Huawei:VRP
From Cheatsheet
Versatile Routing Platform for Huawei network devices.
Basics
Connecting via Console [Windows]
- Plug a Console cable into the Huawei switch and connect the cable to your laptop/whatever. Best type of cable to use is USB to Console;
- Check Windows "Device Manager" - "Ports (COM & LPT)" to view what COM port is in use;
- Use a Serial client (such as Putty) to connect to the switch by filling in the correct COM port;
- In the opened CLI, you may have to press Enter to see the first CLI output.
You may have to modify the Serial interface settings in your Serial client depending on the switch you're connecting with.
https://support.huawei.com/enterprise/en/doc/EDOC1100137934/f86aae6a/logging-in-through-a-console-port Cloud Engine switches/routers need: - 9600 baud - 8 data bits - 1 stop bit - no parity - no flow control
Reset a switch
# Delete the current saved Config reset saved-configuration Y reboot N Y
Commandline
# Quit the current view or quit the session if in User view quit # Enter System view from User view mode to perform switch configuration system-view # Enter Interface view for interface 10GE1/0/40 interface 10GE1/0/40 # Enter user view mode from any other mode return # Use the "run" command to execute a User view command within System view mode run display version # Display the configuration of the current view (can be used in any view, including Interface view) display this # Enter diagnose view from system-view [DANGER] diagnose # Use "?" to list all available commands in any EXEC mode ? # Also use the "?" key to show available parameters to any command display current-configuration ?
Use the TAB key for command auto-completion when you have typed in sufficient keys. Use the UP and DOWN keys to 'scroll' through any previous commands you've executed. Ctrl + W = Delete word on the left Alt + D = Delete word on the right Ctrl + U = Delete the entire line you've typed
Checks
Common
# Show basic system information (User view) display version # Show the time display clock # Display latest 10 commands entered during current session display history-command # Display all commits made to the device display configuration commit list # Display security risks and recommended actions display security risk # Display all MAC addresses traversing Eth-Trunk27 display mac-address int Eth-Trunk27 # Display found IP-addresses associated with their MAC addresses display arp
Configuration
# Show the switches' current configuration display current-configuration # Show more of switches' current configuration display current-configuration all # Show the configuration that will be used for the next reboot display saved-configuration # Compare the saved configuration to the current configuration (User view) compare configuration # Show the current configuration for interface 10GE1/0/1 display current-configuration interface 10GE1/0/1 # Display all interface configurations display current-configuration interface
Logs
# Display logs display logbuffer # Display logs in a more human format display logbuffer brief # Display logs starting from a specific date display logbuffer starttime 2023/10/02,10:27:00 # Display logs for a specific log severity level display logbuffer level 4 # Display 10 logs display logbuffer size 10 # Combine parameters to filter for logs display logbuffer level 4 size 10
Hardware
# Display hardware modules and current status display health
Stack
# Display basic stack configuration display stack # Display stack configuration of any operational domains display stack configuration # Display stack configuration of all domain (all member ports) display stack configuration all # Display errors and issues relating to stack merging display stack troubleshooting
Network
# Ping IP 8.8.8.8 ping 8.8.8.8 # Ping an IP using the MGMT vpn-instance ping -vpn-instance MGMT 192.168.20.120
VLANs
# Display all VLANs and the interfaces they're used on display vlan # Show all defined VLANs display vlan summary
Interfaces
# Show shorthand summary of switchport-state, down/up status, utilization and errors display interface brief # Show detailed interface information such as input/output packets, CRC errors, discards and more display interface # Display detailed information for interface 10GE1/0/48 such as input output, CRC errors, discards and more display interface 10GE1/0/48 # Show brief interface information and status for all Ethernet interface display interface Ethernet brief # Show the recovery status of an interface in an error/down state display error-down recovery # Show counter information for all interfaces display counters # Show counters for a specific interface display counters interface 10GE1/0/20 # Show an interfaces' configuration, but also include default configurations (INTERFACE VIEW) display current-configuration interface 10GE1/0/11 include-default # Display interfaces which are members of eth-trunk 44 display eth-trunk membership 44
Debugging
system-view info-center enable quit # Activate outputting to the monitor terminal monitor terminal debugging # Activate debugging for SSH debugging ssh server all
Configuration
Common
# Apply any changes to the running configuration commit # Save the running configuration to startup configuration (user view) save # Change the system name to sw02 sysname sw02 # Configure the switches' domain dns domain brammerloo.nl # Configure Dutch time-zone clock timezone CEST add 01:00:00 clock daylight-saving-time CEST repeating 02:00 last Sun Mar 02:00 last Sun Oct 01:00 # Set a default gateway for traffic originating from the switch itself ip route-static 0.0.0.0 0.0.0.0 192.168.100.1 # Disable logs, traps and debugs from being output directly to your terminal undo terminal monitor
Banner
header login information % *************************************************************\ *========================= COMPANY =========================*\ * *\ * UNAUTHORISED ACCESS PROHIBITED ! *\ * *\ * *\ **************************************************************%
SSH
Configure basics before generating a key:
sysname SW03 dns domain brammerloo.nl
# Generate a local key pair. rsa local-key-pair create Y # Enable SSH server stelnet ipv4 server enable # Set the interface to SSH on ssh server-source -i vlanif 99 Y # Set password authentication as the mechanism for all SSH users and service type to STelnet ssh authentication-type default password # Configure virtual interfaces for SSH and AAA user-interface vty 0 4 authentication-mode aaa protocol inbound ssh quit # Create an aaa SSH user, configure permission and set a password aaa local-user MYUSER password irreversible-cipher MYP@SSWORD local-user MYUSER service-type ssh local-user MYUSER level 3 quit # Commit the changes commit
SNMP
SNMPv3 configuration.
# Enable SNMPv3 snmp-agent sys-info version v3
# Create an Authentication and Crypto password for a specific user: snmp-agent usm-user v3 myuser authentication-mode sha Please configure the authentication password (8-255) Enter Password: <Auth Password> Confirm Password: <Auth Password> snmp-agent usm-user v3 myuser privacy-mode aes256 Please configure the privacy password (8-255) Enter Password: <Crypto Password> Confirm Password: <Crypto Password>
# Add the user to a group, so you can specify to what views/OIDs it has access to snmp-agent usm-user v3 myuser group snmp_group snmp-agent mib-view included isoview iso snmp-agent group v3 snmp_group privacy read-view isoview write-view isoview notify-view isoview
At this point, you should be able to access information via SNMP for said configured device.
Test it from your NMS by using snmpwalk such as in Linux:Services#V3_client_installation.
Extra configuration:
# Set device information for your NMS to read out snmp-agent sys-info contact Patrick Tel : 00 55 55 55 555 snmp-agent sys-info location Enschede, Netherlands
# Configure an ACL for access from your NMS, to specific views/OIDs acl 2161 rule permit source 192.168.99.66 255.255.255.255 rule deny quit snmp-agent group v3 snmp_group privacy read-view isoview write-view isoview notify-view isoview acl 2161
Network
VLAN creation
# Create vlan 101 and name it Hotcakes vlan 101 name Hotcakes # Create multiple VLANs and VLAN ranges vlan batch 102 103 103 105 200 to 210 315
Interfaces
# Shutdown a port
shutdown
# Bring up a shutdown interface
undo shutdown
# Clear the configuration for interface 10GE1/0/48
clear configuration interface 10GE1/0/48
# Select interface range 10GE1/0/33 to 10GE1/0/48
interface range 10GE1/0/33 to 10GE1/0/48
# A decent interface description
description Core: TheConnectedDevice01 FastEthernet0/0 [xxxMbit] {CIRCUIT-ID} (Put any note in here, for example a PROVIDER and PROVIDER-CID)
Access VLAN
interface 10GE1/0/1 port link-type access port default vlan 200 undo shutdown
Trunk
interface 10GE1/0/48 portswitch port link-type trunk port trunk allow-pass vlan 100 200 undo shutdown
VLAN
interface vlanif 30 ip address 192.168.7.77 255.255.255.0 undo shutdown
MGMT VLAN
interface MEth0/0/0 ip address 192.168.99.11 255.255.255.0 port link-type access port default vlan 99 undo shutdown
Spanning Tree
# Make a switch root bridge for VLAN 27 stp vlan 27 root # Make a switch secondary in case the root bridge fails for VLAN 27 stp vlan 27 secondary
Switch-stack
- https://support.huawei.com/enterprise/en/doc/EDOC1100137947/cb36698d/example-for-establishing-a-stack-of-two-switches-connecting-cables-and-then-configuring-software
- https://support.huawei.com/enterprise/tr/doc/EDOC1000060766/e9dd7d04/how-do-i-troubleshoot-a-stack-setup-failure
- Prerequisite: Clear configuration for offline interfaces in any stack-port. They may cause conflicts
- Don't connect any physical cables until the end
sw1
Define stack domain, membership status and priority (higher = more primary)
stack stack member 1 priority 150 stack member 1 domain 10 quit commit
Shutdown the stack-ports. Value left of the / is the stack ID of your switch
interface stack-port 1/1 shutdown interface stack-port 1/2 shutdown
Associate physical interfaces with the stack
interface 10GE1/0/47 description Core: sw2 10GE1/0/47 [10Gbps] port mode stack stack-port 1/1
interface 10GE1/0/48 description Core: sw2 10GE1/0/48 [10Gbps] port mode stack stack-port 1/2
On the primary (sw1) bring up the switchports in use for stacking in sw2
interface 10GE2/0/47 undo shutdown interface 10GE2/0/48 undo shutdown
Commit the changes, save config and reboot!
commit return save reboot
sw2
Define stack domainID , membership status and priority (higher = more primary).
Turn member ID from default of 1 into 2. Inherit config of the master as soon as a stack is formed.
stack stack member 1 priority 140 stack member 1 domain 10 stack member 1 renumber 2 inherit-config quit commit
Associate physical interfaces with the stack.
interface 10GE2/0/47 description Core: sw1 10GE1/0/47 [10Gbps] port mode stack stack-port 2/1
interface 10GE2/0/48 description Core: sw1 10GE1/0/48 [10Gbps] port mode stack stack-port 2/2
Commit the changes, save config and reboot!
commit return save reboot
On boot you should see something like:
Initializing stack ........................................... DONE Stack member ID .............................................. 2 Stack domain ID .............................................. 10 Stack priority ............................................... 120 Default MAC .................................................. xx-xx-xx-xx-xx-xx Competing with other devices in the stack .................... DONE Stack role ................................................... MASTER
sw1/sw2
After sw2 reboot, connect the cables between the physical interfaces of sw1 & sw2.
Bring up the shutdown stack-ports on sw1.
interface stack-port 1/1 undo shutdown interface stack-port 1/2 undo shutdown
The merge-process will begin causing sw2 to reboot.
