H3C: Performance Switch with Half Pink

The acronym for active network equipment, H3C, was born in the partnership between HP and 3Com. In the middle of the golden gigabit line of switches, the manufacturer turned out to be H3C S5120SI.
Despite the detailed and fascinating reading of the User Guide and the Command Reference in the amount of 800 pages each, the settings and controls can be packed into 4 sheets, available to the layman.
Tips on initial setup, under the cut.

Installation and commissioning

All switch configuration steps involve a direct, active connection to the console port. Connection by example of Linux OS:

sudo apt-get install minicom dmesg |grep tty  -  COM-, . ttyS0 sudo minicom -s //  /dev/ttySX,  9600 8N1 sudo minicom

For a switch that is new or raised from stock, the configuration must be reset.

 reset saved-configuration reboot

The basic configuration is the device name, banner, administration interface and password, the current date and time (required to navigate the logs).

 sysname %hostname% undo copyright-info enable undo ip http enable //  vlan %NUM% description vlan_Managment name vlan_Managment interface vlan-interface %NUM% ip address %SWITCH_IP% 255.255.255.0 ip route-static 0.0.0.0 0.0.0.0 %GW_IP% ntp-service unicast-server 217.71.128.77 //  -2,  clock timezone NOVT add 07:00:00 //   super password cipher %PWD_super% user-interface aux 0 authentication-mode password set authentication password cipher %PWD_AUX% telnet server enable user-interface vty 0 4 authentication-mode scheme local-user %USER% password cipher %PWD% service-type telnet user-interface vty 5 15 authentication-mode password set authentication password cipher %PWD_recovery% //        .

Authorization Domain

To use single administration accounts on a switch / login group, the password can be stored on the RADIUS server.
The radcheck table in the RADIUS database:

 username, attribute, op, value: %user%, Cleartext-Password, :=, %password%

In the radgroupreply table, records with the group name are added and the values Service-Type = Administrative-User and Acct-Status-Type = Accounting-On are set. The user is added to the corresponding group in the radusergroup table:

 username, groupname, priority: %user%, %group%, 1

Allow connection to RADIUS and specify the exchange key in the clients.conf file:

 client %SWITCH_NET%/24 { secret = %KEY% shortname = h3c }

On the switch, you must configure the scheme to connect to the authorization server:

 radius scheme %scheme_name% primary authentication %IP_RADIUS% primary accounting %IP_RADIUS% key authentication %KEY% key accounting %KEY% user-name-format without-domain

Setting a domain allows you to log in using local-user and RADIUS server accounts.

 domain %domain_name% authentication login radius-scheme %scheme_name% authorization login radius-scheme %scheme_name% accounting login radius-scheme %scheme_name% access-limit disable state active idle-cut disable self-service-url disable domain default enable %domain_name%

Multiple Spanning Tree Protocol

Layer 2 control protocol MSTP allows you to create redundant connections between switches without forming loops. The root switch specified for the case (instance, 0 is the default) supports all connections in the transfer mode (designated, forwarding), and the switches connected below determine the nearest port to the root and activate them (root, forwarding), the other ports are blocked in order to avoid loops ( alte discarding). It is determined experimentally - after the link disappears, the second link is unlocked on the root switch and the data transfer is resumed in less than 1 second. MSTP allows you to build independent trees for each case (including one or more vlans).

 [DeviceD] display stp brief MSTID Port Role STP State Protection 0 GigabitEthernet1/0/1 ROOT FORWARDING NONE 0 GigabitEthernet1/0/2 ALTE DISCARDING NONE

The sample booth includes three switches and one public vlan:

 interface Vlan-interface %vlan_num% ip address %IP_switch% 255.255.255.0 stp region-configuration region-name %region_name% instance 1 vlan %vlan_num% active region-configuration stp enable

For the root switch, you need to set the priority:

 stp instance 1 root primary

Ports 17, 18 are enabled for access and do not exchange STP packets:

 interface GigabitEthernet1/0/1 port link-type trunk port trunk permit vlan %vlan_num% interface GigabitEthernet1/0/2 port link-type trunk port trunk permit vlan %vlan_num% interface GigabitEthernet1/0/17 port access vlan %vlan_num% stp disable stp edged-port enable interface GigabitEthernet1/0/18 port access vlan %vlan_num% stp disable stp edged-port enable

Bridge Port Aggregation

Aggregation of physical ports allows you to use a group as a single logical link. In addition to redundancy and redundancy, in the event of an accident, such a group summarizes the throughput of the included ports.

On each switch, you need to create a logical aggregation group:

 interface Bridge-Aggregation %agg_num% link-aggregation mode dynamic //     Cisco

For all involved ports in the group, you must specify the appropriate aggregation:

 interface GigabitEthernet %port_num% //     port link-aggregation group %agg_num%

After setting the port mapping to the appropriate aggregation groups, you can set options for the affected channel:

 interface Bridge-Aggregation %agg_num% port link-type trunk //   access vlan_id port trunk permit vlan %vlan_num%

If the aggregation is used in MSTP, then the tree configuration for the node will look like (instead of blocking the physical ports, the state will change for logical links):

 display stp brief MSTID Port Role STP State Protection 0 BridgeAggregation1 ALTE DISCARDING NONE 0 BridgeAggregation2 ROOT FORWARDING NONE

UPD: Some more info for beginners on this switch from alexkoh : Setting up HUAWEI network equipment

H3C: Performance Switch with Half Pink

Installation and commissioning

Authorization Domain

Multiple Spanning Tree Protocol

Bridge Port Aggregation

Recommended reading:

More articles: