What Switch model of Huawei support PoE?

If the model name of a switch contains PWR or PWH, this switch supports the PoE function. For example, S5700-24TP-PWR-SI is a PoE-capable switch.

Advertisements

What’s the difference between MA5683T and MA5800-X7?

The 40 Gbit/s-capacity Next-Generation Optical Line Terminal. Huawei’s SmartAX MA5800 multiple-service access module employs a distributed architecture to support ultra-broadband, Fixed Mobile Convergence services, and smart capabilities.

This article main talking about the difference between MA5683T & MA5800 X7 .

QQ图片20171228170515

QQ图片20171228170549

In addition to the basic performance of different, in the software system operation is also different, the following is the biggest difference.

QQ图片20171228170624

QinQ l2pt PVST+ failed because of miss-configuration

Issue Description

Topology:

QQ图片20171226170203

Huawei S5700 related configuration:
Software Version V200R003C00SPC300
#
sysname Quidway
#
vlan batch 166
#
l2protocol-tunnel eoam3ah group-mac 0100-0ccd-
cdd0
l2protocol-tunnel gmrp group-mac 0180-e500-0001
l2protocol-tunnel gvrp group-mac 0180-e500-0002
l2protocol-tunnel cdp group-mac 0100-0ccd-cdd0
l2protocol-tunnel dtp group-mac 0100-0ccd-cdd0
l2protocol-tunnel pvst+ group-mac 0100-0ccd-cdd0

interface Vlanif1
ip address 10.10.2.41 255.255.255.0
#
interface GigabitEthernet0/0/1
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 166
stp disable
#
interface GigabitEthernet0/0/3
port link-type dot1q-tunnel
port default vlan 166
stp disable
l2protocol-tunnel stp cdp pvst+ enable

jumboframe enable 9712
#

PVST+ packets cannot pass through the tunnel and PVST domain cannot be integrated over Huawei network.

Alarm Information

<Quidway>display l2protocol-tunnel statistics GigabitEthernet 0/0/3
—————————————————————————–
Port            Protocol           Drop      Input       Output    Drop
Threshold     Packets   Packets   Packets
—————————————————————————–
GE0/0/3         stp                   0              6                 0         0
cdp                  0              6                 0         0
pvst+                0              0                 0         0

Statistic show only input packets. PVST+ packets cannot be transmitted properly.

Handling Process

By default, on V200R003 version, the packets with destination MAC address 0100-0ccc-cccc are processed as BPDUs, and packets with destination MAC address 0100-0ccc-cccd are forwarded by the hardware as data.

Because are forward as data packets, it will not be transmitted over layer 2 protocol tunnel. In this case we need to enforce the switch to process DA 0100-0ccc-cccd packets as bpdu and not as data packets.

Configuration:

<HUAWEI> system-view
[HUAWEI] bpdu mac-address 0100-0ccc-cccd

QQ图片20171226170203

Root Cause

Capturing the packets on Gi0/0/3, relieved that packets are send through the tunnel without changing the destination address.

Since in the switch configuration we add  “l2protocol-tunnel pvst+ group-mac 0100-0ccd-cdd0” command for l2protocol-tunnel group-mac definition, packets entering to the tunnel should have destination address, changed from “0100-0ccc-cccd” (default value) to “0100-0ccd-cdd0”.

Suggestions

Bridge protocol packets belonging to devices from other vendors need to be processed as BPDUs. You can set the MAC address of such packets to the MAC address of BPDUs

 

Services Are Interrupted Due to Different MTU Values on Huawei S5700 and Vendor R’s Switch

Issue Description

Two Huawei S5700s are configured in a stack. Each switch is connected to a vendor R’s switch through an Eth-Trunk that is aggregated by three Ethernet links. The 5700s, functioning as access switches, use Eth-Trunk interfaces to transparently transmit VLAN packets to vendor R’s switches. The gateway is configured on vendor R’s switch. Service interruption occurs from time to time, but the interface status is normal and no alarm information is generated. Such symptoms cannot be simulated.

