S2700, S3700, S5700, S6700, S7700, and S9700 Series Switches Interoperation and Replacement Guide

S2700, S3700, S5700, S6700, S7700, and S9700
Series Switches
Interoperation and Replacement

Guide
Issue 13
Date 2019-05-10
HUAWEI TECHNOLOGIES CO., LTD.

Copyright © Huawei Technologies Co., Ltd. 2019. All rights reserved.
No part of this document may be reproduced or transmitted in any form or by any means without prior written
consent of Huawei Technologies Co., Ltd.
Trademarks and Permissions
and other Huawei trademarks are trademarks of Huawei Technologies Co., Ltd.
All other trademarks and trade names mentioned in this document are the property of their respective
holders.
Notice
The purchased products, services and features are stipulated by the contract made between Huawei and the
customer. All or part of the products, services and features described in this document may not be within the
purchase scope or the usage scope. Unless otherwise specified in the contract, all statements, information,
and recommendations in this document are provided "AS IS" without warranties, guarantees or
representations of any kind, either express or implied.
The information in this document is subject to change without notice. Every effort has been made in the
preparation of this document to ensure accuracy of the contents, but all statements, information, and
recommendations in this document do not constitute a warranty of any kind, express or implied.
Huawei Technologies Co., Ltd.

Address: Huawei Industrial Base
Bantian, Longgang
Shenzhen 518129
People's Republic of China
Website: http://e.huawei.com
Issue 13 (2019-05-10) Copyright © Huawei Technologies Co., Ltd. i

S2700, S3700, S5700, S6700, S7700, and S9700 Series
Switches
Interoperation and Replacement Guide About This Document
About This Document
Intended Audience
This document is intended for network engineers responsible for switch configuration and
management. You should be familiar with basic Ethernet knowledge and have extensive
experience in network deployment and management.
Symbol Conventions
The symbols that may be found in this document are defined as follows.
Symbol Description
Indicates a potentially hazardous situation

which, if not avoided, could result in
equipment damage, data loss, performance
deterioration, or unanticipated results.
NOTICE is used to address practices not
related to personal injury.
NOTE Calls attention to important information,

best practices and tips.
NOTE is used to address information not
related to personal injury, equipment
damage, and environment deterioration.
Command Conventions
The command conventions that may be found in this document are defined as follows.
Convention Description
Boldface The keywords of a command line are in boldface.
Italic Command arguments are in italics.
[] Items (keywords or arguments) in brackets [ ] are optional.
Issue 13 (2019-05-10) Copyright © Huawei Technologies Co., Ltd. ii

Switches
Convention Description
{ x | y | ... } Optional items are grouped in braces and separated by

vertical bars. One item is selected.
[ x | y | ... ] Optional items are grouped in brackets and separated by

vertical bars. One item is selected or no item is selected.
{ x | y | ... }* Optional items are grouped in braces and separated by

vertical bars. A minimum of one item or a maximum of all
items can be selected.
[ x | y | ... ]* Optional items are grouped in brackets and separated by

vertical bars. Several items or no item can be selected.
&<1-n> The parameter before the & sign can be repeated 1 to n

times.
# A line starting with the # sign is comments.
Interface Numbering Conventions

Interface numbers used in this manual are examples. In device configuration, use the existing
interface numbers on devices.
Security Conventions
l Password setting
– To ensure device security, use ciphertext when configuring a password and change
the password periodically.
– The switch considers all passwords starting and ending with %^%#, %#%#, %@
%@ or @%@% as ciphertext and attempts to decrypt them. If you configure a
plaintext password that starts and ends with %^%#, %#%#, %@%@ or @%@%,
the switch decrypts it and records it into the configuration file (plaintext passwords
are not recorded for the sake of security). Therefore, do not set a password starting
and ending with %^%#, %#%#, %@%@ or @%@%.
– When you configure passwords in ciphertext, different features must use different
ciphertext passwords. For example, the ciphertext password set for the AAA feature
cannot be used for other features.
l Encryption algorithms
The switch currently supports the 3DES, AES, RSA, SHA1, SHA2, and MD5. 3DES,
RSA, and AES are reversible, whereas SHA1, SHA2, and MD5 are irreversible. Using
the encryption algorithms DES, 3DES, RSA (RSA-1024 or lower), MD5 (in digital
signature scenarios and password encryption), or SHA1 (in digital signature scenarios) is
a security risk. If protocols allow, use more secure encryption algorithms, such as AES,
RSA (RSA-2048 or higher), SHA2, or HMAC-SHA2.
An irreversible encryption algorithm must be used for the administrator password. SHA2
is recommended for this purpose.
Issue 13 (2019-05-10) Copyright © Huawei Technologies Co., Ltd. iii

Switches
l Personal data
Some personal data (such as MAC or IP addresses of terminals) may be obtained or used
during operation or fault location of your purchased products, services, features, so you
have an obligation to make privacy policies and take measures according to the
applicable law of the country to protect personal data.
l Mirroring
The terms mirrored port, port mirroring, traffic mirroring, and mirroring in this
document are mentioned only to describe the product's function of communication error
or failure detection, and do not involve collection or processing of any personal
information or communication data of users.
Disclaimer
l This document is designed as a reference for you to configure your devices. Its contents,
including web pages, command line input and output, are based on laboratory conditions.
It provides instructions for general scenarios, but does not cover all use cases of all
product models. The examples given may differ from your use case due to differences in
software versions, models, and configuration files. When configuring your device, alter
the configuration depending on your use case.
l The specifications provided in this document are tested in lab environment (for example,
a certain type of cards have been installed on the tested device or only one protocol is
run on the device). Results may differ from the listed specifications when you attempt to
obtain the maximum values with multiple functions enabled on the device.
l In this document, public IP addresses may be used in feature introduction and
configuration examples and are for reference only unless otherwise specified.
Issue 13 (2019-05-10) Copyright © Huawei Technologies Co., Ltd. iv

Switches
Interoperation and Replacement Guide Contents
Contents
About This Document.....................................................................................................................ii

1 Interoperation Between Huawei Switches and IP Phones....................................................1
1.1 Overview of Interoperation Between Switches and IP Phones...................................................................................... 1
1.2 IP Phone Interoperation Solution................................................................................................................................... 4
1.3 (Recommended) Interoperation Between Switches and IP Phones Through LLDP......................................................7
1.4 (Recommended) Interoperation Between Switches and IP Phones Through the OUI-based Voice VLAN................ 30
1.5 (Recommended) Interoperation Between Switches and Cisco IP Phones Using HDP................................................ 49
1.6 Interoperation Between Switches and IP Phones Through LLDP-MED..................................................................... 66
1.7 Interoperation Between Switches and IP Phones Through MAC Address-based VLAN Assignment........................90
1.8 Interoperation Between Switches and IP Phones Through the PVID of the Voice VLAN ID.....................................98
1.9 Interoperation Between Switches and IP Phones Through an ACL...........................................................................115
1.10 Interoperation Between Switches and IP Phones Through a Simplified Traffic Policy...........................................132
1.11 Appendix 1: Common Causes for IP Phones' Login Failures and Workaround.......................................................149
1.12 Appendix 2: Guide for Configuring Cisco RADIUS Authentication Server........................................................... 154
2 Power Supply Guide for Interoperation Between Huawei PoE Switches and PDs.....156
2.1 Power Supply Guide for Interoperation Between Huawei PoE Switches and IP Phones.......................................... 156
2.2 Power Supply Guide for Interoperation Between Huawei PoE Switches and APs....................................................160
2.3 Power Supply Guide for Interoperation Between Huawei PoE Switches and IP Cameras........................................163
3 Interoperation Between Huawei Switches and an Microsoft NLB Cluster................... 166

3.1 Interoperation Between Huawei Switches and an Microsoft NLB Cluster (Using Multi-Interface ARP)................ 166
3.2 Interoperation Between a Single Huawei Switch and an Microsoft NLB Cluster (Using Physical Link Loopback)
.......................................................................................................................................................................................... 171
3.3 Interoperation Between a VRRP Group and an Microsoft NLB Cluster (Using Physical Link Loopback).............. 174
3.4 Interoperation Between a Stack and an Microsoft NLB Cluster (Using Physical Link Loopback)...........................181
4 Interoperation Between a Huawei Switch and a Server with Multiple Network

Adapters......................................................................................................................................... 190
4.1 Interworking Analysis................................................................................................................................................ 190
4.2 Interworking Solution.................................................................................................................................................192
5 Interoperation and Replacement Guide for Huawei and Cisco Switches..................... 194
5.1 Overview of Protocol Interoperation and Replacement Capabilities Between Huawei and Cisco Switches............ 194
5.2 Interoperation and Replacement Guide for Huawei LNP and Cisco DTP................................................................. 195
5.2.1 Overview of LNP and DTP..................................................................................................................................... 195
Issue 13 (2019-05-10) Copyright © Huawei Technologies Co., Ltd. v

Switches
5.2.2 Comparison Between LNP and DTP.......................................................................................................................197

5.2.3 Interoperation and Replacement Solution for LNP and DTP..................................................................................198
5.2.4 Interoperation and Replacement Solution 1: Replacement Solution on the Entire Network.................................. 199
5.2.5 Interoperation and Replacement Solution 2: Replacement Solution of a Single Device........................................ 203
5.3 Interoperation and Replacement Guide for Huawei VCMP and Cisco VTP............................................................. 204
5.3.1 Overview of VCMP.................................................................................................................................................204
5.3.2 Overview of VTP.....................................................................................................................................................211
5.3.3 Comparison Between VCMP and VTP................................................................................................................... 214
5.3.4 Interoperation and Replacement Solution for VCMP and VTP.............................................................................. 214
5.3.5 Interoperation and Replacement Solution 1: C-H Model Networking....................................................................216
5.3.6 Interoperation and Replacement Solution 2: C-H-C Model Networking................................................................220
5.3.7 Interoperation and Replacement Solution 3: C-H-H-C Model Networking............................................................223
5.4 Replacement Guide for Huawei VCMP+LNP and Cisco VTP+DTP........................................................................ 228
5.5 Interoperation and Replacement Guide for Spanning Tree Protocols on Huawei and Cisco Switches..................... 232
5.5.1 Overview of Spanning Tree Protocols on Huawei Switches...................................................................................232
5.5.2 Overview of Spanning Tree Protocols on Cisco Switches...................................................................................... 237
5.5.3 Comparison Between STP on Huawei and Cisco Switches.................................................................................... 238
5.5.4 Interoperation and Replacement Solution for STP..................................................................................................240
5.5.5 Interoperation and Replacement Solution 1: Huawei Switches Transparently Transmit Cisco PVST and STP
BPDUs.............................................................................................................................................................................. 241
5.5.6 Interoperation and Replacement Solution 2: Huawei Switches Use VBST to Interwork with Cisco PVST Switches
.......................................................................................................................................................................................... 245
5.5.7 Interoperation and Replacement Solution 3: Cisco Switches Use MST to Replace PVST to Interoperate with
Huawei Switches Running MSTP.................................................................................................................................... 250
5.6 Interoperation and Replacement Guide for Link Aggregation on Huawei and Cisco Switches................................ 257
5.6.1 Overview of Ethernet Link Aggregation................................................................................................................. 257
5.6.2 Comparison Between Implementations of Link Aggregation on Huawei and Cisco Switches.............................. 258
5.6.3 Interoperation and Replacement Solution for Link Aggregation............................................................................ 260
5.6.4 Interoperation and Replacement Solution 1: Link Aggregation in Manual Mode.................................................. 260
5.6.5 Interoperation and Replacement Solution 2: Link Aggregation in LACP Mode.................................................... 262
5.7 Interoperation and Replacement Guide for VRRP and HSRP................................................................................... 264
5.7.1 Overview of VRRP..................................................................................................................................................264
5.7.2 Overview of HSRP.................................................................................................................................................. 268
5.7.3 Comparison Between HSRP and VRRP................................................................................................................. 270
5.7.4 VRRP and HSRP Interworking Analysis................................................................................................................ 272
5.7.5 VRRP and HSRP Replacement Solution.................................................................................................................272
5.8 Interoperation and Replacement Guide for OSPF and EIGRP...................................................................................277
5.8.1 Overview of OSPF and EIGRP............................................................................................................................... 277
5.8.2 Comparisons Between OSPF and EIGRP............................................................................................................... 279
5.8.3 OSPF and EIGRP Interoperation and Replacement Solution................................................................................. 283
5.8.4 OSPF and EIGRP Interoperation and Replacement Case 1: OSPF Interoperates with EIGRP.............................. 283
5.8.5 OSPF and EIGRP Interoperation and Replacement Case 2: OSPF Replaces EIGRP.............................................288
6 Interoperation Between Huawei Switches and SolarWinds.............................................295
Issue 13 (2019-05-10) Copyright © Huawei Technologies Co., Ltd. vi

Switches
6.1 Introduction to SolarWinds.........................................................................................................................................295

6.2 Network Planning....................................................................................................................................................... 295
6.3 Adding Devices.......................................................................................................................................................... 297
6.3.1 Adding a Single Device........................................................................................................................................... 297
6.3.2 Adding Automatically Discovered Devices (in Batches)........................................................................................300
6.4 Managing Devices...................................................................................................................................................... 304
6.4.1 Configuring SSH/Telnet Credentials for SolarWinds NCM to Manage Devices....................................................304
6.4.2 Adding Devices to SolarWinds NCM..................................................................................................................... 306
6.4.3 Downloading Device Configuration Files............................................................................................................... 307
6.4.4 Daily Backing Up Device Configuration Files........................................................................................................308
6.4.5 Uploading Configuration Files to Devices.............................................................................................................. 310
6.4.6 Uploading Configuration Changes to Devices........................................................................................................ 311
6.4.7 Comparing Configuration Files of Devices.............................................................................................................312
6.5 Log and Trap Management.........................................................................................................................................313
6.5.1 Checking Logs and Traps Reported by Devices......................................................................................................313
7 Guide for Replacement and Interoperation Between Huawei Switches and Cisco
Switches..........................................................................................................................................315
8 Using the Product/Feature Mapping Tool between Huawei and other vendors.......... 329
Issue 13 (2019-05-10) Copyright © Huawei Technologies Co., Ltd. vii

Switches
Interoperation and Replacement Guide 1 Interoperation Between Huawei Switches and IP Phones
1 Interoperation Between Huawei Switches

and IP Phones
About This Chapter
1.1 Overview of Interoperation Between Switches and IP Phones

1.2 IP Phone Interoperation Solution
1.3 (Recommended) Interoperation Between Switches and IP Phones Through LLDP
1.4 (Recommended) Interoperation Between Switches and IP Phones Through the OUI-based
Voice VLAN
1.5 (Recommended) Interoperation Between Switches and Cisco IP Phones Using HDP
1.6 Interoperation Between Switches and IP Phones Through LLDP-MED
1.7 Interoperation Between Switches and IP Phones Through MAC Address-based VLAN
Assignment
1.8 Interoperation Between Switches and IP Phones Through the PVID of the Voice VLAN
ID
1.9 Interoperation Between Switches and IP Phones Through an ACL
1.10 Interoperation Between Switches and IP Phones Through a Simplified Traffic Policy
1.11 Appendix 1: Common Causes for IP Phones' Login Failures and Workaround
1.12 Appendix 2: Guide for Configuring Cisco RADIUS Authentication Server
1.1 Overview of Interoperation Between Switches and IP

Phones
On a VoIP network, an IP phone needs to connect to a switch to transmit voice traffic. In this
situation, both voice and data flows are transmitted on the VoIP network. How to
preferentially transmit voice traffic to ensure communication quality is the key for
interworking between the IP phone and switch.
Issue 13 (2019-05-10) Copyright © Huawei Technologies Co., Ltd. 1

Switches
Basic Concepts
Currently, the switch identifies voice traffic through MAC addresses or voice VLAN IDs of
IP phones. Before introducing the IP phone interoperation solutions, you need to understand
the following basic concepts:
l OUI
An Organizationally Unique Identifier (OUI) is the first 24 bits of a MAC address, and is
a unique identifier assigned by the Institute of Electrical and Electronics Engineers
(IEEE) to a device vendor.
Each device vendor needs to request a MAC address from the IEEE. Generally, the IEEE
allocates a 24-bit address segment, from which a device vendor allocates addresses.
During packet forwarding, a switch can identify voice devices based on OUIs and then
can determine voice packets.
l Voice VLAN
A voice VLAN is used to forward voice packets. A Huawei switch only allows a VLAN
to be specified as a voice VLAN, but cannot allocate the voice VLAN ID to voice
devices. Protocols such as LLDP and DHCP need to be used to allocate a specified voice
VLAN ID to voice devices.
l VLAN Tag
802.1Q defines the format of a VLAN tag.
PRI (3 bits) CFI (1 bit) VLAN ID (12 bits)
A VLAN tag consists of 16 bits. The PRI (also called CoS or 802.1p priority) occupies 3
bits, CFI occupies 1 bit, and VID occupies 12 bits.
Packet types are defined based on VLAN tags as follows:
a. Untagged packets: Packets do not carry VLAN tags.
b. Packets tagged with VLAN 0: Packets carry tags with VLAN 0.
c. Tagged packets: Packets carry non-0 tags.
A high priority specified by the CoS value (usually 5) needs to be set for voice packets
so that they can be forwarded preferentially. Generally, IP phones of mainstream vendors
(for example, Cisco 7962) send tagged voice packets in which the default CoS value is 5.
There are many types of IP phones, and CoS values of some IP phones cannot be set to
5.
The method for connecting IP phones to switches varies according to the VLAN tags of
packets and the configured CoS values. The following table lists the categories of
packets sent by IP phones.
Table 1-1 Categories of packets sent by IP phones
No. Packet Description

Characteristics
1 The packets carry After IP phones connect to a switch, the

VLAN tags in which priority of packets does not need to be
the CoS value is 5. increased.

Switches
No. Packet Description

Characteristics
2 The packets carry After IP phones connect to a switch, the switch

VLAN tags in which needs to identify the priority of packets and
the CoS value is 0. increase the packet priority.

VLAN tags in which needs to identify voice packets based on the
the VLAN ID is 0 OUI, add the voice VLAN ID, and the priority
and the CoS value is of packets does not need to be increased.
5.

VLAN tags in which needs to identify voice packets based on the
the VLAN ID is 0 OUI, add the voice VLAN ID, and set a high
and the CoS value is priority.
0.
5 The packets do not After IP phones connect to a switch, the switch

carry VLAN tags. needs to identify voice packets based on the
OUI, add the voice VLAN ID, and set a high
priority.
NOTE
A Huawei switch processes packets tagged with VLAN 0 in the same manner as untagged packets; that
is, an interface adds the VLAN tag specified by the PVID to the packets. For voice packets, the switch
needs to identify them based on the OUI and add the voice VLAN ID to the voice packets so that the
voice packets can be forwarded in the voice VLAN.
Physical Connection of an IP Phone for Interworking

Cisco 7962 is used as an example. Figure 1-1 shows the internal structure of the IP phone.
The IP phone integrates a three-port switching chip:
l P1 port connects to an uplink switch or another data communication device.
l P2 connects to the internal ASIC to transmit voice traffic.
l P3 connects to a PC or another data communication device.
Figure 1-1 Internal structure of the IP phone
Cisco IP Phone 7962
Phone
ASIC
P2
P1 3-port P3
switch

Switches
In Figure 1-1, the IP phone provides two interfaces to connect to an uplink switch and a PC,
respectively. When the IP phone and PC are deployed simultaneously, there are two methods:
l The downstream PC connects to the IP phone, as shown in Figure 1-2. Only one
interface on a switch is occupied. That is, one network interface provides both voice and
data services.
Figure 1-2 Connecting a downstream PC to an IP phone
l The PC and IP phone connect to the switch separately, as shown in Figure 1-3. Voice
and data flows are deployed separately, facilitating management and maintenance.
Figure 1-3 Connecting the PC and IP phone to the switch separately
1.2 IP Phone Interoperation Solution

NOTE
Huawei PoE switches can supply power to IP phones. For details, see 2.1 Power Supply Guide for
Interoperation Between Huawei PoE Switches and IP Phones.
Different solutions are available for connecting IP phones with different attributes to different
device models. For details, see List of IP Phone Models That Can Be Connected to
Switches. The following table provides detailed configuration guidance for the interoperation
solutions. You can select a solution based on the device model, version, and applicable
scenario.

Switches
Table 1-2 Summary of solutions for connecting switches to IP phones

Interoperation Applicable Scenario Applicable S Series Switch
Solution and Version
1.3 l IP phones can obtain voice All versions and all models
(Recommended) VLAN IDs through LLDP. except the S2700SI and S2710SI.
Interoperation l Switches that are enabled with
Between the voice VLAN function can
Switches and IP identify voice packets based
Phones Through on voice VLAN IDs and
LLDP increase the packet priority.
l MAC address authentication
is configured for IP phones,
and 802.1X authentication is
configured for the PC.
1.4 l IP phones cannot obtain voice All models of V200R003C00 and

(Recommended) VLAN IDs through any later versions.
Interoperation protocol, and voice packets
Between are forwarded in the VLAN
Switches and IP specified through the voice
Phones Through VLAN function.
the OUI-based l Switches that are enabled with
Voice VLAN the voice VLAN function can
identify voice packets based
on MAC addresses and
increase the packet priority.
is configured for IP phones.
1.5 l IP phones can obtain voice All versions and all models.
(Recommended) VLAN IDs through CDP.
Interoperation l Switches that are enabled with
Between the voice VLAN function can
Switches and identify voice packets based
Cisco IP Phones on voice VLAN IDs and
Using HDP increase the packet priority.
l 802.1X authentication is
configured for IP phones.
1.6 l IP phones can obtain voice All models of V200R002 and

Interoperation VLAN IDs based on the later versions.
Between network-policy TLV field of
Switches and IP LLDP.
Phones Through l The packet priority is high,
LLDP-MED and switches do not need to
l 802.1X authentication and
MAC address authentication
are configured for IP phones.

Switches

1.7 l IP phones cannot obtain voice All versions and all models.
Interoperation VLAN IDs through any
Between protocol, and voice packets
Switches and IP are forwarded in the VLAN
Phones Through specified through MAC
MAC Address- address-based VLAN
based VLAN assignment.
Assignment l Switches that are enabled with
the MAC address-based
assignment function can
l IP phones can go online
directly without
authentication.
1.8 l IP phones cannot obtain voice All versions and all models.
Interoperation VLAN IDs through any
Between protocol, and voice packets
Phones Through specified through the PVID of
the PVID of the the interface.
Voice VLAN ID l Switches that are enabled with
the voice VLAN function can
is configured for IP phones.
1.9 l IP phones cannot obtain voice All modular switches and the
Interoperation VLAN IDs through any following fixed switches:
Between protocol, and voice packets l S2700 series: S2752EI
Phones Through specified through an ACL. l S3700 series: all models
an ACL l Switches that are configured l S5700 series: S5700EI,
with ACLs can identify voice S5700HI, S5710EI, S5720EI,
packets based on MAC S5710HI, S5720HI, and
addresses and increase the S5730HI
packet priority. l S6700 series: S6700EI,
l 802.1X authentication is S6720EI, S6720S-EI, and
configured for IP phones. S6720HI

Switches

1.10 l IP phones cannot obtain voice All versions and models of fixed
Interoperation VLAN IDs through any switches.
Between protocol, and voice packets All modular switches of
Switches and IP are forwarded in the VLAN V200R005C00 and later
Phones Through specified through a traffic versions.
a Simplified policy.
Traffic Policy l Switches that are configured
with traffic policies can
l 802.1X authentication is
configured for IP phones.
1.3 (Recommended) Interoperation Between Switches and

IP Phones Through LLDP
This section includes the following content:
l Overview
l Configuration Notes
l Networking Requirements
l Configuration Roadmap
l Data Plan
l Procedure
l Configuration Files
Overview
If an IP phone supports LLDP, you can enable LLDP and voice VLAN on the switch to
provide VoIP access. Then the switch uses LLDP to deliver the voice VLAN ID to the IP
phone and increases the packet priority through the voice VLAN.
For applicable IP phones, see List of IP Phone Models That Can Be Connected to
Switches.
Configuration Notes
l Except for the S2700SI and S2710SI, all models of all versions support this
configuration.
l If the IP phone cannot go online, rectify the fault according to 1.11 Appendix 1:
Common Causes for IP Phones' Login Failures and Workaround.

Switches
Networking Requirements
In Figure 1-4, to save investment costs, the customer requires that IP phones and PCs connect
to the network through VoIP. IP phones support LLDP and can obtain voice VLAN IDs
through LLDP. The network plan should meet the following requirements:
l The priority of voice packets sent by IP phones is low and needs to be increased to
ensure communication quality.
l Voice packets are transmitted in VLAN 100, and data packets from PCs are transmitted
in VLAN 101.
l IP addresses of IP phones and PC are dynamically allocated by the DHCP server, and are
on a different network segment from that of the DHCP server.
l IP phones need to connect to switches through MAC address authentication and PC need
to connect to switches through 802.1X authentication.
Figure 1-4 Networking diagram of connecting switches to IP phones through LLDP

Authentication
server
Intranet
DHCP server Switch B

GE1/0/3
GE1/0/3
DHCP relay Switch A
GE1/0/1 GE1/0/2
IP phone A
IP phone B
PC
Configuration Roadmap
To implement interoperation between switches and IP phones through LLDP, IP phones need
to obtain the voice VLAN, apply for IP addresses, go online after authentication, and send
packets. Figure 1-5 shows the process for interoperation between switches and IP phones
through LLDP.
The operations of obtaining the voice VLAN, applying for IP addresses, and enabling IP
phones to go online after authentication can be performed simultaneously. The PC connected

Switches
to the IP phone does not need to obtain VLAN information. Instead, you only need to apply
for an IP address and enable the PC to go online after authentication.
Figure 1-5 Process for interoperation between switches and IP phones through LLDP
DHCP relay DHCP server Authentication server
IP phone
(SwitchA) (SwitchB) (Agile Controller)
Obtain the 1. Power on the IP phone and

voice VLAN turn the switch interface to Up.
ID 2. Enable LLDP on the switch.
3. Send an LLDP packet containing

the voice VLAN ID.
4. Obtain the voice VLAN ID.
Apply for an
IP address 1. Send a DHCP message.
2. Apply for an IP address.
3. Assign the IP address.
Go online
after 1. Send an authentication request to
authentication the authentication server.
2. Send the authentication success message
and the IP phone goes online successfully.
Send
1. Send a packet carrying VLAN tags. 2. Identify the voice packet
packets
and improve the packet
priority.
According to the preceding process, the configuration roadmap is as follows:

l Enable LLDP to allocate a voice VLAN to IP phones.
l Enable the voice VLAN function to increase the packet priority.
l Configure the DHCP relay function and DHCP server to allocate IP addresses to IP
phones and the PC.
l Configure the authentication server and enable IP phones to go online after
authentication.

Switches
Data Plan
Table 1-3 Data plan for IP phones
Item Value
Voice VLAN VLAN 100
MAC address 001b-d4c7-0001

0021-a08f-0002
Address segment 10.20.20.1/24
Authentication mode MAC address authentication
Table 1-4 Data plan for the PC
Item Value
Data VLAN VLAN 101
Authentication mode 802.1X authentication
Table 1-5 Data plan for communication
Item Value
VLAN and IP address used by SwitchA to VLAN 200; 10.10.20.1/24

communicate with SwitchB
VLAN and IP address used by SwitchB to VLAN 200; 10.10.20.2/24

communicate with SwitchA
IP address of SwitchA 192.168.100.200
802.1X access profile name ipphone
MAC access profile name ipphone
IP address of the RADIUS authentication 192.168.100.182

and accounting server
Port number of the RADIUS authentication 1812

server
Port number of the RADIUS accounting 1813

server
RADIUS shared key Huawei2012

Switches
Procedure
Step 1 Enable LLDP on SwitchA.
<HUAWEI> system-view
[HUAWEI] sysname SwitchA
[SwitchA] lldp enable //Enable LLDP globally. By default, LLDP is enabled on an
interface.
Step 2 Enable the voice VLAN function on SwitchA.

# Create voice VLAN 100.
[SwitchA] vlan batch 100
# Add interfaces to the voice VLAN.

[SwitchA] interface gigabitethernet 1/0/1
[SwitchA-GigabitEthernet1/0/1] port link-type hybrid //In V200R005C00 and later
versions, the default link type of an interface is not hybrid, and needs to be
manually configured.
[SwitchA-GigabitEthernet1/0/1] port hybrid tagged vlan 100 //Add the interface
to voice VLAN 100 in tagged mode.
[SwitchA-GigabitEthernet1/0/1] quit
[SwitchA-GigabitEthernet1/0/2] port link-type hybrid
[SwitchA-GigabitEthernet1/0/2] port hybrid tagged vlan 100
# Enable the voice VLAN function on the interface.

[SwitchA-GigabitEthernet1/0/1] voice-vlan 100 enable
[SwitchA] voice-vlan mac-address 001b-d4c7-0000 mask ffff-ffff-0000 //In
versions earlier than V200R003, the OUI needs to be configured. The OUI
corresponds to the MAC address of the IP phone. In V200R003 and later versions,
the OUI does not need to be configured.
[SwitchA] voice-vlan mac-address 0021-a08f-0000 mask ffff-ffff-0000
Step 3 Configure SwitchA to forward data flows.

[SwitchA] vlan batch 101 //Data flows are transmitted in VLAN 101.
[SwitchA-GigabitEthernet1/0/1] port hybrid pvid vlan 101 //Set the PVID of the
interface to VLAN 101.
[SwitchA-GigabitEthernet1/0/1] port hybrid untagged vlan 101 //Add the interface
to VLAN 101 in untagged mode.
Step 4 Configure the DHCP relay function and DHCP server.

1. Configure the DHCP relay function on SwitchA.
# Configure the DHCP relay function on an interface.
[SwitchA] dhcp enable //Enable DHCP globally. By default, DHCP is disabled.
[SwitchA] interface Vlanif 100
[SwitchA-Vlanif100] ip address 10.20.20.1 255.255.255.0 //Assign an IP
address to VLANIF 100.
[SwitchA-Vlanif100] dhcp select relay //Enable the DHCP relay function on
VLANIF 100.
[SwitchA-Vlanif100] dhcp relay server-ip 10.10.20.2 //Configure the DHCP
server address on the DHCP relay agent.
[SwitchA-Vlanif100] quit

Switches

VLANIF 101.
# Create VLANIF 200.

[SwitchA-Vlanif200] ip address 10.10.20.1 255.255.255.0 //Configure an IP
address for VLANIF 200 for communication with SwitchB.
# Add the uplink interface to VLAN 200.

[SwitchA-GigabitEthernet1/0/3] port link-type access
[SwitchA-GigabitEthernet1/0/3] port default vlan 200
# Configure a default static route.

[SwitchA] ip route-static 0.0.0.0 0.0.0.0 10.10.20.2 //The next hop address
of the route corresponds to the IP address of VLANIF 200 on SwitchB.
2. Configure SwitchB as the DHCP server to allocate IP addresses to IP phones and PC.
# Configure an address pool.
[HUAWEI] sysname SwitchB
[SwitchB] ip pool ip-phone //Create an address pool to allocate IP addresses
to IP phones.
[SwitchB-ip-pool-ip-phone] gateway-list 10.20.20.1 //Configure a gateway
addresses for IP phones.
[SwitchB-ip-pool-ip-phone] network 10.20.20.0 mask 255.255.255.0 //Configure
allocatable IP addresses in the IP address pool.
[SwitchB-ip-pool-ip-phone] quit
[SwitchB] ip pool ip-pc //Create an address pool to allocate IP addresses to
PC.
[SwitchB-ip-pool-ip-pc] gateway-list 10.20.30.1 //Configure a gateway
address for the PC.
[SwitchB-ip-pool-ip-pc] network 10.20.30.0 mask 255.255.255.0 //Configure
[SwitchB-ip-pool-ip-pc] quit
# Configure the DHCP server function.

[SwitchB] dhcp enable //Enable DHCP globally. By default, DHCP is disabled.
[SwitchB] vlan batch 200
[SwitchB] interface Vlanif 200
[SwitchB-Vlanif200] ip address 10.10.20.2 255.255.255.0 //Assign an IP
[SwitchB-Vlanif200] dhcp select global //Configure SwitchB to allocate IP
addresses from the global IP address pool to the IP phone.
[SwitchB-Vlanif200] quit
# Add the downlink interface to VLAN 200.

[SwitchB] interface gigabitethernet 1/0/3
[SwitchB-GigabitEthernet1/0/3] port link-type access
[SwitchB-GigabitEthernet1/0/3] port default vlan 200
[SwitchB-GigabitEthernet1/0/3] quit
# Configure a return route.

[SwitchB] ip route-static 10.20.20.0 255.255.255.0 10.10.20.1 //Configure a
return route for IP phones.

Switches
[SwitchB] ip route-static 10.20.30.0 255.255.255.0 10.10.20.1 //Configure a

return route for the PC.
Step 5 Configure an AAA domain, and configure MAC address authentication for IP phones and
802.1X authentication for the PC.
1. Configure an AAA domain.
# Create and configure a RADIUS server template.
[SwitchA] radius-server template ipphone //Create a RADIUS server template
named ipphone.
[SwitchA-radius-ipphone] radius-server authentication 192.168.100.182 1812 //
Configure the IP address and port number of the RADIUS authentication server.
[SwitchA-radius-ipphone] radius-server accounting 192.168.100.182 1813 //
Configure the IP address and port number of the RADIUS accounting server.
[SwitchA-radius-ipphone] radius-server shared-key cipher Huawei2012 //
Configure the shared key of the RADIUS server.
[SwitchA-radius-ipphone] quit
# Configure an authentication scheme.

