interface

 User interface (con, vty) view is a new

feature provided by the system. Like interface
view managing interfaces, the main purpose
of this kind of view is the management of
asynchronous interfaces working in the flow
mode. The emergence of this kind of view
allows the user to configure the login
parameters of various users in a similar way,
for these different kinds of interfaces are
usually used for system configuration
management.

42
User Interfaces

 There are four types of user interfaces

commensurate with these configuration modes. They
are:
 Console port (CON)
Console port is a kind of line device port. On a router, a Console port of
EIA/TIA-232 DCE type is provided for users to make configuration.
 AUX port (AUX)
AUX port is also a kind of line device port. On a router, an AUX port of
EIA/TIA-232 DTE type is provided for the dialup access via modem.
 Asynchronous serial port (TTY)
TTY user interface is used if a user logs in the router via an
asynchronous serial port or synchronous/asynchronous serial port
(working in asynchronous mode)
 Virtual line (VTY)
Virtual port is a logical terminal line that is used for Telnet access to
the router and is generally known as VTY (Virtual Type line).

43
User Interface

 Perform the following tasks to configure a

user interface:
 Enter user interface view
 Configure the protocol supported by the current
user interface
 Configure the attributes of asynchronous interface
 Configure terminal attributes
 Configure user management
 Set modem attributes
 Set the redirection function
 Configure incoming and outgoing call restriction
on VTY user interface
44
Example: VTY access

 How to disable telnet access. Note that no

access-lists are required to close the interface:
[Quidway] user-interface vty 0 4
[Quidway-ui-vty0-4] undo shell
 Following will be displayed after the access of a Telnet terminal.

% connection refused by remote host!

 Particular filtering can be done through acl:

[Quidway-ui-vty0-4] acl acl-number { inbound | outbound }

45
Displaying…

 Displaying the information of users on all user

interfaces
Operation Command
Display the use information on all display users [ all ]
the user interfaces

 Displaying the physical attributes and some

configurations on a user interface
Operation Command
Display the physical attributes and
display user-interface [ type-name
some configurations on a user
number ] [ number ]
interface

46
User Priority

 Similar to the priority of commands, the

user priority is divided into Visit,
Monitor, System and Manage, with the
priority identifier from 0 to 3.
User
Name Command
Priority
0 Visit Ping, tracert, telnet
1 Monitor ping, tracert, telnet, display, debugging
All configuration commands (except the Manage
2 System command) and the commands with the priority level
0 and 1.
All commands (includes file system, FTP and TFTP
3 Manage
commands) 47
Configuring User Authentication
Mode

 How to enable the use of passwords:

[Quidway] authentication-mode password

 How to set the password:

[Quidway] set authentication password { cipher |
simple } password

48
Performing Password Authentication

 The user need enter the password huawei

when logging on the system from the VTY 0
by password authentication. The user priority
is 3. The operation commands are shown as
follows:
<Quidway> system-view
[Quidway] user-interface vty 0
[Quidway-ui-vty0] authentication-mode password
[Quidway-ui-vty0] set authentication password simple
huawei
[Quidway-ui-vty0] user privilege level 3

49
Huawei Introduction
Interface Configuration

50
Configuring an interface

[Quidway] interface serial 0

[Quidway-Serial0] ?
Bandwidth bandwidth information parameter
Baudrate Set transmite and receive baudrate
Link-protocol Set encapsulation for interface
Ip Interface Internet Protocol configure command
Shutdown Shutdown the selected interface
Undo Negate a command or set its default
Dialer Dial-On-Demand routing (DDR) command
Loopback Configure internal loopback on an interface
Mtu Maximum transmission unit
…

