from Huawei CLI – virtual-cable-test

My friend found an interesting command while he was searching Huawei S3700 documentation. It looks like it is possible to check (by command) a state of physical cable, connected to electrical Ethernet or GigabitEthernet interfaces. I have never used it but as soon as I get such switch I promise to test it.

Short description from Hedex:

  • When the checked cable is in normal state, the total length of the cable is displayed in the output information.
  • If the cable is abnormal, the distance between the interface and the faulty point is displayed.
[Quidway] interface Ethernet 0/0/1
[Quidway-Ethernet0/0/1] virtual-cable-test
Warning: The command will stop service for a while, Continue [Y/N]?y
Pair A length: 189meter(s)
Pair B length: 189meter(s)
Pair C length: 189meter(s)
Pair D length: 189meter(s)
Pair A state: Ok
Pair B state: Ok
Pair C state: Ok
Pair D state: Ok

VRRP on Huawei router

Virtual Router Redundancy Protocol (VRRP) combines a group of routing devices on a LAN into a backup group that functions as a virtual router. From the host perspective in the LAN, it only needs the IP address of the virtual router rather than the IP address of a specific device in the backup group. Virtual IP address must be set as a default gateway for the host in the LAN. VRRP dynamically associates the virtual router with a physical device that transmits services. When the device fails, the second device is selected to handover traffic. The switchover should be transparent to users, allowing the internal and external networks to communicate without interruption. It, of course, depends on configured services. Most sensitive services need higher reliability and VRRP itself is not enough. But I will mention about it later in the post.

Let’s switch from theory to more practical things.

VRRP topology:

Assure communication between all elements in the network. It is omitted here.

IPSec on Huawei AR router

How to secure communication between two sites connected to the Internet?

Use Site-to-Site IPsec VPN tunnel between two Huawei routers. IPsec VPN is an open standard protocol suite, defined by the IETF in the following RFCs: 2401, 2402-2412, 2451. IPSec is a widely used protocol for securing traffic on IP networks, including the Internet. IPSec can encrypt data between various devices, including router to router, firewall to router, desktop to router, and desktop to server.

How to configure IPsec VPN using Huawei CLI?

Let’s assume that we have two sites, Site1 and Site2. Both sites have PCs connected to the LAN network, PC1 and PC2 respectively. The sites are connected through WAN network (in our case labnarioR2 router simulates WAN). We want to secure communication between PC1 and PC2. To do so, we have to configure IPSec VPN tunnel between both sites. In our case tunnel will be established between labnarioR1 and labnarioR3 routers. Both routers will be responsible for data encryption and decryption using specified algorithms.

Frame Relay interface on Huawei router

Let’s assume that we have a Frame Relay topology like in the picture below. We want to have full IP connectivity between our ‘labnario’ routers. To demonstrate, how to configure different types of Frame Relay interface, I will use:

  • physical serial interface on labnario1 router
  • logical point-to-point interface on labnario2 router
  • logical point-to-multipoint interface on labnario3 router.

Let’s start with labnario1 configuration.

[labnario1]interface Serial0/0/0
[labnario1-Serial0/0/0] link-protocol fr
[labnario1-Serial0/0/0] fr map ip 102 broadcast
[labnario1-Serial0/0/0] fr map ip 103 broadcast
[labnario1-Serial0/0/0] ip address