[SwitchA] aaa
[SwitchA-aaa] authentication-scheme radius //Create an authentication scheme
named radius.
[SwitchA-aaa-authen-radius] authentication-mode radius //Set the
authentication mode to RADIUS.
[SwitchA-aaa-authen-radius] quit
# Create an AAA domain and bind the RADIUS server template and authentication
scheme to the AAA domain.
[SwitchA-aaa] domain default //Configure a domain named default.
[SwitchA-aaa-domain-default] authentication-scheme radius //Bind the
authentication scheme radius to the domain.
[SwitchA-aaa-domain-default] radius-server ipphone //Bind the RADIUS server
template ipphone to the domain.
[SwitchA-aaa-domain-default] quit
[SwitchA-aaa] quit
2. Configure MAC address authentication for IP phones and 802.1X authentication for PC.
– V200R007C00 and earlier versions, and V200R008C00
# Set the NAC mode to unified.
[SwitchA] authentication unified-mode //By default, the switch uses the
unified mode. When the traditional and unified modes are switched, the
administrator must save the configuration and restart the switch to make
the configuration take effect.
# Enable MAC address authentication on an interface.

[SwitchA-GigabitEthernet1/0/1] authentication dot1x mac-authen //Enable
802.1X authentication and MAC address authentication.
[SwitchA-GigabitEthernet1/0/2] authentication mac-authen
– V200R009C00 and later versions

# Configure access profiles.

[SwitchA] dot1x-access-profile name ipphone //Create an 802.1X access
profile named ipphone.

Switches
[SwitchA-dot1x-access-profile-ipphone] quit
[SwitchA] mac-access-profile name ipphone //Create a MAC access profile
named ipphone. If no user name and password are specified in the MAC
access profile, both the user name and password are MAC addresses
without separators or colons.
[SwitchA-mac-access-profile-ipphone] quit
# Configure an authentication profile.

[SwitchA] authentication-profile name ipphone //Configure an
authentication profile.
[SwitchA-authen-profile-ipphone] dot1x-access-profile ipphone //Bind an
802.1X access profile.
[SwitchA-authen-profile-ipphone] mac-access-profile ipphone //Bind a
MAC access profile.
[SwitchA-authen-profile-ipphone] authentication dot1x-mac-bypass //
Enable MAC address bypass authentication.
[SwitchA-authen-profile-ipphone] quit
# Apply the authentication profile to interfaces.

[SwitchA-GigabitEthernet1/0/1] authentication-profile ipphone //Bind an
[SwitchA-GigabitEthernet1/0/2] authentication-profile ipphone
3. Configure the Agile Controller. The display of the Agile Controller varies by version.
V100R003C60 is used as an example.
a. Log in to the Agile Controller.
b. Create an 802.1X account used for PC authentication.
i. Choose Resource > User > User Management.
ii. Click Add in the operation area on the right. Click Common account and
enter the user name and password. The configured user name and password
must be the same as those configured on the PC, and the account is configured
to be the same as the user name. Be aware that the account belongs to the user
group ROOT.

Switches
iii. Click OK to complete the configuration.

c. Add SwitchA to the Agile Controller.
i. Choose Resource > Device > Device Management.
ii. Click Add in the operation area on the right. On the Add Device page that is
displayed, set Name to SwitchA and IP address to 192.168.100.200 (IP
address used by SwitchA to communicate with the Agile Controller). Select
Enable RADIUS, and set Authentication/Accounting key and
Authorization key to Huawei2012 (shared key configured on SwitchA). The
real-time accounting interval is not configured and accounting is performed
based on the time.

Switches

d. Add MAC address information of an IP phone to the Agile Controller. MAC
address information is added so that the MAC address can be used for
authentication when the 802.1X client times out. That is, the IP phone connects to
the switch using MAC address authentication.
i. Choose Resource > Terminal > Terminal List.
ii. Click Add in the operation area on the right. On the Add Device Group page
that is displayed, add an IP phone group ipphone.

Switches

iv. Click the device group in the navigation tree and select the created IP phone
group ipphone.
v. Click Add in the device list, add an IP phone, and enter the MAC address of
the IP phone.

Switches
vi. Click OK to complete the configuration.

vii. Click Add and add the MAC address of another IP phone.
viii. Click OK to complete the configuration.
e. Add an authentication rule. Two authentication rules need to be added: 802.1X
authentication rule for the PC and MAC address authentication rule for the IP
phone.

Switches
i. Choose Policy > Permission Control > Authentication & Authorization >
Authentication Rule.
ii. Click Add in the operation area on the right. On the Add Authentication Rule
page that is displayed, add an authentication rule for the PC. Set Name to PC,
click Access, set User group to ROOT, and select allowed authentication
protocols under Authentication Condition.

Switches

iv. Click Add again to add an authentication rule for the IP phone. Set Name to
ipphone, Service type to MAC bypass authentication, and Terminal group
to ipphone.

Switches
v. Click OK to complete the configuration.

f. Add an authorization result.
Authorization Result.
ii. Click Add in the operation area on the right and add an authorization result.
Set Name to voice vlan 100, Service type to MAC bypass authentication,
and VLAN under Authorization Parameter to 100.

Switches
iii. Click Add under customized authorization parameter to add authorization

information. Set Vendor/Standard attribute to Huawei, Attribute ID/name
to HW-Voice-Vlan(33), and Attribute type to Integer. If Attribute value is
set to 1, VLAN 100 is a voice VLAN.
iv. Click OK to complete the configuration, and the Add Authorization Result
page is displayed.
v. Add authorization information on the page.

Switches

g. Add two authorization rules: one authorization rule for the PC and the other for the
IP phone. After a user is authenticated, the Agile Controller grants the user access
rights based on the authorization rule.
authorization Rule.
ii. Click Add in the operation area on the right and add an authorization rule for
the PC. Set Name to PC, click Access, set User group to ROOT, and set
Authorization result to Permit Access.

Switches

Switches

iv. Click Add again to add an authorization rule for the IP phone. Set Name to
ipphone, click MAC bypass authentication, set Terminal Group to
ipphone, and set Authorization result to voice vlan 100.

Switches

Switches
Step 6 Verify the configuration.

l You can see that the IP phone can correctly obtain the voice VLAN ID and IP address
through the menu of the IP phone.
l The display access-user command output on SwitchA displays connection information
about IP phones and PC.
[SwitchA] display access-user
------------------------------------------------------------------------------
UserID Username IP address MAC Status
------------------------------------------------------------------------------
564 001bd4c71fa9 10.20.20.198 001b-d4c7-1fa9 Success

565 0021a08f2fa8 10.20.20.199 0021-a08f-2fa8 Success
566 3c970ecf1101 10.20.30.190 3c97-0ecf-1101 Success
------------------------------------------------------------------------------
Total: 3, printed: 3
----End
Configuration Files
l SwitchA configuration file (V200R007C00 and earlier versions, and V200R008C00)

Switches
#
sysname SwitchA
#
voice-vlan mac-address 001b-d4c7-0000 mask ffff-ffff-0000
voice-vlan mac-address 0021-a08f-0000 mask ffff-ffff-0000
#
vlan batch 100 to 101 200
#
lldp enable
#
dhcp enable
#
radius-server template ipphone
radius-server shared-key cipher %^%#e33GK([auIJQ+54M/i7>u5!/M8*A%0]~a@FQ,41K
%^%#
radius-server authentication 192.168.100.182 1812 weight 80
radius-server accounting 192.168.100.182 1813 weight 80
#
aaa
authentication-scheme radius
authentication-mode radius
domain default
radius-server ipphone
#
interface Vlanif100
ip address 10.20.20.1 255.255.255.0
dhcp select relay
dhcp relay server-ip 10.10.20.2
#
interface Vlanif101
ip address 10.20.30.1 255.255.255.0
dhcp select relay
#
interface Vlanif200
ip address 10.10.20.1 255.255.255.0
#
interface GigabitEthernet1/0/1
port link-type hybrid
voice-vlan 100 enable
port hybrid pvid vlan
101
port hybrid tagged vlan

100
port hybrid untagged vlan 101

authentication dot1x mac-authen
#
port hybrid tagged vlan 100
authentication mac-authen
#
port link-type access
port default vlan 200
#
ip route-static 0.0.0.0 0.0.0.0 10.10.20.2
#
return
l SwitchA configuration file (V200R009C00 and later versions)
#
sysname SwitchA
#
vlan batch 100 to 101 200
#

Switches
authentication-profile name
ipphone
dot1x-access-profile
ipphone
mac-access-profile
ipphone
authentication dot1x-mac-bypass
#
lldp enable
#
dhcp enable
#
%^%#
#
aaa
domain default
#
interface Vlanif100
ip address 10.20.20.1 255.255.255.0
dhcp select relay
#
interface Vlanif101
ip address 10.20.30.1 255.255.255.0
dhcp select relay
#
interface Vlanif200
ip address 10.10.20.1 255.255.255.0
#
101

100

authentication-profile ipphone
#
#
#
ip route-static 0.0.0.0 0.0.0.0 10.10.20.2
#
dot1x-access-profile name
ipphone

Switches
mac-access-profile name ipphone

#
return
l SwitchB configuration file

#
sysname SwitchB
#
vlan batch 200
#
dhcp enable
#
ip pool ip-
phone
gateway-list
10.20.20.1
network 10.20.20.0 mask

255.255.255.0
ip pool ip-
pc
gateway-list
10.20.30.1
network 10.20.30.0 mask

255.255.255.0
#
interface Vlanif200
ip address 10.10.20.2 255.255.255.0
dhcp select global
#
port link-type
access

#
ip route-static 10.20.20.0 255.255.255.0
10.10.20.1
ip route-static 10.20.30.0 255.255.255.0 10.10.20.1

#
return

IP Phones Through the OUI-based Voice VLAN
l Overview
l Data Plan
l Procedure

Switches
Overview
If an IP phone sends packets with VLAN 0 or untagged packets, the switch can identify the
OUI of the untagged packet from the IP phone. Then the switch adds the voice VLAN ID to
the packet and increases the priority of the packet based on the voice VLAN ID.
Switches.
Configuration Notes
l This example applies to all models of V200R003C00 and later versions.
l For the fixed device (S5720EI, S6720EI, S6720S-EI), and modular device (excluding X
series cards), in V200R010 and later versions, run the voice-vlan vlan-id enable
include-tag0 command to enable the switch to identify packets with tag 0 as voice
packets and adds the voice VLAN ID to packets.
l When IP phones are connected in Voice-VLAN include-untagged mode, disable LLDP
on the interface or run the undo lldp tlv-enable med-tlv network-policy command to
disable the switch and IP phones from advertising the VLAN configuration. Otherwise,
the switch allocates the voice VLAN ID to IP phones through LLDP. Then IP phones
send tagged packets to the switch, whereas the switch forwards untagged packets to IP
phones. As a result, IP phones cannot go online.
l If Mitel 5212 phones cannot go online, rectify the fault by referring to Cause 6:
Customized Options Are Not Configured for a Switch Functioning as the DHCP
Server. As a Result, Mitel 5212 Phones Fail to Go Online.
In Figure 1-6, to save investment costs, the customer requires that IP phones connect to the
network through VoIP. IP phones cannot obtain voice VLAN IDs and can send only untagged
voice packets. The network plan should meet the following requirements:
l The priority of voice packets is increased to ensure communication quality of IP phones.
l Voice packets are transmitted in VLAN 100.
l IP addresses of IP phones are on a different network segment from that of the DHCP
server, and DHCP snooping is configured to improve network security.
l IP phones need to connect to switches through MAC address authentication.

Switches
Figure 1-6 Networking diagram of connecting switches to IP phones through the OUI-based
voice VLAN
Authentication
server
intranet

GE1/0/3
GE1/0/3
DHCP relay Switch A
GE1/0/1 GE1/0/2
IP phone A IP phone B
To implement interoperation between switches and IP phones through the OUI-based voice
VLAN, you need to apply for IP addresses for IP phones, bring IP phones online after
authentication, and conduct communication normally. Figure 1-7 shows the process for
interoperation between switches and IP phones through the OUI-based voice VLAN.
The operations of applying for IP addresses and enabling IP phones to go online after
authentication can be performed simultaneously.

Switches
Figure 1-7 Process for interoperation between switches and IP phones through the OUI-based
voice VLAN
IP phone
Apply for an
Go online
Send
1. Send a packet without VLAN tags. 2. Match the MAC
packets
address and improve the
packet priority.

l Configure OUI-based voice VLANs, assign VLANs to IP phones, and increase the
priority.
phones.
authentication.
Data Plan
Item Value
Voice VLAN VLAN 100

0021-a08f-0002

Switches

Item Value
VLAN and IP address used by SwitchA to VLAN 200, 10.10.20.1/24

VLAN and IP address used by SwitchB to VLAN 200, 10.10.20.2/24



server

server
Procedure
Step 1 Add an interface on SwitchA to a VLAN.
# Create voice VLAN 100
# Add an interface to VLAN 100 in untagged mode.

[SwitchA-GigabitEthernet1/0/1] port hybrid untagged vlan 100 //Packets sent by
IP phones do not carry tags, so the interface must be join VLAN 100 in untagged
mode.
[SwitchA-GigabitEthernet1/0/2] port hybrid untagged vlan 100
Step 2 On SwitchA, configure the interface to add the voice VLAN ID to untagged packets and
configure the OUI.
[SwitchA-GigabitEthernet1/0/1] voice-vlan 100 enable include-untagged //
Configure the interface to add the voice VALN ID to untagged packets. In V200R010
and later versions, run the voice-vlan vlan-id enable include-tag0 command to
enable the switch to process packets tagged with voice VLAN 0 for the S5720EI,
S6720EI, S6720S-EI, and modular switches (excluding swtiches using X series
cards).
[SwitchA-GigabitEthernet1/0/1] undo lldp enable //In V200R011C10 and later
versions, you need to manually disable LLDP.

Switches
[SwitchA-GigabitEthernet1/0/2] voice-vlan 100 enable include-untagged
[SwitchA-GigabitEthernet1/0/2] undo lldp enable
[SwitchA] voice-vlan mac-address 001b-d4c7-0000 mask ffff-ffff-0000 //When the
interface is configured to add the voice VLAN ID to untagged packets, this
command must be configured. The MAC address is the IP phone's MAC address.

VLANIF 100.



2. Configure SwitchB as the DHCP server to allocate IP addresses to IP phones.

to IP phones.
[SwitchB-ip-pool-ip-phone] gateway-list 10.20.20.1 //Configure the gateway
address on the DHCP server.

[SwitchB] interface Vlanif 200 //Create VLANIF 200.

Switches


[SwitchB] ip route-static 10.20.20.0 255.255.255.0 10.10.20.1
Step 4 Configure DHCP snooping on SwitchA.

[SwitchA] dhcp snooping enable //Enable DHCP snooping globally. DHCP snooping is
disabled by default.
[SwitchA-GigabitEthernet1/0/1] dhcp snooping enable //Enable DHCP snooping on
the interface.
[SwitchA-GigabitEthernet1/0/2] dhcp snooping enable
[SwitchA-GigabitEthernet1/0/3] dhcp snooping trusted //Configure the uplink
interface as the trusted interface.
Step 5 Configure an AAA domain and MAC address authentication for IP phones.

named ipphone.

[SwitchA] aaa
[SwitchA-aaa] authentication-scheme radius //Set the authentication mode to
RADIUS.
[SwitchA-aaa] quit
2. Configure MAC address authentication for IP phones.


Switches

[SwitchA-GigabitEthernet1/0/1] authentication mac-authen //Enable MAC
address authentication.

# Configure a MAC access profile.

named ipphone

[SwitchA-authen-profile-ipphone] mac-access-profile ipphone //Bind the
MAC access profile ipphone to the authentication profile.

[SwitchA-GigabitEthernet1/0/1] authentication-profile ipphone //Bind
the MAC address authentication profile and enable MAC address
authentication.
b. Add a MAC account based on the MAC address of the IP phone.
ii. Click Add in the operation area on the right. Account type select MAC
Address Account. Enter the MAC address of the IP phone and enter the
account name randomly.

Switches

based on the time.

Switches

d. Add MAC address information of an IP phone to the Agile Controller.

Switches

group ipphone.
the IP phone.


Switches

e. Add an authentication rule.
Authentication Rule
ii. Click Add in the operation area on the right and add an authentication rule for
the IP phone. Set Name to ipphone, Service type to MAC bypass
authentication, and Terminal group to ipphone.


Switches

page is displayed.

Switches

g. Add an authorization rule.
authorization Rule.
the IP phone. Set Name to ipphone, click MAC bypass authentication, set
Terminal Group to ipphone, and set Authorization result to voice vlan 100.

Switches

Switches

l You can see that the IP phone can correctly obtain IP address through the menu of the IP
phone.
about IP phones.
------------------------------------------------------------------------------
------------------------------------------------------------------------------

------------------------------------------------------------------------------
----End
Configuration Files
#
sysname SwitchA

Switches
#
#
vlan batch 100 200
#
dhcp enable
#
dhcp snooping enable
#
%^%#
#
aaa
domain default
#
interface Vlanif100
ip address 10.20.20.1 255.255.255.0
dhcp select relay
#
interface Vlanif200
ip address 10.10.20.1 255.255.255.0
#
voice-vlan 100 enable include-untagged
#
#
dhcp snooping trusted
#
ip route-static 0.0.0.0 0.0.0.0 10.10.20.2
#
return
l SwitchA configuration file (V200R009C00, V200R010C00, and V200R011C00)

#
sysname SwitchA
#
voice-vlan mac-address 001b-d4c7-0000 mask ffff-
ffff-0000
#
vlan batch 100 200
#
authentication-profile name ipphone
mac-access-profile ipphone
#
dhcp enable
#

Switches
#
%^%#
#
aaa
domain default
#
interface Vlanif100
ip address 10.20.20.1 255.255.255.0
dhcp select relay
#
interface Vlanif200
ip address 10.10.20.1 255.255.255.0
#
#
#
#
ip route-static 0.0.0.0 0.0.0.0 10.10.20.2
#
#
return

#
sysname SwitchA
#
voice-vlan mac-address 001b-d4c7-0000 mask ffff-
ffff-0000
#
vlan batch 100 200
#
#
dhcp enable
#
#
%^%#
#

Switches
aaa
domain default
#
interface Vlanif100
ip address 10.20.20.1 255.255.255.0
dhcp select relay
#
interface Vlanif200
ip address 10.10.20.1 255.255.255.0
#
undo lldp enable
#
undo lldp enable
#
#
ip route-static 0.0.0.0 0.0.0.0 10.10.20.2
#
#
return

#
sysname SwitchB
#
vlan batch 200
#
dhcp enable
#
ip pool ip-phone
gateway-list 10.20.20.1
network 10.20.20.0 mask 255.255.255.0
#
interface Vlanif200
ip address 10.10.20.2 255.255.255.0
dhcp select global
#
#
ip route-static 10.20.20.0 255.255.255.0 10.10.20.1
#
return

Switches

Cisco IP Phones Using HDP
l Overview
l Data Plan
l Procedure
Overview
A Cisco IP phone can obtain a voice VLAN ID through the Cisco Discovery Protocol (CDP)
only. A Huawei switch provides the Huawei Discovery Protocol (HDP) to allocate a voice
VLAN ID to the Cisco phone. To provide the HDP function, enable CDP-compatible LLDP
on the interface.
Switches.
Configuration Notes
This example applies to all versions of all S series switches.
network through VoIP. Cisco IP phones are deployed and can obtain voice VLAN IDs through
CDP only. The network plan should meet the following requirements:
l The priority of voice packets sent by IP phones is low and needs to be increased to
ensure communication quality.
l IP addresses of IP phones are dynamically allocated by the DHCP server, and are on a
different network segment from that of the DHCP server.
l IP phones need to connect to switches through 802.1X authentication.

Switches
Figure 1-8 Networking diagram of connecting switches to Cisco IP phones using HDP
Authentication
server
intranet

GE1/0/3
GE1/0/3
DHCP relay Switch A
GE1/0/1 GE1/0/2
To implement interoperation between switches and IP phones using HDP, IP phones need to
obtain the voice VLAN, apply for IP addresses, go online after authentication, and send
packets. Figure 1-9 shows the process for interoperation between switches and Cisco IP
phones using HDP.
phones to go online after authentication can be performed simultaneously.

Switches
Figure 1-9 Process for interoperation between switches and Cisco IP phones using HDP
Cisco IP phone
Obtain the 1. Power on the IP phone, turn the switch

voice VLAN interface to Up, and send a CDP packet. 2. Enable the CDP-
ID compatible LLDP function
on the switch.
3. Send an HDP packet containing

the voice VLAN ID.
Apply for an
Go online
1. Send an authentication request to
after
the authentication server.
authentication
Send
1. Send a packet carrying VLAN tags. 2. Identify the voice packet
packets
and improve the packet
priority.

l Enable the CDP-compatible LLDP function to allocate voice VLAN IDs to Cisco IP
phones.
l Enable the voice VLAN function to increase the packet priority.
phones.
authentication.
Data Plan
Item Value
Voice VLAN VLAN 100

Switches
Item Value

0021-a08f-0002

Item Value




server

server
Procedure
Step 1 Enable the voice VLAN function on SwitchA.
# Create voice VLAN 100.
# Add interfaces to the voice VLAN.


Switches
# Enable the voice VLAN function on the interface.

[SwitchA] voice-vlan mac-address 001b-d4c7-0000 mask ffff-ffff-0000 //In earlier
versions of V200R003, the OUI needs to be configured. The OUI corresponds to the
IP phone's MAC address. In V200R003 and later versions, the OUI does not need to
be configured.
Step 2 Enable CDP-compatible LLDP on SwitchA.

[SwitchA-GigabitEthernet1/0/1] voice-vlan legacy enable
[SwitchA-GigabitEthernet1/0/2] voice-vlan legacy enable


VLANIF 100.




to IP phones.

Switches




Step 4 Configure an AAA domain and 802.1X authentication for IP phones.

named ipphone.

[SwitchA] aaa
RADIUS.
[SwitchA-aaa] quit
2. Configure 802.1X authentication for IP phones.


Switches
# Enable 802.1X authentication on an interface.

[SwitchA-GigabitEthernet1/0/1] authentication dot1x //Enable 802.1X
authentication.
[SwitchA-GigabitEthernet1/0/2] authentication dot1x



[SwitchA-authen-profile-ipphone] dot1x-access-profile ipphone //Bind
the 802.1X access profile ipphone to the authentication profile.

the 802.1X authentication profile and enable 802.1X authentication.
b. Add a common account.
ii. Click Add in the operation area on the right, and create an 802.1X account.
Click Common account and enter the user name and password. The
configured user name and password must be the same as those configured on
the IP phone, and the account is configured to be the same as the user name.

Switches
iii. Click OK to complete the configuration. Be aware that the account belongs to
the user group named ROOT.
based on the time.

Switches

d. Add an authentication rule.
the IP phone. Set Name to ipphone, click Access, set User group to ROOT,
and select allowed authentication protocols under Authentication Rule.

Switches

Switches

e. Add an authorization result.
Set Name to voice vlan 100, Service type to Access, and VLAN under
Authorization Parameter to 100.

Switches
iii. Click Add to add authorization information. Set Vendor/Standard attribute

to Huawei, Attribute ID/name to HW-Voice-Vlan(33), and Attribute type
to Integer. If Attribute value is set to 1, VLAN 100 is a voice VLAN.
page is displayed.
v. Select the added authorization information.

Switches

f. Add an authorization rule.
After the check in the authentication phase is passed, the authorization phase starts.
During this phase, the Agile Controller assigns rights to users based on
authorization rules.
Authorization Rule.
and set Authorization result to voice vlan 100.

Switches

Switches

about IP phones.
------------------------------------------------------------------------------
------------------------------------------------------------------------------

------------------------------------------------------------------------------
----End
Configuration Files
#
sysname SwitchA

Switches
#
#
vlan batch 100 200
#
undo authentication unified-mode
#
dhcp enable
#
%^%#
#
aaa
domain default
#
interface Vlanif100
ip address 10.20.20.1 255.255.255.0
dhcp select relay
#
interface Vlanif200
ip address 10.10.20.1 255.255.255.0
#
voice-vlan legacy enable
authentication dot1x
#
#
#
ip route-static 0.0.0.0 0.0.0.0 10.10.20.2
#
return
#
sysname SwitchA
#
vlan batch 100 200
#
dot1x-access-profile ipphone
#
dhcp enable
#
%^%#
#

Switches
aaa
domain default
#
interface Vlanif100
ip address 10.20.20.1 255.255.255.0
dhcp select relay
#
interface Vlanif200
ip address 10.10.20.1 255.255.255.0
#
#
#
#
ip route-static 0.0.0.0 0.0.0.0 10.10.20.2
#
dot1x-access-profile name ipphone
#
return

#
sysname SwitchB
#
vlan batch 200
#
dhcp enable
#
ip pool ip-phone
network 10.20.20.0 mask 255.255.255.0
#
interface Vlanif200
ip address 10.10.20.2 255.255.255.0
dhcp select global
#
#
ip route-static 10.20.20.0 255.255.255.0 10.10.20.1
#
return

Switches
1.6 Interoperation Between Switches and IP Phones

Through LLDP-MED
l Overview
l Data Plan
l Procedure
Overview
If an IP phone can obtain the voice VLAN through the network-policy TLV field of LLDP
and the voice packet sent by the IP phone has a higher priority, you can configure the lldp tlv-
enable med-tlv network-policy voice-vlan command on the switch to assign a voice VLAN
to the IP phone, and configure the trusted packet priority on the interface to connect the IP
phone to the network.
Switches.
Configuration Notes
l This example applies to all models of V200R002 and later versions.
network through VoIP. IP phones can obtain voice VLAN IDs from the network-policy TLV
field of LLDP. The network plan should meet the following requirements:
l Voice packets sent by IP phones can carry VLAN tags and have a high priority, and only
the trusted packet priority needs to be configured on switches.
l IP phones need to connect to switches through 802.1X authentication and MAC address
authentication.

Switches
Figure 1-10 Networking diagram of connecting switches to IP phones through LLDP-MED

Authentication
server
intranet

GE1/0/3
GE1/0/3
DHCP relay Switch A
GE1/0/1 GE1/0/2
To implement interoperation between switches and IP phones through LLDP-MED, IP phones
need to obtain the voice VLAN, apply for IP addresses, go online after authentication, and
send packets. Figure 1-11 shows the process for interoperation between switches and IP
phones through LLDP-MED.
phones to go online after authentication can be performed simultaneously.

Switches
Figure 1-11 Process for interoperation between switches and IP phones through LLDP-MED
IP phone
Obtain the 1. Power on the IP phone and

2. Enable LLDP on
voice VLAN turn the switch interface to Up.
the switch to send a
ID MED TLV message.
3. Send an LLDP packet containing

the voice VLAN ID.
Apply for an
Go online
Send
1. Send a packet carrying VLAN tags. 2. Enable the trusted
packets
packet priority and forward
the packet directly.

l Enable LLDP to allocate a voice VLAN to IP phones.
l Configure the trusted packet priority on the interface so that packets are forwarded based
on their original priorities.
phones.
authentication.
Data Plan
Item Value
Voice VLAN VLAN 100

Switches
Item Value

0021-a08f-0002
Authentication mode 802.1X authentication and MAC address

authentication. 802.1X authentication is
performed first. If the authentication fails,
MAC address authentication is performed.

Item Value




server

server
Procedure
Step 1 Enable LLDP on SwitchA and configure the network-policy TLV field on interfaces.
[SwitchA] lldp enable //After LLDP is enabled globally, LLDP is enabled on all
interfaces by default.
[SwitchA-GigabitEthernet1/0/1] lldp tlv-enable med-tlv network-policy voice-vlan
vlan 100 cos 6 dscp 60 //Configure the switch to use the network-policy TLV
field to allocate a voice VLAN ID and priority to IP phones.
[SwitchA-GigabitEthernet1/0/2] lldp tlv-enable med-tlv network-policy voice-vlan
vlan 100 cos 6 dscp 60

Switches

# Add interfaces to voice VLAN 100.

Step 3 Configure the interface to trust the packet priority.

[SwitchA-GigabitEthernet1/0/1] trust 8021p inner //The trust 8021p (inner)
command varies by device model.
[SwitchA-GigabitEthernet1/0/2] trust 8021p inner

VLANIF 100.





Switches

to IP phones.



Step 5 Configure an AAA domain and configure 802.1X authentication and MAC address
authentication for IP phones.
named ipphone.

[SwitchA] aaa
RADIUS.
[SwitchA-aaa] quit
2. Configure 802.1X authentication and MAC address authentication for IP phones.


Switches
# Set the NAC mode to traditional.

[SwitchA] undo authentication unified-mode //By default, the switch
uses the unified mode. When the traditional and unified modes are
switched, the administrator must save the configuration and restart the
switch to make the configuration take effect.
# Enable 802.1X authentication and MAC address authentication on interfaces.

[SwitchA-GigabitEthernet1/0/1] dot1x mac-bypass //Enable MAC address
bypass authentication. MAC address authentication is used when 802.1X
authentication fails.
[SwitchA-GigabitEthernet1/0/2] dot1x mac-bypass


named ipphone.

[SwitchA-authen-profile-ipphone] authentication dot1x-mac-bypass //
Enable MAC address bypass authentication.

the authentication profile.

Switches
based on the time.

Switches

d. Add MAC address information of an IP phone to the Agile Controller. If 802.1X
authentication fails, MAC address authentication is performed.

Switches

group ipphone.
the IP phone.

Switches

Authentication Rule

Switches
the IP phone using 802.1X authentication. Set Name to ipphone_8021x, click
Access, set User group to ROOT, and select allowed authentication protocols
under Authentication Rule.

Switches

iv. Click Add again and add an authentication rule for the IP phone using MAC
address authentication. Set Name to ipphone_mac, Service type to MAC
bypass authentication, and Terminal group to ipphone.

Switches

ii. Click Add in the operation area on the right and add an authorization result
after 802.1X authentication. Set Name to 8021X_voice vlan 100, Service type
to Access, and VLAN under Authorization Parameter to 100.

Switches

page is displayed.

Switches

vii. Click Add again and add an authorization result after MAC address
authentication. Set Name to mac_voice vlan 100, Service type to MAC
bypass authentication, and VLAN under Authorization Parameter to 100.

Switches
viii. Click Add under customized authorization parameter to add authorization

ix. Click OK to complete the configuration, and the Add Authorization Result
page is displayed.
x. Add authorization information on the page.

Switches
xi. Click OK to complete the configuration.

Authorization Rule.
the IP phone using 802.1X authentication. Set Name to ipphone_8021X, click
Access, set User group to ROOT, and set Authorization result to
8021X_voice vlan 100.

Switches

Switches

iv. Click Add again and add an authorization rule for the IP phone using MAC
address authentication. Set Name to ipphone_mac, click MAC bypass
authentication, set Terminal Group to ipphone, and set Authorization
result to mac_voice vlan 100.

Switches

Switches

about IP phones.
------------------------------------------------------------------------------
------------------------------------------------------------------------------

------------------------------------------------------------------------------
----End
Configuration Files
l SwitchA configuration file (V200R007C00 and V200R008C00)
#
sysname SwitchA

Switches
#
vlan batch 100 200
#
undo authentication unified-mode
#
lldp enable
#
dhcp enable
#
%^%#
#
aaa
service-scheme ipphone
domain default
#
interface Vlanif100
ip address 10.20.20.1 255.255.255.0
dhcp select relay
#
interface Vlanif200
ip address 10.10.20.1 255.255.255.0
#
100
trust 8021p
inner
lldp tlv-enable med-tlv network-policy voice-vlan vlan 100 cos 6 dscp 60

dot1x mac-bypass
#
trust 8021p
inner

dot1x mac-bypass
#
#
ip route-static 0.0.0.0 0.0.0.0 10.10.20.2
#
return

#
sysname SwitchA
#
vlan batch 100 200
#
authentication-profile name
ipphone
dot1x-access-profile
ipphone

Switches
mac-access-profile
ipphone
authentication dot1x-mac-bypass
#
lldp enable
#
dhcp enable
#
%^%#
#
aaa
domain default
#
interface Vlanif100
ip address 10.20.20.1 255.255.255.0
dhcp select relay
#
interface Vlanif200
ip address 10.10.20.1 255.255.255.0
#
trust 8021p
inner

#
trust 8021p
inner

#
#
ip route-static 0.0.0.0 0.0.0.0 10.10.20.2
#
dot1x_access_profile
ipphone
mac-access-profile name
mac_access_profile

Switches

#
return

#
sysname SwitchB
#
vlan batch 200
#
dhcp enable
#
ip pool ip-phone
network 10.20.20.0 mask 255.255.255.0
#
interface Vlanif200
ip address 10.10.20.2 255.255.255.0
dhcp select global
#
#
ip route-static 10.20.20.0 255.255.255.0 10.10.20.1
#
return

Through MAC Address-based VLAN Assignment
l Overview
l Data Plan
l Procedure
Overview
If an IP phone does not support LLDP or DHCP, a switch cannot allocate a voice VLAN ID to
it. You can configure MAC address-based VLAN assignment on the switch. Then the switch
identifies voice packets based on the MAC address of the IP phone and increases the priority
of voice packets.
Switches.
Configuration Notes
l This example applies to all versions of all S series switches.

Switches
l The priority of voice packets needs to be increased to ensure communication quality.
l IP phones can go online without authentication because the network environment is
secure.
Figure 1-12 Networking diagram of connecting switches and IP phones through MAC
address-based VLAN assignment
Authentication
server
intranet

GE1/0/3
GE1/0/3
DHCP relay Switch A
GE1/0/1 GE1/0/2
To implement interoperation between switches and IP phones through MAC address-based
VLAN assignment, you need to apply for IP addresses for IP phones, bring IP phones online
without authentication, and conduct communication normally. Figure 1-13 shows the process
for interoperation between switches and IP phones through MAC address-based VLAN
assignment. In this mode, the authentication server does not need to be configured.
The operations of applying for IP addresses and enabling IP phones to go online without

Switches
Figure 1-13 Process for interoperation between switches and IP phones through MAC
address-based VLAN assignment
IP phone
Apply for an
Go online
2. Bring the IP phone online without
authentication.
Send
1. Send a packet without VLAN tags. 2. Match the MAC
packets
address and improve the
packet priority.

l Configure MAC address-based VLANs, assign VLANs to IP phones, and increase the
priority.
phones.
l Configure IP phones to go online without authentication.
Data Plan

Item Value
Voice VLAN VLAN 100

0021-a08f-0002
Authentication mode Non-authentication

Switches

Item Value




server

server
Procedure

mode.
Step 2 Enable MAC address-based VLAN assignment.