51
display interface
Physical layer state
<Quidway>dis int s1/0/0 information
Serial1/0/0 current state : DOWN Data-link layer state
Line protocol current state : DOWN information
Description : HUAWEI, Quidway Series, Serial1/0/0 Interface Interface description
The Maximum Transmit Unit is 1500, Hold timer is 10(sec)
Link layer protocol is PPP MTU and timer of
interface
LCP initial
Data-link
Internet Address is 1.2.1.1/24
encapsulation
Interface is no cable
DTE, DCE or no cable
code nrzi not set, idle-mark not set, loopback not set
Output queue : (Urgent queue : Size/Length/Discards) 0/50/0
Data transmit
Output queue : (Protocol queue : Size/Length/Discards) 0/500/0
Output queue : (FIFO queuing : Size/Length/Discards) 0/75/0
Last 5 minutes input rate 0 bytes/sec, 0 packets/sec
Last 5 minutes output rate 0 bytes/sec, 0 packets/sec
Input: 0 packets, 0 bytes
Output:0 packets, 0 bytes Physical Layer
DCD=DOWN DTR=DOWN DSR=DOWN RTS=DOWN CTS=DOWN
52
Interface configuration
Features of the synchronous serial interface are as
follows.
 It can work in two modes: DTE and DCE. Usually, the
synchronous serial interface serves as DTE and
receives the clock provided by DCE.
 The synchronous serial interface can connect multiple
cables externally, such as V.24, and V.35. The VRP
can automatically distinguish types of cables
connected externally and select electrical characters.
Generally, you do not need to perform configuration
manually.
 The link layer protocols supported by synchronous
serial interface include PPP, FR, LAPB and X.25, etc.
 It supports network layer protocol IP. Type of
external cable and the operating mode (DTE/DCE) of
the synchronous serial interface can be viewed with
display interface serial command.
53
Interface configuration
When two synchronous serial interfaces are
connected, the baud rate on line is determined at
DCE-side. Therefore, when the synchronous serial
interfaces act as DCE, the baud rate is to be set.
The default baud rate of synchronous serial
interface is 64000bit/s.

[Quidway-Serial0/0]baudrate ?
300 only for async mode
600 only for async mode
1200 for syn & asyn mode
2400 for syn & asyn mode
4800 for syn & asyn mode
9600 for syn & asyn mode
......
115200 for syn & asyn mode
128000 only for syn mode
384000 only for syn mode
2048000 only for syn mode
Note: The baudrate must not exceed 64Kbps when using a V.24 cable!

54
Huawei Introduction
Routing Configuration

55
Displaying the routing table
 A route is the path information to guide
IP packets to be transferred.

[Quidway]display ip routing
Routing Tables:
Destination/Mask proto pref Metric Nexthop Interface
0.0.0.0/0 Static 60 0 120.0.0.2 Serial0
8.0.0.0/8 RIP 100 3 120.0.0.2 Serial0
9.0.0.0/8 OSPF 10 50 20.0.0.2 Ethernet0
9.1.0.0/16 RIP 100 4 120.0.0.2 Serial0
11.0.0.0/8 Static 60 0 120.0.0.2 Serial0
20.0.0.0/8 Direct 0 0 20.0.0.1 Ethernet0
20.0.0.1/32 Direct 0 0 127.0.0.1 LoopBack0
......
56
Route Preference
 The route obtained by the protocol of
the highest preference is preferred and
added in the routing table.
Routing Protocol Preference
DIRECT 0
OSPF 10
STATIC 60
RIP 100
IBGP 130
OSPF ASE 150
EBGP 170
UNKNOWN 255
57
Route Metric

 The route metric identifies the cost for

arriving at the destination of the route.
Generally, the route metric value will be
influenced by the line delay, bandwidth, line
seizure ratio, degree of line reliability, hop
count, MTU, etc.
 Different dynamic routing protocols will select
one or several factor(s) to calculate the
metric value.
 The metric value of the static route is 0.

58
Static Route Configuration
[Quidway]ip route-static <ip_address> [ <mask> |
<masklen> ] <interface_name> | <gateway_address>
[ preference <preference_value> ] [ reject | blackhole ]

Examples:
[Quidway] ip route-static 129.1.0.0 16 10.0.0.2
[Quidway] ip route-static 129.1.0.0 255.255.0.0 10.0.0.2
[Quidway] ip route-static 129.1.0.0 16 Serial 2
[Quidway] ip route-static 0.0.0.0 0.0.0.0 10.0.0.2
•Destination unreachable route: when the static route towards a
destination is of the "reject" parameter, all IP packets to the destination
will be rejected. Besides, with the ICMP message, the source host will be
notified of the unreachable destination.
•Destination blackhole route: when the static route towards a destination
is of the "blackhole" parameter, all IP packets to the destination will be
discarded. However, no message is sent to the source host 59
Dynamic routing

 What is purpose of the dynamic routing

protocols?
 Route calculation. The dynamic routing protocols calculate
the route from a router to other network segments in a
network.

