Monday , September 28 2020

port security on Huawei switches

How to prevent unauthorized users from connecting their PCs to an enterprise network? How to prevent employees from connecting unauthorized devices to a LAN or moving their computers without permission?

Port Security is a Layer 2 feature, which can be enabled on an interface, to prevent devices with untrusted MAC address, from accessing a switch interface. When enabled, MAC address of the device connected to the port, is dynamically learned by the switch and stored in a memory (by default it is not aged out). Only this MAC address is then allowed to forward traffic over switch port (only one trusted MAC is allowed by default). Every different MAC address will cause the port to go into one of the following states:

  • Protect – packets coming from untrusted MAC address will be dropped,
  • Restrict – packets coming from untrusted MAC address will be dropped and SNMP trap message will be generated (default behavior),
  • Shutdown – port will be put into shutdown state.

Let’s configure  port security feature on a switch port and see, how it works.

<labnarioSW1>sys
Enter system view, return user view with Ctrl+Z.
[labnarioSW1]interface gi0/0/1
[labnarioSW1-GigabitEthernet0/0/1]port link-type access
[labnarioSW1-GigabitEthernet0/0/1]port-security enable

Read More »

GRE over IPSec on Huawei AR routers

If you want to recall how to configure GRE, just look at GRE on Huawei routers.

You can return to IPSec configuration, reading IPSec on Huawei AR router.

Today, I’m going to put them together and try to configure GRE over IPSec.

Based on the topology below, configure IP adresses and OSPF protocol to ensure connectivity between all routers (omitted here).

Configure tunnel interface on labnario_1 and labnario_3:

[labnario_1]interface Tunnel0/0/0
[labnario_1-Tunnel0/0/0] ip address 10.0.0.1 255.255.255.0 
[labnario_1-Tunnel0/0/0] tunnel-protocol gre
[labnario_1-Tunnel0/0/0] source 150.0.0.1
[labnario_1-Tunnel0/0/0] destination 160.0.0.1

Read More »

from Huawei CLI – fixdisk

I’ve had only one case when I used this command and … full success.

Sometimes it can happen that the file system doesn’t work properly. When you run dir command, you can find the space, which usage status is unknown. The system prompts you that the file system should be restored. Then you can run fixdisk command to release the unknown space.

Notice that:

  • It is not recommended to use it when the file system works correctly.
  • It doesn’t help when physical medium is damaged.
  • Do not use it when CPU usage is high.
Lost chains in flash detected, please use fixdisk to recover them!
<labnario>fixdisk flash:
Fixdisk flash: will take long time if needed
%Fixdisk flash: completed.

Read More »

Huawei eNSP – news

A new Huawei network simulator eNSP has been released.

You can download it clicking on the picture below:

huawei-enterprise-network-simulation-platform

Anyway, the first version of Huawei eNSP was introduced one year ago. I would like to know your opinions about the simulator. What is your experience with it? Is it helpful of useless for you? Feel free to express you thoughts.

Read More »