[SwitchA] vlan 100
[SwitchA-vlan100] mac-vlan mac-address 001b-d4c7-1fa9 ffff-ffff-0000 priority
6 //The MAC address corresponds to the MAC address of the IP phone. The mask can
be used. This command adds VLAN 100 to untagged packets with the source MAC
address starting from 001b-d4c7 and changes the 802.1p priority to 6.
[SwitchA-vlan100] mac-vlan mac-address 0021-a08f-0000 ffff-ffff-0000 priority 6
[SwitchA-vlan100] quit
[SwitchA-GigabitEthernet1/0/1] mac-vlan enable //Enable MAC address-based VLAN
assignment on an interface. When the interface receives untagged packets, the
packets are processed based on the binding between MAC addresses and VLANs.

Switches
[SwitchA-GigabitEthernet1/0/2] mac-vlan enable


VLANIF 100.




to IP phones.



Switches

Step 4 Configure an AAA domain and configure voice terminals can go online without
authentication.
named ipphone.
# Configure a service scheme and an authentication scheme.

[SwitchA] aaa
[SwitchA-aaa] service-scheme ipphone //Create a service scheme named ipphone.
[SwitchA-aaa-service-ipphone] quit
RADIUS.
[SwitchA-aaa-domain-default] service-scheme ipphone //Bind the service
[SwitchA-aaa] quit
2. Configure the switch to assign a network access policy to voice terminals through a
service scheme. The network access policy defines that voice terminals can go online
without authentication.
– V200R007C00 and V200R008C00
# Configure the switch to assign a network access policy to voice terminals through
a service scheme. The network access policy defines that voice terminals can go
online without authentication.
[SwitchA] authentication device-type voice authorize service-scheme
ipphone


Switches

[SwitchA] authentication-profile name ipphone //Create an
authentication profile named ipphone.
[SwitchA-authen-profile-ipphone] authentication device-type voice
authorize service-scheme ipphone //Configure voice terminals can go
online without authentication.

the authentication profile to the interface.

l You can see that the IP phone can correctly obtain the IP address through the menu of the
IP phone.
l The display mac-address vlan 100 command output on SwitchA displays connection
information about IP phones.
[SwitchA] display mac-address vlan 100
------------------------------------------------------------------------------
-
MAC Address VLAN/VSI Learned-From
Type
------------------------------------------------------------------------------
-
001b-d4c7-1fa9 100/- GE1/0/1
dynamic
0021-a08f-2fa8 100/- GE1/0/2
dynamic
------------------------------------------------------------------------------
-
----End
Configuration Files
#
sysname SwitchA
#
vlan batch 100 200
#
lldp enable
#
dhcp enable
#
vlan 100
mac-vlan mac-address 001b-d4c7-1fa9 ffff-ffff-0000 priority 6
mac-vlan mac-address 0021-a08f-0000 ffff-ffff-0000 priority 6
#
authentication device-type voice authorize service-scheme ipphone
#
%^%#

Switches
#
aaa
domain default
#
interface Vlanif100
ip address 10.20.20.1 255.255.255.0
dhcp select relay
#
interface Vlanif200
ip address 10.10.20.1 255.255.255.0
#
mac-vlan enable
#
mac-vlan enable
#
#
ip route-static 0.0.0.0 0.0.0.0 10.10.20.2
#
return
#
sysname SwitchA
#
vlan batch 100 200
#
authentication device-type voice authorize service-scheme ipphone
#
vlan 100
mac-vlan mac-address 001b-d4c7-1fa9 ffff-ffff-0000 priority 6
mac-vlan mac-address 0021-a08f-0000 ffff-ffff-0000 priority 6
#
lldp enable
#
dhcp enable
#
%^%#
#
aaa
domain default
#
interface Vlanif100
ip address 10.20.20.1 255.255.255.0
dhcp select relay

Switches

#
interface Vlanif200
ip address 10.10.20.1 255.255.255.0
#
mac-vlan enable
#
mac-vlan enable
#
#
ip route-static 0.0.0.0 0.0.0.0 10.10.20.2
#
return

#
sysname SwitchB
#
vlan batch 200
#
dhcp enable
#
ip pool ip-phone
network 10.20.20.0 mask 255.255.255.0
#
interface Vlanif200
ip address 10.10.20.2 255.255.255.0
dhcp select global
#
#
ip route-static 10.20.20.0 255.255.255.0 10.10.20.1
#
return

Through the PVID of the Voice VLAN ID
l Overview
l Data Plan
l Procedure

Switches
Overview
If an IP phone sends packets with VLAN 0 or untagged packets, the PVID of an interface can
be added to the voice packets. Then the priority of the voice packets is increased based on the
VLAN ID. In versions earlier than V200R003C00, switches do not support OUI-based voice
VLANs. If an IP phone can send only packets with VLAN 0 or untagged packets, the IP
phone can access the switch in this mode.
Switches.
Configuration Notes
l This example applies to all versions of all S series switches.
l IP phones need to connect to switches through MAC address authentication.
Figure 1-14 Networking diagram of connecting switches to IP phones through the PVID of
the voice VLAN ID
Authentication
server
intranet

GE1/0/3
GE1/0/3
DHCP relay Switch A
GE1/0/1 GE1/0/2

Switches
To implement interoperation between switches and IP phones through the PVID of the voice
VLAN ID, you need to apply for IP addresses for IP phones, bring IP phones online after
interoperation between switches and IP phones through the PVID of the voice VLAN ID.
Figure 1-15 Process for interoperation between switches and IP phones through the PVID of
the voice VLAN ID
IP phone
Apply for an
Go online
Send 2. Match the MAC

1. Send a packet without VLAN tags.
packets address and improve the
packet priority.

l Configure VLANs to IP phones through the PVID and enable the voice VLAN function
to improve the packet priority.
phones.
authentication.

Switches
Data Plan

Item Value
Voice VLAN VLAN 100

0021-a08f-0002

Item Value




server

server
Procedure


Switches

mode.
Step 2 Enable the voice VLAN function on an interface of SwitchA and set the PVID of the interface
to the voice VLAN ID.
[SwitchA-GigabitEthernet1/0/1] voice-vlan 100 enable //Enable the voice VLAN
function on the interface.
[SwitchA-GigabitEthernet1/0/1] voice-vlan remark-mode mac-address //In V200R003
and later versions, the interface needs to be configured to identify voice
packets based on MAC addresses. This configuration is not required in earlier
versions of V200R003.
[SwitchA-GigabitEthernet1/0/1] port hybrid pvid vlan 100 //Configure the PVID.
[SwitchA-GigabitEthernet1/0/2] voice-vlan remark-mode mac-address
[SwitchA-GigabitEthernet1/0/2] port hybrid pvid vlan 100
[SwitchA] voice-vlan mac-address 001b-d4c7-0000 mask ffff-ffff-0000

VLANIF 100.





Switches

to IP phones.



Step 4 Configure an AAA domain and MAC address authentication for IP phones.
named ipphone.

[SwitchA] aaa
RADIUS.
[SwitchA-aaa] quit
2. Configure MAC address authentication for IP phones.


Switches


[SwitchA-GigabitEthernet1/0/1] authentication mac-authen //Enable MAC
address authentication.

# Configure a MAC access profile.

named ipphone


the MAC address authentication profile and enable MAC address
authentication.
b. Add a MAC account based on the MAC address of the IP phone.
ii. Click Add in the operation area on the right. Account type select MAC
Address Account. Enter the MAC address of the IP phone and enter the
account name randomly.

Switches

based on the time.

Switches

d. Add MAC address information of an IP phone to the Agile Controller.

Switches

group ipphone.
the IP phone.


Switches

Authentication Rule
the IP phone. Set Name to ipphone, Service type to MAC bypass
authentication, and Terminal group to ipphone.


Switches

page is displayed.

Switches

authorization Rule.
the IP phone. Set Name to ipphone, click MAC bypass authentication, set
Terminal Group to ipphone, and set Authorization result to voice vlan 100.

Switches

Switches

phone.
about IP phones.
------------------------------------------------------------------------------
------------------------------------------------------------------------------

------------------------------------------------------------------------------
----End
Configuration Files
#
sysname SwitchA

Switches
#
#
vlan batch 100 200
#
dhcp enable
#
%^%#
#
aaa
domain default
#
interface Vlanif100
ip address 10.20.20.1 255.255.255.0
dhcp select relay
#
interface Vlanif200
ip address 10.10.20.1 255.255.255.0
#
voice-vlan remark-mode mac-address
port hybrid pvid vlan 100
#
#
#
ip route-static 0.0.0.0 0.0.0.0 10.10.20.2
#
return
#
sysname SwitchA
#
#
vlan batch 100 200
#
#
dhcp enable
#
%^%#

Switches

#
aaa
domain default
#
interface Vlanif100
ip address 10.20.20.1 255.255.255.0
dhcp select relay
#
interface Vlanif200
ip address 10.10.20.1 255.255.255.0
#
#
#
#
ip route-static 0.0.0.0 0.0.0.0 10.10.20.2
#
#
return

#
sysname SwitchB
#
vlan batch 200
#
dhcp enable
#
ip pool ip-phone
network 10.20.20.0 mask 255.255.255.0
#
interface Vlanif200
ip address 10.10.20.2 255.255.255.0
dhcp select global
#
#
ip route-static 10.20.20.0 255.255.255.0 10.10.20.1
#
return

Switches

Through an ACL
l Overview
l Data Plan
l Procedure
Overview
If an IP phone does not support LLDP or DHCP, a switch cannot assign a voice VLAN ID to
the IP phone. In this case, the IP phone can interoperate with the switch through an ACL. That
is, you can run the port add-tag acl command on an interface to identify voice packets and
increase the priority of voice packets.
Switches.
Configuration Notes
l In this example, the port add-tag acl command is supported on all S series modular
switches and on the following S series fixed switches:
– S2700 series: S2752EI
– S3700 series: all models
– S5700 series: S5700EI, S5700HI, S5710EI, S5720EI, S5710HI, S5720HI, and
S5730HI
– S6700 series: S6700EI, S6720EI, S6720S-EI, and S6720HI
l If an IP phone sends tagged packets with VLAN 0, the switch does not add the voice
VLAN ID to the tagged packets. As a result, the IP phone cannot interoperate with the
switch. You can change the configuration of the IP phone or use other methods to
connect the IP phone to the switch.

Switches
Figure 1-16 Networking diagram of connecting switches to IP phones through an ACL

Authentication
server
intranet

GE1/0/3
GE1/0/3
DHCP relay Switch A
GE1/0/1 GE1/0/2
To implement interoperation between switches and IP phones through an ACL, you need to
apply for IP addresses for IP phones, bring IP phones online after authentication, and conduct
communication normally. Figure 1-17 shows the process for interoperation between switches
and IP phones through an ACL.

Switches
Figure 1-17 Process for interoperation between switches and IP phones through an ACL
IP phone
Apply for an
Go online
Send
1. Send a packet without VLAN tags. 2. Match the voice packet
packets
through the ACL and improve
the packet priority.

l Configure an ACL to identify voice packets, add the voice VLAN ID to the voice
packets, and increase the priority.
phones.
authentication.
Data Plan

Item Value
Voice VLAN VLAN 100

0021-a08f-0002

Switches

Item Value




server

server
Procedure

mode.
Step 2 Configure an ACL to identify voice packets, and add the voice VLAN ID to the voice packets
and increase the priority.
[SwitchA] acl 4000
[SwitchA-acl-L2-4000] rule permit source-mac 001d-a21a-0000 ffff-ffff-0000 //The
IP phone's MAC address uses the 24-bit mask.
[SwitchA-acl-L2-4000] rule permit source-mac 0021-a08f-0000 ffff-ffff-0000 //
This is the MAC address of another IP phone.
[SwitchA-acl-L2-4000] quit
[SwitchA-GigabitEthernet1/0/1] port add-tag acl 4000 vlan 100 remark-8021p 6 //
Configure ACL 4000. The switch tags VLAN 100 to the packets that match ACL 4000

Switches
and changes the 802.1p priority to 6.

[SwitchA-GigabitEthernet1/0/2] port add-tag acl 4000 vlan 100 remark-8021p 6

VLANIF 100.




to IP phones.



Switches



named ipphone.

[SwitchA] aaa
RADIUS.
[SwitchA-aaa] quit


authentication.


Switches




Switches
based on the time.

Switches


Switches

Switches


Switches

page is displayed.

Switches

Authorization Rule.

Switches

Switches

phone.
about IP phones.
------------------------------------------------------------------------------
------------------------------------------------------------------------------

------------------------------------------------------------------------------
----End
Configuration Files
#
sysname SwitchA

Switches
#
vlan batch 100 200
#
dhcp enable
#
radius-server template iphone
%^%#
#
acl number
4000
rule 5 permit source-mac 001d-a21a-0000 ffff-ffff-0000
rule 10 permit source-mac 0021-a08f-0000 ffff-ffff-0000
#
aaa
domain default
radius-server iphone
#
interface Vlanif100
ip address 10.20.20.1 255.255.255.0
dhcp select relay
#
interface Vlanif200
ip address 10.10.20.1 255.255.255.0
#
port hybrid untagged vlan
100
port add-tag acl 4000 vlan 100 remark-8021p 6
#
100
#
#
ip route-static 0.0.0.0 0.0.0.0 10.10.20.2
#
return
#
sysname SwitchA
#
vlan batch 100 200
#
authentication-profile name iphone
dot1x-access-profile iphone
#
dhcp enable
#
radius-server template iphone
%^%#

Switches
acl number
4000
#
aaa
domain default
radius-server iphone
#
interface Vlanif100
ip address 10.20.20.1 255.255.255.0
dhcp select relay
#
interface Vlanif200
ip address 10.10.20.1 255.255.255.0
#
100
authentication-profile iphone
#
100
authentication-profile iphone
#
#
ip route-static 0.0.0.0 0.0.0.0 10.10.20.2
#
dot1x-access-profile name iphone
#
return

#
sysname SwitchB
#
vlan batch 200
#
dhcp enable
#
ip pool ip-phone
network 10.20.20.0 mask 255.255.255.0
#
interface Vlanif200
ip address 10.10.20.2 255.255.255.0
dhcp select global
#
#
ip route-static 10.20.20.0 255.255.255.0 10.10.20.1
#
return

Switches

Through a Simplified Traffic Policy
l Overview
l Data Plan
l Procedure
Overview
If an IP phone does not support LLDP or DHCP, a switch cannot assign a voice VLAN ID to
the IP phone. In this case, the IP phone can interoperate with the switch through an ACL-
based simplified traffic policy. That is, you can run the traffic-remark inbound acl
command on an interface to identify voice packets and increase the priority of voice packets.
Switches.
Configuration Notes
l This example applies to all versions and models of fixed switches.
l This example applies to all models of modular switches of V200R005C00 and later
versions.
l The priority of voice packets needs to be increased to ensure communication quality.

Switches
Figure 1-18 Networking diagram of connecting switches to IP phones through a simplified

traffic policy
Authentication
server
intranet

GE1/0/3
GE1/0/3
DHCP relay Switch A
GE1/0/1 GE1/0/2
To implement interoperation between switches and IP phones through a simplified traffic
policy, you need to apply for IP addresses for IP phones, bring IP phones online after
interoperation between switched and IP phones through a simplified traffic policy.

Switches
Figure 1-19 Process for interoperation between switches and IP phones through a simplified
traffic policy
IP phone
Apply for an
Go online
Send
1. Send a packet without VLAN tags. 2. Identify the voice packet
packets
through the traffic policy and
improve the packet priority.

l Configure an ACL-based simplified traffic policy to identify voice packets, add the voice
VLAN ID to the voice packets, and increase the priority.
phones.
authentication.
Data Plan
Item Value
Voice VLAN VLAN 100

0021-a08f-0002

Switches

Item Value




server

server
Procedure

mode.
Step 2 Configure an ACL to identify voice packets, and add the voice VLAN ID to the voice packets
and increase the priority.
[SwitchA] acl 4000
[SwitchA-acl-L2-4000] rule permit source-mac 001d-a21a-0000 ffff-ffff-0000 //The
IP phone's MAC address uses the 24-bit mask.
[SwitchA-acl-L2-4000] rule permit source-mac 0021-a08f-0000 ffff-ffff-0000 //
This is the MAC address of another IP phone.
[SwitchA-acl-L2-4000] quit
[SwitchA-GigabitEthernet1/0/1] port hybrid pvid vlan 100 //The interface tags
the PVID of 100 to received untagged packets.

Switches
[SwitchA-GigabitEthernet1/0/1] traffic-remark inbound acl 4000 8021p 6 //

Configure ACL-based re-marking on the interface, and change the 802.1p priority
of packets matching ACL 4000 to 6.
[SwitchA-GigabitEthernet1/0/1] traffic-remark inbound acl 4000 dscp 46 //Change
the DSCP priority of packets matching ACL 4000 to 46.
[SwitchA-GigabitEthernet1/0/2] port hybrid pvid vlan 100
[SwitchA-GigabitEthernet1/0/2] traffic-remark inbound acl 4000 8021p 6
[SwitchA-GigabitEthernet1/0/2] traffic-remark inbound acl 4000 dscp 46

VLANIF 100.




to IP phones.


Switches




named ipphone.

[SwitchA] aaa
RADIUS.
[SwitchA-aaa] quit


authentication.

Switches





Switches
based on the time.

Switches


Switches

Switches


Switches

page is displayed.

Switches

Authorization Rule.

Switches

Switches

phone.
about IP phones.
------------------------------------------------------------------------------
------------------------------------------------------------------------------

------------------------------------------------------------------------------
----End
Configuration Files
#
sysname SwitchA

Switches
#
vlan batch 100 200
#
dhcp enable
#
%^%#
#
acl number
4000
#
aaa
domain default
#
interface Vlanif100
ip address 10.20.20.1 255.255.255.0
dhcp select relay
#
interface Vlanif200
ip address 10.10.20.1 255.255.255.0
#
100
100
traffic-remark inbound acl 4000 8021p
6
traffic-remark inbound acl 4000 dscp ef
#
100
100
6
#
#
ip route-static 0.0.0.0 0.0.0.0 10.10.20.2
#
return
#
sysname SwitchA
#
vlan batch 100 200
#
dot1x-access-profile ipphone

Switches
#
dhcp enable
#
%^%#
#
acl number
4000
#
aaa
domain default
#
interface Vlanif100
ip address 10.20.20.1 255.255.255.0
dhcp select relay
#
interface Vlanif200
ip address 10.10.20.1 255.255.255.0
#
100
100
6
#
100
100
6
#
#
ip route-static 0.0.0.0 0.0.0.0 10.10.20.2
#
dot1x-access-profile name ipphone
#
return

#
sysname SwitchB
#
vlan batch 200
#
dhcp enable
#

Switches
ip pool ip-phone
network 10.20.20.0 mask 255.255.255.0
#
interface Vlanif200
ip address 10.10.20.2 255.255.255.0
dhcp select global
#
#
ip route-static 10.20.20.0 255.255.255.0 10.10.20.1
#
return
1.11 Appendix 1: Common Causes for IP Phones' Login

Failures and Workaround
The following describes common causes.
l Cause 1: An Avaya Phone Cannot Go Online Because It Cannot Obtain an IP
Address Within 60s
l Cause 2: An Avaya Phone Cannot Go Online When It Uses MAC Address
Authentication and the Switch of an Earlier Version of V200R003C00 Is Enabled
with MAC Address Bypass Authentication
l Cause 3: An IP Phone Cannot Go Online Because the VLANs for Authentication
and Forwarding Voice Flows Are Different
l Cause 4: An IP Phone Is Enabled with 802.1X Authentication and the Switch Is
Configured with MAC Address Bypass Authentication. When 802.1X
Authentication of the IP Phone Fails, the Switch Does Not Perform MAC Address
Authentication. Consequently, the IP Phone Cannot Go Online
l Cause 5: The IP Phone Goes Online and Offline Frequently Because It Does Not
Respond to ARP Offline Probe Packets Sent by the Switch
l Cause 6: Customized Options Are Not Configured for a Switch Functioning as the
DHCP Server. As a Result, Mitel 5212 Phones Fail to Go Online
Cause 1: An Avaya Phone Cannot Go Online Because It Cannot Obtain an IP

Address Within 60s
The Avaya phone fails to obtain an IP address through DHCP within 60s due to the network
delay or other causes. After the timer expires, the Avaya phone sends packets tagged with
VLAN 0 repeatedly. The switch processes packets tagged with VLAN 0 in the same manner
as untagged packets, that is, in the VLAN specified by the PVID of an interface. Such packets
are not processed in the voice VLAN. As a result, the Avaya phone fails to be authenticated
and cannot connect to the switch.
Workaround
l Method 1: In V200R003C00 and later versions, you are advised to configure the OUI-
based voice VLAN. The switch then adds the voice VLAN ID to untagged packets so
that the packets can be forwarded in the voice VLAN. For details, see 1.4
(Recommended) Interoperation Between Switches and IP Phones Through the
OUI-based Voice VLAN. For the fixed switches (S5720EI, S6720EI, S6720S-EI), and
modular switches (excluding X series cards), you can also use the voice-vlan vlan-id

Switches
enable include-tag0 command to enable the voice VLAN for packets tagged with
VLAN 0 in V200R010 and later versions.
l Method 2: Modify the value of the VLAN TEST timer of the IP phone: Press the star key
(*) and enter the password to access the menu. Select VLAN TEST and change the
default value to 0 (no timeout). After the Avaya phone restarts, the timer settings are no
longer effective and must be reconfigured.
Cause 2: An Avaya Phone Cannot Go Online When It Uses MAC Address

Authentication and the Switch of an Earlier Version of V200R003C00 Is Enabled
with MAC Address Bypass Authentication
The switch enabled with MAC address bypass authentication performs MAC address
authentication only when the timeout interval of the 802.1X client is exceeded. In earlier
versions of V200R003C00, the timeout interval of the 802.1X client is 30s. That is, MAC
address authentication is performed after 30s. The value of the timer of the Avaya phone is
60s. If the Avaya phone fails to be authenticated within 30s, it sends only packets tagged with
VLAN 0. As a result, the Avaya phone cannot go online.
Workaround
[HUAWEI] dot1x timer client-timeout 5 //Change the authentication timeout
interval of the client to 5s to increase the MAC address authentication time.
Cause 3: An IP Phone Cannot Go Online Because the VLANs for Authentication

and Forwarding Voice Flows Are Different
An IP phone cannot go online because the VLANs for authentication and forwarding voice
flows are different. The root cause is that the switch forwards only packets from the
authenticated VLAN but discards packets from the non-authenticated VLAN.
Figure 1-20 shows the scenario where the IP phone cannot go online.
Figure 1-20 IP phone cannot go online
Scenario 2: The IP phone

Scenario 1: An IP phone
that sends packets tagged
cannot go online using
IP phone 802.1x authentication. Switch with VLAN 0 or untagged
IP phone Switch
packets cannot go online.
1. Send DHCP Discover
messages tagged with VLAN 0
2. Forward or untagged DHCP Discover
1. Send untagged EAP packets. 2. The packets
authentication messages.
tagged with VLAN
packets in 0 or untagged
VLAN packets are
3. Use the PVID for authentication. specified by 3. Use the PVID for authentication. forwarded in the
PVID. VLAN specified by
the PVID.
4. Obtain voice VLAN ID through 4. Obtain voice VLAN ID through
LLDP. The voice VLAN ID is LLDP. The voice VLAN ID is
different from the PVID. different from the PVID.
5. Use the voice VLAN for 5. Use the voice VLAN for
communication. The login fails. communication. The login fails.
Workaround

Switches
l Method 1: In V200R003C00 and later versions, you are advised to configure the OUI-
based voice VLAN. For details, see 1.4 (Recommended) Interoperation Between
Switches and IP Phones Through the OUI-based Voice VLAN.
l Method 2: In V200R010 and later versions, MAC address migration can be enabled so
that IP phones can be authenticated based on the PVID and voice VLAN ID.
[HUAWEI] authentication mac-move enable vlan 10 100 //Assume that the PVID
of the interface is VLAN 10 and the voice VLAN ID is VLAN 100.
l Method 3: Configure the blacklist so that the switch discards the packets that come from
the IP phone and are forwarded based on the PVID. In this case, the authenticated VLAN
and voice VLAN of the IP phone are the same.
a. Configure an ACL rule to match the MAC address of the IP phone and PVID of the
interface.
[HUAWEI] acl number 4000
[HUAWEI-acl-L2-4000] rule 5 permit source-mac ac44-f211-df8e vlan-id
1 //Assume that the MAC address of the IP phone is ac44-f211-df8e and
the PVID is VLAN 1.
[HUAWEI-acl-L2-4000] quit
b. Configure an attack defense policy.

[HUAWEI] cpu-defend policy p1
[HUAWEI-cpu-defend-policy-p1] blacklist 1 acl 4000 //Configure the
blacklist.
[HUAWEI-cpu-defend-policy-p1] quit
c. Apply the attack defense policy globally.

[HUAWEI] cpu-defend-policy p1 global
l Method 4: Configure dynamic VLAN authorization. If different interfaces use different

voice VLAN IDs, configuring dynamic VLAN authorization cannot prevent the problem.
You can configure only the unified mode.
a. Configure the same user VLAN ID as the voice VLAN ID in the service scheme.
[HUAWEI] aaa
[HUAWEI-aaa] service-scheme test //Create a service scheme named test.
[HUAWEI-aaa-service-test] user-vlan 100 //Configure a user VLAN. The
user VLAN ID is the voice VLAN ID.
[HUAWEI-aaa-service-test] voice-vlan //Enable the voice VLAN function.
[HUAWEI-aaa-service-test] quit
b. Apply the service scheme to the default domain.

[HUAWEI-aaa] domain default
[HUAWEI-aaa-domain-default] service-scheme test
[HUAWEI-aaa-domain-default] quit
[HUAWEI-aaa] quit
c. Authorize the voice VLAN through the server. Set the authorization VLAN ID to
the voice VLAN ID and set Attribute ID/name to HW-Voice-vlan(33). The Agile
Controller is used as an example.
Choose Policy > Permission Control > Authentication & Authorization >
Authorization Result and click Add to create an authorization result.

Switches

Switches
Cause 4: An IP Phone Is Enabled with 802.1X Authentication and the Switch Is

Configured with MAC Address Bypass Authentication. When 802.1X
Authentication of the IP Phone Fails, the Switch Does Not Perform MAC
Address Authentication. Consequently, the IP Phone Cannot Go Online
Workaround
l Method 1: Disable 802.1X authentication on the IP phone.
a. Disable 802.1X authentication on the Avaya phone:
i. Press the star key (*), enter the password (27238 by default), and press the
pound key (#) to enter the menu.
ii. Select 802.1X, and set values of Supplicant and Pass-thru to disable.
b. Disable 802.1X authentication on the Cisco phone:
Choose Security Configuration > 8021X Authentication and set Device
Authentication to Disable.
l Method 2: Configure MAC address-prioritized Portal authentication on the switch
interface. Only the common mode supports this configuration.
[HUAWEI] interface gigabitethernet 0/0/1
[HUAWEI-GigabitEthernet0/0/1] dot1x mac-bypass mac-auth-first
Cause 5: The IP Phone Goes Online and Offline Frequently Because It Does Not
Respond to ARP Offline Probe Packets Sent by the Switch
To ensure normal online status of the IP phone, the switch sends ARP offline probe packets
with the source IP address of 255.255.255.255 to the IP phone. If the IP phone does not
support response to ARP offline probe packets with the source IP address of 255.255.255.255,
the switch considers the IP phone offline and disconnects the IP phone. In this case, the IP
phone may go online and offline frequently. Check ARP detect fail.
Run the display aaa offline-record all command to check the cause for logout of the IP
phone.
<HUAWEI> display aaa offline-record all
-------------------------------------------------------------------
User name : test@rds
Domain name : default
User MAC : 0021-9746-b67c
User access type : MAC
User access interface : GigabitEthernet0/0/2
Qinq vlan/User vlan : 0/1
User IP address : 192.168.2.2
User IPV6 address : -
User ID : 19
User login time : 2016/10/01 04:49:39
User offline time : 2016/10/01 04:59:43
User offline reason : ARP detect fail
-------------------------------------------------------------------
Are you sure to display some information?(y/n)[y]:
Workaround
l Method 1: Configure the default source IP address of ARP offline detection packets.
[HUAWEI] access-user arp-detect default ip-address 0.0.0.0 //Configure the
default source address of ARP offline probe packets as 0.0.0.0.

Switches
l Method 2: Configure the source IP address and source MAC address of ARP offline
detection packets in the specified VLAN.
[HUAWEI] access-user arp-detect vlan 10 ip-address 192.168.1.1 mac-address
2222-1111-1234 //Configure the source IP address of ARP offline probe
packets as 192.168.1.1 and the source MAC address as 2222-1111-1234.
Cause 6: Customized Options Are Not Configured for a Switch Functioning as

the DHCP Server. As a Result, Mitel 5212 Phones Fail to Go Online
When a switch functions as the DHCP server, Option 128, Option 129, Option 130, and
Option 131 need to be configured in the address pool of the DHCP server; otherwise, Mitel
5212 phones cannot identify DHCP Offer packets sent by the DHCP server and cannot go
online.
Workaround
Perform the following configurations on the switch and ensure that these fields are included in
sent packets:
[HUAWEI] ip pool ip-phone
[HUAWEI-ip-pool-ip-phone] option 128 ip-address 10.20.20.1
[HUAWEI-ip-pool-ip-phone] option 130 ascii MITEL IP PHONE
1.12 Appendix 2: Guide for Configuring Cisco RADIUS

Authentication Server
When CiscoSecure ACS is used as the RADIUS authentication server and hosts are connected
to IP phones in inline mode, bind user names and passwords of IP phones to the voice VLAN
on the RADIUS server, as shown in Figure 1-21.
Figure 1-21 Networking of the RADIUS server
S Switch V200R006 provides the following optimization:

Switches
l In earlier versions of S Switch V200R006, the voice VLAN attribute (device-traffic-

class=voice) is configured on the RADIUS server to identify the voice VLAN and
authenticate voice services, as shown in Figure 1-22.
In S Switch V200R006 and later versions, the voice VLAN attribute (device-traffic-
class=voice) does not need to be configured. The voice-vlan X enable command is
configured on the switch to identify the voice VLAN and authenticate voice services.
Figure 1-22 Configuring the voice VLAN attribute (device-traffic-class=voice) on the

RADIUS server
l In earlier versions of S Switch V200R006, data and voice services for a VLAN on an
interface can be authenticated simultaneously. In V200R006 and later versions,
authentication is performed one at a time.

Switches 2 Power Supply Guide for Interoperation Between Huawei
Interoperation and Replacement Guide PoE Switches and PDs
2 Power Supply Guide for Interoperation

Between Huawei PoE Switches and PDs
About This Chapter
2.1 Power Supply Guide for Interoperation Between Huawei PoE Switches and IP Phones
2.2 Power Supply Guide for Interoperation Between Huawei PoE Switches and APs
2.3 Power Supply Guide for Interoperation Between Huawei PoE Switches and IP Cameras
2.1 Power Supply Guide for Interoperation Between

Huawei PoE Switches and IP Phones
This section describes whether a PoE switch can supply power to IP phones connected to the
switch. For details about how to configure IP phones, see 1 Interoperation Between Huawei
Switches and IP Phones.
Principles
A device that needs to be powered by a PoE switch is generally referred to as a powered
device (PD). Therefore, an IP phone is also a PD. Huawei PoE switches conform to IEEE
802.3af and IEEE 802.3at, use uniform power sources, and can provide power to all standard
PDs by default. To enable Huawei PoE switches to provide power to some nonstandard PDs,
you need to perform some configurations on the switches, Table 2-1 describes common
causes for failures to provide power to nonstandard PDs.
Table 2-1 Common causes for failures to provide power to nonstandard PDs
Cause Configuration to Be Performed on a PoE Switch
The PD detection signature Run the poe legacy enable command on the interfaces that
capacitance is larger than connect the switch to PDs to enable PD compatibility
0.15 uF. check.

The current of PDs cannot Run the poe power-on delay delay-time command on the
exceed 10 mA for more than interfaces that connect the switch to PDs to set the power-
75 ms within every 325 ms on delay. By default, the power-on delay of interfaces is 0.
after the PDs are powered on. That is, power-on is not delayed.
The current for a specific PD Run the poe force-power command on the interfaces that
class is larger than 51 mA. connect the switch to PDs to forcibly provide power to the
PDs.
Summary of Power Supply for Different Types of IP Phones

IP phones described in Table 2-2 have been tested and will be updated based on the test
results.

