The time of syslog on Network Management is 8 hours later than the local time of device

Issue Description

QQ图片20170621151408

The time of syslog on Network Management is 8 hours later than the local time of the device

Alarm Information

None

Handling Process

Add the following command to change the syslog time sending to Network Management:
[huawei]info-center loghost x.x.x.x local-time

Root Cause

Although the local time is displayed on the device UTC +8, but the time which the device sends syslog is  UTC time. Therefore, the time of  syslog displayed on Network Management device is time later than 8 hours

Suggestions

modify the time of syslog to local tme of device.

Contact information:

Telephone: 852-30623083
Email: Sales@Thunder-link.com
Supports@Thunder-link.com
Website: http://www.thunder-link.com

S9700 Cluster SPU(V200R003C00SPC300) reset abnormally

Issue Description

S9700 Cluster SPU(V200R003C00SPC300) reset abnormally 2 times in three days. The Huawei S9700 is in Core layer and SPU Board is as firewall function.

Handling Process

1.Check the connected terminal’s behavior when it becomes online, if it send the arp actively
2.Check if there exists some kind of ip scanning tools in network part, which will cause a mass of persistent  arp-miss
3.Check ‘display arp’ more times, check if the unreal table just are some a few special ip

After the analysis we found that the problem is when the device receives amounts of unknown source uncast packets ,the memory will increase continuously ,
And finally the boards will reset for lack of memory . We installed the patch VASP-V200R003HP0026.pat and the problem disappeared.

Root Cause

The problem is when the device receives amounts of unknown source uncast packets ,the memory will increase continuously ,
And finally the boards will reset for lack of memory . And this problem can be solved by installing the new patch. So the root cause is a software bug.

Solution

The solution is installing the software patch VASP-V200R003HP0026.pat to fix the software bug.

Huawei S9700 Series switch:

LS-S9703

LS-S9706

LS-S9712

ETP4890 Power System

An AC-powered cabinet uses the ETP4890 power system to convert the AC power to the DC power for power distribution. The small and modular ETP4890 power system supports easy installation and maintenance and effective LCD interface management. The power system supports a maximum of 90 A output current.

unction
The ETP4890 power system supports the following functions:
Converts AC power to DC power and provides the DC power for communication
devices.
Communicates with the upper device using a COM or an RS485/RS232 serial port;
sends control signals based on the values of monitored parameters or the control
command sent by the upper device; detects power distribution parameters, power supply module parameters, and auxiliary digital parameters in real time.
Connects to one to two groups of lead acid batteries and uses a monitoring module to
manage the batteries; provides complete management for battery charging and
discharging, ensuring efficient battery usage.
Connects to a sensor transfer box using a DB50 port, detecting analog parameters and
digital parameters, and outputting control signals.
Uses a monitoring module to monitor all running parameters for the ETP4890 power
system in real time; determines the working status; reports alarms in a timely manner.
Clearly displays the monitoring and alarm information on the liquid crystal display
(LCD) of the monitoring module; allows operations such as parameter setting on the
LCD of the monitoring module.

QQ图片20170614144632

The ETP4890 power system can be configured with three power supply modules, which are connected in parallel for output.

Other power converter:

EPS30-4815AF-15A

EPS30-4815AF-30A

EPS75-4815AF-45A

ETP48100-B1-50A

Contact information:

Telephone: 852-30623083
Email: Sales@Thunder-link.com
Supports@Thunder-link.com
Website: http://www.thunder-link.com

 

MA5800 Product Appearance

The MA5800 supports four types of subracks. The only difference
between these subracks relies on the service slot quantity (they have the
same functions and network positions).

MA5800-X17 (large-capacity, ETSI)

MA5800-X17 supports 17 service slots and backplane H901BPLB.

QQ图片20170611171707

MA5800-X15 (large-capacity, IEC)

MA5800-X15 supports 15 service slots and backplane H901BPIB.

QQ图片20170611171801

MA5800-X7 (medium-capacity)

MA5800-X7 supports 7 service slots and backplane H901BPMB.