 How to do this?
 All routers send their known route-related information to the
neighboring router, so that each router will receive all
routing information in the network.
 Then based on an algorithm, the final route is calculated out
(in fact, the next hop and metric of the route are calculated
out).

60
Overview of RIP
 RIP is the abbreviation of Routing
Information Protocol.
 RIP is a special implementation of the
distance-vector routing protocol.
 RIP (in two versions: RIP-1 and RIP-2) is
applied to small and medium-sized networks.
 RIP-2 uses the multicast (224.0.0.9) for
transmission, and supports authentication
and VLSM.
 RIP support split horizon, route poison
reverse, and triggered updated.
61
Configuration Commands of RIP

Start the RIP and enter the RIP view [Quidway] rip
Enable RIP in the speciafied network [Quidway-rip] network network-number

Specify the interface version (in interface rip version 1

view) rip version 2 [broadcast | multicast]

Specify the working state of an interface rip work

(under interface view) rip input
rip output
Configure the RIP-2 route aggregation summary

Set the interval to update the RIP route timers updates time

Set an RIP route timeout time timers timeout time

62
Display the RIP Configuration
Information

[Quidway]display rip
RIP is running
public net VPN-Instance
Checkzero is on Default cost : 1
Summary is on Preference : 100
Period update timer : 30
Timeout timer : 180
Garbage-collection timer : 120
No peer router
Network :
192.168.2.0

63
Debugging Information of the RIP

<Quidway> terminal debugging

% Current terminal debugging is on

<Quidway> debugging rip packet

Rip packet debugging is on

RIP : receive Response from 120.0.0.2

packet : vers 1,cmd Response,length 24
dest 110.0.0.0, Metric 1
RIP : send 20.0.0.1 to 255.255.255.255
packet : vers 1,cmd Response,length 44
dest 110.0.0.0, Metric 2
dest 120.0.0.0, Metric 1
64
Overview of OSPF
 Adaptable to large-scale networks
 High speed of route change and convergence
 No route self-loop
 Supporting variable length subnetwork mask
VLSM
 Supporting area division
 Supporting equivalent value route
 Providing level-by-level route management
 Supporting verification
 Supporting transmission of protocol messages by
multicast addresses 65
Configuration Commands for OSPF

Operation Command

Configure the Router ID of the

router id A.B.C.D
router (System view)

Start the OSPF Protocol (System

ospf [ process-id ]
view)

Entering OSPF Area View

area area-id
(OSPF view)

Specifying the Network Segment network ip-address wildcard-

(area view) mask

Set the priority of an interface in

ospf dr-priority value
DR election: (Interface View)
66
Advanced Configuration Commands
for OSPF
Operation
Create and configure an OSPF
virtual link: (OSPF area View)
Configuring the Route
Aggregation of OSPF Area:
(OSPF area view)
Configuring Aggregation of
Imported Routes by OSPF
(OSPF view)
Command
vlink-peer router-id [ hello
seconds] [ retransmit seconds ]
[ trans-delay seconds ] [ dead
seconds] [ simple password |
md5 keyid key ]
abr-summary ip-address mask
[ advertise | not-advertise ]
asbr-summary ip-address
mask [ not-advertise | tag
value ]
67
Testing Tools
<Quidway>ping ?
-a Select source IP address
-c Specify the number of echo requests to send
-d Specify the SO_DEBUG option on the socket being used
-h Specify TTL value for echo requests to be sent
-i Select the interface sending packets
-n Numeric output only. No attempt will be made to lookup host
addresses for symbolic names
-p No more than 8 "pad" hexadecimal characters to fill out the
sent packet. For example, -p f2 will fill the sent packet with
f and 2 repeatedly
-q Quiet output. Nothing is displayed except the summary lines at
startup time and when finished
-r Record route. Includes the RECORD_ROUTE option in the
ECHO_REQUEST packet and displays the route
-s Specifies the number of data bytes to be sent
-t Timeout in milliseconds to wait for each reply
-tos Specify TOS value for echo requests to be sent
-v Verbose output.
STRING<1-20> IP address or hostname of a remote system
68
ip IP Protocol
More testing tools