Table 2-2 Power supply for different types of IP phones connected to PoE switches (this table
applies to switches running V200R009 or later)
IP Phone Model Whether Whether Power Supply Failure
PDs Are PDs Can Be Cause and Solution
Standard Powered
PDs
Cisco CP-7962G, Cisco Standard PDs Yes None

CP-7965G, Cisco
CP-7975G, Cisco
CP-7942G, Cisco
CP-9951G, Cisco
CP-7941G, Cisco
CP-7941G-GE, Cisco
CP-3905, Cisco CP-7961G,
Cisco CP-7961G-GE, Cisco
CP-7971G, Cisco
CP-7911G, Cisco
CP-8961G, Cisco
CP-7945G, Cisco
CP-7821G, Cisco CP-9971,
Cisco CP-7906G, Cisco
Cisco CP-6945, Cisco
CP-8841, Cisco CP-6941,
CP-7841, Cisco CP-8945,
CP-8961, Cisco CP-8941,
CiscoCP-7906, Cisco 3905,
CP-7811, Cisco SPA502G,
CiscoSPA504G, Cisco
SPA508G, Cisco SPA512G,
Cisco SPA524G, Cisco
SPA525G, CiscoCP-7970,
CP-3911, Cisco CP-3951,
Cisco CP-7985, Cisco6961,
Cisco SPA509G, Cisco
SPA942G, Cisco SPA962G,
CP-8851, Avaya 1608-I,
Avaya 9650, Avaya 9611G,
Avaya 4621, Avaya 1616-I,
Avaya9630G, Avaya 1692,
Avaya 9620, Avaya 9621,
Avaya9641, Avaya 1230,


Standard Powered
PDs
Avaya 1220, Avaya9640G,

Avaya 9670G, Avaya
4610sw, Avaya E129,
Avaya 1120E, Polycom330,
Polycom CX3000, Polycom
vvx500, Polycom 550,
Polycom CX700,
PolycomCX600, Polycom
650sip, Polycom 601sip,
Polycom 320, Polycom 450,
Polycom301SIP, Snom 820,
Snom 821, Snom 300, Mitel
5340, Mitel 5212,
Nortel1140E, H3C 3120,
GXP 1450, GXP 1630,
GXP 2160, Atcom A11,
EsceneES290-PN, Escene
WS290-PN, Fanvil F52HP,
Yealink SIP T23P,
YealinkSIP T22P, Yealink
SIP T28P, HP 4120, Alcatel
Lucent 4068,
NORTEL1140E, Huawei
eSpace 8950, Huawei
eSpace 7950
Cisco CP-7940G, Cisco Nonstandar No Cause: The PD detection

CP-7912 d PDs signature capacitance is
larger than 0.15 uF.
Solution: Run the poe
legacy enable command on
the interfaces that connect
the switch to PDs to enable
PD compatibility check.
Cisco CP-7960G Nonstandar No Cause: The PD detection

d PDs signature capacitance is
larger than 0.15 uf, and the
cable pairs 4/5 and 7/8 of
the IP phone has backfeed
voltage.
Solution: Use an isolation
header to power on these
PDs. For details about
isolation headers, contact
product maintenance
personnel.


Standard Powered
PDs
Huawei eSpace 7910 Nonstandar After the Cause: After the switch
d PDs switch powers on the IP phone and
powers on the IP phone has a local
the IP phone, power supply installed, the
the power output power of the IP
supply of the phone is less than 400 mW.
switch port is As a result, the power
interrupted supply of the switch is
when the IP interrupted because the
phone has maintain power of the IP
the local phone is low.
power Solution: Run the poe
supply legacy enable command on
installed. In the interfaces that connect
this case, the the switch to PDs to enable
switch PD compatibility check.
continuously
attempts to
power on the
IP phone but
the power
supply is
interrupted.

Huawei PoE Switches and APs
This section describes whether a PoE switch can supply power to APs connected to the
switch. For details about how to configure APs, see the manual of the specific AP model.
Principles
device (PD). Therefore, an AP is also a PD. Huawei PoE switches conform to IEEE 802.3af
and IEEE 802.3at, use uniform power sources, and can provide power to all standard PDs by
default. To enable Huawei PoE switches to provide power to some nonstandard PDs, you
need to perform some configurations on the switches, Table 2-3 describes common causes for
failures to provide power to nonstandard PDs.

0.15 uF. check.
PDs.
Summary of Power Supply for Different Types of APs

APs described in Table 2-4 have been tested and will be updated based on the test results.

Table 2-4 Power supply for different types of APs connected to PoE switches (this table
applies to switches running V200R009 or later)
AP Model Whether Whether Power Supply Failure
Standard Powered
PDs
Cisco AIR-CAP1602I-A- Standard PDs Yes None

K9, Cisco AIR-CAP3702I-
H-K9, Cisco AIR-
CAP2602I-A-K9,
CiscoAIR-CAP1131AG-C-
K9, Cisco AIR-CAP3602I-
A-K9, Cisco AIR-
CAP1702I-C-K9, Cisco
AIR-AP1852I-H-K9, Cisco
AIR-AP3802E-H-K9, Cisco
AIR-AP1852I-H-K9, Cisco
AIR-AP3802E-H-K9,
Aruba AP205, Meraki
MR34, Ruijie RG-AP130,
Huawei R230D, Huawei
R240D,
HuaweiAP2030DN,
Huawei WA603, Huawei
AP6050DN, Huawei
AP7050DN-E,
HuaweiAP7050DE, Huawei
AP4030DN, Huawei
BTS3911B, Huawei
AP5030DN,
HuaweiAP9430DN-12,
Huawei AP5130DN,
Huawei AP7050DN-E,
Huawei AP7110DN,
Huawei AP8130DN, TP-
link TL-AP300C-POE, TP-
Link TL-AP452C-POE, TP-
Link TL-AP1750C-POE,
TP-link TL-AP300C-POE,
TP-Link TL-AP452C-POE,
TP-Link TL-AP1750C-
POE, Ruckus ZoneFlex
R710, Ruckus ZoneFlex
R710, Ruckus
ZoneFlexR610, Ruckus
ZoneFlex R510

AP Model Whether Whether Power Supply Failure

Standard Powered
PDs
Aruba AP 325, MikroTik Nonstandar No Cause: The cable pairs 4/5

d PDs and 7/8 of the AP has
backfeed voltage, causing
the cable pairs 4/5 and 7/8
of the three adjacent ports
of the port connected to the
AP carry power.
Solution: Use an isolation
header to power on these
PDs. For details about
isolation headers, contact
product maintenance
personnel.
Netgear WG102-500 Nonstandar No Use PoE switches

d PDs developed in versions later
than V200R008.
Aastra 6725, Ruijie RG- Nonstandar No Cause: The current of PDs

AP520 d PDs cannot exceed 10 mA for
more than 75 ms within
every 325 ms after the PDs
are powered on.
power-on delay delay-time
command on the interfaces
that connect the switch to
PDs to set the power-on
delay. By default, the
power-on delay of
interfaces is 0. That is,
power-on is not delayed.

Huawei PoE Switches and IP Cameras
This section describes whether a PoE switch can supply power to IP cameras connected to the
switch. For details about how to configure IP cameras, see the manual of the specific IP
camera model.
Principles
device (PD). Therefore, an IP camera is also a PD. Huawei PoE switches conform to IEEE
802.3af and IEEE 802.3at, use uniform power sources, and can provide power to all standard

PDs by default. To enable Huawei PoE switches to provide power to some nonstandard PDs,
you need to perform some configurations on the switches, Table 2-5 describes common
causes for failures to provide power to nonstandard PDs.
0.15 uF. check.
PDs.
Summary of Power Supply for Different Types of IP Cameras

IP cameras described in Table 2-6 have been tested and will be updated based on the test
results.

Table 2-6 Power supply for different types of IP Cameras connected to PoE switches (this
table applies to switches running V200R009 or later)
IP Camera Model Whether Whether Power Supply Failure
Standard Powered
PDs
Dahua DH-IPC- Standard PDs Yes None

HFW4300D-V2-1200B,
Dahua DH-IPC-HF8239E,
Dahua DH-SD-50D230T-
HN, Dahua DH-
SD59430U-HNI, Dahua
DH-IPC-HDP5121E,
Dahua DH-IPC-
HDBW3120R-AS, Dahua
DH-IPC-HFW4233M,
Dahua DH-IPC-EW5431-S,
Dahua DH-IPC-
EBW81230, Dahua DH-
SD-42D212S-HN, Dahua
DH-SDZ2030U-N, Dahua
DH-IPC-HF8239E, Dahua
DH-SD-50D230T-HN,
Dahua DH-SD59430U-
HNI, Dahua DH-IPC-
HDP5121E, Dahua DH-
IPC-HDBW3120R-AS,
Dahua DH-IPC-
HFW4233M, Dahua DH-
IPC-EW5431-S, Dahua
DH-IPC-EBW81230,
Dahua DH-SD-42D212S-
HN, Dahua DH-
SDZ2030U-N, Huawei
IPC6525-Z30,
HuaweiIPC6625-Z30-P,
Huawei IPC6225-URZ-SP,
Huawei IPC6224-VRZ,
Huawei IPC6324-MIR,
Huawei IPC6125-WDL-P
Dahua DH-SD6AE530U- Nonstandar No Cause: The current for a

HNI, Dahua DH- d PDs specific PD class is larger
SD6AE530U-HNI than 51 mA.
force-power command on
the interfaces that connect
the switch to PDs to
forcibly provide power to
the PDs.

Switches 3 Interoperation Between Huawei Switches and an
Interoperation and Replacement Guide Microsoft NLB Cluster

and an Microsoft NLB Cluster
About This Chapter
3.1 Interoperation Between Huawei Switches and an Microsoft NLB Cluster (Using Multi-
Interface ARP)
3.2 Interoperation Between a Single Huawei Switch and an Microsoft NLB Cluster (Using
Physical Link Loopback)
3.3 Interoperation Between a VRRP Group and an Microsoft NLB Cluster (Using Physical
Link Loopback)
3.4 Interoperation Between a Stack and an Microsoft NLB Cluster (Using Physical Link
Loopback)
3.1 Interoperation Between Huawei Switches and an

Microsoft NLB Cluster (Using Multi-Interface ARP)
l Overview
l Procedure
l Applicable Product Models and Versions
Overview
NLB is developed by Microsoft for a cluster set up by multiple Windows servers. When a
switch is connected to an NLB cluster, the switch needs to send packets destined for the

cluster IP address to every NLB server in the cluster. An NLB server can work in unicast,
multicast, or IGMP multicast mode.
Currently, a switch can be connected to the NLB server working in only unicast or multicast
mode. After multi-interface ARP is configured on the switch, the switch can be connected to
the NLB servers.
On a device model or in a version that does not support multi-interface ARP, the following
methods are available to implement the connection:
l Add a Layer 2 switch between the switch and NLB servers. (When the NLB servers
work in multicast mode, enable dynamic learning of ARP entries with multicast MAC
addresses or configure static ARP entries on the switch.) This method can be used when
there are sufficient device resources.
l Use physical link loopback. This method results in complex configuration.
As shown in Figure 3-1, the Switch connects to three NLB servers respectively through
GE1/0/1, GE1/0/2, and GE1/0/3 in VLAN 10. The NLB cluster works in multicast mode.
Each server in the NLB cluster has an IP address and a MAC address. All servers in the
cluster share the cluster IP address (10.128.246.252/24) and cluster MAC address (03bf-0a80-
f6fc). There are reachable routes between the Switch and Client.
The customer requires that the Switch can send the Client's packet destined for the cluster IP
address to each server in the NLB cluster.
Figure 3-1 Networking diagram for configuring multi-interface ARP
Client
Internet Switch
VLANIF 10
10.128.246.251/24
GE1/0/1 GE1/0/3
GE1/0/2
Server_1 Server_2 Server_3
NLB cluster
Cluster IP address: 10.128.246.252/24
Cluster MAC address: 03bf-0a80-f6fc

1. Configure IP addresses for interfaces and add the interfaces to VLANs.
2. Configure a MAC address entry mapping multiple outbound interfaces and configure a
static ARP entry so that the Switch can send the packets destined for the cluster IP
address to the three servers in the NLB cluster.
Configuration Notes
l The VLAN to which an interface is added cannot be a MAC VLAN, super VLAN,
leased line VLAN, MUX VLAN on the X series cards, and control VLAN of Smart
Ethernet Protection (SEP) and Rapid Ring Protection Protocol (RRPP).
l The SA series cards (except the EH1D2X12SSA0 and ET1D2X12SSA0 cards) do not
support multi-interface ARP.
l On the S5720I-SI, S5720S-SI, S5720SI, S5730S-EI, S5730SI, S6720S-SI, and S6720SI,
when the outbound interfaces are Eth-Trunk interfaces, you must run the load-balance
command to configure load balancing based on IP addresses. Otherwise, the
configuration does not take effect.
l On switches except the S5720I-SI, S5720S-SI, S5720SI, S5730S-EI, S5730SI, S6720S-
SI, and S6720SI, when the outbound interfaces are Eth-Trunk interfaces, you must run
the unknown-unicast load-balance enhanced command to configure the load balancing
mode for unknown unicast traffic on the interfaces. Otherwise, the configuration does
not take effect.
l In a VPN scenario, switches that support VPN and run V200R010C00 and later versions
can be connected to an NLB cluster. A client and the server that the client accesses must
be in the same VPN.
Procedure
Step 1 Create VLANs and add interfaces to the VLANs.
# Create a VLAN on the Switch and add the interfaces to the VLAN.
[HUAWEI] sysname Switch
[Switch] interface gigabitethernet 1/0/1
[Switch-GigabitEthernet1/0/1] port link-type access
[Switch-GigabitEthernet1/0/1] quit
[Switch] vlan 10
[Switch-vlan10] port gigabitethernet 1/0/1 to 1/0/3
[Switch-vlan10] quit
Step 2 # Create a VLANIF interface on the Switch and assign an IP address to the VLANIF
interface.
[Switch] interface vlanif 10
[Switch-Vlanif10] ip address 10.128.246.251 24
[Switch-Vlanif10] quit
Step 3 Configure a MAC address entry mapping multiple outbound interfaces on the Switch.
[Switch] mac-address multiport 03bf-0a80-f6fc interface gigabitethernet 1/0/1 to
gigabitethernet 1/0/3 vlan 10 //Configure a MAC address entry mapping multiple
outbound interfaces

Step 4 Configure static ARP entries on the Switch.

[Switch] arp static 10.128.246.252 03bf-0a80-f6fc //The short static ARP entries
must be configured here.
[Switch] quit
# Run the display mac-address multiport vlan 10 command on the Switch to check the
configured MAC address entry mapping multiple outbound interfaces.
<Switch> display mac-address multiport vlan 10
--------------------------------------------------------------------------------
MAC Address VLANID Out-Interface Status
--------------------------------------------------------------------------------
03bf-0a80-f6fc 10 GigabitEthernet1/0/1
Active
GigabitEthernet1/0/2
Active
Active
3 port(s)
--------------------------------------------------------------------------------
Total Group(s) : 1
# Run the display arp static command on the Switch to check static ARP entries.
<Switch> display arp static
IP ADDRESS MAC ADDRESS EXPIRE(M) TYPE INTERFACE VPN-INSTANCE
VLAN/CEVLAN
------------------------------------------------------------------------------
10.128.246.252 03bf-0a80-f6fc S-- Multi-port:3
------------------------------------------------------------------------------
Total:1 Dynamic:0 Static:1 Interface:0
----End
Configuration Files
Switch configuration file
#
sysname Switch
#
vlan batch 10
#
interface Vlanif10
ip address 10.128.246.251 255.255.255.0
#
mac-address multiport 03bf-0a80-f6fc vlan 10
#
#
#
arp static 10.128.246.252 03bf-0a80-f6fc
#
return

Applicable Product Models and Versions

Product Product Model Software Version
S5700 S5700HI V200R003C00,

V200R005(C00&C01)
S5710EI V200R003C00,
V200R005(C00&C01)
S5710HI V200R003C00,
V200R005(C00&C01)
S5720SI and S5720S-SI V200R011C00, V200R011C10,

V200R012C00, V200R013C00
S5720I-SI V200R012C00, V200R013C00
S5720EI V200R007C00, V200R008C00,

V200R009C00, V200R010C00,
V200R011C00, V200R011C10,
V200R012C00, V200R013C00
S5720HI V200R006C00,
V200R007(C00&C10),
V200R008C00, V200R009C00,
V200R010C00, V200R011C00,
V200R011C10, V200R012C00,
V200R013C00
S5730HI V200R012C00, V200R013C00
S5730SI V200R011C10, V200R012C00,

V200R013C00
S5730S-EI V200R011C10, V200R012C00,

V200R013C00
S6700 S6700EI V200R003C00,

V200R005(C00&C01)

V200R012C00, V200R013C00
S6720EI V200R008C00, V200R009C00,

V200R010C00, V200R011C00,
V200R011C10, V200R012C00,
V200R013C00
S6720S-EI V200R009C00, V200R010C00,

V200R011C00, V200R011C10,
V200R012C00, V200R013C00
S6720HI V200R012C00, V200R013C00

S7700 S7703, S7706, and V200R003C00, V200R005C00,

S7712 V200R006C00, V200R007C00,
V200R008C00, V200R009C00,
V200R010C00, V200R011C10,
V200R012C00, V200R013C00
S7703 PoE V200R013C00
S7706 PoE V200R013C00
S9700 S9703, S9706, and V200R003C00, V200R005C00,

S9712 V200R006C00, V200R007C00,
V200R008C00, V200R009C00,
V200R010C00, V200R011C10,
V200R012C00, V200R013C00
3.2 Interoperation Between a Single Huawei Switch and

an Microsoft NLB Cluster (Using Physical Link Loopback)
l Overview
l Procedure
Overview
mode. If the switch supports multi-interface ARP, this function is recommended to implement
the connection between the switch and NLB cluster. When the switch or version does not
support multi-interface ARP and there are insufficient device resources, you can use physical
link loopback to connect the switch to the NLB cluster.
As shown in Figure 3-2, the Switch connects to three NLB servers through GE0/0/1,
GE0/0/2, and GE0/0/3. The NLB cluster works in unicast mode, the cluster IP address is
10.128.246.252/24, and the cluster MAC address is 02bf-0a80-f6fc. There are reachable
routes between the Switch and Client.

The customer requires that the Switch be able to send the Client's packets destined for the
NLB cluster IP address to all NLB servers.
Figure 3-2 Connecting a single device to an NLB cluster in unicast mode
Client
Internet
Router
VLANIF200
10.128.246.250/24
GE0/0/5 VLAN 200
Switch
GE0/0/1~GE0/0/3 GE0/0/4 VLAN 100
VLAN 100
Server_1 Server_2 Server_3

NLB cluster
1. Add GE0/0/1 through GE0/0/3 that are directly connected to NLB servers to VLAN 100.
2. Disable STP, RSTP, VBST, or MSTP on GE0/0/4 and GE0/0/5, and add the interfaces to
VLAN 100 and VLAN 200 respectively in access mode.
3. Configure an IP address for VLANIF 200 that functions as the NLB cluster's gateway.
4. Connect GE0/0/4 and GE0/0/5.
Configuration Notes
l When the NLB cluster works in unicast mode, static ARP entries do not need to be
configured on the switch; when the cluster works in multicast mode, static ARP entries
need to be configured on the switch.
l This configuration example applies to all switches running all versions.
Procedure
Step 1 Add GE0/0/1 through GE0/0/3 that are directly connected to NLB servers to VLAN 100.
[Switch] vlan batch 100 200


[Switch] vlan 100
[Switch-vlan100] port gigabitethernet 0/0/1 to 0/0/3
[Switch-vlan100] quit
Step 2 Configure GE0/0/4 and GE0/0/5.

# Disable STP, RSTP, VBST, or MSTP on GE0/0/4 and GE0/0/5.
[Switch-GigabitEthernet0/0/4] undo stp enable //Disable STP, RSTP, VBST, or MSTP
[Switch-GigabitEthernet0/0/5] undo stp enable //Disable STP, RSTP, VBST, or MSTP
# Add GE0/0/4 and GE0/0/5 to VLAN 100 and VLAN 200 respectively in access mode.
[Switch-GigabitEthernet0/0/4] port default vlan 100
[Switch-GigabitEthernet0/0/5] port default vlan 200
Step 3 Configure an IP address for the NLB cluster's gateway.

[Switch] interface vlanif 200
[Switch-Vlanif200] ip address 10.128.246.250 24
[Switch-Vlanif200] quit
Step 4 Connect GE0/0/4 and GE0/0/5.

After the previous configurations, connect physical links.
Verify that Server_1 through Server_3 can receive packets destined for the NLB cluster.
----End
Configuration Files
Switch configuration file
#
sysname Switch
#
vlan batch 100 200
#
interface Vlanif200
ip address 10.128.246.250 255.255.255.0
#
#


#
#
stp disable
#
stp disable
#
return
3.3 Interoperation Between a VRRP Group and an

Microsoft NLB Cluster (Using Physical Link Loopback)
l Overview
l Data plan
l Procedure
Overview
As shown in Figure 3-3, Switch_1 and Switch_2 connect to each other using GE0/0/2 and
form a VRRP group through the heartbeat link. Switch_1 is the master and Switch_2 is the
backup. GE0/0/1 interfaces on Switch_1 and Switch_2 are directly connected to two NLB
servers respectively. The NLB cluster works in multicast mode, the cluster IP address is
10.128.246.252/24, and the cluster MAC address is 03bf-0a80-f6fc. There are reachable
routes between the Switch and Client.

The customer requires that the VRRP group be able to send the Client's packets destined for
the NLB cluster IP address to all NLB servers.
Figure 3-3 Connecting a VRRP group to an NLB cluster in multicast mode
Client
Internet
Router
Switch_1 Switch_2
GE0/0/5 VLAN 200 GE0/0/2 GE0/0/2 GE0/0/5 VLAN 200
VLAN 100 VLAN 100
GE0/0/4 VLAN 100 GE0/0/1 GE0/0/4 VLAN 100

GE0/0/1
VLAN 100 VLAN 100
Server_1 Server_2
NLB cluster
Data plan
Before the configuration, you need the following data.
Item Data Description

IP address l Switch_1's VLANIF 200: -
10.128.246.10/24
l Switch_2's VLANIF 200:
10.128.246.11/24
l Virtual IP address:
10.128.246.250
1. Add GE0/0/1 to VLAN 100.
2. Add GE0/0/2 to VLAN 100.
3. Disable STP, RSTP, VBST, or MSTP on GE0/0/4 and GE0/0/5, and add the interfaces to
VLAN 100 and VLAN 200 respectively in access mode.

4. Configure a VRRP virtual IP address for VLANIF 200 that functions as the NLB
cluster's gateway.
5. Configure a static ARP entry. In the static ARP entry, the IP address is the cluster IP
address, the MAC address is the cluster multicast MAC address, and the outbound
interface is the interface where the VLAN to which the NLB cluster's gateway belongs is
configured.
6. Connect GE0/0/4 and GE0/0/5.
Configuration Notes
When the NLB cluster works in unicast mode, static ARP entries do not need to be configured
on the switch; when the cluster works in multicast mode, static ARP entries need to be
configured on the switch.
Procedure
Step 1 # Configure GE0/0/1.
# Add GE0/0/1 on Switch_1 to VLAN 100.
[HUAWEI] sysname Switch_1
[Switch_1] vlan batch 100 200
[Switch_1] interface gigabitethernet 0/0/1
[Switch_1-GigabitEthernet0/0/1] port link-type access
[Switch_1-GigabitEthernet0/0/1] port default vlan 100
[Switch_1-GigabitEthernet0/0/1] quit

[HUAWEI] sysname Switch_2
[Switch_2] vlan batch 100 200
Step 2 Add GE0/0/2 to VLAN 100.

[Switch_1-GigabitEthernet0/0/2] port link-type trunk
[Switch_1-GigabitEthernet0/0/2] port trunk allow-pass vlan 100

[Switch_2-GigabitEthernet0/0/2] port link-type trunk
[Switch_2-GigabitEthernet0/0/2] port trunk allow-pass vlan 100
NOTE
Heartbeat interfaces cannot belong to the same VLAN as the gateway to prevent a traffic loop within the
VRRP group. For example, GE0/0/2 in this example cannot be added to VLAN 200.
Step 3 Configure GE0/0/4 and GE0/0/5.

# Disable STP, RSTP, VBST, or MSTP on GE0/0/4 and GE0/0/5 on Switch_1.
[Switch_1-GigabitEthernet0/0/4] undo stp enable //Disable STP, RSTP, VBST, or

MSTP
MSTP
# Add GE0/0/4 and GE0/0/5 on Switch_1 to VLAN 100 and VLAN 200 respectively in
access mode.
# Disable STP, RSTP, VBST, or MSTP on GE0/0/4 and GE0/0/5 on Switch_2.

MSTP
MSTP
# Add GE0/0/4 and GE0/0/5 on Switch_2 to VLAN 100 and VLAN 200 respectively in
access mode.

# Create VRRP group 1 on Switch_1 and set the VRRP priority to 120.
[Switch_1] interface vlanif 200
[Switch_1-Vlanif200] ip address 10.128.246.10 24
[Switch_1-Vlanif200] vrrp vrid 1 virtual-ip 10.128.246.250 //Create VRRP group 1
[Switch_1-Vlanif200] vrrp vrid 1 priority 120 //Set the VRRP priority to 120
[Switch_1-Vlanif200] quit
# Create VRRP group 1 on Switch_2 and use the default VRRP priority 100.
[Switch_2] interface vlanif 200
[Switch_2-Vlanif200] ip address 10.128.246.11 24
[Switch_2-Vlanif200] vrrp vrid 1 virtual-ip 10.128.246.250 //Create VRRP group 1
[Switch_2-Vlanif200] quit

NOTE
l Configure the VRRP virtual IP address 10.128.246.250 for VLANIF 200 that functions as the NLB
cluster's gateway.
l To reduce network workload, you are advised to separate the NLB cluster's gateway from other
gateways.
In this networking, traffic from a switch to the NLB cluster passes along the heartbeat link to the
peer switch and then passes along the self-loop line on the peer switch. In this case, if other servers
use the same gateway as the NLB servers, other servers will receive traffic destined for the NLB
cluster, causing an increase of network workload. For example, packets destined for the NLB cluster
from Switch_1 pass along the heartbeat link to Switch_2. On Switch_2, packets are sent from
GE0/0/4 to 0/0/5. If VLANIF 200 on Switch_2 is also the gateway of non-NLB servers, packets are
sent to non-NLB servers through GE0/0/5.
Step 5 Configure static ARP entries.

# On Switch_1, configure a static ARP entry. In the ARP entry, the IP address is
10.128.246.252, the MAC address is 03bf-0a80-f6fc, the outbound interface is GE0/0/5 where
VLAN 200 is located.
[Switch_1] arp static 10.128.246.252 03bf-0a80-f6fc vid 200 interface
gigabitethernet 0/0/5
# On Switch_2, configure a static ARP entry. In the ARP entry, the IP address is
10.128.246.252, the MAC address is 03bf-0a80-f6fc, the outbound interface is GE0/0/5 where
VLAN 200 is located.
[Switch_2] arp static 10.128.246.252 03bf-0a80-f6fc vid 200 interface
gigabitethernet 0/0/5
Step 6 Connect GE0/0/4 and GE0/0/5.

After the previous configurations, connect physical links on Switch_1 and Switch_2
respectively.
Verify that Server_1 and Server_2 can receive packets destined for the NLB cluster.
----End
Configuration Files
l Switch_1 configuration file
#
sysname Switch_1
#
vlan batch 100 200
#
interface Vlanif200
ip address 10.128.246.10 255.255.255.0
vrrp vrid 1 virtual-ip 10.128.246.250
vrrp vrid 1 priority 120
#
interface
port link-type
access
#
interface

port link-type
trunk
port trunk allow-pass vlan
100
#
port link-type
access
port default vlan
100
stp
disable
#
port link-type
access
port default vlan
200
stp
disable
#
arp static 10.128.246.252 03bf-0a80-f6fc vid 200 interface
#
return
l Switch_2 configuration file
#
sysname Switch_2
#
vlan batch 100 200
#
interface Vlanif200
ip address 10.128.246.11 255.255.255.0
#
interface
port link-type
access
#
interface
port link-type
trunk
port trunk allow-pass vlan
100
#
port link-type
access
port default vlan
100
stp
disable
#
port link-type
access
port default vlan
200
stp
disable
#
arp static 10.128.246.252 03bf-0a80-f6fc vid 200 interface

#
return

S2700 S2720EI V200R011C10, V200R012C00,

V200R013C00
S3700 S3700EI V100R006C05
S3700HI V200R001C00
S5700 S5700EI V200R001(C00&C01),

V200R002C00, V200R003C00,
V200R005(C00&C01&C02&C03)
S5700HI V200R001(C00&C01),
V200R002C00, V200R003C00,
V200R005(C00SPC500&C01&C02
)
S5710EI V200R001C00, V200R002C00,

V200R003C00,
V200R005(C00&C02)
S5710HI V200R003C00,
V200R005(C00&C02&C03)
S5720LI and S5720S-LI V200R010C00, V200R011C00,

V200R011C10,
V200R012(C00&C20),
V200R013C00

V200R010C00, V200R011C00,
V200R011C10, V200R012C00,
V200R013C00
S5720I-SI V200R012C00, V200R013C00
S5720EI V200R007C00, V200R008C00,

V200R009C00, V200R010C00,
V200R011C00, V200R011C10,
V200R012C00, V200R013C00
S5720HI V200R006C00,
V200R007(C00&C10),
V200R008C00, V200R009C00,
V200R010C00, V200R011C00,
V200R011C10, V200R012C00,
V200R013C00
S5730HI V200R012C00, V200R013C00

S5730SI V200R011C10, V200R012C00,

V200R013C00
S5730S-EI V200R011C10, V200R012C00,

V200R013C00
S6700 S6700EI V200R001(C00&C01),

V200R002C00, V200R003C00,
V200R005(C00&C01&C02)
S6720LI and S6720S-LI V200R011C00, V200R011C10,

V200R012C00, V200R013C00

V200R012C00, V200R013C00
S6720EI V200R008C00, V200R009C00,

V200R010C00, V200R011C00,
V200R011C10, V200R012C00,
V200R013C00
S6720S-EI V200R009C00, V200R010C00,

V200R011C00, V200R011C10,
V200R012C00, V200R013C00
S6720HI V200R012C00, V200R013C00
S7700 S7703, S7706, and V200R001(C00&C01),

S7712 V200R002C00, V200R003C00,
V200R005C00, V200R006C00,
V200R007C00, V200R008C00,
V200R009C00, V200R010C00,
V200R011C10, V200R012C00,
V200R013C00
S7703 PoE V200R013C00
S7706 PoE V200R013C00
S9700 S9703, S9706, and V200R001(C00&C01),

S9712 V200R002C00, V200R003C00,
V200R005C00, V200R006C00,
V200R007(C00&C10),
V200R008C00, V200R009C00,
V200R010C00, V200R011C10,
V200R012C00, V200R013C00
3.4 Interoperation Between a Stack and an Microsoft NLB

Cluster (Using Physical Link Loopback)

l Overview
l Data plan
l Procedure
Overview
As shown in Figure 3-4, Switch_1 and Switch_2 form a stack and are directly connected to
two NLB servers respectively through GE0/0/1 and GE1/0/1. The NLB cluster works in
multicast mode, the cluster IP address is 10.128.246.252/24, and the cluster MAC address is
03bf-0a80-f6fc. There are reachable routes between the Switch and Client.
The customer requires that the stack be able to send the Client's packets destined for the NLB
cluster IP address to all NLB servers.

Figure 3-4 Connecting a stack to an NLB cluster in multicast mode
Client
Internet
Router
Switch_1 Switch_2
GE0/0/5 Eth-Trunk5 Stack GE1/0/5 Eth-Trunk5
VLAN 200 VLAN 200
GE0/0/4 Eth-Trunk4 GE1/0/4 Eth-Trunk4

VLAN 100 VLAN 100
GE0/0/1 GE1/0/1
VLAN 100 VLAN 100
Server_1 Server_2
NLB cluster
Data plan
Before the configuration, you need the following data.
Item Data Description

IP address VLANIF200: -
10.128.246.250/24
1. Add GE0/0/1 and GE1/0/1 that are directly connected to NLB servers to VLAN 100.
2. Add GE0/0/4 and GE1/0/4 to Eth-Trunk 4, and GE0/0/5 and GE1/0/5 to Eth-Trunk 5.
3. Disable STP, RSTP, VBST, or MSTP on Eth-Trunk 4 and Eth-Trunk 5, and add Eth-
Trunk 4 and Eth-Trunk 5 to VLAN 100 and VLAN 200 respectively in access mode.
4. Configure an IP address for VLANIF 200 that functions as the NLB cluster's gateway.
5. Configure a static ARP entry. In the static ARP entry, the IP address is the cluster IP
address, the MAC address is the cluster multicast MAC address, and the outbound
interface is the interface where the VLAN to which the NLB cluster's gateway belongs is
configured.
6. Connect GE0/0/4 and GE0/0/5 as well as GE1/0/4 and GE1/0/5.

Configuration Notes
l When the NLB cluster works in unicast mode, static ARP entries do not need to be
configured on the switch; when the cluster works in multicast mode, static ARP entries
need to be configured on the switch.
l A VRRP virtual gateway cannot be configured on a switch in a stack for clients.
Procedure
Step 1 Add interfaces directly connected to NLB servers to VLAN 100.
# Add GE0/0/1 to VLAN 100.

[HUAWEI] sysname Stack
[Stack] vlan batch 100 200
[Stack] interface gigabitethernet 0/0/1
[Stack-GigabitEthernet0/0/1] port link-type access
[Stack-GigabitEthernet0/0/1] port default vlan 100
[Stack-GigabitEthernet0/0/1] quit
# Add GE1/0/1 to VLAN 100.

[Stack-GigabitEthernet1/0/1] port link-type access
[Stack-GigabitEthernet1/0/1] port default vlan 100
Step 2 Add interfaces to Eth-Trunks.
# Add GE0/0/4 and GE1/0/4 to Eth-Trunk 4.

[Stack] interface eth-trunk 4
[Stack-Eth-Trunk4] quit
[Stack-GigabitEthernet0/0/4] eth-trunk 4
# Add GE0/0/5 and GE1/0/5 to Eth-Trunk 5.

Step 3 Configure Eth-Trunk 4 and Eth-Trunk 5.
# Disable STP, RSTP, VBST, or MSTP on Eth-Trunk 4 and Eth-Trunk 5.

