Sunday , June 25 2017

Inter-VLAN communication on USG firewall

It’s time to check a firewall available in eNSP simulator. Today a simple task, just configuring inter-VLAN communication on Huawei USG5500.

Let’s look at the following topology:

Configuration roadmap:

  1. Configure L2 communication on the switch.
  2. As the switch is L2, configure subinterfaces on the firewall and enable L3 communication between different VLANs.
  3. Set IP addresses and gateways for all PCs.
  4. Create 2 security zones and configure interzone packet-filterfing to control traffic between VLANs.
  5. Security requirements for the network:
  • PC1 in VLAN100 and PC2 in VLAN200 can communicate each other.
  • PC3 in VLAN300 can access PC1 and PC2. PC1 and PC2 cannot access PC3.

Read More »

Huawei eNSP – news

After long time a new version of Huawei eNSP has been released:

New features:

  • Support CE6800 DC switch.
  • Support any wvrp device.
  • Export vrpcfg.cfg from usg5500.

Read More »

memory usage alarm threshold

 Huawei AR routers have easy and effective memory usage monitoring tool. When memory usage exceeds configured threshold, the system logs the event and generates an alarm. When memory usage falls within the alarm threshold, the system generates a clear alarm.

By default memory usage threshold is set to 90% when the memory capacity on the interface board is lower than or equal to 128MB, and 95% when the memory capacity is higher that 128MB. Memory usage threshold can be easly changed using command:

[labnario]set memory-usage threshold 75

Read More »

from Huawei CLI – rollback configuration

Well known feature from JunOS, now implemented by Huawei in Cloud Engines switches like CE12800, CE7800, CE6800 and CE5800. This feature will be implemented in NE routers as well, starting from V8R6 software version.

We have opportunity to choose wheter changes can be saved automatically or must wait for administrator’s confirmation:

system-view

In this case, the configuration takes effect after you run the commit command (two-phase validation mode).

system-view immediately

Read More »

NAT server on Huawei USG5500

The last article dealt with outbound NAT. Let’s focus today on NAT server. NAT server enables private network servers to provide services for external networks with public IP addresses. In this lab, our enterprise provides FTP services for external users.

We can use the topology from the last post:

In our case AR router works as FTP server:

Read More »