QQ图片20170611171903

MA5800-X2 (small-capacity)

MA5800-X2 supports 2 service slots and backplane H901BPSB.

QQ图片20170611172016

Huawei OLT products series

Apart from user access, Huawei OLT product can also function as a large-capacity aggregation device on the network to aggregate the traffic from ONTs, MDUs, and campus switches, thereby simplifying the network architecture and reducing the OPEX.

QQ图片20170607092236

QQ图片20170607092341

MA5800 Series

The MA5800 is the industry’s first smart aggregation OLT with a distributed architecture. As the next-generation OLT for NG-PON, it supports GPON, 10G GPON, GE, and 10GE access.

MA5800-X17/MA5800-X15/MA5800-X7/MA5800-X2

QQ图片20170607092713

QQ图片20170607092913

MA5600T Series

As an integrated fiber-copper access device, it supports GPON, 10G GPON, GE and DSL access.

MA5600T/MA5603T/MA5608T

QQ图片20170607093047

VSA File for Juniper SBR RADIUS Authentication and Authorization Interworking with USG9520 (V200R001C00SPC700)

Issue Description

Version:
USG9520: V200R001C00SPC700
RADIUS: Juniper Steel Belted RADIUS (SBR) enterprise edition
Networking:
RADIUS authentication is implemented by transmitting User Datagram Protocol (UDP) packets. Standard port 1812 is used for authorization, and port 1813 is used for accounting.
Background:
RADIUS messages carry attributes in the type-length-value (TLV) format. The detailed AAA authentication process and mechanism are provided in the firewall documentation, which are not mentioned here. Know RADIUS authentication packets during commissioning:
code:1 represents AUTH-RQT, which indicates a RADIUS authentication request packet sent by an AAA client. In this case, the firewall functions as an AAA client.
code:2 represents Auth-ACCT, which indicates a RADIUS authentication success packet sent by the AAA server. This packet also carries authorization attributes.
code:3 represents Auth-RJT, which indicates a RADIUS authentication failure packet sent by the AAA server.

Alarm Information

None

Handling Process

  1. The VSA file is in .dct format and contains authorization attributes on the firewall using the Juniper SBR enterprise edition.
    Field 26 is the self-defined attribute field for device vendors. The firewall uses fields 26–107 to carry RADIUS authorization result attributes.
    ################################################################################
    # Huawei.dct – Radius dictionary for Huawei Firewalls

    # (See README.DCT for more details on the format of this file)
    ################################################################################
    # Use the Radius specification attributes
    #
    @radius.dct

    #
    # Huawei specific parameters
    #
    MACRO Huawei-VSA(t,s) 26 [vid=2011 type1=%t% len1=+2 data=%s%]

    ATTRIBUTE Huawei-Exec-Privilege       Huawei-VSA(107, integer) R

    ################################################################################
    # Huawei.dct – Huawei Firewalls dictionary
    ################################################################################