[Stack-Eth-Trunk4] undo stp enable //Disable STP, RSTP, VBST, or MSTP
[Stack-Eth-Trunk5] undo stp enable //Disable STP, RSTP, VBST, or MSTP
# Add Eth-Trunk 4 and Eth-Trunk 5 to VLAN 100 and VLAN 200 respectively in access
mode.


[Stack-Eth-Trunk4] port link-type access
[Stack-Eth-Trunk4] port default vlan 100
[Stack-Eth-Trunk5] port link-type access
[Stack-Eth-Trunk5] port default vlan 200

[Stack] interface vlanif 200
[Stack-Vlanif200] ip address 10.128.246.250 24
[Stack-Vlanif200] quit
Step 5 Configure a static ARP entry. In the static ARP entry, the IP address is the cluster IP address
10.128.246.252, the MAC address is the cluster multicast MAC address 03bf-0a80-f6fc, and
the outbound interface is Eth-Trunk 5 in VLAN 200.
[Stack] arp static 10.128.246.252 03bf-0a80-f6fc vid 200 interface eth-trunk
5 //Configure a static ARP entry
Step 6 Connect GE0/0/4 and GE0/0/5 on Switch_1, and GE1/0/4 and GE1/0/5 on Switch_2.
After the previous configurations, connect physical links.
Verify that Server_1 and Server_2 can receive packets destined for the NLB cluster IP
address.
----End
Configuration Files
Stack configuration file
#
sysname Stack
#
vlan batch 100 200
#
interface Vlanif200
ip address 10.128.246.250 255.255.255.0
#
interface Eth-Trunk4
stp disable
#
interface Eth-Trunk5
stp disable
#
#
eth-trunk 4
#
eth-trunk 5
#
#

eth-trunk 4
#
eth-trunk 5
#
arp static 10.128.246.252 03bf-0a80-f6fc vid 200 interface Eth-Trunk5
#
return

S2700 S2710SI V100R006C05
S2700EI V100R006C05
S2720EI V200R006C10,
V200R009C00,
V200R010C00,
V200R011C10,
V200R012C00,
V200R013C00
S2750EI V200R003C00,
V200R005C00SPC300,
V200R006C00,
V200R007C00,
V200R008C00,
V200R009C00,
V200R010C00,
V200R011C00,
V200R011C10,
V200R012C00
S3700 S3700SI V100R006C05
S3700EI V100R006C05
S5700 S5700LI V200R001C00,

V200R002C00,
V200R003(C00&C02&C10
), V200R005C00SPC300,
V200R006C00,
V200R007C00,
V200R008C00,
V200R009C00,
V200R010C00,
V200R011C00,
V200R011C10,
V200R012C00

S5700S-LI V200R008C00,
V200R009C00,
V200R010C00,
V200R011C00,
V200R011C10,
V200R012C00
S5700SI V200R001C00,
V200R002C00,
V200R003C00,
V200R005C00
S5700EI V200R001(C00&C01),
V200R002C00,
V200R003C00,
V200R005(C00&C01&C02
&C03)
S5700HI V200R001(C00&C01),
V200R002C00,
V200R003C00,
V200R005(C00SPC500&C
01&C02)
S5710-C-LI V200R001C00
S5710-X-LI V200R008C00,
V200R009C00,
V200R010C00,
V200R011C00,
V200R011C10,
V200R012C00
S5710EI V200R001C00,
V200R002C00,
V200R003C00,
V200R005(C00&C02)
S5710HI V200R005C03
S5720LI and S5720S-LI V200R010C00,

V200R011C00,
V200R011C10,
V200R012(C00&C20),
V200R013C00
S5720SI and S5720S-SI V200R008C00,

V200R009C00,
V200R010C00,
V200R011C00,
V200R011C10,
V200R012C00,
V200R013C00

S5720I-SI V200R012C00,
V200R013C00
S5720EI V200R007C00,
V200R008C00,
V200R009C00,
V200R010C00,
V200R011C00,
V200R011C10,
V200R012C00,
V200R013C00
S5720HI V200R009C00,
V200R010C00,
V200R011C00,
V200R011C10,
V200R012C00,
V200R013C00
S5730HI V200R012C00,
V200R013C00
S5730SI V200R011C10,
V200R012C00,
V200R013C00
S5730S-EI V200R011C10,
V200R012C00,
V200R013C00
S6700 S6700EI V200R001(C00&C01),

V200R002C00,
V200R003C00,
V200R005(C00&C01&C02
)
S6720LI and S6720S-LI V200R011C00,

V200R011C10,
V200R012C00,
V200R013C00
S6720SI and S6720S-SI V200R011C00,

V200R011C10,
V200R012C00,
V200R013C00
S6720EI V200R008C00,
V200R009C00,
V200R010C00,
V200R011C00,
V200R011C10,
V200R012C00,
V200R013C00

S6720S-EI V200R009C00,
V200R010C00,
V200R011C00,
V200R011C10,
V200R012C00,
V200R013C00
S6720HI V200R012C00,
V200R013C00

Switches 4 Interoperation Between a Huawei Switch and a Server
Interoperation and Replacement Guide with Multiple Network Adapters
4 Interoperation Between a Huawei Switch

and a Server with Multiple Network Adapters
About This Chapter
4.1 Interworking Analysis

4.2 Interworking Solution
4.1 Interworking Analysis

Background
In Figure 4-1, to improve the server bandwidth and reliability, two or more network adapters
of the server are aggregated to form a network adapter group to implement load balancing or
redundancy.
Figure 4-1 Networking for connecting a Huawei series switch to a server with two network
adapters
Server Switch
Interoperation Analysis
The interworking mode used by a Huawei S series switch to connect to a server depends on
the binding mode of network adapters of the server. For details, see Table 4-1 and Table 4-2.

Table 4-1 Interworking mode of a Huawei S series switch and a Linux server
Network Adapter Switch Interworking Description
Binding Mode Mode
round-robin Configure link aggregation The MAC addresses of

in manual mode. network adapters of the
server are changed to be the
same so that switches
interwork with the server
using link aggregation in
manual mode.
active-backup Add connected interfaces to The server uses two network

the same VLAN. adapters that function as
active and standby ones. All
data is transmitted by the
active interface. When a
fault occurs on the link of
the active interface, the link
of the standby interface
replaces the faulty link to
transmit data. It is
recommended that two
interfaces of the switch be
added to the same VLAN.
load balancing Configure link aggregation Network adapters of a server

in manual mode. transmit data based on a
specified hash policy, so the
switch needs to interwork
with the server using link
aggregation in manual
mode.
broadcast Two switches are connected Network adapters of a server

and join different VLANs. provide two copies of a
packet, and send them
through two interfaces. You
are advised to use two
switches and add them to
different VLANs.
lacp Configure link aggregation Network adapters of a server

in LACP mode. are bound in LACP mode,
and the switch connects to
the server using link
aggregation in LACP mode.
transmit load balancing Connect two switches. Network adapters of a server

use adaptive transmission
load balancing, so no
configuration is required on
the switch.


Binding Mode Mode
adaptive load balancing Configure link aggregation Network adapters of a server

in manual mode. use adaptability load
balancing (ALB), and the
switch needs to use link
mode.
Table 4-2 Interworking mode of a Huawei S series switch and a Windows server

Binding Mode Mode
Adapter fault tolerance Add connected interfaces of Network adapters of a server

(AFT) the switch to the same use AFT, so you are advised
VLAN. to add connected interfaces
of the switch to the same
VLAN.
ALB Add connected interfaces of Network adapters of a server

the switch to the same use ALB, so you are advised
VLAN. to add connected interfaces
of the switch to the same
VLAN.
Static link aggregation Configure link aggregation Network adapters of a server

(SLA) in manual mode. use SLA, so the switch
needs to use link
mode.
Dynamic LACP Configure link aggregation Network adapters of a server

in LACP mode. use link aggregation in
LACP mode, so the switch
needs to use link
aggregation in LACP mode.
Switch fault tolerance (SFT) Connect two switches. Network adapters of a server
use SFT, so two switches are
used.
4.2 Interworking Solution

Overview
The interworking mode used by a Huawei S series switch to connect to a server with multiple
network adapters depends on the binding mode of network adapters. For details, see 4.1

Interworking Analysis. The following solution uses the Windows server where network
adapters are bundled in SLA mode as an example.
In Figure 4-2, the Windows server uses static link aggregation to bind multiple network
adapters. A Huawei S series switch connects to the server using link aggregation in manual
mode to increase link bandwidth and implement redundancy, ensuring data transmission and
link reliability.
Figure 4-2 Networking for connecting a Huawei S series switch to a server using link
aggregation
Server Switch
GE0/0/1
Eth-Trunk GE0/0/2
Eth-Trunk 1
The configuration roadmap is as follows:
1. Create an Eth-Trunk on the Huawei S series switch and add member interfaces to the
Eth-Trunk to implement link aggregation in manual mode.
2. Implement static link aggregation on the Windows server to bind multiple network
adapters.
Procedure
1. Configure link aggregation in manual mode on the Huawei S series switch.
[Switch] interface eth-trunk 1
[Switch-Eth-Trunk1] trunkport gigabitethernet 0/0/1 to 0/0/2
[Switch-Eth-Trunk1] quit
2. Configure static link aggregation on the Windows server to bind multiple network
adapters. For details, see corresponding software description.
3. Verify the configuration.
Run the display eth-trunk [ trunk-id [ interface interface-type interface-number |
verbose ] ] command to check the link aggregation configuration on the Huawei S series
switch.

Switches 5 Interoperation and Replacement Guide for Huawei and
Interoperation and Replacement Guide Cisco Switches
5 Interoperation and Replacement Guide for

Huawei and Cisco Switches
About This Chapter
5.1 Overview of Protocol Interoperation and Replacement Capabilities Between Huawei and
Cisco Switches
5.2 Interoperation and Replacement Guide for Huawei LNP and Cisco DTP
5.3 Interoperation and Replacement Guide for Huawei VCMP and Cisco VTP
5.4 Replacement Guide for Huawei VCMP+LNP and Cisco VTP+DTP
5.5 Interoperation and Replacement Guide for Spanning Tree Protocols on Huawei and Cisco
Switches
5.6 Interoperation and Replacement Guide for Link Aggregation on Huawei and Cisco
Switches
5.7 Interoperation and Replacement Guide for VRRP and HSRP
5.8 Interoperation and Replacement Guide for OSPF and EIGRP
5.1 Overview of Protocol Interoperation and Replacement

Capabilities Between Huawei and Cisco Switches
Cisco Huawei Description
Proprieta Interoperati
ry on/
Protocol Replacemen
t Protocol
DTP LNP DTP can be replaced by LNP.
VTP VCMP VTP can be replaced by VCMP.

Cisco Huawei Description

Proprieta Interoperati
ry on/
Protocol Replacemen
t Protocol
PVST/ MSTP and MSTP can transparently transmit PVST packets or maintain
PVST+ VBST compatibility with PVST in VLAN 1. VBST can also be
used to interoperate with PVST.
PAgP LACP PAgP can be replaced by LACP.
HSRP BFD for BFD for VRRP achieves better convergence performance
VRRP than HSRP and therefore can replace it.
IGRP/ OSPF and IS- IGRP and EIGRP are Cisco's proprietary distance-vector
EIGRP IS routing protocols with low performances and are non-
mainstream IGP routing protocols. They can be replaced by
OSPF or IS-IS.
FlexLink SEP, RRPP, FlexLink is a Layer 2 switchover protocol and achieves

and better convergence performance than STP. The convergence
SmartLink time is within 100 ms. Huawei's protocols achieve
convergence within 50 ms, featuring higher convergence
performance than Cisco.
CDP LLDP If both CDP and LLDP are deployed on the network, LLDP
can transparently transmit CDP packets.
UDLD DLDP and UDLD monitors physical configurations and detects

ETH OAM unidirectional links of Ethernet links connected using fibers
or twisted-pair cables and can be replaced by DLDP. ETH
OAM can also replace it, with equivalent detection
capabilities.
5.2 Interoperation and Replacement Guide for Huawei

LNP and Cisco DTP
5.2.1 Overview of LNP and DTP
Huawei LNP
The Link-type Negotiation Protocol (LNP) dynamically negotiates whether an Ethernet
interface is the access or trunk interface. Huawei switches support LNP starting from
V200R005.

Table 5-1 LNP negotiation

Local Link Type Remote Link Type Locally Final Status of
or Negotiation Negotiated the Remote
Status Link Type Interface
Negotiation-desirable/ Access (LNP Access Access

Negotiation-auto negotiation enabled)
Hybrid (LNP Trunk Hybrid

negotiation enabled)
Dot1q-tunnel (LNP Access Dot1q-tunnel

Trunk (LNP Trunk Trunk

LNP negotiation not Access Uncertain

supported or disabled
Negotiation-desirable Negotiation-desirable Trunk Trunk
Negotiation-desirable Negotiation-auto Trunk Trunk
Negotiation-auto Negotiation-auto Access Access
NOTE
l The VCMP domain name affects LNP negotiation. A trunk interface is negotiated only when
domain names at both ends of a link are consistent or the domain name of at least one end is empty;
otherwise, an access interface is negotiated.
l The Ethernet interface that is negotiated as an access interface joins VLAN 1 by default. The
Ethernet interface that is negotiated as a trunk interface allows all VLANs by default.
Cisco DTP
The Dynamic Trunking Protocol (DTP) dynamically negotiates whether an Ethernet interface
is the access or trunk interface.
Table 5-2 DTP negotiation

Configured Link Type of Negotiated Link Type of an Interface
an Interface
Switchport mode access The interface is configured to work in access mode

forcibly.
Switchport mode dynamic If the remote interface works in trunk or desirable mode,
auto the local interface works in trunk mode through
negotiation.
Switchport mode dynamic If the remote interface works in trunk, desirable, or auto
desirable mode, the local interface works in trunk mode through
negotiation.

Configured Link Type of Negotiated Link Type of an Interface

an Interface
Switchport mode trunk The interface is configured to work in trunk mode

forcibly.
Switchport nonegotiate This command is used to enable the interface not to send
DTP packets, and can be used on only the interface in
trunk or access mode.
To establish a trunk link, you must manually configure
interfaces at both ends to work in trunk mode.
NOTE
l Devices at both ends must have the same VTP domain name to ensure successful DTP negotiation.
l DTP supports the Inter-Switch Link (ISL) and IEEE 802.1Q. ISL is a Cisco proprietary
encapsulation protocol, and IEEE 802.1Q is a standard protocol.
5.2.2 Comparison Between LNP and DTP

Table 5-3 Function support
Function Huawei Switches Cisco Switches
Enabling or disabling global Supported Not supported

auto-negotiation of the link type Global auto-negotiation of the
of an interface link type of an interface is
enabled by default.
For devices such as access
devices that do not require
dynamic negotiation, LNP can
be disabled globally. After LNP
is disabled, the device stops
sending LNP packets. The
network burden is therefore
reduced.
Enabling or disabling auto- Supported Supported

negotiation of the link type of an Auto-negotiation of the link type See the Cisco
interface of an interface is enabled by documentation.
default.
Dynamically negotiating the link Supported Supported

type
Delivering VLAN information Supported Supported

about an interface based on the
negotiation result after the link
type is negotiated dynamically

Function Huawei Switches Cisco Switches
Displaying negotiation Supported Supported

information about the link type
of an interface
Automatic recovery of the Supported Supported

dynamically negotiated link
state after the active/standby
switchover
Table 5-4 Differences in command formats

Function Command on Huawei Command on
Switches Cisco Switches
Configure the link dynamic port link-type negotiation-auto switchport mode

negotiation mode as auto. dynamic auto
Configure the link dynamic port link-type negotiation- switchport mode

negotiation mode as desirable. desirable dynamic desirable
Remove an interface from a There is no command used to switchport trunk

VLAN in negotiation mode. For remove an interface from VLAN allowed vlan
example, remove an interface 10. You can specify the VLANs remove 10
from VLAN 10. that interfaces can be added to.
port trunk allow-pass only-
vlan 1 to 9 11 to 4094
Disable auto-negotiation of an port negotiation disable switchport

interface. nonegotiate
Disable global LNP. lnp disable Not supported
Modify the packet encapsulation Huawei supports only switchport trunk

mode. encapsulation based on the encapsulation
standard protocol, without any dot1q
configuration.
5.2.3 Interoperation and Replacement Solution for LNP and DTP

DTP and LNP are both proprietary protocols, so they cannot interwork. The two protocols can
replace each other. Select either of the following solutions depending on the actual scenario:
l Network-wide replacement: All Cisco DTP switches are replaced by Huawei switches
that support LNP.
l Single replacement: One Cisco switch is replaced by a Huawei S series switch. The
remote switch is still a Cisco switch. In this situation, you need to configure the interface
of the remote Cisco switch to work in non-negotiation mode.

5.2.4 Interoperation and Replacement Solution 1: Replacement

Solution on the Entire Network
Topic contents:
l Overview
l Procedure
Overview
Network-wide replacement indicates that all Cisco DTP switches are replaced by Huawei
switches that support LNP. The following describes the configuration of Huawei LNP.
Configuration Notes
l This example applies to Huawei switches of V200R005 and later versions.
l On Huawei switches, LNP is used globally and on interfaces by default. The interface
that is negotiated as an access interface joins VLAN 1 by default, and the interface that is
negotiated as a trunk interface joins all VLANs by default. Generally, you only need to
change the VLAN configuration on an interface based on the networking.
In Figure 5-1, terminal users are connected to the network through switches. To implement
Layer 2 connectivity, configure the link type on each interface and add interfaces to VLANs.
If the network scale is large, the configuration is very complex. To simplify configurations,
switches are connected through the trunk link, and switches and user terminals are connected
through access links and added to VLANs.

Figure 5-1 Networking for configuring LNP to implement auto-negotiation of the link type of
an Ethernet interface
Network
Switch3
GE0/0/1 GE0/0/2
GE0/0/2 GE0/0/2
Switch1 …… Switch2
GE0/0/1 GE0/0/3 GE0/0/1 GE0/0/3
……
VLAN10 VLAN20 VLAN10 VLAN20
1. Enable LNP in the system view and interface view to implement auto-negotiation of the
link type of an interface. Because PCs do not support LNP, so switch interfaces
connected to terminals are used as access interfaces and interfaces between switches are
used as trunk interfaces through negotiation.
2. Add interfaces to VLANs to implement Layer 2 connectivity.
Procedure
Step 1 Enable global LNP.
By default, global LNP is enabled. If LNP is disabled, run the undo lnp disable command in
the system view to enable it.
Step 2 Create VLANs.

Huawei switches support two VLAN creation modes:
l Manually create VLANs on switches.
l Create VLANs on Switch3 only and configure VCMP to synchronize VLANs on
Switch3 to other switches. If VCMP is used to create VLANs, configure Switch3 as the
VCMP server and Switch1 and Switch2 as VCMP clients. For details, see "VCMP
Configuration."
The following describes how to manually create VLANs.
# Create VLAN 10 and VLAN 20 on Switch1, Switch2, and Switch3.

[HUAWEI] sysname Switch1
[Switch1] vlan batch 10 20
Step 3 Enable LNP on interfaces, and add switch interfaces connected to PCs to VLANs as access
interfaces and interfaces between switches to VLANs as trunk interfaces.
By default, LNP on an interface is enabled. If LNP is disabled, run the undo port negotiation
disable command in the interface view to enable it.
# Configure Switch1.
[Switch1] interface GigabitEthernet 0/0/1
[Switch1-GigabitEthernet0/0/1] port default vlan 10 //The interface connected to
a PC is an access interface. Run this command to configure the VLAN that the
interface joins.
[Switch1-GigabitEthernet0/0/1] quit
[Switch1-GigabitEthernet0/0/2] port trunk allow-pass only-vlan 10 20 //The
interface connected to a switch is negotiated as a trunk interface. Run this
command to configure the VLANs that the interface joins. This command configures
the interface to allow packets from VLAN 10 and VLAN 20.
[Switch1-GigabitEthernet0/0/3] port default vlan 20
[Switch2-GigabitEthernet0/0/2] port trunk allow-pass only-vlan 10 20

After the preceding configuration is complete, run the display lnp interface interface-type
interface-number command to check auto-negotiation on the specified Layer 2 interface.
[Switch1] display lnp interface gigabitethernet0/0/2
LNP information for GigabitEthernet0/0/2:
Port link type: trunk
Negotiation mode: desirable
Hello timer expiration(s): 7
Negotiation timer expiration(s): 0
Trunk timer expiration(s): 278
FSM state: trunk
Packets statistics

56 packets received
0 packets dropped
bad version: 0, bad TLV(s): 0, bad port link type: 0,
bad negotiation state: 0, other: 0
58 packets output
0 packets dropped
other: 0
Run the display lnp summary command to check auto-negotiation information on all
interfaces of the Layer 2 device.
[Switch1] display lnp summary
Global LNP : Negotiation enable
-------------------------------------------------------------------------------
C: Configured; N: Negotiated; *: Negotiation disable;
Port link-type(C) link-type(N) InDropped OutDropped FSM
-------------------------------------------------------------------------------
GE0/0/1 desirable access 0 0 access
GE0/0/2 desirable trunk 0 0 trunk
----End
Configuration Files
l Switch1 configuration file
#
sysname Switch1
#
vlan batch 10 20
#
#
port trunk allow-pass only-vlan 10 20
#
#
return

#
sysname Switch2
#
vlan batch 10 20
#
#
#
#
return

#
sysname Switch3
#
vlan batch 10 20
#
#

#
return
5.2.5 Interoperation and Replacement Solution 2: Replacement

Solution of a Single Device
Topic contents:
l Overview
l Procedure
Overview
When replacing a single device, you need to configure the connected interface of the Cisco
device as non-negotiation.
Configuration Notes
l This example applies to all versions of S series switches.
l During interworking and replacement of Cisco switches and Huawei switches, the
encapsulation mode must be IEEE 802.1Q.
In Figure 5-2, three Cisco devices use DTP to dynamically negotiate link types of interfaces.
One device is replaced by a Huawei S series switch, and the three switches need to implement
Layer 2 connectivity.
Figure 5-2 Interworking of Huawei switches and Cisco switches
Cisco
Fa0/2
GE0/0/1
Huawei
GE0/0/2
Fa0/2
Cisco

1. Manually configure link types of interfaces. DTP on Cisco switches and LNP on Huawei
switches are both proprietary protocols, and cannot interwork. When Huawei switches
are connected to Cisco switches, the link type of an interface cannot be negotiated
dynamically.
2. Manually configure link types of interfaces on two switches as trunk and specify the
packet encapsulation mode on Cisco switches as IEEE 802.1Q.
Procedure
Step 1 Manually change the link type of Fa0/2 on the Cisco switch to trunk. The configuration of
two Cisco switches is the same.
CiscoA# configure terminal
CiscoA(config)# interface fastEthernet 0/2
CiscoA(config-if)# switchport trunk encapsulation dot1q
CiscoA(config-if)# switchport mode trunk //An interface on a Cisco switch joins
all VLANs by default, and does not need to be configured manually.
Step 2 Configure the link type of the interface on the Huawei S series switch as trunk.
<Huawei> system-view
[Huawei] interface GigabitEthernet0/0/2
[Huawei-GigabitEthernet0/0/2] port link-type trunk
[Huawei-GigabitEthernet0/0/2] port trunk allow-pass vlan 2 to 4094 //When the
link type of an interface of a Huawei S series switch is configured as trunk, the
interface joins VLAN 1 by default. You need to manually add the interface to
VLANs 2 to 4094.

l Run the show interfaces fastEthernet 0/2 switchport command to check whether the
link type field on the Cisco switch is Administrative Mode: trunk.
l Run the display interface gigabitethernet 0/0/2 command to check whether the link
type field on the Cisco switch is Link-type: trunk(configured).
----End
5.3 Interoperation and Replacement Guide for Huawei

VCMP and Cisco VTP
5.3.1 Overview of VCMP
The VLAN Central Management Protocol (VCMP), a Layer 2 protocol in the Open System
Interconnection (OSI) model, transmits VLAN information and ensures consistent VLAN
information on the Layer 2 network. VCMP is a Huawei proprietary protocol. Huawei
switches support VCMP starting from V200R005.
Purpose
In most cases, switches on an enterprise network need to synchronize VLAN information with
each other to ensure that they can correctly forward data. On a small-scale enterprise network,
the network administrator can log in to each switch to configure and maintain VLANs. On a
large-scale enterprise network, a lot of switches are deployed, so a large amount of VLAN
information needs to be configured and maintained. If the network administrator manually

configures and maintains all VLANs, the workload is heavy and VLAN information may be
inconsistent.
To address the preceding issue, VCMP is used to implement centralized VLAN management.
The network administrator needs to create and delete VLAN information only on one switch.
The changes on the switch are automatically synchronized to other switches in a specified
scope so that no manual operation is required on these switches. In this way, the configuration
workload is reduced and VLAN information consistency is ensured.
VCMP can only help the network administrator synchronize VLAN information but not
dynamically assign VLANs. VCMP is often used with Link-type Negotiation Protocol (LNP)
to simplify user configurations.
VCMP that is configured on a switch of a Layer 2 network brings in the following benefits:
l Implements centralized VLAN management and maintenance, and reduces the network
maintenance workload.
l Implements the plug-and-play function of access switches.
Basic Concepts
VCMP involves two important entities:
l VCMP domain
A VCMP domain is composed of switches that have the same VCMP domain name and
are connected through trunk or hybrid interfaces. All switches in the VCMP domain
must use the same domain name, and each switch can join only one VCMP domain.
Switches in different VCMP domains cannot synchronize VLAN information.
A VCMP domain specifies the scope for the administrative switch and managed
switches. Switches in a VCMP domain are managed by the administrative switch. There
is only one administrative switch and multiple managed switches in a VCMP domain.
l VCMP roles
VCMP determines attributes of switches based on VCMP roles. Table 5-5 describes
VCMP roles.
Table 5-5 VCMP roles
VCMP Role Description
Server The VCMP server synchronizes VLAN information to other

switches in the local VCMP domain.
The VLAN information that is created and deleted on the
VCMP server is broadcast in a VCMP domain.
Client A VCMP client belongs to a specified VCMP domain and

synchronizes VLAN information with the VCMP server.
The VLAN information that is created and deleted on a VCMP
client is not broadcast in a VCMP domain, but is overwritten by
VLAN information sent by the VCMP server.
Huawei switches are VCMP clients by default.

VCMP Role Description
Transparent A VCMP transparent switch is not affected by VCMP

management behaviors, and does not affect other switches in
the local VCMP domain.
The VCMP transparent switch transparently forwards VCMP
packets to only trunk or hybrid links.
transparent switch is not affected by the VCMP server and is
not broadcast in a VCMP domain.
In this way, some switches that do not need to be managed by
VCMP can forward VCMP packets.
Silent Deployed at the edge of a VCMP domain, a VCMP silent

switch does not affect other switches in the local VCMP domain
and is not affected by VCMP management behaviors. The
VCMP silent switch prevents VCMP packets in a VCMP
domain from being transmitted to other VCMP domains.
A VCMP silent switch directly discards received VCMP
packets but not forward them.
silent switch is not affected by the VCMP server and is not
broadcast in a VCMP domain.
VCMP Packets
VCMP enables switches of different roles to exchange VCMP packets to implement
centralized VLAN management. VCMP packets can be only transmitted in VLAN 1 on trunk
or hybrid interfaces. To retain the same VLAN information on the VCMP server and clients,
VCMP defines three types of multicast packets: Summary-Advert, Subset-Advert, and
Advert-Request. Table 5-6 describes the functions and applicable scenarios of the three types
of packets.
NOTE
Starting from V200R012C00, Huawei S series switches support the Subset-Advert packet.

Table 5-6 VCMP packets

Packet Type Function Applicable Scenario
Summary- The VCMP server sends l The VCMP server sends a Summary-
Advert Summary-Advert packets to Advert packet every 5 minutes to ensure
other devices in the local real-time synchronization of VLAN
VCMP domain to notify information on the VCMP server and
them of the domain name, clients and to prevent VLAN
device ID, configuration information loss due to packet loss.
revision number, and l The VCMP server configuration is
VLAN information. changed. For example, VLANs are
created or deleted, the VCMP domain
name or device ID is changed, and the
VCMP server restarts.
l The VCMP server receives Advert-
Request packets from VCMP clients in
the same VCMP domain.
Subset- The VCMP server sends Non-default VLAN names or descriptions

Advert Subset-Advert packets to are configured on the VCMP server, and
other devices in the VCMP either of the following conditions is met:
domain to notify them of l The VCMP server configuration
the non-default VLAN changes, including creating VLANs,
names or descriptions. deleting VLANs, and changing the
VLAN name, VLAN description,
VCMP domain name, device ID, or
authentication password.
l The VCMP server receives Advert-
Request packets from VCMP clients in
the same VCMP domain.
The VCMP server sends a Subset-Advert
packet to ensure real-time synchronization
of VLAN information on the VCMP server
and clients and prevent VLAN information
loss due to packet loss.
Advert- A VCMP client sends l A VCMP client is added.

Request Advert-Request packets to l A VCMP client restarts or a client
the VCMP server to request interface becomes Up.
VLAN information.
l A VCMP client changed from a VCMP
server, silent, or transparent sends
Advert-Request packets to the VCMP
server. If the VCMP server does not
respond, the VCMP client sends 10
Advert-Request packets every 5
minutes.
l Figure 5-3 shows the format of a Summary-Advert packet.

– Code: indicates a Summary-Advert packet when the value is 0x01.

– Followers: indicates whether a Subset-Advert packet will be sent (0x00: no; 0x01:
yes).
– Updater Identity: indicates the VCMP server ID.
– Configuration Revision Number: determines whether VLAN information sent from
the VCMP server is newer than the local VLAN information. The VCMP client
determines whether to synchronize VLAN information with the VCMP server
based on this field. The value is an 8-digit hexadecimal number. The four left-most
bits indicate the change of the VCMP domain or device ID and the four right-most
bits indicate the VLAN change. Upon a VLAN change on the VCMP server, the
configuration revision number is automatically increased. When the VCMP domain
name or device ID changes, the four left-most bits of the configuration revision
number are recalculated and the four right-most bits are reset.
– Digest: indicates the packet digest. When a VCMP domain is configured with a
password, the switch uses the password and bits 25 to 62 of packets to calculate the
digest. When no password is configured, the switch uses bits 25 to 68 of packets to
calculate the digest.
– VLAN bitmap: indicates the VLAN information on the VCMP server.
– Subset Flag: indicates whether non-default VLAN names and descriptions are
configured on the VCMP server (0x00: no; 0x01: yes).

Figure 5-3 Format of a Summary-Advert packet
1-6 DMAC(0118-8255-5555)
7-12 SMAC(System MAC)
13-14 Length
15-17 LLC(0xAAAA03)
18-20 OUI(0x001882)
21-22 Protocol(0x2005)
23 Version(0x01)
24 Code(0x01)
25 Followers
26 Management Domain Length
27-58 Management Domain Name
59-62 Configuration Revision Number

63-94 Updater Identity
95-126 Digest
127-638 VLAN bitmap
639 Subset Flag
l Figure 5-4 shows the format of a Subset-Advert packet.

– Code: indicates a Subset-Advert packet when the value is 0x04.
– Reserved: indicates the reserved field.
– Updater Identity: indicates the VCMP server ID.
– Configuration Revision Number: determines whether VLAN information sent from
the VCMP server is newer than the local VLAN information. The VCMP client
determines whether to synchronize VLAN information with the VCMP server
based on this field. The value is an 8-digit hexadecimal number. The four left-most
bits indicate the change of the VCMP domain or device ID and the four right-most
bits indicate the VLAN change. Upon a VLAN change on the VCMP server, the
configuration revision number is automatically increased. When the VCMP domain
name or device ID changes, the four left-most bits of the configuration revision
number are recalculated and the four right-most bits are reset.
– Serial number: indicates the serial number of a packet, which ensures that packets
are received in a correct order on VCMP clients.
– Digest: indicates the packet digest. When a VCMP domain is configured with a
password, the switch uses the password and bits 25 to 62 of packets to calculate the
digest. When no password is configured, the switch uses bits 25 to 68 of packets to
calculate the digest.

– VLAN-info field N: indicates the VLAN name and VLAN description on the
VCMP server.
– TLV: indicates the end of a Subset-Advert packet.
Figure 5-4 Format of a Subset-Advert packet
1-6 DMAC(0118-8255-5555)
13-14 Length
15-17 LLC(0xAAAA03)
18-20 OUI(0x001882)
23 Version(0x01)
24 Code(0x04)
25 Reserved

95-98 Serial number
99-130 Digest
VLAN-info field 1
131- ……
VLAN-info field N
End TLV
l Figure 5-5 shows the format of an Advert-Request packet.

– Code: indicates an Advert-Request packet when the value is 0x02.
– Reserved: indicates the reserved field that has a fixed value of 0.

Figure 5-5 Format of an Advert-Request packet
1-6 DMAC(0118-8255-5555)

13-14 Length
15-17 LLC(0xAAAA03)
18-20 OUI(0x001882)
23 Version(0x01)
24 Code(0x02)
25 Reserved(0x00)

95-126 Digest
5.3.2 Overview of VTP

The VLAN Trunking protocol (VTP), a Layer 2 protocol in the Open System Interconnection
(OSI) model, manages VLAN creation, deletion, and renaming in a domain. VTP is a Cisco
proprietary protocol.
Basic Concepts
VTP involves two important entities:
l VTP domain
A VTP domain is composed of switches that have the same VTP domain name and are
connected through trunk links.
Switches in a VTP domain share VLAN information, and each switch can join only one
VTP domain. Switches in different VTP domains cannot share VLAN information.
l Working mode
VTP supports three working modes: VTP server, VTP client, and VTP transparent. For
details, see Table 5-7.

