Monday , October 15 2018

equivalent of Cisco Private Vlan —> Huawei MUX Vlan

Do you know the Private VLAN feature from Cisco switches? The same feature exists on Huawei switches and is called the MUX VLAN.

How does this feature work?

MUX VLAN allows isolating Layer2 traffic of different interfaces in the same VLAN, and still allowing access to common resources.

Look at the topology below. Let’s assume that we want to configure our labnariosw switch, so that:

  • hosts in VLAN10 should be able to ping each other and ping server in VLAN30
  • hosts in VLAN20 should be able to ping server in VLAN30 but not each other
  • hosts in VLAN10 should not be able to ping hosts in VLAN20.

Read More »

how to find TC packets source on Huawei switch

Topology Change (TC) packets are sent when MSTP-enabled interface in a network flaps. If a physical interface frequently alternates between Up and Down, the MSTP status of the device in the network becomes unsteady. As a result, a large number of TC messages are generated, ARP entries are frequently deleted and services are interrupted.

How to find the source of TC packets?

Let’s look at the log, generated on one of the switches in a network. Let’s take Huawei S9300 switch as an example:

Dec 19 2012 11:32:56+10:00 S9300 %%01MSTP/6/RECEIVE_MSTITC(l)[40922]:MSTP received BPDU with TC, MSTP process 0 instance 0, port name is GigabitEthernet6/0/0.

What can we find in this log?

The most important for us is the port number on which the switch received TC packet, in this case interface GE6/0/0. To troubleshoot this problem we have to go to the next switch, connected to interface GE6/0/0 and check logs of that switch. If the neighbouring switch receives TC packets as well, we have to do further troubleshooting. If we find in the logs that MSTP-enabled interface is flapping, we can consider that this interface is the source of the TC packet. If this interface is still flapping, just make it down, to avoid unsteady behaviour.

Read More »

basic BGP in Huawei CLI – part 2

This article is a continuation of the basic BGP with Huawei CLI.

Today I want to explain you, why labnarioR5 router cannot ping BGP prefixes advertised by BGP AS50. Do you remember our BGP topology? I have configured BGP protocol as in the picture below:

There are three BGP Autonomous Systems: AS50, AS100 and AS55. All are connected via EBGP peering sessions. AS100 has three routers forming IBGP full mesh. LabnarioR1 router in AS50 advertises three prefixes:

  • 11.10.10.0/24
  • 12.10.10.0/24
  • 13.10.10.0/24

All these prefixes are advertised by the routers in AS100 and pass to AS55. LabnarioR5 router has these prefixes in its BGP and routing tables, but cannot ping them. Why is it like that?

Read More »

connection to ssh server by stelnet and sftp

Today I would like to focus on SSH application. What I want to do is to configure SSH connection between two switches, using password and RSA authentication:

  • Connection between stelnet client and SSH server
  • Connection between SFTP client and SSH server.

Let’s look at the simple SSH topology:

Read More »

from Huawei CLI – virtual-cable-test

My friend found an interesting command while he was searching Huawei S3700 documentation. It looks like it is possible to check (by command) a state of physical cable, connected to electrical Ethernet or GigabitEthernet interfaces. I have never used it but as soon as I get such switch I promise to test it.

Short description from Hedex:

  • When the checked cable is in normal state, the total length of the cable is displayed in the output information.
  • If the cable is abnormal, the distance between the interface and the faulty point is displayed.
[Quidway] interface Ethernet 0/0/1
[Quidway-Ethernet0/0/1] virtual-cable-test
Warning: The command will stop service for a while, Continue [Y/N]?y
Pair A length: 189meter(s)
Pair B length: 189meter(s)
Pair C length: 189meter(s)
Pair D length: 189meter(s)
Pair A state: Ok
Pair B state: Ok
Pair C state: Ok
Pair D state: Ok

Read More »