Alarm Information

None

Handling Process

The MTU value on the S5700 cannot be changed. Therefore, change the MTU value on interfaces of vendor R’s switch to 1600. After the configuration, services are recovered.

Root Cause

When the fault occurs, capture packets on the S5700 and analyze the Eth-Trunk. It is found that the size of response packets is 1500 bytes or nearly 1500 bytes, and the DF value of these large packets is 1 indicating that the packets cannot be fragmented. Capture packets on the uplink device. It is found that the uplink device cannot receive large packets of 1500 bytes or nearly 1500 bytes. The fault may occur on the Eth-Trunk. After communication with vendor R, it is found that the MTU value is set to 1492 on member interfaces of the Eth-Trunk on vendor R’s switch. Change the MTU value to 1600. Services are recovered.

Suggestions

None

The port state in instance 2 of MSTP is not correct due to mis-configurations in same region

Issue Description

The port1(ge0/1/1) state in instance 2 of MSTP in Huawei S5700 switch was forwarding, should be discarding as designed (see below topology), however, it was forwarding:
[s5700]dis stp ins 2 brief
MSTID  Port                        Role  STP State     Protection
2    GigabitEthernet0/0/47       DESI  FORWARDING      NONE
2    GigabitEthernet0/0/48       DESI  FORWARDING      NONE
2    GigabitEthernet0/1/1        MAST  FORWARDING      NONE
2    GigabitEthernet0/1/2        ALTE  DISCARDING      NONE
QQ图片20171117104757
Alarm Information

There is no alarm.

Handling Process

1.after checking the confiruations, we found that the region configurations in instance 3 was different on s5700 from the two core switches(CSW1&CSW2),
a.csw1
stp region-configuration
region-name RG1
revision-level 1
instance 1 vlan 5 10 15
instance 2 vlan 20 25 30
instance 3 vlan 500 to 501
active region-configuration
b.csw2
stp region-configuration
region-name RG1
revision-level 1
instance 1 vlan 5 10 15
instance 2 vlan 20 25 30
instance 3 vlan 500 to 501
active region-configuration
c.s5700
stp region-configuration
region-name RG1
revision-level 1
instance 1 vlan 5 10 15
instance 2 vlan 20 25 30
instance 3 vlan 500
active region-configuration
2. So this make the s5700 in the differnet region, so it chose the port1(ge0/1/1) as master port to connect to the other MSTP region:
[s5700]dis stp ins 2 brief
MSTID  Port                        Role  STP State     Protection
2    GigabitEthernet0/0/47       DESI  FORWARDING      NONE
2    GigabitEthernet0/0/48       DESI  FORWARDING      NONE
2    GigabitEthernet0/1/1        MAST  FORWARDING      NONE
2    GigabitEthernet0/1/2        ALTE  DISCARDING      NONE
3. Add the vlan 501 in instance3 on s5700, and active the region configurations, it became OK.
instance 3 vlan 501
active region-configuration

Root Cause

The region configurations of another instance3 on s5700 was different with the two core switches.(CSW1&CSW2)

Suggestions

The MSTP region contains four elements, Configuration Name,Revision Level,Configuration
Identifier Format Selector,and the mapping of VIDs to spanning trees.If one of them is different, should be in different MSTP region.
When design and deploy a MSTP network, should pay attention to the above things.

 

The user uses TACACS server authentication to login S5700 but always failed case

Issue Description

The customer uses TACACS server as the authentication method, after he configures on the switch S5700, but he always can’t login the switch S5700.

Alarm Information

None

Handling Process

Firstly,To check basic configuration, I find that the Tacacs configuration isn’t complete on S5700, there are some important configuration lost. As following:

aaa
authentication-scheme default
authentication-scheme test
authentication-mode hwtacacs
authorization-scheme default
authorization-scheme test               
authorization-mode hwtacacs
authorization-cmd 3 hwtacacs
authorization-cmd 15 hwtacacs
accounting-scheme default
accounting-scheme test
accounting-mode hwtacacs
domain default
domain default_admin

// There is no domain configuration for the hwtacacs authentication, need to configure.