Table 5-7 Working mode of VTP

Working Description
Mode
Server A VTP server maintains all VLAN lists in the local VTP domain. It
can create, delete, and modify VLANs, send advertisement packets,
and synchronize VLAN information to other switches in the local
VTP domain.
VLAN information is saved in the nonvolatile RAM (NVRAM).
By default, a Cisco switch is used as the VTP server.
Client A VTP client learns VTP information from a VTP server. It cannot
create, delete, or modify VLANs, but can forward advertisement
packets.
VLAN information is not saved in NVRAM.
Transparent A VTP transparent switch is an independent switch that does not

participate in VTP implementation or learn VLAN information from
the VTP server. It only maintains local VLAN information. The VTP
transparent switch can create, delete, and modify only the local
VLAN information.
When VTP version 1 is used, VTP transparent switches can only
forward VTP packets of other switches in the same VTP domain.
When VTP version 2 is used, VTP transparent switches can forward
VTP packets of switches in a different VTP domain.
Advertisement Packets
Switches use VTP advertisement packets to transmit VLAN information. Table 5-8 describes
three types of VTP advertisement packets.

Table 5-8 Format of advertisement packets

Format Applicable Scenario
Summary l By default, a VTP server sends a Summary Advertisement packet

Advertisement every 300s to inform adjacent switches of the current VTP domain
name and the configuration revision number.
When a switch receives a summary advertisement packet, the
following situations occur:
1. The switch compares the VTP domain name with its own VTP
domain name. If the names are different, the switch ignores the
packet.
2. If the names are the same, the switch compares the
configuration revision number with its configuration revision
number.
3. If its configuration revision number is higher than or equal to
the configuration revision number in the Summary
Advertisement packet, the switch ignores the packet. If its
configuration revision number is lower than the configuration
revision number in the Summary Advertisement packet, the
switch sends an Advertisement Request packet.
l When a switch receives an Advertisement Request packet, it sends
a Summary Advertisement packet, and then sends one or several
Subset Advertisement packets.
Subset When you add, delete, or change a VLAN on a switch, the VTP server
Advertisement where the changes are made increments the configuration revision
number and sends a Summary Advertisement packet. Then the VTP
server sends one or more Subset Advertisement packets. A subset
advertisement contains a list of VLAN information. If there are
several VLANs, the VTP server needs to send more than one Subset
Advertisement packet to advertise all the VLANs.
Advertisement A switch needs an Advertisement Request packet in the following

Request situations:
l The switch restarts.
l The VTP domain name has been changed.
l The switch has received a Summary Advertisement packet with a
higher configuration revision number than its own.
VTP advertisement packets have the following characteristics:

l VTP advertisement packets are transmitted in multicast mode through trunk interfaces in
VLAN 1.
l VTP advertisement packets are sent to the destination MAC address 01-00-0C-CC-CC-
CC.
l VTP advertisement packets are sent in either Inter-Switch Link (ISL) or IEEE 802.1Q
(dot1q) frames.

5.3.3 Comparison Between VCMP and VTP

The differences between Cisco VTP and Huawei VCMP are as follows.
l Multiple servers can exist in a Cisco VTP domain, and any switch can function as a VTP
server. VTP servers synchronize information to each other.
l Only one switch in a VCMP domain functions as the VCMP server to control all VLAN
configurations in the domain.

Function Command on Huawei Command on Cisco Description
Switches Switches
Configure the vcmp role { client | server vtp mode { client | off | A switch used as
device role or | silent | transparent } server | transparent } a VCMP silent
mode. in a Huawei
VCMP domain
is similar to the
switch in off
mode in a Cisco
VTP domain,
and directly
discards
received
protocol
packets.
Configure the vcmp domain domain- vtp domain domain- -

domain name. name name
Configure the vcmp device-id device-id Not supported Cisco VTP does
domain ID. not support the
configuration.
Configure an vcmp authentication vtp password password -

authentication sha2-256 password
password for password
the domain.
Configuring Not supported vtp version number Huawei VCMP

the protocol does not support
version the
number. configuration.
Check the display vcmp status show vtp status -

protocol
status.
5.3.4 Interoperation and Replacement Solution for VCMP and

VTP
VTP and VCMP are proprietary protocols, and cannot interwork. Huawei switches and Cisco
switches can be used on the entire network. Configurations can be performed on the switch

that is directly connected to Huawei and Cisco switches to implement interworking between
Huawei and Cisco switches. The following describes three types of hybrid networking
models.
l Hybrid networking 1: C-H Model
In the C-H model, a Cisco switch directly connects to a Huawei S series switch that has
no downstream Cisco switch connected.
l Hybrid networking 2: C-H-C Model
In the C-H-C model, a Cisco switch directly connects to a Huawei S series switch that
has a downstream Cisco switch connected.
l Hybrid networking 3: C-H-H-C Model
In the C-H-H-C model, a Cisco switch directly connects to a Huawei S series switch, and
another edge switch of the VCMP network connects to a Cisco switch.
Huawei switches can replace switches in a Cisco VTP domain.
l Replacing the transparent switch
In Figure 5-6, a Huawei S series switch replaces the VTP transparent switch on a Cisco
network. After the replacement, you only need to create a VLAN manually on the
Huawei S series switch and add interfaces to the VLAN. For details, see Huawei S series
switch configuration in Hybrid networking 1: C-H model.
Figure 5-6 Networking for replacing the transparent switch

Before After
replacement replacement
VTP VTP
Server Server
VTP VTP VTP VTP VTP Huawei

Client Client Transparent Client Client
l Replacing the client

In Figure 5-7, a Huawei S series switch replaces the VTP client on a Cisco network.
After the replacement, you need to configure the Huawei S series switch to transparently
transmit VTP packets. For details, see Huawei S series switch configuration in Hybrid
networking 2: C-H-C model.

Figure 5-7 Networking for replacing the VTP client
VTP Before After VTP

Server replacement replacement Server
VTP VTP
Client Huawei
Client
VTP VTP VTP

Client Client Client
l Replacing the server

In Figure 5-8, no VTP server exists in the VTP domain after a Huawei S series switch
replace it. If the Cisco network runs VTP version 1 or 2, any Cisco switch can function
as the VTP server. If the Cisco network runs VTP version 3 alone or with VTP version1,
you need to find a switch running VTP version 3 and run the vtp primary vlan
command to specify the switch as the VTP server to manage the VTP domain.
The Huawei S series switch only needs to transparently transmit VTP packets. For
details, see Huawei S series switch configuration in Hybrid networking 2: C-H-C
model.
Figure 5-8 Networking for replacing the VTP server
VTP
Before After
Server replacement replacement Huawei
VTP VTP VTP VTP VTP VTP

Client Client Client Server Client Client
5.3.5 Interoperation and Replacement Solution 1: C-H Model

Networking
Topic contents:
l Overview
l Procedure

Overview
In the C-H model, a Cisco switch directly connects to a Huawei S series switch that has no
downstream Cisco switch connected.
When VTP is enabled on the Cisco switch to synchronize VLAN information, the Huawei S
series switch cannot process VTP packets. Therefore, a VLAN needs to be configured
manually on the Huawei S series switch.
Configuration Notes
l This example applies to Huawei switches of all versions.
l If switchport dynamic auto or switchport dynamic desirable is configured on the
Cisco switch interface before the Cisco switch interface is directly connects to the
Huawei S series switch, change it to switchport mode trunk to prevent DTP negotiation
failure.
In Figure 5-9, a Huawei S series switch directly connects to a Cisco VTP server. The Cisco
switch and user hosts connected to the Huawei S series switch need to communicate in VLAN
10.
Figure 5-9 Hybrid networking of the C-H model

VTP Huawei switch
Cisco switch
Server
GE5/1 GE5/3
GE5/2
GE0/48 GE0/48 GE0/0/48
VTP VTP
Client Client
GE0/1 GE0/2 GE0/1 GE0/2 GE0/0/1
1. Check the configuration of the Cisco switch.
2. Create a VLAN manually on the Huawei S series switch and add interfaces to the
VLAN.

Procedure
Step 1 Check the Cisco VTP server configuration. The display depends on the device configuration.
# Run the show running-config command to check the interface configuration.
!
hostname VTP_Sever
!
interface GigabitEthernet5/1
switchport trunk encapsulation dot1q
switchport mode trunk
!
!
!
If the interface configuration is incorrect, perform the following operations to configure the
interface.
VTP_Sever# configure terminal
VTP_Sever(config)# interface gigabitethernet 5/1
VTP_Sever(config-if)# switchport trunk encapsulation dot1q //Configure an
encapsulation mode; otherwise, the link type of an interface cannot be set to
trunk.
VTP_Sever(config-if)# switchport mode trunk //Configure the interface connected
to the switch as a trunk interface. The interface joins all VLANs by default.
VTP_Sever(config-if)# exit
VTP_Sever(config-if)# switchport trunk encapsulation dot1q
VTP_Sever(config-if)# switchport mode trunk
# Run the show vlan brief command to check whether VLAN 10 has been created. If VLAN
10 is created, perform the following operation to create VLAN 10.
VTP_Sever(config)# vlan 10
# Run the show vtp status command to check whether the VTP working mode is server and
whether the domain name is the same as that on the client. Run the show vtp password
command to check whether the password is the same as that on the client.
If the VTP configuration is different from that on the client, perform the following operations
to configure the VTP server.
VTP_Sever(config)# vtp domain Cisco //Configure the VTP domain name.
VTP_Sever(config)# vtp mode server //Set the VTP mode to server.
VTP_Sever(config)# vtp password Cisco //Configure the VTP password.
Step 2 Check the Cisco VTP client configuration. The configurations of two VTP clients are the
same. The following information is used for reference only.
!
hostname VTP_Client
!

switchport access vlan 10

switchport mode access
!
!
!
interface.
VTP_Client# configure terminal
VTP_Client(config)# interface gigabitethernet 0/1
VTP_Client(config-if)# switchport mode access //Configure the interface
connected to terminals as an access interface.
VTP_Client(config-if)# switchport access vlan 10 //Add the interface to VLAN 10.
VTP_Client(config-if)# exit
VTP_Client(config-if)# switchport mode access
VTP_Client(config-if)# switchport access vlan 10
VTP_Client(config-if)# switchport trunk encapsulation dot1q //Configure an
trunk.
VTP_Client(config-if)# switchport mode trunk //Configure the interface connected
# Run the show vtp status command to check whether the VTP working mode is client and
whether the domain name is the same as that on the server. Run the show vtp password
command to check whether the password is the same as that on the server.
If the VTP configuration is different from that on the server, perform the following operations
to configure the VTP client.
VTP_Client(config)# vtp domain Cisco //Configure the VTP domain name.
VTP_Client(config)# vtp mode client //Set the VTP mode to client.
VTP_Client(config)# vtp password Cisco //Configure the VTP password.
Step 3 Configure the Huawei S series switch.

[HUAWEI] vlan 10 //Configure VLAN 10 manually.
[HUAWEI-vlan10] quit
[HUAWEI] interface GigabitEthernet0/0/48
[HUAWEI-GigabitEthernet0/0/48] port link-type trunk //Configure the interface
connected to the switch as a trunk interface.
[HUAWEI-GigabitEthernet0/0/48] port trunk allow-pass vlan 2 to 4094 //Add the
interface to VLANs 2 to 4094.
[HUAWEI-GigabitEthernet0/0/48] quit
[HUAWEI-GigabitEthernet0/0/1] port link-type access //Configure the interface
[HUAWEI-GigabitEthernet0/0/1] port default vlan 10 //Add the interface to VLAN
10.

Run the display vlan 10 command to check whether interfaces on the Huawei S series switch
have been added to VLAN 10.
----End
5.3.6 Interoperation and Replacement Solution 2: C-H-C Model

Networking
Topic contents:
l Overview
l Procedure
Overview
In the C-H-C model, a Cisco switch directly connects to a Huawei S series switch that has a
downstream Cisco switch connected.
When VTP is enabled on a Cisco switch to synchronize VLAN information, a Huawei S
series switch with a downstream Cisco switch connected cannot process VTP packets.
Therefore, the Huawei S series switch needs to transparently transmit VTP packets.
Configuration Notes
l This example applies to Huawei switches of all versions.
l When a Huawei S series switch sets up a Layer 2 tunnel to transparently transmit VTP
packets, the destination multicast address must map to the unused multicast address to
prevent address conflicts.
l The VTP tunnel must be set up on an interface of the Huawei S series switch in VLAN 1
where VTP packets are transmitted.
failure.
In Figure 5-10, a Huawei S series switch is directly connected to the Cisco VTP server and
client. The Huawei S series switch needs to transparently transmit VTP packets to the Cisco
VTP client, and user hosts need to communicate in VLAN 10.

Figure 5-10 Hybrid networking of the C-H-C model

VTP
Server
GE5/1 GE5/3
GE0/0/48
Huawei
GE0/48 GE0/0/46
GE0/48
VTP VTP
Client Client
GE0/1 GE0/2 GE0/1 GE0/2
1. Check the configuration of Cisco switches.
2. Configure Layer 2 transparent transmission on the Huawei S series switch to
transparently transmit VTP packets.
3. Create a VLAN manually on the Huawei S series switch and add interfaces to the
VLAN.
Procedure
!
hostname VTP_Sever
!
!
!
interface.
trunk.

If the VTP configuration is incorrect, perform the following operations to configure the VTP
server.

!
hostname VTP_Client
!
!
!
!
interface.
trunk.

client.
Step 3 Configure the Huawei S series switch.

# Configure Layer 2 transparent transmission on the Huawei S series switch.
[HUAWEI] l2protocol-tunnel vtp group-mac 0100-5e00-0011 //Map the VTP
destination MAC address to a specified multicast address.
[HUAWEI-GigabitEthernet0/0/48] l2protocol-tunnel vtp vlan 1 //Set up a Layer 2
tunnel to transmit VTP packets in VLAN 1.
[HUAWEI-GigabitEthernet0/0/46] l2protocol-tunnel vtp vlan 1 //Set up a Layer 2
# Add interfaces on the Huawei S series

[HUAWEI] vlan 10 //Manually create VLAN 10.

l Run the display l2protocol-tunnel group-mac vtp command to check the Layer 2
transparent transmission configuration on the Huawei S series switch.
l Run the display vlan 10 command to check whether interfaces on the Huawei S series
switch have been added to VLAN 10.
----End
5.3.7 Interoperation and Replacement Solution 3: C-H-H-C Model

Networking
Topic contents:
l Overview
l Procedure

Overview
When VTP is enabled on a Cisco switch to synchronize VLAN information, a Huawei S
series switch with a downstream Cisco switch connected cannot process VTP packets.
Therefore, the Huawei S series switch needs to transparently transmit VTP packets.
Furthermore, the Huawei S series switch uses VCMP to synchronize VLAN information, and
interfaces on the switch use Link-type Negotiation Protocol (LNP), reducing the configuration
and maintenance workload.
Configuration Notes
l When a Huawei S series switch sets up a Layer 2 tunnel to transparently transmit VTP
packets, the destination multicast address must map to the unused multicast address to
prevent address conflicts.
l The VTP tunnel must be set up on an interface of the Huawei S series switch in VLAN 1
where VTP packets are transmitted.
failure.
In Figure 5-11, a Huawei S series switch and a Cisco switch are deployed on a network. To
reduce the configuration and maintenance workload, the Huawei S series switch uses VCMP
and the Cisco switch uses VTP to synchronize VLAN information to other switches. The
Cisco switch and user hosts connected to the Huawei S series switch need to communicate in
VLAN 10.
Figure 5-11 Hybrid networking of the C-H-H-C model
Cisco switch VTP VCMP Huawei switch

server server
GE0/0/1 GE0/0/3
GE5/1 GE5/3
GE0/0/2
GE0/48
GE0/0/48 GE0/0/2
VTP VTP GE0/48 VCMP VCMP
client client GE0/0/46 client1 client2
GE0/1 GE0/2 GE0/1 GE0/2 GE0/0/1 GE0/0/1

1. Check the configuration of Cisco switches.
2. Configure Layer 2 transparent transmission on the Huawei S series switch to
transparently transmit VTP packets.
3. Configure VCMP and LNP on the Huawei S series switch.
Procedure
!
hostname VTP_Sever
!
!
!
interface.
trunk.
server.
!
hostname VTP_Client

!
!
!
!
interface.
trunk.
client.
Step 3 Configure the VCMP server on the Huawei S series switch.

# Configure Layer 2 transparent transmission on the VCMP server.
[HUAWEI] sysname Server
[Server] l2protocol-tunnel vtp group-mac 0100-5e00-0011 //Map the VTP
destination MAC address to the specified multicast address.
[Server] interface GigabitEthernet0/0/1
[Server-GigabitEthernet0/0/1] l2protocol-tunnel vtp vlan 1 //Set up a Layer 2
[Server-GigabitEthernet0/0/1] quit
[Server-GigabitEthernet0/0/2] l2protocol-tunnel vtp vlan 1 //Set up a Layer 2
# Configure VCMP on the VCMP server.

[Server] vcmp domain huawei //Set the VCMP domain name to huawei.
[Server] vcmp role server //Set the VCMP role to server.

[Server] vcmp authentication sha2-256 password huawei //Configure the VCMP

[Server] vlan 10 //Manually configure VLAN 10 on the VCMP server.
[Server-vlan10] quit
# Add interfaces on the VCMP server to the VLAN.

[Server-GigabitEthernet0/0/1] port link-type trunk //Configure the interface
[Server-GigabitEthernet0/0/1] port trunk allow-pass vlan 2 to 4094 //Add the
[Server-GigabitEthernet0/0/2] port link-type trunk //Configure the interface
[Server-GigabitEthernet0/0/2] port trunk allow-pass vlan 2 to 4094 //Add the
[Server-GigabitEthernet0/0/3] port link-type negotiation-desirable //Configure
LNP on an interface.
[Server-GigabitEthernet0/0/3] port default vlan 10 //When the interface is
negotiated as an access interface, add it to VLAN 10. When the interface is
negotiated as a trunk interface, add it to VLANs 2 to 4094 by default.
Step 4 Configure VCMP client 1 on the Huawei S series switch.

# Configure Layer 2 transparent transmission on VCMP client 1.
[HUAWEI] sysname Client1
[Client1] l2protocol-tunnel vtp group-mac 0100-5e00-0011 //Map the VTP
destination MAC address to the specified multicast address.
[Client1] interface GigabitEthernet0/0/48
[Client1-GigabitEthernet0/0/48] l2protocol-tunnel vtp vlan 1 //Set up a Layer 2
[Client1-GigabitEthernet0/0/48] quit
[Client1-GigabitEthernet0/0/46] l2protocol-tunnel vtp vlan 1 //Set up a Layer 2
# Configure VCMP on VCMP client 1.

[Client1] vcmp domain huawei //Set the VCMP domain name to huawei, which must be
the same as that of the VCMP server.
[Client1] vcmp role client //Set the VCMP role to client.
[Client1] vcmp authentication sha2-256 password huawei //Configure the VCMP
authentication password, which must be the same as that of the VCMP server.
# Add interfaces on VCMP client 1 to the VLAN.

[Client1-GigabitEthernet0/0/48] port link-type trunk //Configure the interface
[Client1-GigabitEthernet0/0/48] port trunk allow-pass vlan 2 to 4094 //Add the
[Client1-GigabitEthernet0/0/46] port link-type trunk //Configure the interface
[Client1-GigabitEthernet0/0/46] port trunk allow-pass vlan 2 to 4094 //Add the
[Client1-GigabitEthernet0/0/1] port link-type access //Configure the interface
connected to the terminal as an access interface.
[Client1-GigabitEthernet0/0/1] port default vlan 10 //Add the interface to VLAN

10.
Step 5 Configure VCMP client 2 on the Huawei S series switch.
# Configure VCMP on VCMP client 2.

[Client2] vcmp domain huawei //Set the VCMP domain name to huawei, which must be
the same as that of the VCMP server.
[Client2] vcmp role client //Set the VCMP role to client.
[Client2] vcmp authentication sha2-256 password huawei //Configure the VCMP
authentication password, which must be the same as that of the VCMP server.
# Add interfaces on VCMP client 2 to the VLAN.

[Client2-GigabitEthernet0/0/1] port link-type access //Configure the interface
connected to the terminal as an access interface.
[Client2-GigabitEthernet0/0/1] port default vlan 10 //Add the interface to VLAN
10.
[Client2-GigabitEthernet0/0/2] port default vlan 10 //When the interface is
negotiated as an access interface, add it to VLAN 10. When the interface is
negotiated as a trunk interface, add it to VLANs 2 to 4094 by default.

l Run the display vcmp status command to check the VCMP configuration on the
Huawei S series switch.
l Run the display l2protocol-tunnel group-mac vtp command to check the Layer 2
transparent transmission configuration on the Huawei S series switch.
l Run the display vlan 10 command to check whether interfaces on the Huawei S series
switch have been added to VLAN 10.
----End
5.4 Replacement Guide for Huawei VCMP+LNP and Cisco

VTP+DTP
Overview
When Cisco switches that use VTP and DTP are deployed on the live network, Huawei
switches running VCMP and LNP can replace the Cisco switches.
Configuration Notes
l On Huawei switches, LNP is used globally and on interfaces by default. The interface
that is negotiated as an access interface joins VLAN 1 by default, and the interface that is
negotiated as a trunk interface joins all VLANs by default.
l Huawei switches are VCMP clients by default.

In Figure 5-12, terminals are connected to switches to implement Layer 2 connectivity. The
network scale is large, so the VLAN and link type configurations are complex. The
configurations need to be simplified to reduce the maintenance workload.
Figure 5-12 Networking of VCMP and LNP
Network
Server
GE0/0/1 GE0/0/2
GE0/0/2 GE0/0/2
Client1 ... Client2
GE0/0/1 GE0/0/3 GE0/0/1 GE0/0/3
...
VLAN10 VLAN20 VLAN10 VLAN20
1. Configure VCMP to implement VLAN synchronization between devices.
2. Configure LNP to implement auto-negotiation of link types of interfaces.
Procedure
Step 1 Configure VCMP.
By default, VCMP on an interface is enabled. If VCMP is disabled, run the undo vcmp
# Configure the VCMP server.
[HUAWEI] sysname Server
[Server] vcmp role server //The default VCMP role is the client.
[Server] vcmp domain vd1 /Set the VCMP domain name to vd1.
[Server] vcmp device-id server //Set the VCMP device ID to server.
[Server] vcmp authentication sha2-256 password Hello //Configure a VCMP
[Server] vlan batch 10 20 //Manually create VLANs on the VCMP server.
# Configure Client1. By default, a Huawei S series switch is a VCMP client. This

configuration is not required.

[Client1] vcmp domain vd1 //Set the VCMP domain name to vd1, which must be the
same as that on the VCMP server.
[Client1] vcmp device-id server //Set the VCMP device ID to server, which must
be the same as that on the VCMP server.
[Client1] vcmp authentication sha2-256 password Hello //Configure a VCMP
authentication password, which must be the same as that on the VCMP server.
# Configure Client2.
[Client2] vcmp domain vd1 //Set the VCMP domain name to vd1, which must be the
same as that on the VCMP server.
[Client2] vcmp device-id server //Set the VCMP device ID to server, which must
be the same as that on the VCMP server.
[Client2] vcmp authentication sha2-256 password Hello //Configure a VCMP
authentication password, which must be the same as that on the VCMP server.
Step 2 Configure LNP.

By default, LNP on an interface is enabled. If LNP is disabled, run the undo port negotiation
# Configure the VCMP server.
When an interface is negotiated as a trunk interface, the interface joins all VLANs by default.
There is no need to modify the VLAN configuration of the interface on the VCMP server.
[Client1] interface GigabitEthernet 0/0/1
[Client1-GigabitEthernet0/0/1] port default vlan 10 //The link type of the
interface connected to the PC is negotiated as an access interface, so this
command is used to configure the VLAN that the interface joins. When the link
type of an interface is negotiated as a trunk, the interface joins all VLANs by
default.
[Client1-GigabitEthernet0/0/3] port default vlan 20

Run the display lnp interface interface-type interface-number command to check the auto-
negotiation status of a specified Layer 2 interface. The VCMP server is used as an example.
[Server] display lnp interface gigabitethernet0/0/2
LNP information for GigabitEthernet0/0/2:
Port link type: trunk
Negotiation mode: desirable
Hello timer expiration(s): 7
Negotiation timer expiration(s): 0
Trunk timer expiration(s): 278
FSM state: trunk
Packets statistics
56 packets received

0 packets dropped
bad version: 0, bad TLV(s): 0, bad port link type: 0,
bad negotiation state: 0, other: 0
58 packets output
0 packets dropped
other: 0
Run the display lnp summary command to check auto-negotiation information on all
interfaces of the Layer 2 device. The VCMP server is used as an example.
[Server] display lnp summary
Global LNP : Negotiation enable
-------------------------------------------------------------------------------
C: Configured; N: Negotiated; *: Negotiation disable;
Port link-type(C) link-type(N) InDropped OutDropped FSM
-------------------------------------------------------------------------------
GE0/0/2 desirable trunk 0 0 trunk
Run the display vcmp status command to check the VCMP configuration, including the
VCMP domain name, VCMP role, device ID, configuration revision number, and VCMP
domain authentication password. The VCMP server is used as an example.
[Server] display vcmp status
VCMP information:
Domain : vd1
Role : Server
Server ID : server
Configuration Revision : 0x239c0000
Password : ******
Run the display vlan summary command on Client1 and Client2. You can see that Client1
and Client2 synchronize VLAN information of the VCMP server.
[Client1] display vlan summary
Static VLAN:
Total 3 static VLAN.
1 10
20
Dynamic VLAN:
Total 0 dynamic VLAN.
Reserved VLAN:
Total 0 reserved VLAN.
[Client2] display vlan summary
Static VLAN:
1 10
20
Dynamic VLAN:
Reserved VLAN:
----End
Configuration Files
l Server configuration file
#
sysname Server
#
vcmp role server

vcmp domain vd1

vcmp device-id server
vcmp authentication sha2-256 password %^%#yU&+/**sz5+ed=G.N\|<^l
%OB.lY2);^"M.HTT%X%^%#
#
vlan batch 10 20
#
return
l Client1 configuration file

#
sysname Client1
#
vcmp domain vd1
vcmp authentication sha2-256 password %^%#*cIQ@Y+-Y8s-NUFF{!yCPOB,E"\7KSm:!
sV,"Y'8%^%#
#
#
#
return
l Client2 configuration file

#
sysname Client2
#
vcmp domain vd1
vcmp authentication sha2-256 password %^%#dH]{4>$(#+z=6g#q{B9~:@-}:|
rJD2)X@iAPi.-,%^%#
#
#
#
return
5.5 Interoperation and Replacement Guide for Spanning

Tree Protocols on Huawei and Cisco Switches
5.5.1 Overview of Spanning Tree Protocols on Huawei Switches

Huawei switches support the following spanning tree protocols: Spanning Tree Protocol
(STP), Rapid Spanning Tree Protocol (RSTP), Multiple Spanning Tree Protocol (MSTP), and
VLAN-Based Spanning Tree (VBST). VBST is supported by V200R005 and later versions.
STP is used on a LAN to prevent loops. Devices running STP discover loops on a network by
exchanging information, and block some ports to eliminate loops. Both STP and RSTP
(which is an evolution of STP and allows for fast network topology convergence) suffer from
a significant limitation: neither can implement VLAN-based load balancing because all
VLANs on a LAN use one spanning tree. When a link is blocked, it no longer transmits
traffic, which wastes bandwidth and prevents certain VLAN packets from being forwarded.
Based on STP and RSTP, MSTP allows fast convergence and provides multiple paths to load
balance VLAN traffic. VBST, a Huawei spanning tree protocol, constructs a spanning tree in

each VLAN so that traffic from different VLANs is forwarded through different spanning
trees. Traffic is therefore load balanced.
Huawei MSTP and Cisco Multiple Spanning Tree (MST) are based on IEEE standards, but
their implementations are different. VBST is a Huawei proprietary protocol. The following
describes working mechanisms of Huawei MSTP and VBST.
MSTP Principles
MSTP is a new spanning tree protocol defined in IEEE 802.1s. MSTP uses Multiple Spanning
Tree Instances (MSTIs) and Multiple Spanning Tree (MST) regions. An MSTI is a collection
of VLANs. Binding multiple VLANs to a single MSTI reduces communication costs and
resource usage. The topology of each MSTI is calculated independently, and traffic can be
balanced among MSTIs. Multiple VLANs with the same topology can be mapped to a single
MSTI. The forwarding state of the VLANs for a port is determined by the port state in the
MSTI.
l MST region: consists of the configuration name, revision level, configuration identifier
format selector, and mapping between VLANs and MSTIs. The configuration name,
configuration identifier format selector, and revision level have corresponding fields in a
Bridge Protocol Data Unit (BPDU). The mapping between VLANs and MSTIs is the
configuration digest in the BPDU, which is a 16-byte signature calculated depending on
the mapping. All switches in an MST region must have the same MST region
configuration. By default, the configuration name is the first MAC address of a switch,
the revision level is 0, the configuration identifier format selector is 0, and all VLANs
are mapped to MSTI 0.
l MSTI: Each MSTI corresponds to one VLAN or a group of VLANs, whereas each
VLAN corresponds only to one MSTI. Each switch can run multiple MSTIs. When the
mapping between VLANs and MSTIs is not configured, all VLANs are mapped to MSTI
0.
l CIST: The Common Spanning Tree (CST) and the Internal Spanning Tree (IST)
construct a CIST. The IST provides connectivity for an MST region. The IST is a
segment of the CIST in an MST region and is a special MSTI with an MSTI ID of 0. The
CST is a segment of the CIST (each MST region is considered as a single node).
l CIST root and regional root: Compared with STP and RSTP, MSTP uses the CIST root
and regional root. For all connected switches running STP/RSTP/MSTP, there is only
one CIST root. Each MSTI in each MST region has a regional root. There is only one
CIST root on the switching network, whereas the number of regional roots in each region
depends on the number of MSTIs.
l External path cost and internal path cost: Compared with STP and RSTP, MSTP uses the
external path cost and internal path cost. The external path cost corresponds to the CIST
and is consistent in an MST region. Each MSTI in each MST region has an internal path
cost. Different internal path costs correspond to different MSTIs on the same port.
l Edge port, master port, and alternate port: Compared with STP and RSTP, MSTP uses
the edge port and master port. The regional edge port connects ports in different MST
regions, MST regions and regions running STP, or MST regions and regions running
RSTP, and is located at the edge of an MST region. Among all edge ports in an MST
region, the master port has the smallest cost to the CIST root. The master port is located
on the shortest path connecting MST regions to the CIST root. The alternate port is the
backup port of the master port. If the master port is blocked, the alternate port becomes
the new master port.
Figure 5-13 shows the format of an MST BPDU.

Figure 5-13 Format of an MST BPDU
VBST Principles
VBST, a Huawei spanning tree protocol, constructs a spanning tree in each VLAN so that
traffic from different VLANs is forwarded through different spanning trees. VBST is
equivalent to STP or RSTP running in each VLAN. Spanning trees in different VLANs are
independent of each other.
VBST transmits VBST BPDUs in VLANs but not VLAN 1 to determine the network
topology. VBST BPDUs are protocol packets of VBST based on STP or RSTP BPDUs.
Compared with STP or RSTP BPDUs, a 4-byte 802.1Q tag is added between the source MAC
address field and the protocol length field of a VBST BPDU. Figure 5-14 compares
encapsulation formats between an STP or RSTP BPDU and a VBST BPDU.

Figure 5-14 Comparisons between encapsulation formats of an STP or RSTP BPDU and a
VBST BPDU
6 bytes 6 bytes 2 bytes 38-1492 bytes 4 bytes
STP/RSTP BPDU
encapsulation DMAC SMAC Length LLC Data CRC
format
DSAP SSAP Control

1 byte 1 byte 1 byte
VBST BPDU 6 bytes 6 bytes 4 bytes 2 bytes 38-1492 bytes 4 bytes

encapsulation
DMAC SMAC 802.1Q Tag Length LLC Data CRC
format
DSAP SSAP Control

1 byte 1 byte 1 byte
Comparison Between Spanning Tree Protocols of Huawei Switches

Table 5-10 compares VBST, STP, RSTP, and MSTP of Huawei switches in convergence
speed, traffic forwarding, applicable scenario, and configuration complexity.
Table 5-10 Comparison among four spanning tree protocols

Spanning Similarity Difference
Tree
Protocol Convergen Traffic Applicable Configurat
ce Speed Forwardin Scenario ion
g Complexit
y
STP Forms a Slowest All VLANs Service Low

loop-free share one traffic does
RSTP tree to RSTP, spanning not need to Low
prevent MSTP, and tree, and be
broadcast VBST traffic from differentiate
storms and provide the all VLANs d.
implements same is
redundancy. topology transmitted
convergence along the
speed and same path.
offer faster
topology
convergence
than STP.

Spanning Similarity Difference

Tree
Protocol Convergen Traffic Applicable Configurat
ce Speed Forwardin Scenario ion
g Complexit
y
MSTP MSTP Service Medium

provides traffic needs
mappings to be
between differentiate
MSTIs and d and load
VLANs so balanced.
that traffic
from
different
VLANs is
forwarded
through
different
spanning
trees that are
independent
of each
other.
VBST A spanning l Service High

tree is traffic
formed in needs to
each VLAN, be
so that differenti
traffic from ated and
different load
VLANs is balanced.
forwarded l VBST
through can
different interwork
spanning with the
trees that are Per-
independent VLAN
of each Spanning
other. Tree
(PVST),
Per-
VLAN
Spanning
Tree Plus
(PVST+),
and
Rapid
PVST+.

