Sunday , June 4 2023

fun with wildcard mask on Huawei device

18 Aug, 2020 Command Line, How To, Security 0

You, as the network administrator, were tasked with providing access to a network, where 4 machines have been connected.

It is simple task. Nothing can happen, but…

Everything is ready and you are checking connectivity between RT2 and those machines, and… To your suprise, you can only ping even-numbered IP addresses:

[RT2]ping 192.168.10.1
   PING 192.168.10.1: 56  data bytes, press CTRL_C to break
     Request time out
     Request time out
     Request time out
     Request time out
     Request time out

 [RT2]ping 192.168.10.2
   PING 192.168.10.2: 56  data bytes, press CTRL_C to break
     Reply from 192.168.10.2: bytes=56 Sequence=1 ttl=127 time=30 ms
     Reply from 192.168.10.2: bytes=56 Sequence=2 ttl=127 time=20 ms
     Reply from 192.168.10.2: bytes=56 Sequence=3 ttl=127 time=30 ms
     Reply from 192.168.10.2: bytes=56 Sequence=4 ttl=127 time=40 ms
     Reply from 192.168.10.2: bytes=56 Sequence=5 ttl=127 time=30 ms

 [RT2]ping 192.168.10.3
   PING 192.168.10.3: 56  data bytes, press CTRL_C to break
     Request time out
     Request time out
     Request time out
     Request time out
     Request time out

 [RT2]ping 192.168.10.4
   PING 192.168.10.4: 56  data bytes, press CTRL_C to break
     Reply from 192.168.10.4: bytes=56 Sequence=1 ttl=127 time=30 ms
     Reply from 192.168.10.4: bytes=56 Sequence=2 ttl=127 time=40 ms
     Reply from 192.168.10.4: bytes=56 Sequence=3 ttl=127 time=30 ms
     Reply from 192.168.10.4: bytes=56 Sequence=4 ttl=127 time=30 ms
     Reply from 192.168.10.4: bytes=56 Sequence=5 ttl=127 time=30 ms

Read More »

QinQ termination on subinterfaces to support DHCP Relay

4 Apr, 2018 Ethernet, IP Services, VPN 1

So far you have learned basic and selective QinQ on Huawei swiches. They seem like a simple Layer 2 VPN solution, which we can use to connect 2 or more offices. And of course, it is truth.

But, sometimes, we want to have an access to external services or just to the Internet, instead of connecting 2 branch offices. And, still we can use QinQ technology, why not?

The only thing we should do is to terminate QinQ VLAN Tag on a router. Just create L3 subinterface and let the router to use IP routing table to forward packets.

In our LAB, I am going to show you how to terminate QinQ to use DHCP server, located outside our network. In this case DHCP Relay feature must be used.

So let’s get to the point!

QinQ termination on subinterfaces to support DHCP Relay on Huawei

Topology of QinQ to support DHCP Relay

Read More »

selective QinQ on Huawei switches

26 Mar, 2018 Ethernet, VPN 1

Let’s go ahead with QinQ technology. In the last post you had the opportunity to know basic QinQ tunneling on Huawei switches. The QinQ tunnel attaches the same outer tag to all the frames entering the Layer 2 QinQ interface.

In this lab I would like to attach different outer tags, to the frames entering the Layer 2 QinQ interface, according to different inner tags. It is useful when packets are going to be differentiated in a provider’s network. Why? Because of service type, user’s application etc.

In this case we have 1 enterprise network with branch office located in another city. Customer network is divided into 2 VLANs to differentiate existing services. Our task is to transparently transmit packets, through ISP network, paying attantion to not allowing traffic between VLAN10 and VLAN20.

Selective QinQ topology

Read More »

basic QinQ configuration on Huawei switches

19 Mar, 2018 Ethernet, VPN 3

In traditional 802.1Q protocol, service provider should assign different VLAN IDs to users of different VLANs. The numer of VLANs is limited to 4094 IDs. In addition, different users cannot use the same VLAN ID.

A simple method to solve this is to implement QinQ. The QinQ technology improves the utilization of VLANs by adding another 802.1Q tag to a packet with an 802.1Q tag. In this manner, services from the private VLAN can be transparently transmitted through the public network. The ISP network only provides one VLAN ID for different VLANs from the same user network. This saves VLAN IDs of an ISP. Meanwhile, the QinQ provides a simple Layer 2 VPN solution to a small MAN or a local area networks.

QinQ tunneling on Huawei switches

Let’s assume that we have two enteprise networks. Each enterprise has two branch offices, located in different cities. As an ISP, we cannot force these enterprises to use different VLAN planning. In our case, both use VLAN 10 and our task is to transparently transmitt traffic, through ISP network, between remote offices.

What we want to achieve is to ensure communication between remote offices of each enterprise and to block communication between Enterprise_1 and Enterprise_2. We can use basic QinQ tunneling in this case. It adds the same outer VLAN tag to all the frames entering a Layer 2 port.

Read More »

RIP loop protection

6 Jul, 2017 IP Routing 0

I am going to show you how RIP loop protection works. Let’s take the topology from the previous post to demonstrate the features.

RIP topology

There are 2 methods of loop protection: Split Horizon and Poison Reverse.

Split Horizon

It prohibits a router to advertise a route back to neighbors, through the interface that receives the routes. Split Horizon is enabled by default on Huawei routers:

[R1]display rip 1 interface Serial 0/0/0 verbose
Serial0/0/0(192.168.20.1)
State : UP MTU : 500
Metricin : 0
Metricout : 1
Input : Enabled Output : Enabled
Protocol : RIPv2 Multicast
Send version : RIPv2 Multicast Packets
Receive version : RIPv2 Multicast and Broadcast Packets
Poison-reverse : Disabled

Authentication type : None
Replay Protection : Disabled

Split Horizon is disabled by

Read More »
Design By: ThemeTen