<Quidway>tracert ?
-a Select source ip address
-f First time to live
-m Maximum time to live
-p UDP port number
-q Number of probe packet
-w Timeout in milliseconds to wait for
each reply
STRING<1-20> IP address or hostname of a
remote system

69
And more...

<Quidway>terminal ?
debugging Enable/disable debug
information to terminal
logging Enable/disable log information to
terminal
monitor Enable/disable information output
to current terminal
trapping Enable/disable trap information to
terminal

70
Huawei Introduction
Access Lists

71
IP packet filtering
 For any packet a router needs to transfer, first
obtain its packet header information and then
compare it with the set rules. Whether to transfer or
to discard a packet depends on the comparison
results. The key technology to implement packet
filtering is access control list.
R

Internal Network

Internet

Branch Office

Headquarters of
a company
Unauthorized user
72
Access Lists

 According to application purpose, ACL falls

into three groups:
 Basic ACL
 Advanced ACL
 Interface-based ACL

Kinds of list Range for a number to identify

Basic ACL 2000-2999
Advanced ACL 3000 － 3999
Interface-based ACL Interface-based ACL

acl number acl-number [ match-order { config | auto } ]

73
Configuration of Basic ACL

 The command format for configuring

a Basic ACL is as follows:

acl { number acl-number} [ match-order

{ config | auto } ]
rule [ rule-id ] { permit | deny } [ source
source-addr source-wildcard | any ] [ time-
range time-name ] [ logging ] [ fragment ]
[ vpn-instance vpn-instance-name ]

74
Advanced Access Lists

 In addition to source address of a packet, advanced

lists can also use destination address and protocol
number (TCP, UDP, etc.).
 For the packets transmitted through TCP and UDP,
the destination port number can also be used to
differentiate the packets.

rule [ rule-id ] { permit | deny } protocol [ source source-addr

source-wildcard | any ] [ destination dest-addr dest-mask |
any ] [ source-port operator port1 [ port2 ] ] [ destination-
port operator port1 [ port2 ] ] [ icmp-type icmp-type icmp-code
] [ precedence precedence ] [ tos tos ] [ time-range time-
name ] [ logging ] [ fragment ] [ vpn-instance vpn-instance-
name ]

75
Configuration Steps of ACL for Firewall
Enable Firewall

Internet

Headquarters of
a company

Rules of
ACL
Apply the ACL to
interface
 The following applications can be
extended as required:
 Set the default filtering mode of firewall
 Enable/disable the filtering based on time range
 Set special time range
76
 Designate log host
Commands for Configuring Firewall
Attributes

 Enable/disable firewall
firewall { enable | disable }
 Set the default filtering mode of
firewall
firewall default { permit|deny }
 Display the status information of
firewall
display firewall

77
Apply Access Control List on the
Interface
 Apply the access control list on the interface.
 Designate whether it is in the OUT or IN
direction on the interface.

The access control

The access control list
list 3 applies to the
101 applies to the
interface Serial0 and
interface Ethernet0
is effective in in
and is effective in out
direction
direction
Ethernet0 Serial0

firewall packet-filter { acl-number } { inbound | outbound }

78
Basic Access List

172.16.4.0
Internet
172.16.3.0

S0
E0 E1 172.16.4.13

[Quidway] firewall enable

[Quidway] acl number 2000
[Quidway-acl-basic-2000] rule 0 permit source 172.16.3.0 0.0.0.255
[Quidway-acl-basic-2000] quit

[Quidway] interface Serial 0/0

[Quidway-Serial0/0] firewall packet-filter 2000 outbound

Permit 172.16.3.0/24 network only

79
Advanced Access List

Internet 172.16.4.0
172.16.3.0 non 172.16.0.0

S0
E0 E1 172.16.4.13

[Quidway] firewall enable

[Quidway] acl number 3000
[Quidway-acl-adv-3000] rule 0 deny tcp source 172.16.4.0 0.0.0.255
destination 172.16.3.0 0.0.0.255 destination-port eq 21
[Quidway-acl-adv-3000] rule 1 deny tcp source 172.16.4.0 0.0.0.255
destination 172.16.3.0 0.0.0.255 destination-port eq 20
[Quidway-acl-adv-3000] rule 2 permit ip source 172.16.4.0 0.0.0.255
destination 172.16.3.0 0.0.0.255
[Quidway-Ethernet0/0] interface Ethernet 0/0
[Quidway-Ethernet0/0] firewall packet-filter 3000 outbound

Deny FTP for E0 from 172.16.4.0/24 80

Packet Filtering based on time range

 "Special rules for special time range"

Internet

Rules of
ACL
During working hour (8: 00
a.m.- 5: 00 p.m.), only special
sites can be accessed. Other
sites can be accessed in teh rest
time.