    2. Provide the VSA file for RADIUS maintenance personnel of the customer. After the RADIUS maintenance personnel upload the VSA file, complete relevant configurations, associate the client name (USG9520), IP address (USG9520 interface IP address), and VSA name, and configure the Huawei-Exec-Privilege attribute to carry the authorization result.
    3. After RADIUS configurations are completed, initiate an authentication request. Check debugging information as follows. Information in red indicates that the RADIUS authorization result has been set to 15 in the Huawei-Exec-Privilege attribute.
    10/10/2013 10:54:52 Authentication Response
    10/10/2013 10:54:52 Packet : Code = 0x2 ID = 0x7
    10/10/2013 10:54:52 Vector =
    10/10/2013 10:54:52 000: 34516dc1 5f6b976e 19fdef11 56744b61 |4Qm._k.n….VtKa|
    10/10/2013 10:54:52 Class : Value =
    10/10/2013 10:54:52 000: 53425232 434c80a6 ab95d7dd eda7bfc0 |SBR2CL……….|
    10/10/2013 10:54:52 010: 11802701 80038198 ce800280 0a81b0db |..’………….|
    10/10/2013 10:54:52 020: 8c96c3b5 c2f3b9c0 12800e81 80a6ab95 |…………….|
    10/10/2013 10:54:52 030: d7ddeda7 bfc08591 bac0              |……….      |
    10/10/2013 10:54:52 Class : String Value = npmg
    10/10/2013 10:54:52 Huawei-Exec-Privilege : Integer Value = 15
    10/10/2013 10:54:52 Reply-Message : String Value = npmg
    10/10/2013 10:54:52 Service-Type : Integer Value = 6
    10/10/2013 10:54:52 ———————————————————–
    10/10/2013 10:54:52 ———————————————————–
    10/10/2013 10:54:52 Authentication Response
    10/10/2013 10:54:52 Sent to: ip=10.10.147.41 port=1812
    10/10/2013 10:54:52
    10/10/2013 10:54:52 Raw Packet :
    10/10/2013 10:54:52 000: 02070070 34516dc1 5f6b976e 19fdef11 |…p4Qm._k.n….|
    10/10/2013 10:54:52 010: 56744b61 193c5342 5232434c 80a6ab95 |VtKa.<SBR2CL….|
    10/10/2013 10:54:52 020: d7ddeda7 bfc01180 27018003 8198ce80 |……..’…….|
    10/10/2013 10:54:52 030: 02800a81 b0db8c96 c3b5c2f3 b9c01280 |…………….|
    10/10/2013 10:54:52 040: 0e8180a6 ab95d7dd eda7bfc0 8591bac0 |…………….|
    10/10/2013 10:54:52 050: 19076e70 6d67001a 0c000007 db010600 |..npmg……….|
    10/10/2013 10:54:52 060: 00000f12 076e706d 67000606 00000006 |…..npmg…….|
    10/10/2013 10:54:52
    10/10/2013 10:54:52 ———————————————————–
    10/10/2013 10:54:52 Packet containing 112 bytes successfully sent
    10/10/2013 10:54:52 ../radauthd.c radAuthHandleRequest() 3812 Exiting

Root Cause

AAA authorization on the USG9520 of V200R001C00SPC700 uses self-defined fields 26–107 to carry RADIUS authorization levels.
The Juniper SBR enterprise edition uses a VSA file to identify self-defined attributes such as authorization attributes of devices from different vendors. This case describes the authorization VSA.

Suggestions

  1. The VSA file of the Juniper SBR enterprise edition is in .dct format and can be edited using Notepad++ or UltraEdit. Editing the VSA file using the Windows built-in Notepad may result in an incorrect file format.
    2. For details about the VSA file format of the Juniper SBR enterprise edition, see http://www.juniper.net/techpubs/software/aaa_802/sbrc/sbrc70/sw-sbrc-reference/html/attribute2.html.

Contact infromation:

Telephone: 852-30623083

Email: sales@thunder-link.com

Supports@thunder-link.com

Website: http://www.thunder-link.com

 

How to delete static mac-address and black hole mac-address

Issue Description

none

Alarm Information

none

Handling Process

A:
1、For H3C’s switch, we usually use commands  “undo mac-address static H-H-H interface eth 1/0/1 vlan 1″   and  ” undo mac-address static H-H-H interface eth 1/0/1 vlan 1″ to delete any certain static mac-address or black hole mac-address.。
2、But  we can’t delete any commands to delete any certain static mac-address and black hole mac-address  on Huawei S9300 , we can just basic on global 、interface、vlan or vsi  to delete mac-address。
3、you can use commands “undo mac-address H-H-H vlan xx(orvsi xx) to delete certain mac-address,  but these commands will not separate the  type of mac-address of VLAN or VSI,  and all the mac-address will be deleted by these commands which is much different from H3C switchs.

Root Cause

none

Suggestions

we shold pay notice to the features of our switch which is very different from other company’s

The most popular Huawei S9700 Switch:

S9703

S9706

S9712