5.5.2 Overview of Spanning Tree Protocols on Cisco Switches

Cisco switches support the following spanning tree protocols: Per VLAN Spanning Tree
(PVST), Per VLAN Spanning Tree Plus (PVST+), Rapid PVST+, and Multiple Spanning
Tree (MST).
Cisco Catalyst series switches of IOS 12.2 and later versions support PVST, PVST+, Rapid
PVST+, and MST. Some BPDUs of these spanning tree protocols use Cisco proprietary
BPDU formats, which are different from the BPDU format defined by the IEEE. Trunk
interfaces on Cisco switches enabled with PVST+ or Rapid PVST+ send Cisco proprietary
BPDUs in VLANs but not VLAN 1. The source MAC address of these BPDUs is the MAC
address of the trunk interface, and the destination MAC address is Cisco's reserved MAC
address 01-00-0C-CC-CC-CD.
PVST Principles
PVST can be considered as STP running in each VLAN. Each VLAN has an independent
STP status and a spanning tree calculated. Although PVST does not define the instances used
in MSTP, PVST can load balance traffic from different VLANs. PVST BPDUs carry VLAN
information in data frames. The destination MAC address of PVST BPDUs is 01-00-0C-CC-
CC-CD; therefore, PVST cannot interwork with standard IEEE spanning tree protocols.
PVST+ Principles
To interwork with standard IEEE spanning tree protocols, Cisco develops PVST+ based on
PVST. PVST+ provides interoperation with standard spanning tree protocols, which is an
improvement made to PVST.
On an access interface, PVST+ sends standard STP BPDUs in its native VLAN. On a trunk
interface, PVST+ sends standard STP BPDUs with the destination MAC address of 01-80-
C2-00-00-00 only in VLAN 1, and sends Cisco proprietary BPDUs with the destination MAC
address of 01-00-0C-CC-CC-CD in other VLANs allowed by the trunk interface.
Huawei switches support standard IEEE spanning tree protocols, and can process standard
STP BPDUs from Cisco switches. However, Huawei switches forward Cisco proprietary
BPDUs as multicast packets but not process them.
Rapid PVST+ Principles

Rapid PVST+ is an extension of PVST+. Compared with PVST+, Rapid PVST+ uses the
Rapid Spanning Tree Protocol (RSTP) mechanism to implement rapid transition.
MST Principles
Cisco MST supports VLAN-instance mapping and defines the region; therefore, it can be
considered as a standard MSTP protocol. MST BPDUs use the standard format defined by the
IEEE. Huawei and Cisco switches use different keys to generate MSTP digests in BPDUs, so
the digests in BPDUs are different. By default, MSTP and Cisco MST can implement only
inter-region interworking because Huawei and Cisco switches generate different digests. To
enable MSTP and Cisco MST to interwork within an MST region, enable digest snooping on
a Huawei S series switch connected to a Cisco switch and the Huawei S series switch's
interface connected to the Cisco switch.

5.5.3 Comparison Between STP on Huawei and Cisco Switches
Packet Processing Mode

Processing mode of Cisco PVST+ BPDUs (the implementation is similar to that of Rapid
PVST+ BPDUs)
l On a trunk interface:
– In VLAN 1, a PVST+ device sends standard STP BPDUs and untagged PVST
BPDUs to negotiate with the remote device.
– In the native VLAN but not VLAN 1, a PVST+ device sends untagged PVST
BPDUs to negotiate with the remote device.
– In other VLANs, a PVST+ device sends PVST BPDUs to negotiate with the remote
device.
– A PVST+ device sends standard STP BPDUs to negotiate with the remote device in
VLAN 1 after the no spanning-tree vlan 1 command is configured globally.
l On an access interface:
In all VLANs, a PVST+ device sends standard STP BPDUs to negotiate with the remote
device.
NOTE
By default, VLAN 1 is the native VLAN on a Cisco switch.
Processing of Huawei VBST BPDUs
l On a trunk interface:
– In VLAN 1, a VBST-enabled device sends standard STP or RSTP BPDUs and
VBST BPDUs to negotiate with the remote device.
– In other VLANs, a VBST-enabled device sends VBST BPDUs to negotiate with the
remote device.
l On an access interface:
A VBST-enabled device sends standard STP or RSTP BPDUs to negotiate with the
remote device only in the VLAN where the access interface is located.
NOTE
The Data field of VBST BPDUs and selection of packets of a standard protocol depend on the remote
device connected to the Huawei S series switch. By default, standard RSTP BPDUs are used.
Differences in Command Formats

Function Command on Huawei Command on Cisco
Switches Switches
Configure a spanning tree stp mode spanning-tree mode

mode.
Configure a path cost stp pathcost-standard spanning-tree pathcost

algorithm. method


Switches Switches
Configure a fast transition stp no-agreement-check -

mode on an interface. NOTE
No such command is available
on Cisco switches. Cisco
switches support different
convergence modes depending
on the product model. For
details, see Cisco product
manuals.
Enable digest snooping. stp config-digest-snoop -

NOTE
switches do not support digest
snooping.
Differences Between Path Cost Algorithms
Table 5-12 Differences between path cost algorithms
Path Cost Command on Huawei Command on Cisco Switches

Algorithm Switches
Query Configuration Query Configuration

Command Command Command Command
IEEE 802.1t display stp stp pathcost- show spanning- spanning-tree

standard dot1t tree detail pathcost
method long
IEEE stp pathcost- spanning-tree

802.1d-1998 standard pathcost
dot1d-1998 method short
Differences in Digests of an MSTP Region

Before the 802.1s standard (MSTP) is released, vendors use different formats of digest fields
in MSTP BPDUs. When devices from different vendors interwork with each other,
negotiation may fail.
When a Huawei S series switch is connected to a Cisco switch, the two devices may fail to
communicate because of different keys in BPDUs even though they have the same domain
name, revision level, and VLAN mapping table. To solve this problem, enable digest
snooping on the interface of the Huawei S series switch connected to the remote device. This
function enables the Huawei switch to use the same key as the remote device, so that the
Huawei S series switch can negotiate with the remote device.

Table 5-13 Comparison between digest commands

Switches Switches
Check the digest display stp region- show spanning-tree mst

information. configuration digest digest
Enable digest snooping. stp config-digest-snoop -

NOTE
switches do not support digest
snooping.
5.5.4 Interoperation and Replacement Solution for STP

Overview of the Interoperation and Replacement Solution
There are three interworking and replacement solutions.
l Huawei switches transparently transmit PVST BPDUs, and Cisco switches remove loops
through negotiation.
l Huawei switches running VBST interwork with Cisco switches running PVST, PVST+,
or Rapid PVST+.
l Huawei switches running MSTP interwork with Cisco switches running MST.
Applicable Models and Versions

All models and versions of Huawei switches support MSTP, whereas VBST is supported in
V200R005 and later versions.
A Huawei S series switch running VBST interworks with a Cisco switch running PVST,
PVST+, or Rapid PVST+. They process protocol packets using the same mechanism, identify
packets of each other, and use the same multicast MAC address 01-00-0C-CC-CC-CD. That
is, their communication is similar to the communication between Huawei switches running
VBST.
When a Huawei S series switch enabled with MSTP interworks with a Cisco switch running
MST, digest snooping needs to be enabled on the Huawei S series switch because their digest
formats are different. Their other implementations are the same.
A Cisco switch running PVST+ or Rapid PVST+ sends both PVST BPDUs and STP or RSTP
BPDUs to negotiate with the remote device, so a Huawei S series switch running STP or
RSTP can interwork with the Cisco switch. STP or RSTP convergence on the Huawei S series
switch is based on ports, whereas PVST+ or Rapid PVST+ convergence on the Cisco switch
is based on VLANs. The convergence results are as follows:
l When a blocked port is located on the Huawei S series switch, data packets of all
VLANs including PVST BPDUs of the Cisco switch are discarded on the blocked port.
Therefore, the port is blocked in any VLAN.

l When a blocked port is located on the Cisco switch, the Cisco switch running PVST+ or
Rapid PVST+ only sends standard STP or RSTP BPDUs to negotiate with the remote
device in VLAN 1. In this case, the blocked port only blocks packets from VLAN 1. It
normally processes and forwards PVST BPDUs of other VLANs, and calculates the
spanning tree of the VLAN where the port is located. The Huawei S series switch
running STP or RSTP does not process PVST BPDUs, so blocked ports in other VLANs
must be located on the Cisco switch.
5.5.5 Interoperation and Replacement Solution 1: Huawei

Switches Transparently Transmit Cisco PVST and STP BPDUs
Topic contents:
l Overview
l Procedure
Overview
Huawei switches transparently transmit Cisco PVST and STP BPDUs to remove loops
between Cisco switches or on themselves.
In Figure 5-15, all switches are Cisco switches. Layer 3 switches establish a virtual switching
system (VSS) to implement connectivity. Two aggregation switches establish a port channel
in manual mode to provide link redundancy. They are configured with OSPF and establish
OSPF relationships with core switches to receive and transmit routes, and are configured with
the Hot Standby Router Protocol (HSRP) to implement virtual gateway backup. Switches are
enabled with PVST to remove loops.
Huawei switches need to replace the two aggregation switches, without changing the network
plan.

Figure 5-15 Networking where Huawei switches transparently transmit Cisco PVST and STP
BPDUs
Internet
VSS
Devices to be
replaced
CiscoA CiscoB
VLAN 10 20
Port Channel
GE0/1 GE0/2 GE0/1 GE0/2
VL
N 10
A
10 VLA
N2
AN N2
VLA
VL 0
0
GE0/1 GE0/2
GE0/2 GE0/1
CiscoC CiscoD
1. Configure OSPF on Huawei switches to establish OSPF relationships with core switches
to receive and transmit routes.
2. Configure link aggregation in manual mode on Huawei switches to implement load
balancing.
3. Configure VRRP on Huawei switches to interwork with and replace HSRP on Cisco
switches. VRRP implements virtual gateway backup.
4. Configure Huawei switches to transparently transmit Cisco PVST and STP BPDUs to
remove loops between Cisco switches or on themselves.
a. Disable STP on Huawei switches.
b. Configure Huawei switches to transparently transmit Cisco PVST and STP BPDUs.
5. Configure service forwarding on Huawei switches based on the original network plan.
Procedure
During migration, connect Huawei switches in bypass mode and establish OSPF routes.
Migrate services on access switches to Huawei switches one by one.
1. Check the configuration of Cisco switches before the replacement.
a. Run the show running-config command to check the spanning tree configuration
on Cisco switches.

b. Run the show spanning-tree summary command to check spanning tree

parameters and status information on Cisco switches.
Cisco switches use PVST to calculate spanning trees.
2. Power on two Huawei switches, and connect links between them and their uplinks.
Configure addresses for downlink interfaces of core switches, and configure addresses
for uplink interfaces and loopback addresses on Huawei switches. Complete the
configuration on Huawei switches, and shut down VLANIF 10 and VLANIF 20 on
HuaweiA and HuaweiB. Retain the configuration of Cisco switches.
a. Disable STP on HuaweiA and HuaweiB.
# Configure HuaweiA.
[HUAWEI] sysname HuaweiA
[HuaweiA] stp disable
# Configure HuaweiB.
[HUAWEI] sysname HuaweiB
[HuaweiB] stp disable
b. Configure Huawei switches to transparently transmit Cisco PVST and STP BPDUs.
[HuaweiA] interface eth-trunk 1
[HuaweiA-Eth-Trunk1] l2protocol-tunnel PVST+ enable
[HuaweiA-Eth-Trunk1] l2protocol-tunnel STP enable
[HuaweiA-Eth-Trunk1] quit
[HuaweiA] interface gigabitethernet 0/0/1
[HuaweiA-GigabitEthernet0/0/1] l2protocol-tunnel PVST+ enable
[HuaweiA-GigabitEthernet0/0/1] l2protocol-tunnel STP enable
[HuaweiA-GigabitEthernet0/0/1] quit
[HuaweiA-GigabitEthernet0/0/2] l2protocol-tunnel PVST+ enable
[HuaweiA-GigabitEthernet0/0/2] l2protocol-tunnel STP enable
[HuaweiB] interface eth-trunk 1
[HuaweiB-Eth-Trunk1] l2protocol-tunnel PVST+ enable
[HuaweiB-Eth-Trunk1] l2protocol-tunnel STP enable
[HuaweiB-Eth-Trunk1] quit
[HuaweiB] interface gigabitethernet 0/0/1
[HuaweiB-GigabitEthernet0/0/1] l2protocol-tunnel PVST+ enable
[HuaweiB-GigabitEthernet0/0/1] l2protocol-tunnel STP enable
[HuaweiB-GigabitEthernet0/0/1] quit
[HuaweiB-GigabitEthernet0/0/2] l2protocol-tunnel PVST+ enable
[HuaweiB-GigabitEthernet0/0/2] l2protocol-tunnel STP enable
3. Migrate services of the backup uplink of CiscoD to HuaweiB and shut down VLANIF
20, as shown in Figure 5-16.

Figure 5-16 Migration process 1
Internet
VSS
CiscoA HuaweiA HuaweiB

VLAN 10 20 CiscoB VLAN 10 20
Port Channel Eth-Trunk
GE0/1 GE0/2 GE0/1
GE0/0/2
N 10
10 VLA 20
AN N2 AN
VLA
VL 0 VL
GE0/1 GE0/2
GE0/2 GE0/1
CiscoC CiscoD
4. Disconnect the cable between CiscoA and CiscoD, shut down VLANIF 20 on CiscoA
and CiscoB, and enable VLANIF 20 on Huawei switches.
5. Test services on CiscoD. When verifying that services on CiscoD are normal, migrate
services on the link between CiscoD and CiscoA to HuaweiA. The migration of the
access switch is completed, as shown in Figure 5-17.
Internet
VSS
CiscoA CiscoB HuaweiA HuaweiB

VLAN 10 20 VLAN 10 20
GE0/1 GE0/1
GE0/0/1 GE0/0/2
20
N 10
20
VLAN
N 10 A N
VLA
V LA VL
GE0/1 GE0/1 GE0/2

GE0/2
CiscoC CiscoD
6. Perform the preceding steps to migrate services on downstream access switches one by
one. Figure 5-18 shows the network where migration is completed.

Figure 5-18 Network where migration is completed
Internet
VSS
HuaweiA HuaweiB
VLAN 10 20
Eth-Trunk
GE0/0/1 GE0/0/2 GE0/0/1 GE0/0/2
VL
N 10
AN
10 VLA
AN N
VLA
2
VL 20
0
GE0/1 GE0/2
GE0/2 GE0/1
CiscoC CiscoD
7. Check the configuration of Huawei switches after the replacement.

a. Run the display l2protocol-tunnel group-mac { all | protocol-type | user-defined-
protocol protocol-name } command to check whether Huawei switches can
transparently transmit Cisco PVST and STP BPDUs.
b. Run the show spanning-tree summary command to check spanning tree status
information on Cisco switches.
c. Verify services on user-side devices and check whether the replacement is
successful.
Huawei switches transparently transmit Cisco PVST and STP BPDUs to implement spanning
tree negotiation between Cisco switches, so Huawei switches broadcast received PVST and
STP BPDUs in VLANs. As a result, P2P negotiation between two switches is changed to
P2MP negotiation, affecting spanning tree convergence. Solution 1 causes slow spanning tree
convergence and easily results in temporary loops.
5.5.6 Interoperation and Replacement Solution 2: Huawei

Switches Use VBST to Interwork with Cisco PVST Switches
Topic contents:

l Overview
l Procedure
Overview
Huawei switches are configured with VBST to interwork with Cisco PVST switches to
remove loops.
enabled with Rapid PVST+ to remove loops.
Cisco switches use the short algorithm to calculate the path cost. The short algorithm
corresponds to the dot1d-1998 algorithm on Huawei switches. Cisco switches do not support
fast transition in enhanced mode, whereas Huawei switches use fast transition in enhanced
mode by default. You must run the stp no-agreement-check command to configure fast
transition in common mode on the interfaces that do not support fast transition in enhanced
mode.
plan.

Figure 5-19 Networking where Huawei switches use VBST to interwork with Cisco PVST
switches
Internet
VSS
Devices to be
replaced
CiscoA CiscoB
VLAN 10 20
Port Channel
GE0/1 GE0/2 GE0/1 GE0/2
VL
10
AN
10 VLA
N
AN N2
VLA
2
VL 0
0
GE0/1 GE0/2
GE0/2 GE0/1
CiscoC CiscoD
balancing.
4. Configure VBST on Huawei switches to interwork with Rapid PVST+ on Cisco
switches.
a. Configure Huawei switches to work in VBST mode.
b. Configure Huawei switches to use the dot1d-1998 algorithm to calculate the path
cost.
c. Configure fast transition in common mode on Huawei switches.
Procedure


on Cisco switches.
Cisco switches use Rapid PVST+ to calculate spanning trees and use the short algorithm
to calculate the path cost. In addition, they do not support fast transition in enhanced
mode.
for uplink interfaces and loopback addresses on Huawei switches. Complete the
configuration on Huawei switches, and shut down VLANIF 10 and VLANIF 20 on
HuaweiA and HuaweiB. Retain the configuration of Cisco switches.
Configure VBST on Huawei switches.
a. Configure HuaweiA and HuaweiB to work in VBST mode.
[HuaweiA] stp mode vbst
[HuaweiB] stp mode vbst
b. Configure Huawei switches to use the dot1d-1998 algorithm to calculate the path
cost.
[HuaweiA] stp pathcost-standard dot1d-1998
[HuaweiB] stp pathcost-standard dot1d-1998
c. Configure fast transition in common mode on Huawei switches.

[HuaweiA-GigabitEthernet0/0/1] stp no-agreement-check
[HuaweiB-GigabitEthernet0/0/1] stp no-agreement-check

Internet
VSS

GE0/1 GE0/2 GE0/1
GE0/0/2
N 10
10 VLA 20
AN N2 AN
VLA
VL 0 VL
GE0/1 GE0/2
GE0/2 GE0/1
CiscoC CiscoD
Internet
VSS

VLAN 10 20 VLAN 10 20
GE0/1 GE0/1
GE0/0/1 GE0/0/2
20
N 10
20
VLAN
N 10 A N
VLA
V LA VL
GE0/1 GE0/1 GE0/2

GE0/2
CiscoC CiscoD

Internet
VSS
HuaweiA HuaweiB
VLAN 10 20
Eth-Trunk
GE0/0/1 GE0/0/2 GE0/0/1 GE0/0/2
VL
N 10
AN
10 VLA
AN N
VLA
20
VL 20
GE0/1 GE0/2
GE0/2 GE0/1
CiscoC CiscoD

a. Run the display stp [ vlan vlan-id ] [ interface interface-type interface-number |
slot slot-id ] [ brief ] command to check the spanning tree status and statistics on
Huawei switches.
successful.
5.5.7 Interoperation and Replacement Solution 3: Cisco Switches

Use MST to Replace PVST to Interoperate with Huawei Switches
Running MSTP
Topic contents:
l Overview
l Procedure

Overview
PVST on Cisco switches is changed to MST so that Cisco switches can interwork with
Huawei switches running MSTP.
enabled with PVST to remove loops.
Cisco switches use the short algorithm to calculate the path cost. The short algorithm
corresponds to the dot1d-1998 algorithm on Huawei switches. Cisco switches do not support
fast transition in enhanced mode, whereas Huawei switches use fast transition in enhanced
mode by default. You must run the stp no-agreement-check command to configure fast
transition in common mode on the interfaces that do not support fast transition in enhanced
mode. The format of the digest on a Cisco MST switch is different from that defined by the
IEEE. CiscoA is the root bridge and CiscoB is the secondary root bridge in VLAN 10, and
GE0/2 on CiscoC is the blocked port. CiscoB is the root bridge and CiscoA is the secondary
root bridge in VLAN 20, and GE0/1 on CiscoD is the blocked port.
plan.

Figure 5-23 Networking where Cisco switches use MST to replace PVST to interwork with
Huawei switches running MSTP
Internet
VSS
Devices to be
replaced
CiscoA CiscoB
VLAN 10 20
Port Channel
GE0/1 GE0/2 GE0/1 GE0/2
VL
10
AN
10 VLA
N
AN N2
VLA
2
VL 0
0
GE0/1 GE0/2
GE0/2 GE0/1
CiscoC CiscoD
balancing.
4. Configure MST on Cisco switches. Configure MSTP on Huawei switches and configure
the path cost calculation algorithm and fast transmission mode so that Huawei switches
can interwork with Cisco MST switches.
a. Configure MST on Cisco switches based on the original network plan.
i. Configure an MST region, create multiple MSTIs, and map VLAN 10 to MSTI
1 and VLAN 20 to MSTI 2.
ii. Configure the root bridge and secondary root bridge of each MSTI in each
MST region.
iii. Configure the path cost of a port in each instance so that the port can be
blocked.
iv. Enable MST.
b. Configure MSTP on Huawei switches based on the original network plan.

i. Configure an MST region, create multiple MSTIs, and map VLAN 10 to MSTI
1 and VLAN 20 to MSTI 2.
ii. Configure the root bridge and secondary root bridge of each MSTI in each
MST region.
iii. Configure the path cost calculation algorithm on Huawei switches to be
consistent with that on Cisco switches.
iv. Configure digest snooping on interfaces of Huawei switches connected to
Cisco access switches.
v. Enable MSTP.
Procedure
on Cisco switches.
Cisco switches use Rapid PVST+ to calculate spanning trees and use the short algorithm
to calculate the path cost. In addition, they do not support fast transition in enhanced
mode.
for uplink interfaces and loopback addresses on Huawei switches. Change the spanning
tree protocol to MST on Cisco switches and set parameters based on the original network
plan. Complete the configuration on Huawei switches, and shut down VLANIF 10 and
VLANIF 20 on HuaweiA and HuaweiB.
a. Configure MST on CiscoA and CiscoB to be replaced.
# Configure CiscoA.
CiscoA# configure terminal

CiscoA(config)# spanning-tree mst configuration
CiscoA(config)# spanning-tree extend system-id
CiscoA(config-mst)# instance 1 vlan 10
CiscoA(config-mst)# instance 2 vlan 20
CiscoA(config-mst)# spanning-tree mst 1 priority 0
CiscoA(config-mst)# spanning-tree mst 2 priority 24576
CiscoA(config-mst)# name BG1
CiscoA(config-mst)# revision 0
CiscoA(config-mst)# exit
CiscoA(config)# spanning-tree mode mst
CiscoA(config)# end
# Configure CiscoB.
CiscoB# configure terminal

CiscoB(config)# spanning-tree mst configuration
CiscoB(config)# spanning-tree extend system-id
CiscoB(config-mst)# instance 1 vlan 10
CiscoB(config-mst)# instance 2 vlan 20
CiscoB(config-mst)# spanning-tree mst 1 priority 24576
CiscoB(config-mst)# spanning-tree mst 2 priority 0

CiscoB(config-mst)# name BG1

CiscoB(config-mst)# revision 0
CiscoB(config-mst)# exit
CiscoB(config)# spanning-tree mode mst
CiscoB(config)# end
b. Configure MST on CiscoC and CiscoD (access switches).

# Configure CiscoC.
CiscoC# configure terminal

CiscoC(config)# spanning-tree mst configuration
CiscoC(config)# spanning-tree extend system-id
CiscoC(config-mst)# instance 1 vlan 10
CiscoC(config-mst)# instance 2 vlan 20
CiscoC(config-mst)# name BG1
CiscoC(config-mst)# revision 0
CiscoC(config-mst)# exit
CiscoC(config)# spanning-tree mode mst
CiscoC(config)# interface gigabitethernet 0/2
CiscoC(config-if)# spanning-tree mst 1 cost 20000
CiscoC(config-if)# exit
CiscoC(config)# end
# Configure CiscoD.
CiscoD# configure terminal

CiscoD(config)# spanning-tree mst configuration
CiscoD(config)# spanning-tree extend system-id
CiscoD(config-mst)# instance 1 vlan 10
CiscoD(config-mst)# instance 2 vlan 20
CiscoD(config-mst)# name BG1
CiscoD(config-mst)# revision 0
CiscoD(config-mst)# exit
CiscoD(config)# spanning-tree mode mst
CiscoD(config)# interface gigabitethernet 0/1
CiscoD(config-if)# spanning-tree mst 2 cost 20000
CiscoD(config-if)# exit
CiscoD(config)# end
c. Configure MSTP on HuaweiA and HuaweiB.

[HuaweiA] stp region-configuration
[HuaweiA-mst-region] region-name RG1
[HuaweiA-mst-region] instance 1 vlan 10
[HuaweiA-mst-region] instance 2 vlan 20
[HuaweiA-mst-region] active region-configuration
[HuaweiA-mst-region] quit
[HuaweiA] stp pathcost-standard dot1d-1998
[HuaweiA] stp instance 1 root primary
[HuaweiA] stp instance 2 root secondary
[HuaweiA-GigabitEthernet0/0/1] stp config-digest-snoop
[HuaweiA-GigabitEthernet0/0/2] stp config-digest-snoop
[HuaweiB] stp region-configuration
[HuaweiB-mst-region] region-name RG1
[HuaweiB-mst-region] instance 1 vlan 10
[HuaweiB-mst-region] instance 2 vlan 20

[HuaweiB-mst-region] active region-configuration

[HuaweiB-mst-region] quit
[HuaweiB] stp pathcost-standard dot1d-1998
[HuaweiB] stp instance 1 root secondary
[HuaweiB] stp instance 2 root primary
[HuaweiB-GigabitEthernet0/0/1] stp config-digest-snoop
[HuaweiB-GigabitEthernet0/0/2] stp config-digest-snoop
Internet
VSS

GE0/1 GE0/2 GE0/1
GE0/0/2
N 10
10 VLA 20
AN N2 AN
VLA
VL 0 VL
GE0/1 GE0/2
GE0/2 GE0/1
CiscoC CiscoD

Internet
VSS

VLAN 10 20 VLAN 10 20
GE0/1 GE0/1
GE0/0/1 GE0/0/2
20
N 10
20
VLAN
10 AN
AN
VLA
VL VL
GE0/1 GE0/1 GE0/2

GE0/2
CiscoC CiscoD
Internet
VSS
HuaweiA HuaweiB
VLAN 10 20
Eth-Trunk
GE0/0/1 GE0/0/2 GE0/0/1 GE0/0/2
VL
N 10
AN
10 VLA
AN N
VLA
VL 20
0
GE0/1 GE0/2
GE0/2 GE0/1
CiscoC CiscoD

a. Run the display stp [ vlan vlan-id ] [ interface interface-type interface-number |

slot slot-id ] [ brief ] command to check the spanning tree status and statistics on
Huawei switches.
successful.
5.6 Interoperation and Replacement Guide for Link

Aggregation on Huawei and Cisco Switches
5.6.1 Overview of Ethernet Link Aggregation
Definition
Ethernet link aggregation, also called Eth-Trunk, bundles multiple physical links to form a
logical link to increase link bandwidth. The bundled links back up each other, increasing
reliability.
Purpose
As the network scale expands increasingly, users propose increasingly high requirements on
Ethernet backbone network bandwidth and reliability. Originally, to increase the bandwidth,
users use high-speed cards or devices supporting high-speed interface cards to replace old
interface cards or devices. This solution, however, is costly and inflexible.
Link aggregation helps increase bandwidth by bundling a group of physical interfaces into a
single logical interface, without upgrading the hardware. In addition, link aggregation
provides link backup, greatly improving link reliability.
Link aggregation has the following advantages:
l Increased bandwidth
The bandwidth of the link aggregation interface is the sum of bandwidth of member
interfaces.
l Improved reliability
When an active link fails, traffic on this active link is switched to another active link,
improving reliability of the link aggregation interface.
l Load balancing
In a link aggregation group (LAG), traffic is load balanced among active links of
member interfaces.
Classification of Link Aggregation

Link aggregation can work in manual load balancing mode or LACP mode depending on
whether the Link Aggregation Control Protocol (LACP) is used.
l Manual load balancing mode: You must manually create an Eth-Trunk and add member
interfaces to the Eth-Trunk. In this mode, LACP is not required. This mode applies to the

scenario where a high link bandwidth between two directly connected devices is required
but the remote device does not support the LACP protocol.
l LACP mode: In LACP mode, you also need to manually create an Eth-Trunk and add
member interfaces to the Eth-Trunk. Active member interfaces are selected by sending
LACP Data Units (LACPDUs) in LACP mode, which is different from the
implementation in manual loading balancing mode. When a group of interfaces are
added to an Eth-Trunk, they are classified into active and inactive ones by using
LACPDUs. The LACP mode is also called the M:N mode, which implements both load
balancing and link backup. M active links in the link aggregation group are responsible
for forwarding and load balancing data, while the other N inactive links are backup ones
and do not forward data. If an active link becomes faulty, the system selects the link with
the highest priority from N inactive links. The inactive link becomes active and starts to
forward data.
The implementation mechanisms of link aggregation in manual load balancing mode and
LACP mode provided by different vendors are similar, and only commands and default
settings are different.
5.6.2 Comparison Between Implementations of Link Aggregation

on Huawei and Cisco Switches
Overview
The implementation mechanism of link aggregation in manual load balancing mode and
LACP mode on Huawei switches is similar to that on Cisco switches, but commands and
default settings are different.
Comparison Between Default Settings

Table 5-14 compares default settings of link aggregation on Huawei switches and Cisco
switches.
Table 5-14 Comparison between default settings
Parameter Huawei Switches Cisco Switch
LACP system priority 32768 32768
LACP interface priority 32768 32768
Load balancing mode Src-dst-ip -

NOTE
The default load balancing
modes on Cisco switches are
different depending on models.
For details, see Cisco product
documentation.
Timeout interval of 90s 90s

LACPDUs

Command Comparison
Table 5-15 compares link aggregation commands on Huawei switches and Cisco switches.
Table 5-15 Command comparison

Switches Switches
Create an Eth-Trunk. interface Eth-Trunk trunk- interface port-channel

id group_number
Configure a link aggregation mode { lacp | manual load- channel-group

mode. balance } group_number mode
{ active | auto |desirable |
on | passive }
NOTE
Cisco switches provide five
link aggregation modes. The
active and passive modes of
link aggregation on Cisco
switches correspond to those
on Huawei switches. The on
mode on Cisco switches
corresponds to the manual load
balancing mode on Huawei
switches. The auto and
desirable modes of link
aggregation are based on the
Port Aggregation Protocol
(PAgP), which is a Cisco
proprietary protocol. Huawei
switches do not provide the
corresponding link aggregation
mode.
Add member interfaces to eth-trunk trunk-id [ mode channel-group

an Eth-Trunk. { active | passive } ] group_number mode
{ active | auto |desirable |
on }
Configure the LACP system lacp priority priority lacp system-priority

priority. (system view) priority_value (system
view)
Configure the LACP lacp priority priority lacp system-priority

interface priority. (interface view) priority_value (interface
view)
Configure a load balancing load-balance { dst-ip | dst- port-channel load-balance

mode. mac | src-ip | src-mac | src- { src-mac | dst-mac | src-
dst-ip | src-dst-mac } dst-mac | src-ip | dst-ip |
src-dst-ip | src-port | dst-
port | src-dst-port }
[ module slot]

Configure the threshold for max active-linknumber lacp max-bundle number

the number of active link-number
interfaces.
Check the link aggregation display eth-trunk [ trunk-id show interfaces interface-
configuration. [ interface interface-type type interface-number
interface-number | etherchannel
verbose ] ] show etherchannel load-
balance
5.6.3 Interoperation and Replacement Solution for Link

Aggregation
Overview of the Interoperation and Replacement Solution

The link aggregation mode determines two interworking and replacement solutions.
l A Huawei S series switch interworks with and replaces a Cisco switch using link
aggregation in manual mode.
l A Huawei S series switch interworks with and replaces a Cisco switch using link
aggregation in static LACP mode.
Applicable Models and Versions

This example applies to all switch models of all versions.
The implementation mechanism of link aggregation in manual mode and LACP mode on
Huawei switches is similar to that on Cisco switches, so a Huawei S series switch can simply
interwork with and replace a Cisco switch.
5.6.4 Interoperation and Replacement Solution 1: Link

Aggregation in Manual Mode
Topic contents:
l Overview
l Procedure
Overview
A Huawei S series switch and a Cisco switch are configured with link aggregation in manual
mode for interworking.

Configuration Notes
This example applies to Huawei switches of all versions.
In Figure 5-27, The Cisco switch and Huawei S series switch are configured with the LAG in
manual mode to improve bandwidth and reliability between them.
Figure 5-27 Networking of interworking and replacement using link aggregation in manual
mode
Cisco Huawei
GE0/1 GE0/0/1
GE0/2 GE0/0/2
GE0/3 GE0/0/3
Port-Channel 1 Eth-Trunk 1
l Configuration logic for link aggregation in manual mode on Cisco switches:
a. Create a port channel and add member interfaces, and configure a link aggregation
mode.
b. Configure a load balancing mode.
l Configuration logic for link aggregation in manual mode on Huawei switches:
a. Create an Eth-Trunk and add interfaces to the Eth-Trunk.
Procedure
Step 1 Configure link aggregation in manual mode on the Cisco switch.
# Create a port channel and add member interfaces, and configure a link aggregation mode on
the Cisco switch.
Switch# configure terminal
Switch(config)# hostname Cisco
Cisco(config)# interface range GigabitEthernet 0/1 -3
Cisco(config-if-range)# channel-group 2 mode on
Cisco(config-if-range)# end
# Configure a load balancing mode of the port channel.

Cisco# configure terminal
Cisco(config)# port-channel load-balance src-dst-mac
Cisco(config)# end
Step 2 Configure link aggregation in manual mode on the Huawei S series switch.
# Create an Eth-Trunk on the Huawei S series switch and add member interfaces to the Eth-
Trunk. By default, Huawei switches are connected using link aggregation in manual mode.
Therefore, you do not need to configure the link aggregation mode.
[HUAWEI] sysname Huawei
[Huawei] interface eth-trunk 1
[Huawei-Eth-Trunk1] trunkport gigabitethernet 0/0/1 to 0/0/3
[Huawei-Eth-Trunk1] quit

# Configure the load balancing mode of Eth-Trunk 1.

[Huawei] interface eth-trunk 1
[Huawei-Eth-Trunk1] load-balance src-dst-mac
[Huawei-Eth-Trunk1] quit

l Run the display eth-trunk [ trunk-id [ interface interface-type interface-number |
switch.
l Run the show interfaces interface-type interface-number etherchannel command to
check link aggregation parameters and status information of corresponding interfaces on
the Cisco switch.
l Run the show etherchannel load-balance command to check the load balancing mode
of link aggregation on the Cisco switch.
----End
5.6.5 Interoperation and Replacement Solution 2: Link

Aggregation in LACP Mode
Topic contents:
l Overview
l Procedure
Overview
A Huawei S series switch and a Cisco switch are configured with link aggregation in LACP
mode for interworking.
Configuration Notes
This example applies to Huawei switches of all versions.
In Figure 5-28, SwitchA (Cisco switch) and SwitchB (Huawei S series switch) are configured
with the LAG in LACP mode to improve bandwidth and reliability between them. The LAG
is composed of three links, two of which are active links and load balance data. The third link
is a backup link. When an active link fails, the backup link replaces the faulty link to ensure
the reliability of data transmission. SwitchB is the Actor.