81
Configuring Time Range
 Time range command
time-range time-name [ start-time to
end-time ] [ days ] [ from time1 date1 ]
[ to time2 date2 ]

 Display timerange command

display time-range { all | time-name }

82
Huawei Introduction
Network Address Translation

83
Background of Address Translation

 Because of increasingly insufficient IP address

resources.
 Multiple hosts in a LAN to access Internet by
a public IP address, address translation can
be used.
 Network security protection: Address
translation technology can effectively hide the
hosts of the internal LAN.
 Meanwhile, address translation can provide
such services as FTP, WWW and Telnet of the
internal network to external network
according to the requirements of users.
84
Configuration of Address Translation

 Define an ACL to specify what kind of host

can access Internet.
 Adopt EASY IP or address pool to provide
public address.
 According to the selected mode (address pool
or easy IP), address translation is permitted
on the interface connected to Internet.

85
Configuration of Static NAT

 Create the map

nat static {inside-address} {outside-
address}

 Associate it to the corresponding

interface
 nat outbound static

86
Configuration of Dynamic NAT

 EASY IP for NAT (associate the ACL with an

interface).
nat outbound acl-number

 Configure a NAT address pool.

nat address-group group-number start-addr end-addr

 Use address pool to achieve NAT (associate the

ACL with an address pool).
nat outbound acl-number address-group group-number
[ no-pat ]

87
Monitoring and Maintenance of NAT

 Display the configuration of address

translation
display nat { address-group | aging-time | all |
outbound | server | statistics | session [ vpn-
instance vpn-instance-name ] [ slot slot-
number ] [ destination ip-addr ] [source global
global-addr | source inside inside-addr ] }
 Enable the debugging of NAT
debugging nat { event | packet [ interface
{ interface-type interface-number | interface-
name } ]| alg }
 Clear the connection of address translation
reset nat {log-entry | session}

88
Dynamic NAT (1)
 Enable the hosts of the 10.110.10.0/24 network
segment to perform address translation by
selecting the addresses from 202.110.10.10 to
202.110.10.12 as the translated address. Suppose
that the interface Serial0/0/0 connects to ISP.

[Quidway] acl number 2001

[Quidway-acl-basic-2001] rule permit source
10.110.10.0 0.0.0.255
[Quidway-acl-basic-2001] rule deny

89
Dynamic NAT (2)

 Configure the address pool.

[Quidway] nat address-group 1
202.110.10.10 202.110.10.12
Allow address translation and use the
addresses of address pool 1 for address
translation. During translation, the
information of TCP/UDP port is used.
[Quidway-Serial0/0/0] nat outbound 2001
address-group 1

90
Dynamic NAT (3)

 Delete the previous configuration.

[Quidway-Serial0/0/0] undo nat outbound
2001 address-group 1
 Configure simple address translation
(not using the TCP/UDP port
information to perform the address
translation)
[Quidway-Serial1/0/0] nat outbound 2001
address-group 1 no-pat

91
Dynamic NAT (4)

 Delete the previous configuration.

[Quidway-Serial0/0/0] undo nat outbound
2001 address-group 1
 Configure simple address translation
(using EASY IP, that is the interface
address to perform the address
translation)
[Quidway-Serial1/0/0] nat outbound 2001

92
Huawei Introduction
WAN Services

93
PPP

 The link-protocol PPP command is the

interface configuration command. It specifies
the encapsulation type of a WAN interface as
PPP. By default, the encapsulated Link Layer
protocol is the PPP in Quidway routers.
Operation Command
Encapsulate PPP link-protocol ppp
ppp authentication-mode {pap |
Configure authentication method
chap}
Configure user name and local-user username {simple |
password cipher} password

