Tag Archives: CX600

Network administrators often need to capture packets, on switches or routers, to locate faults. Some devices do not support remote mirroring, that’s why administrators have to go on-site to capture packets, using local mirroring.

We have a useful command (capture-packet …), on some devices, to catch packets remotely. When taking S5700 switch into consideration, we can capture all packets from an interface (port mirroring) or packets matching specified rules (traffic mirroring). These capture packets can be sent to FTP or TFTP servers and displayed on terminal screen. CX600 and NE40E routers with V6R3 software version can send capture packets to local CF card (name.cap file).

Let’s look at this command:

[Huawei]capture-packet ?
  acl        Acl
  cpu        Packet send to cpu
  interface  Ingress Interface

As you can see you can use port or traffic mirroring. You can also catch packets sent to CPU.

[Huawei]capture-packet interface GigabitEthernet 0/0/1 destination ?
  ftp-server   Send to ftp server
  terminal     Output terminal
  tftp-server  Send to tftp server

Access Control List ACL

There are five types of ACLs on Huawei devices. Taking CX600 into consideration there are:

1. Basic ACL (number ranges from 2000 to 2999) classifies packets based on a source address
2. Advanced ACL (number ranges from 3000 to 3999) source address, destination address, source port number, destination port number, and protocol type
3. Interface-based ACL (number ranges from 1000 to 1999) classifies packets based on the interface from which the packets are received
4. Ethernet Frame Header ACL (number ranges from 4000 to 4099) classifies packets based on source and destination MAC addresses
5. User ACL (number ranges from 6000 to 9999) classifies packets based on user groups.

The rules order depends on rule ID and rule matching order. There are two matching orders:

• Configuration order – ACL rules are matched based on their configuration order. Rules IDs can be configured by user or generated by system automatically according to ACL step. By default the system generates 5 as the first rule ID. So the next rule ID will be 10, 15 and so on. Anytime you can configure rule ID manually, for example rule 1 and this rule will be placed before 5. You do not have to delete the whole ACL. Each time you can delete a specific rule without deleting the whole ACL.

• Automatic order – the most precise rule is taking as the first. This is implemented through the comparison of wildcard masks. The system assigns rule IDs automatically.

What is NQA?

It is a feature that functions above link layer to measure performance of protocols running at the network layer, transport layer and application layer. It is useful to monitor network and locate faults occurring in the network. NQA can accurately test the network and collect statistics as well. You can configure and display NQA statistics through CLI but, as NQA is fully supported by Huawei NMS, you can also do this in GUI.

Most of Huawei devices support NQA but configuration can vary a little bit between NE routers, AR routers and switches. Of course we can perform more advanced test on carrier class devices. In this post we will focus on CLI and use CX600 router as an example.

NQA tests supported by CX600:

• • ICMP test
  • DHCP test
  • FTP test
  • HTTP test
  • DNS test
  • Traceroute test
  • SNMP test
  • TCP test
  • UDP test
  • ICMP Jitter test
  • UDP Jitter test
  • LSP Ping test
  • LSP Traceroute test
  • LSP Jitter test