And then ask the customer to add the following domain configuraion:

domain test
authentication-scheme test
authorization-scheme test
hwtacacs-server test

After added above configuration, the customer test again but still failed. At this time, he find that the authentication on the Tacacs server shows login successfully, as following:

Troubleshooting Of MAC Flapping For S7703

Issue Description

eSight detect the phenomenon MAC Flapping in S7703.

Alarm Information

This is the screenshot of alarm from eSight:

QQ图片20171109151819

Handling Process

1. MAC address flapping occurs in the following situations: a. Network cables of switches are connected incorrectly or switches use incorrect configurations;b. Unauthorized users simulate MAC address of valid network devices to attack the network. Firstly check the indicators. The

indicators never flashing frequently. Secondly collect the information by the command display interface brief. The figure of InUti and OutUti is very low. Thirdly collect the information of Spanning Tree by the command display stp. The protocol of MSTP is enable the setting for the ports is appropriate. Eliminate the root cause is by the ring in the network.
2. Check the information of display trapbuffe. The information about MAC Flapping is just as below:
#Oct 30 2014 14:28:02 S7703 L2IFPPI/4/MAC_FLAPPING_ALARM:OID 1.3.6.1.4.1.2011.5.25.42.2.1.7.12 The mac-address has flap value.  (L2IfPort=0,entPhysicalIndex=0,  BaseTrapSeverity=4, BaseTrapProbableCause=549, BaseTrapEventType=1,  MacAdd=1047-808a-e2f6,vlanid=99, FormerIfDescName=GigabitEthernet3/0/44, CurrentIfDescName=XGigabitEthernet1/0/0,DeviceName= S7703)
#Oct 30 2014 14:26:02 S7703 L2IFPPI/4/MAC_FLAPPING_ALARM:OID 1.3.6.1.4.1.2011.5.25.42.2.1.7.12 The mac-address has flap value.  (L2IfPort=0,entPhysicalIndex=0, BaseTrapSeverity=4, BaseTrapProbableCause=549, BaseTrapEventType=1,  MacAdd=1047-808a-e2f6,vlanid=99, FormerIfDescName=XGigabitEthernet1/0/0, CurrentIfDescName=GigabitEthernet3/0/44,DeviceName=SS7703)
From the information we found only the MAC Address 1047-808a-e2f6 flapping,and the switch learned the MAC Address from the interface XGE1/0/0 & GE3/0/44.
3. Confirm the MAC Address 1047-808a-e2f6 belong to which equipment by the command display arp | in 1047-808a-e2f6
<S7703>display arp | in 1047-808a-e2f6
IP ADDRESS      MAC ADDRESS     EXPIRE(M) TYPE        INTERFACE   VPN-INSTANCE
VLAN/CEVLAN
——————————————————————————
10.0.99.44      1047-808a-e2f6  20        D-0/0       XGE1/0/0
10.0.99.45      1047-808a-e2f6  20        D-0/0       GE3/0/44
——————————————————————————
Total:326       Dynamic:305     Static:0     Interface:21
4. From the ARP mapping list, we can find the MAC Address of 1047-808a-e2f6 belong to IP Address 10.0.99.44 and 10.0.99.45. So the MAC addresses of two equipments are the same. Finally we found customer changed the MAC Address of one IA5000 this is the root cause.
5. Resume the MAC Address of IA5000 to the default value. Then the phenomenon of MAC Flapping disappear.

Root Cause

Because of human factors the MAC addresses of two equipments are the same. That cause the MAC Flapping.

Suggestions

During troubleshooting, using different way to reduce the arrange of  possible root cause. That will be helpful for the work.

 

Contact information:

Telephone: 852-30623083
Email: Sales@Thunder-link.com
Supports@Thunder-link.com
Website: http://www.thunder-link.com