94
Typical PPP Configuration

Authenticating Party Authenticated Party

S0/0 PAP authentication S0/0

Quidway #1 Quidway #2

[Quidway]local-user quidway2 [Quidway]interface serial 0

password simple quidway [Quidway-Serial0/0]ppp pap local-
[Quidway]interface serial 0/0 user quidway2 password simple
[Quidway-Serial0/0]ppp quidway
authentication-mode pap

95
HDLC

 The VRP supports the HDLC protocol

encapsulation, and is compatible with
mainstream equipments of other companies.
link-protocol hdlc
 The keepalive time delay of the HDLC
protocol is used to set the scope of the
keepalive packet to detect the link status.
timer hold [ seconds ]

96
Introduction to Frame Relay
Local
Management
Interface (LMI)
CI
LAN DL DCE
FR CI
LAN
DTE DL DTE

DCE
Permanent Virtual
Circuit (PVC) use
data link connection
identifiers (DLCI)

 The frame relay protocol is a kind of fast packet

switching technology developed from the X.25 packet
switching technology, it is a kind of improved X.25
protocol.
 The frame relay is based upon virtual circuits.
97
Frame Relay Configuration
Commands

 Encapsulate the frame relay protocol

link-protocol fr [ ietf | nonstandard ]

 Configure the terminal type of the frame

relay interface
fr interface-type ｛ dce | dte | nni ｝

 Select the LMI type

fr lmi type { ansi | nonstandard | q933a }

98
Configure Frame Relay Address
Mapping

The frame relay address mapping sets up the mapping

relationship between the remote protocol address and the
local DLCI. This address mapping can be static or dynamic.

 Configure Frame Relay static address

mapping:
fr map ip { protocol-address [ ip-mask ] |
default } dlci [ broadcast ] [ nonstandard |
ietf ]
 Configure Frame Relay dynamic inverse arp
fr inarp [ ip ] [ dlci ]

99
Configure Local Virtual Circuits of
Frame Relay

 Allocate a virtual circuit number to the Frame Relay interface

fr dlci dlci-number

When the Frame Relay interface type is DCE or NNI, the interface (either
main interface or sub-interface) should be configured manually with virtual
circuits.
When the Frame Relay interface type is DTE, for the main interface, the
system will determine the virtual circuit automatically according to the
opposite equipment; the sub-interface must be configured with virtual
circuits manually.

100
Configure Frame Relay Subinterface
 Create frame relay subinterface and enter the
subinterface configuration mode
interface type number.subinterface-number
[p2mp | p2p]
 Configure the virtual circuit number for the
frame relay subinterfaces
 Configure Sub-Interface PVC and Establish

Address Mapping
The command for creating the address mapping is the same
as that of the physical interface, you may either use the
static or dynamic address mapping. The static address
mapping is only needed in point-to-multipoint condition..

101
Configure Frame Relay PVC
Switching
 Enable the Frame Relay switching
fr switching
 Configure Frame Relay switched route
 Assign a PVC number for Frame Relay

interface (DCE or NNI)

fr dlci dlci-number
 Configure the route for Frame Relay PVC
switching
fr dlci-switch in-dlci interface type number
dlci out-dlci

Note: If the frame relay switching is used, interface

type must be DCE or NNI
102
Typical Frame Relay Configuration
Example I

202.38.163.251 202.38.160.252

DCE DLCI 100 DTE

Encapsulated as frame relay
Router A Router B

fr switching
interface serial 1 interface serial 1
ip address 202.38.163.251 ip address 202.38.163.252
255.255.255.0 255.255.255.0
link-protocol fr link-protocol fr
fr interface-type dce fr interface-type dte
fr dlci 100 fr inarp
fr inarp or fr map ip
or fr map ip 202.38.163.252 dlci 202.38.163.251dlci 100
100

103
Typical Frame Relay Configuration
Example II
Frame
Relay IP:202.38.11.252

I 70
IP 202.38.11.251
I 50 DLC
DLC Serial1/0 Router B

Serial0/0
DLC
I 60 Serial2/0
Router A DLC
I 80
Router D
(FR
Switch)
Router C

 LANs interconnection through frame relay network

104
Typical Frame Relay Configuration
Example II (Continued)
Configure Router D (FR Switching):
# Enable the Frame Relay to carry out PVC switching
[RouterD] fr switching
# Encapsulate FR on interface and set interface type. Here, take serial0 as an example,
and other interfaces are configured similarly.
[RouterD-Serial0/0] link-protocol fr
[RouterD-Serial0/0] fr interface-type dce
# Enable the Frame Relay to carry out PVC switching
[RouterD-Serial0/0] fr dlci-switch 50 interface serial 1/0 dlci 70
[RouterD-Serial0/0] fr dlci-switch 60 interface serial 2/0 dlci 80
[RouterD-Serial1/0] fr dlci-switch 70 interface serial 0/0 dlci 50
[RouterD-Serial2/0] fr dlci-switch 80 interface serial 1/0 dlci 60
Configure Router A:
# Configure interface IP address
[Quidway-Serial0/1]ip address 202.38.11.251 255.255.255.0
# Configure the link layer protocol of the interface to Frame Relay
[Quidway-Serial0/1]link-protocol fr
[Quidway-Serial0/1]fr interface-type dte
# Configure static address mapping
[Quidway-Serial0/1]fr map ip 202.38.11.252 50
[Quidway-Serial0/1]fr map ip 202.38.11.253 60
105
Frame Relay Monitor and
Maintenance
 Enable the information-debugging of Frame
Relay
debugging fr {all / compress / congestion / de /
event / fragment / inarp / lmi / mfr / packet /
transmit-rate} [ interface type number ]
 View the Frame Relay status on each
interface.
display fr interface interface-type interface-num
 View the Frame Relay address mapping
table.
display fr map-info [ interface interface-type
interface-num ]
106
Frame Relay Troubleshooting
 The Physical Layer is DOWN
 check the physical lines
 check the remote equipment
 The Physical Layer is UP, but the Link Layer is DOWN
 Protocol encapsulation
 Whether does DTE/DCE corresponds to each other
 Monitor the transmitting/receiving status of the LMI message
 The Link Layer protocol is UP, but it cannot ping through
the remote equipment
 Whether the Link Layer protocols of the equipment at both
ends are in Up status
 Whether the address mapping is correct
 check the routing table to see whether there is route to the
remote equipment
107
Frame Relay Summary
 Use the local DLCI as the frame relay PVC identifier to
the destination end
 The QUIDWAY supports three LMI types:
 ANSI （ Annex D ）
 CCITT （ Annex A ）
 nonstandard
 Configure static frame relay MAP
 Configure subinterface to avoid the problem of split
horizon concerning routing update
 By default, the Inverse ARP can find remote protocol
address for the local DLCI automatically
 Use the commands display and debug to monitor the
frame relay
108
Huawei Introduction
VLAN Switching

109
LAN Switching

 System configuration is similar to

router´s.
 User-interfaces are equally defined

110
Select port duplex

[Quidway-Ethernet0/1]duplex ?
auto Enable port's duplex negotiation
automatically
full Full-duplex
half Half-duplex

111
Select port speed

[Quidway-Ethernet0/1]speed ?
10 Specify speed of current port 10Mb/s
100 Specify speed of current port 100Mb/s
auto Enable port's speed negotiation
automatically

112
Configure a vlan IP Address

 In vlan-interface view:
[Quidway]interface Vlan-interface 1

[Quidway-Vlan-interface1]ip address
192.168.1.1 255.255.255.0

 Add static routes in system view:

[Quidway]ip route-static 0.0.0.0 0.0.0.0
192.168.1.254
113
Format of 802.1q Frame

DA SA Type Data CRC

Standard Ethernet Frame

DA SA tag Type Data CRC

TCI

TPID Priority CFI VLAN ID

Ethernet Frame with IEEE802.Iq Flag

114
Link Type

Trunk Link or Hybrid Link

Access Link
115
Frame Changes in Network
Communication

vlan 2 vlan 1
Ethernet frame with tag

Ethernet frame
without tag
Ethernet frame with tag

vlan 1 vlan 2

116
Trunk and VLAN

VLAN 4
VLAN 5

VLAN 2 VLAN 4 VLAN 3 VLAN 2 VLAN 4 VLAN 5 VLAN 5 VLAN 2

Trunk Link

Directed Broadcast 117

VLAN Basic Configuration

 Enter into the VLAN view, If the specific VLAN is not

created, then create it:
vlan vlan_id

 Delete a VLAN
undo vlan vlan_id

 Add/delete Ethernet interface for a specific VLAN

[undo] port interface-list
 Interface-list: Ethernet 2/0/1 to Ethernet 2/0/24

118
Access Link Configuration
 Setting the Ethernet interface’s link-type
port link-type access
undo port link-type

 Set the PVID for access interface (interface

view)
port access vlan vlan-id

 Reset the PVID to default value

undo port access vlan
 Default : VLAN 1
119
Trunk Link Configuration
 Setting the Ethernet interface’s link-type
port link-type trunk
undo port link-type
 Setting Trunk interface’s PVID
port trunk pvid vlan vlan_id
undo port trunk pvid
 Default VLAN ID: 1

 set/cancel VLANs that can pass through trunk

interface
 [undo] port trunk permit vlan { vlan_id_list |
all }
120
Review of Spanning Tree

 What happens in a network

with loops?

 How to avoid the loops?

 STP resolves this problem and

provides link redundancy.

121
Applications of Transparent Bridge

 Expand LAN scale

 Free dynamic learning of site

address information
 Problem: frames or packets might be

forwarded circularly and

continuously, resulting in network
122
congestion
Why we need spanning tree
protocol?

LAN D

LAN A ROOT
LAN B
LAN E

LAN C

 To remove path loops that might exist in the

bridging network by blocking redundant links
 To activate redundant backup links to restore

network connection when the current active

path fails 123
Basic Principle of Spanning Tree
Protocol
 Transmits BPDUs among network bridges and
do the following jobs:
Select one from all bridges in the network as the
root;
Calculate the shortest path from itself to the root;

For each LAN ， first select a bridge nearest to the

root as a designated bridge, to handle the data

forwarded on its LAN;
The bridge selects a root port, and the path given

from this port will be the optimal path from this

bridge to the root;
Select ports (designated ports) contained on the

spanning tree except the root port. 124

Statuses of interface

Port Statues Port Ability

Disabled Not receive/send any message

Blocking Not receive/forward data, receive but not

transfer BPDUs, and not learn addresses

Not receive/forward data, receive and transfer

Listening BPDUs, but not learn addresses

Learning Not receive/forward data, receive and

transfer BPDUs, and start to learn addresses

Forwarding Receive and forward data, receive and

transfer BPDUs, and learn addresses

127
Configure Spanning Tree

 Enable/disable the STP in system-view

[Quidway] stp enable/disable

 Enable/disable the STP on the interface

[Quidway-Ethernet0/1] stp
enable/disable

128
Configurable Parameters of
Spanning Trees
 Configurable parameters of a spanning
tree include:
Bridge Priority
Port Priority

Path cost of a link corresponding to the

port （ PortPathCost ）
Three important timer parameters:

（ Hello Time/Max Age/ForwardDelay ）

Bridge Diameter of whole switched

network （ BridgeDiameter ）
129
Determine the Root by Configuration

 Bridge ID consists of two parts:

BridgePriority+BridgeMacAddress

 Configure the Bridge Priority

[Quidway] stp priority bridge-priority

130
Interface Cost
 Configure the cost of interface
[Quidway-Ethernet0/1] stp cost cost
 Default Value determined by bandwidth
Interface Recommended
bandwidth Default Value value range Value range

10Mb/s 2,000 200 － 20,000 1 － 200,000

100Mb/s 200 20 － 2,000 1 － 200,000
1Gb/s 20 2 － 200 1 － 200,000
10Gb/s 2 2 － 20 1 － 200,000

131
Interface Priority
 Port ID consists of two parts:
 PortPriority+Port number

 Configure the interface Priority

[Quidway-Ethernet0/1] stp port priority port-priority

LAN

Parallel Link
Multiple ports connected to one network segment

132
Timer of STP

 Set the value of forward-delay timer

[Quidway] stp timer forward-delay centiseconds
 Default value: 15 seconds

 Set the value of Hello timer

[Quidway] stp timer hello centiseconds
 Default value: 2 seconds
 Set the value of Max-age timer
[Quidway] stp timer max-age centiseconds
 Default value: 20 seconds

133
Maintenance

 Display the information of STP status

display stp [ interface interface_list ]
 Clear the information of STP
reset stp [ interface interface_list ]

134
Huawei Introduction
End
Thank you!!!

135