Figure 5-28 Networking of interworking and replacement using link aggregation in LACP
mode
Cisco Huawei
GE0/1 GE0/0/1
GE0/2 GE0/0/2
GE0/3 GE0/0/3
Port-Channel 1 Eth-Trunk 1
Active link
Backup link
l The configuration roadmap for link aggregation in LACP mode on Cisco switches is as
follows:
a. Create a port channel and add member interfaces, and configure a link aggregation
mode.
l The configuration roadmap for link aggregation in LACP mode on Huawei switches is as
follows:
a. Create an Eth-Trunk and add member interfaces, and configure the Eth-Trunk to
work in LACP mode.
c. Set the LACP system priority to determine the Actor. Set the upper threshold for the
number of active interfaces based on interfaces of the Actor to improve network
reliability with bandwidth guarantee.
d. Set interface priorities and determine active interfaces so that interfaces with higher
priorities are selected as active interfaces.
Procedure
Step 1 Configure link aggregation in LACP mode on the Cisco switch.
# Create a port channel and add member interfaces, and configure a link aggregation mode on
SwitchA.
Switch# configure terminal
Switch(config)# hostname SwitchA
SwitchA(config)# interface range GigabitEthernet 0/1 -3
SwitchA(config-if-range)# channel-group 2 mode passive
SwitchA(config-if-range)# end
# Configure a load balancing mode of the port channel.

SwitchA# configure terminal
SwitchA(config)# port-channel load-balance src-dst-mac
SwitchA(config)# end
Step 2 Configure link aggregation in LACP mode on the Huawei S series switch.
# Create an Eth-Trunk on the Huawei S series switch, configure the Eth-Trunk to work in
LACP mode, and add member interfaces to the Eth-Trunk.
[SwitchB] interface eth-trunk 1

[SwitchB-Eth-Trunk1] mode lacp

[SwitchB-Eth-Trunk1] trunkport gigabitethernet 0/0/1 to 0/0/3
# Configure a load balancing mode on Eth-Trunk 1 of the Huawei S series switch.

[SwitchB-Eth-Trunk1] load-balance src-dst-mac
[SwitchB-Eth-Trunk1] quit
# Set the system priority of Huawei S series switch to 100 so that it can become the LACP
Actor. (The LACP system priority of the Cisco switch uses the default value 32768, so the
Huawei S series switch with LACP system priority 100 becomes the Actor.) Then set the
upper threshold for the number of active interfaces.
[SwitchB] lacp priority 100
[SwitchB] interface eth-trunk 1
[SwitchB-Eth-Trunk1] max active-linknumber 2
[SwitchB-Eth-Trunk1] quit
# Set the interface priority to determine active links.

[SwitchB-GigabitEthernet0/0/1] lacp priority 100
[SwitchB-GigabitEthernet0/0/2] lacp priority 100

l Run the display eth-trunk [ trunk-id [ interface interface-type interface-number |
switch.
l Run the show interfaces interface-type interface-number etherchannel command to
check link aggregation parameters and status information of corresponding interfaces on
the Cisco switch.
l Run the show etherchannel load-balance command to check the load balancing mode
of link aggregation on the Cisco switch.
----End
5.7 Interoperation and Replacement Guide for VRRP and

HSRP
5.7.1 Overview of VRRP
Background
As networks rapidly develop and applications become more diversified, various value-added
services (VASs) such as Internet Protocol television (IPTV) and video conferencing have
become increasingly widespread. However, to ensure these services are not affected by
network disconnections, users require a more reliable network infrastructure.
Generally, all hosts on one network segment are configured with the same default route,
which has the gateway address as the next hop address. The hosts use the default route to send
packets to the gateway, which forwards the packets to other network segments. When the
gateway fails, all hosts on this network segment cannot communicate with external networks.
A common method to improve network reliability is to configure multiple egress gateways.
However, route selection between the gateways becomes an issue.

VRRP resolves this issue by virtualizing multiple routing devices into a virtual router without
changing the networking. The virtual router IP address is configured as the default gateway
address. When the gateway fails, VRRP selects a new gateway to transmit service traffic to
ensure reliable communication.
VRRP Principle
VRRP is a fault-tolerant protocol. It integrates multiple devices into a virtual router and uses
certain mechanisms to switch services to other devices when the next-hop device fails,
ensuring continuous and reliable communication.
Two or more VRRP-enabled devices form a VRRP group, which functions as a virtual router.
VRRP determines the virtual router master based on the priority of each device. You can
manually configure the priority of a device in the VRRP group.
VRRP determines the device role in the virtual router based on device priorities. The device
with a higher priority is more likely to become the master. The VRRP-enabled device in a
VRRP group initially works in Initialize state. After receiving an interface Up message, the
VRRP-enabled device with priority 255 directly becomes the master. The VRRP-enabled
device with the priority less than 255 switches to the Backup state, and then reverts to the
Master state after the Master_Down_Interval timer expires. The device that first switches to
the Master state obtains the priorities of other devices in the group by exchanging VRRP
Advertisement packets.
As shown in Figure 5-29, HostA is dual-homed to SwitchA and SwitchB through the switch.
SwitchA and SwitchB constitute a VRRP group to implement link redundancy.
Figure 5-29 Working mechanism of VRRP
Master
10.1.1.10/24
Switch
SwitchA
Internet
HostA SwitchB
Gateway:10.1.1.10/24
IP Address:10.1.1.3/24
Backup
10.1.1.1/24
Switch Virtual Router
Internet
HostA VRRP VRID 1
Gateway:10.1.1.10/24 Virtual IP Address:10.1.1.10/24
IP Address:10.1.1.3/24 Virtual MAC Address:0000-5e00-0101

Basic Concepts
l VRRP router: device running VRRP. It may belong to one or more virtual routers.
SwitchA and SwitchB are VRRP routers.
l Virtual router: VRRP group consisting of one master and multiple backups. The VRRP
group's virtual IP address is used as the default gateway address on a LAN. SwitchA and
SwitchB combine to form a virtual router.
l Virtual router master: VRRP device that forwards packets. SwitchA is the virtual router
master.
l Virtual router backup: a group of VRRP devices that do not forward packets. When the
master is faulty, a backup with the highest priority becomes the master. SwitchB is the
virtual router backup.
l VRID: virtual router ID. The VRID of the virtual router composed of SwitchA and
SwitchB is 1.
l Virtual IP address: IP address of a virtual router. A virtual router can be assigned one or
more virtual IP addresses that are configurable. The virtual IP address of the virtual
router composed of SwitchA and SwitchB is 10.1.1.10/24.
l IP address owner: VRRP device that uses an IP address of a virtual router as the actual
interface address. If an IP address owner is available, it usually functions as the virtual
router master. The interface address of SwitchA and the IP address of the virtual router
are both 10.1.1.10/24, making SwitchA the IP address owner.
l Virtual MAC address: MAC address that is generated by the virtual router based on the
VRID. A virtual router has one virtual MAC address and is in the format of
00-00-5E-00-01-{VRID} (VRRP for IPv4). The virtual router sends ARP Reply packets
carrying the virtual MAC address but not the interface MAC address. The VRID of the
virtual router composed of SwitchA and SwitchB is 1, so the MAC address of the VRRP
group is 00-00-5E-00-01-01.
VRRP State Machine

VRRP defines three states: Initialize, Master, and Backup. Only the device in Master state can
forward packets destined for the virtual IP address.
Table 5-16 VRRP states

State Description
Initialize VRRP is unavailable. The device in Initialize state cannot process

VRRP Advertisement packets.
When VRRP is configured on the device or the device detects a fault, it
enters the Initialize state.
After receiving an interface Up message, the VRRP-enabled device
whose priority is 255 becomes the master. The VRRP-enabled device
whose priority is less than 255 switches to the Backup state.

State Description
Master The VRRP device in Master state performs the following operations:
l Periodically sends VRRP Advertisement packets.
l Uses the virtual MAC address to respond to ARP Request packets
destined for the virtual IP address.
l Forwards IP packets destined for the virtual MAC address.
l Processes the IP packets destined for the virtual IP address if the
device is the IP address owner, and discards them if it is not.
l Becomes the backup if the device receives a VRRP Advertisement
packet with a higher priority than its VRRP priority.
l Becomes the backup if the device receives a VRRP Advertisement
packet with the same priority as its VRRP priority and the IP address
of the local interface is smaller than that of the connected interface
on the remote device.
Backup The VRRP device in Backup state performs the following operations:
l Receives VRRP Advertisement packets from the master and
determines whether the master is working properly.
l Does not respond to ARP Request packets destined for the virtual IP
address.
l Processes the IP packets destined for the virtual IP address based on
the Layer 2 forwarding process.
l When receiving a packet of a lower priority, it immediately switches
to the Master state by default. If non-preemption is configured, the
device resets the timer. If a preemption delay is configured, the
device resets the timer and switches to the Master state after the
preemption delay expires. When receiving a packet of a higher
priority, the device resets the timer. When receiving a packet of
equal priority, the device resets the timer but does not compare IP
addresses.
Master_Down_Interval timer: If the backup does not receive
Advertisement packets after the timer expires, the backup becomes
the master. The calculation formula is as follows:
– Master_Down_Interval = 3 x Advertisement_Interval +
Skew_time (offset time)
– Skew_Time = (256 - Priority)/256
l If the device receives a VRRP Advertisement packet whose priority
is not 0 and lower than its own VRRP priority, the device discards
the packet and becomes the master immediately. If the device
receives a VRRP Advertisement packet whose priority is 0, the
device sets the Skew_time (offset time).
VRRP Working Process

The VRRP working process is as follows:

1. Devices in a VRRP group select the master based on their priorities. The master sends
gratuitous ARP packets to notify the connected network devices or hosts of the virtual
MAC address of the VRRP group.
2. The master periodically sends VRRP Advertisement packets to all backups in the VRRP
group to advertise its configuration (for example, priority) and running status.
3. If the master fails, the backup with the highest priority becomes the new master.
4. If the original master is replaced by another device in the group, the new master sends
gratuitous ARP packets carrying the virtual MAC address and virtual IP address of the
virtual router. The new master uses these packets to update the MAC address entry on
the connected network devices or hosts. User traffic is then switched to the new master.
This process is transparent to users.
5. When the original master recovers and is the IP address owner (with priority 255), the
original master reverts to the Master state. If the priority of the original master is smaller
than 255, the device switches to the Backup state. The priority of the device is then
restored to its original value before the failure.
6. If the backup has a higher priority than the master, the working mode of the backup
(preemption or non-preemption) determines whether the master is re-selected.
– Preemption mode: If the priority of a backup is higher than the priority of the
current master, the backup automatically becomes the master.
– Non-preemption mode: As long as the master is working properly, the backup with
a higher priority cannot become the master.
5.7.2 Overview of HSRP

Background
As the Internet gains in popularity, people rely more and more on networks. To improve
network stability, the device backup is used, which is similar to dual hard disks in a server to
improve data security. Devices at the network core layer are central to the entire network. If a
critical fault occurs on the core devices, the local network breaks down. If the backbone router
becomes faulty, the impact will be significant. Therefore, it is inevitable that core devices
work in hot standby mode to improve network reliability. When a core device fails, the
backup device in the system will take over it until the faulty device is restored. The Hot
Standby Router Protocol (HSRP) is used to address the preceding issue.
HSRP Principle
HSRP is a Cisco proprietary router redundancy protocol. It allows multiple routers to be
deployed in hot standby mode to eliminate network interruption caused by a single device
failure.
To achieve HSRP, two or more routers on a network form a hot standby group, which is a
virtual router.
HSRP uses the priority to determine the active router. The HSRP priority can be set manually.
If a router has a higher priority than all other routers, the router becomes the active router in
the corresponding standby group. When Hello messages sent from the active router fail to be
received within the hold time, the standby router with the highest priority becomes the active
router. None of the hosts on the network detects the packets exchanged between routers.
The following figure shows the working mechanism of HSRP which is similar to that of
VRRP:

Figure 5-30 Working mechanism of HSRP
Internet
Router 1 Router 2
Active Standby
IP 10.1.1.1/24 HSRP Virtual IP IP 10.1.1.2/24
10.1.1.3
PC Default Gateway is
10.1.1.3
Basic Concepts
l Standby group: indicates a group of devices which form a virtual router, which called
HSRP router.
l Active router: indicates a router in a standby group that forwards packets on behalf of
the virtual router.
l Standby router: indicates the first standby router in a standby group.
l Hello Time: indicates the interval for a device to send Hello messages. If the value is not
specified, the Hello time depends on the interval when the active router successfully
sends two Hello messages. Otherwise, the default value (3s) is used.
l Hold Time: indicates the interval for the HSRP router to declare an active router failure,
which is characterized by being at least 3 times that of the Hello time
l Standby priority: indicates the priority of routers in an HSRP group, which is 100 by
default. If the routers have the same priority, the router with the largest IP address
becomes the active router. This address is the IP address of the interface have a HSRP
configured.
l Virtual MAC address: indicates the MAC address of the virtual router. 00.00.0c.07.ac.
2f is used as an example.
– Vendor ID: indicates the first three bytes. 00.00.0c indicates the Cisco device.
– HSRP code: indicates that the MAC address is used to identify one HSRP virtual
router, which is always 07.ac.
– HSRP group number: indicates the group ID, which identifies the number of the
HSRP backup group. In this example, 2f is a hexadecimal value, which equals to
the decimal value 47.
HSRP Message
A router configured with HSRP has the following three types of multicast messages:
l Hello: is sent when HSRP is running on the router that can become an active router or
standby router. By default, HSRP routers send a Hello message every three seconds.

l Coup: is sent by a standby router when it becomes an active router.

l Resign: is sent by the active router when the active router wants to go Down or when a
router with a higher priority sends a Hello message. This message indicates that the
active router does not want to be the active router again.
HSRP messages are encapsulated in UDP packets using the UDP port number 1985. The
destination IP address is the multicast IP address 224.0.0.2 (means all-router) with a TTL
value of 1.
HSRP State
HSRP defines six possible states of an HSRP-enabled router.
l Initial: indicates the state of HSRP upon startup. HSRP is not running at this time. A
router enters this state when the configuration is changed or the interface is just started.
l Learn: indicates that a router is waiting for messages from the active router. At this time,
the router has not received Hello messages from the active router and has not learned the
virtual router IP address.
l Listen: indicates that the router is listening to Hello messages. When the virtual IP
address is obtained, routers (but not the active and standby routers) remain in Listen
state.
l Speak: indicates that the router sends Hello messages periodically and participates in the
election of the active router or standby router.
l Standby: indicates the state of a router in a standby group. Standby group members
monitor the active router, and are ready to take over services on the active router when it
fails. Additionally, a group member periodically sends Hello messages to other members
to notify its own state.
l Active: indicates the state of the active router (responsible for data transmission) in a
standby group.
5.7.3 Comparison Between HSRP and VRRP
Comparison Between HSRP and VRRP Parameters
Table 5-17 Comparison between HSRP and VRRP parameters

Parameter HSRP VRRP
Standards compliance Cisco proprietary protocol Standard protocol with high

with low protocol protocol compliance
compliance
Destination MAC address of 00-00-0c-07-ac-Group_ID 00-00-5e-00-01-VRID

protocol packets
Destination IP address of 224.0.0.2 224.0.0.18

protocol packets
TTL 1 255
Encapsulation mode Encapsulated in UDP Encapsulated in IP packets

packets, port number 1985

Parameter HSRP VRRP
Default interval for sending Sending interval: 3s, timeout Sending interval: 1s, timeout
Hello messages interval: 9s interval: 3s
Association with an Supported Supported

interface
Protocol state machine Initial, Learn, Listen, Speak, Initialize, Master, Backup
Standby, Active
Comparison Between HSRP and VRRP Commands
Table 5-18 Comparison between HSRP and VRRP commands

Function HSRP Command VRRP Command
Configure a standby group. standby group-number ip vrrp vrid virtual-router-id

virtual-ip-address virtual-ip virtual-address
Configure the priority for a standby group-number vrrp vrid virtual-router-id

standby group. priority priority-value priority priority-value
Configure the preemption standby group-number vrrp vrid virtual-router-id

mode. Preempt preempt-mode disable
Configure the Hello standby group-number vrrp vrid virtual-router-id

message timer. timers hellotime holdtime timer advertise advertise-
interval
Display the configuration of show standby vlan vlan- display vrrp brief
a standby group. number debugging vrrp4 state
show standby brief interface interface-type
show standby all interface-number vrid
virtual-router-id
debug standby
debugging vrrp4 packet
interface interface-type
interface-number vrid
virtual-router-id [ verbose ]
debugging vrrp4 timer
interface interface-type
interface-number vrid
virtual-router-id
Configure association with standby group-number vrrp vrid virtual-router-id

interfaces. track type number track interface interface-
interface-priority type interface-number
[ increased value-increased
| reduced value-reduced ]

5.7.4 VRRP and HSRP Interworking Analysis

Based on the HSRP principle, the destination MAC address of HSRP packets is different from
that of VRRP packets. Therefore, the two protocols cannot interwork with each other. When
Huawei switches replace Cisco devices, HSRP can only be replaced by VRRP with the
following two replacement methods:
l Replace HSRP with VRRP in Cisco devices before migration.
a. Shut down Layer 3 interfaces on an HSRP standby device. Some downlink services
are affected during this process, and service interruption time is equal to the route
switching time.
b. Change the configurations of the HSRP standby device to those of a VRRP master
device and keep Layer 3 interfaces Down.
c. Shut down Layer 3 interfaces on the HSRP active device, and enable Layer 3
interfaces on a VRRP master device to complete service switching.
d. Change the configurations of the HSRP active device to those of a VRRP backup
device, and enable Layer 3 interfaces to complete HSRP-to-VRRP switching.
e. Migrate services of the VRRP backup device to the Huawei VRRP backup device.
f. Migrate services of the VRRP master device to the Huawei VRRP master device.
l Migrate downlinks on HSRP active and standby devices to Huawei VRRP master and
backup devices.
a. Before migration, ensure that there are network-side routes on Huawei devices to
minimize the service loss after the service platform switching begins.
b. Shut down downlink interfaces of the HSRP standby device, connect the physical
cable to the VRRP master device, and keep interfaces Down.
c. Shut down downlink interfaces of the HSRP active device, and immediately enable
interfaces on the VRRP master device to complete service switching.
d. Connect physical cables of the HSRP active device to the VRRP backup device,
and enable interfaces on the VRRP backup device to complete the migration.
The first replacement method is not commonly used because service is interrupted for about 3
seconds during Step 3. Therefore, you are advised to use the second replacement method.
5.7.5 VRRP and HSRP Replacement Solution
Overview
HSRP and VRRP cannot interwork with each other. In the replacement solution, services on
HSRP active and standby downlinks are migrated to the Huawei VRRP master and backup
devices.
In Figure 5-31, Cisco switches are deployed. Two core switches constitute a stack. Two
aggregation switches establish an Eth-Trunk in manual load balancing mode, and also
establish OSPF neighbor relationships with core switches to receive and transmit routes.
HSRP is used to implement virtual gateway backup. CiscoA is the master gateway and
CiscoB is the backup gateway. In networking, the switches use Rapid PVST+ to prevent
loops.

Huawei switches are used to replace two aggregation switches in the networking without
changing the original network planning.
The following are HSRP configurations on the Cisco aggregation switches.
CiscoA
interface Vlan110
ip address 172.31.217.156 255.255.255.224
standby 110 ip 172.31.217.158
standby 110 priority 110
standby 110 preempt delay minimum 60
standby 110 authentication hsrp110
interface Vlan120
ip address 172.31.218.157 255.255.255.224
standby 120 ip 172.31.218.158
CiscoB
interface Vlan110
ip address 172.31.217.155 255.255.255.224
standby 110 ip 172.31.217.158
interface Vlan120
ip address 172.31.218.156 255.255.255.224
standby 120 ip 172.31.218.158
standby 120 priority 110
standby 120 preempt delay minimum 60
Figure 5-31 Networking for HSRP
Internet
VSS
CiscoA CiscoB
VLAN 110 120
port channel
VL
0
N 11
A
N1
10 VLA
AN1 N1
VLA
20
20
V L
CiscoC CiscoD

1. Configure OSPF for the Huawei switches to establish OSPF neighbor relationships with
core switches to receive and transmit routes.
2. Configure link aggregation in manual load balancing mode between Huawei switches to
load balance traffic.
3. Configure VRRP for Huawei switches to replace HSRP on the original Cisco switches to
implement virtual gateway backup.
4. Configure Huawei switches to achieve interworking with other Cisco switches to prevent
loops. For detailed interworking solution, see Interworking and Replacement Guide of
Cisco Spanning Tree Protocols and Huawei MSTP and VBST.
5. Configure service forwarding functions for the Huawei switches by following the
original network planning.
Procedure
Step 1 Run the show standby brief command to check the device status.
# Check the HSRP status of CiscoA.
CiscoA# show standby brief
P indicates configured to preempt.
|
Interface Grp Pri P State Active Standby Virtual IP
Vlan110 110 110 P Active local 172.31.217.155 172.31.217.158
Vlan120 120 100 Standby 172.31.218.156 local 172.31.218.158
# Check the HSRP status of CiscoB.

CiscoB# show standby brief
P indicates configured to preempt.
|
Interface Grp Pri P State Active Standby Virtual IP
Vlan110 110 100 Standby 172.31.217.156 local 172.31.217.158
Vlan120 120 110 P Active local 172.31.218.157 172.31.218.158
Step 2 Power on two Huawei switches and connect the links between them and the uplinks in bypass
mode. Configure IP addresses for the core switches' downlink interfaces, and configure IP
addresses and loopback addresses for the S series switches' uplink interfaces. Configure
VRRP and configure HuaweiB as the master switch. Complete all the configurations on
Huawei switches, and then shut down the VLANIF interfaces on the downlink access side.
# Configure VRRP for HuaweiB. Configure HuaweiB as the master device in VRRP group 1,
and the backup device in VRRP group 2.
[HuaweiB] interface vlanif 110
[HuaweiB-Vlanif110] ip address 172.31.217.156 255.255.255.224
[HuaweiB-Vlanif110] vrrp vrid 110 virtual-ip 172.31.217.158
[HuaweiB-Vlanif110] vrrp vrid 110 priority 110
[HuaweiB-Vlanif110] vrrp vrid 110 preempt-mode timer delay 60
[HuaweiB-Vlanif110] vrrp vrid 110 authentication-mode simple cipher vrrp110
[HuaweiB-Vlanif110] quit
[HuaweiB] interface vlanif 120
[HuaweiB-Vlanif120] ip address 172.31.218.157 255.255.255.224
[HuaweiB-Vlanif120] vrrp vrid 120 virtual-ip 172.31.218.158
[HuaweiB-Vlanif120] vrrp vrid 120 authentication-mode simple cipher vrrp120
[HuaweiB-Vlanif120] quit
# Configure VRRP for HuaweiA. Configure HuaweiA as the backup device in VRRP group
1, and the master device in VRRP group 2.

[HuaweiA] interface vlanif 110
[HuaweiA-Vlanif110] ip address 172.31.217.155 255.255.255.224
[HuaweiA-Vlanif110] vrrp vrid 110 virtual-ip 172.31.217.158
[HuaweiA-Vlanif110] vrrp vrid 110 authentication-mode simple cipher vrrp110
[HuaweiA-Vlanif110] quit
[HuaweiA] interface vlanif 120
[HuaweiA-Vlanif120] ip address 172.31.218.156 255.255.255.224
[HuaweiA-Vlanif120] vrrp vrid 120 virtual-ip 172.31.218.158
[HuaweiA-Vlanif120] vrrp vrid 120 priority 110
[HuaweiA-Vlanif120] vrrp vrid 120 preempt-mode timer delay 60
[HuaweiA-Vlanif120] vrrp vrid 120 authentication-mode simple cipher vrrp120
[HuaweiA-Vlanif120] quit
Step 3 Based on the Cisco device HSRP configurations, CiscoA is an active router. Shut down
CiscoB's downlink interfaces, connect CiscoD's physical cables to HuaweiB, and keep the
interface connecting CiscoD and HuaweiB Down.
Figure 5-32 VRRP replacement (step 1)
Internet
VSS

port channel Eth-Trunk
0
N 11
110 VLA
N1 120
AN AN
VLA
VL 20 VL
CiscoC CiscoD
Step 4 Shut down CiscoA's downlink interfaces and immediately enable HuaweiB's interfaces to
complete service switching.
Step 5 Test HuaweiB's configured services. If no exception is detected, connect the physical cables
connecting CiscoA with CiscoD to HuaweiA. Enable the interfaces on HuaweiA to complete
migration.

Figure 5-33 VRRP replacement (step 2)
Internet
VSS

VLAN 110 120 VLAN 110 120
port channel Eth-Trunk
0
0
N 11
12
110 120
AN
AN AN
VLA
VL VL
VL
CiscoC CiscoD
Step 6 Complete the access switch migration one by one based on the preceding steps.
Step 7 Check the VRRP status of Huawei switches.

# Check the VRRP status of HuaweiB.
[HuaweiB] display vrrp brief
VRID State Interface Type Virtual IP
----------------------------------------------------------------
110 Master Vlanif110 Normal 172.31.217.158
120 Backup Vlanif120 Normal 172.31.218.158
----------------------------------------------------------------
Total:2 Master:1 Backup:1 Non-active:0
# Check the VRRP status of HuaweiA.

[HuaweiA] display vrrp brief
VRID State Interface Type Virtual IP
----------------------------------------------------------------
110 Backup Vlanif110 Normal 172.31.217.158
120 Master Vlanif120 Normal 172.31.218.158
----------------------------------------------------------------
Total:2 Master:1 Backup:1 Non-active:0
----End
Configuration Files
HuaweiB configuration file
#
interface Vlanif110
ip address 172.31.217.156 255.255.255.224
vrrp vrid 110 preempt-mode timer delay 60
vrrp vrid 110 authentication-mode simple cipher %^%#!e<$Ql28W2S&k^Jl;mU#/)n59kqh
%9rF_E8EFWIF%^%#
#
interface Vlanif120
ip address 172.31.218.157 255.255.255.224


vrrp vrid 120 authentication-mode simple cipher %^%#S0^rDt=7[I1a^EU\zzpSN2BoIHvN
%H]o&0M2_A=&%^%#
#
HuaweiA configuration file

#
interface Vlanif110
ip address 172.31.217.155 255.255.255.224
vrrp vrid 110 authentication-mode simple cipher %^%#%XlM,3)SX/Q{S+'bB9GA.
1wI;wh^^&ReNC-c:K<L%^%#
#
interface Vlanif120
ip address 172.31.218.156 255.255.255.224
vrrp vrid 120 preempt-mode timer delay 60
vrrp vrid 120 authentication-mode simple cipher %^%#tkK~$%dlFD
%Yv>"UzAd8=o6k:z6c0Z%K`pPueWC/%^%#
#
5.8 Interoperation and Replacement Guide for OSPF and

EIGRP
5.8.1 Overview of OSPF and EIGRP

OSPF
The Open Shortest Path First (OSPF) protocol is a link-state Interior Gateway Protocol (IGP)
developed by the Internet Engineering Task Force (IETF). It is also a dynamic routing
protocol.
l Mechanism
a. After OSPF is run on switches, these switches send Hello packets on all OSPF-
enabled interfaces. If two switches share a data link and can successfully negotiate
certain parameters specified in their Hello packets, they can establish an OSPF
neighbor relationship.
b. Switches that have established an OSPF adjacency can exchange link-state
advertisements (LSAs). LSAs describe information about a switch, including all
links, interfaces, neighbors, and link state of the switch. Switches exchange the link
information to learn about the whole network topology.
c. A switch floods LSAs and records received LSAs in its link state database (LSDB).
Subsequently, all switches have the same LSDB. An LSA describes the surrounding
network topology of a switch, whereas an LSDB describes the network topology of
the entire autonomous system (AS) and is the summary of LSAs.
d. After LSDB synchronization is complete, each switch uses a shortest path first
(SPF) algorithm to calculate a loop-free topology with itself as the root to describe
the shortest path (with the minimum path cost) to each destination. The topology is
the shortest path tree (SPT), which shows the optimal paths to nodes in an AS.
e. After each switch uses an SPF algorithm to calculate the SPT, it installs the shortest
paths in its routing table as routing entries to guide data forwarding and updates the
routing table in real time. Meanwhile, neighbors exchange Hello packets to

maintain their neighbor relationships or adjacencies and periodically retransmit

LSAs.
l DR/BDR and Area
– Designated Router (DR)/Backup Designated Router (BDR): On broadcast and non-
broadcast multiple access (NBMA) networks, any two switches need to establish an
OSPF adjacency and exchange routing information, wasting bandwidth resources.
To solve this problem, a DR and a BDR are elected and establish an OSPF
adjacency with other switches (DR others) on the same network segment. DR others
do not establish an OSPF adjacency or exchange any routing information with each
other. This reduces the number of OSPF adjacencies established between switches
on broadcast and NBMA networks, saving bandwidth resources.
– Area: When a large number of switches run OSPF, their LSDBs become large,
complicating SPF calculations. Each route change causes route recalculations on all
switches. OSPF resolves this problem by partitioning an AS into different areas. An
area is regarded as a logical group of switches and is identified by an area ID. A
network segment belongs to only one area. Area partitioning reduces the LSDB
size, simplifies SPF calculations, and increases network efficiency.
For more details about OSPF of switches, see "OSPF Configuration" in Configuration Guide -
IP Unicast Routing of the required product version.
EIGRP
The Enhanced Interior Gateway Routing Protocol (EIGRP) is a Cisco proprietary dynamic
routing protocol that uses a distance-vector algorithm.
l Mechanism
a. An EIGRP-enabled switch periodically sends Hello packets on each interface,
establishes a neighbor relationship with the switch that receives the packet, and
adds the neighbor relationship to its neighbor table.
b. The two switches that establish a neighbor relationship can exchange routing
information only after a three-way handshake. They exchange all routing
information when exchanging routing information for the first time and update the
changed routing information only when the network structure or route changes.
EIGRP routing information is exchanged using Update, Query, Reply, and Ack
packets.
c. EIGRP stores all received routing information in the topology table, including the
destination IP address, mask, next hop, and metric of each route. An EIGRP switch
selects the optimal loop-free routes from the topology table using the Diffusing
Update Algorithm (DUAL) and adds the routes to its routing table.
d. The EIGRP switch maintains neighbor relationships through Hello packets. If the
switch does not receive any Hello packet from a peer switch within the specified
period, it considers the peer switch to be unreachable, deletes the peer switch from
the neighbor table, and notifies other neighbors that the route to the peer switch is
unreachable.
l DUAL
– DUAL is used by EIGRP to calculate loop-free routes.
– The algorithm is a distance-vector algorithm. Using this algorithm, a switch
calculates the shortest distance to a destination by calculating its distance to each
neighbor plus the distance from this neighbor to the destination and obtaining the
minimum distance to the destination from the distance calculation result. The

distance, known as a metric, is calculated based on parameters such as the

transmission delay, link bandwidth, and effective bandwidth to reflect the
advantages and disadvantages of each route.
– DUAL calculates loop-free routes based on feasible successors. A successor is a
neighboring switch used for packet forwarding that has a least cost path to a
destination that is guaranteed not to be part of a routing loop. When a network
change occurs, DUAL first detects whether a feasible successor for the destination
network exists. If a feasible successor exists, DUAL selects it as the next hop. If no
feasible successor exists and there is no routing entry to the destination address in
the topology table, the destination network is unreachable. If the topology table
contains such a routing entry, the neighboring switch is not eligible to become the
feasible successor. In this case, DUAL needs to recalculate the feasible successor.
5.8.2 Comparisons Between OSPF and EIGRP

Table 5-19 Implementation of OSPF and EIGRP
Implementati OSPF EIGRP
on
Neighbor Discovers neighbors through Discovers neighbors through

discovery Hello packets and maintains Hello packets and maintains
neighbor relationships through neighbor relationships through
Hello packets and the timeout Hello packets and the timeout
mechanism. mechanism.
Route exchange Exchanges all routing information Exchanges all routing information
at a time with a peer switch during at a time with a peer switch during
adjacency establishment and neighbor relationship
exchanges incremental routing establishment and after a three-
information after adjacency way handshake and exchanges
establishment. incremental routing information
after neighbor relationship
establishment.
Route Uses the SPF algorithm for route Uses the DUAL algorithm for
calculation calculation. After route route calculation. After route
calculation, the entire network calculation, the entire network
topology can be viewed. topology cannot be viewed.
Packet Uses five types of packets defined Uses four types of packets
transmission by RFC 2328: Hello, database consisting of TLVs: Hello, Query,
description (DD), link state Reply, and Update packets.
request (LSR), link state update
(LSU), and link state
acknowledgement (LSAck).
Area Provides area partitioning to Does not provide area partitioning,

partitioning prevent a large number of nodes unable to control the number of
from participating in SPF nodes participating in SPF
calculation on a large-scale calculation on a large-scale
network. network.

Implementati OSPF EIGRP

on
Multi-process Supports multi-process and multi- Supports multi-process and multi-

and multi- instance. instance.
instance
Security Supports message-digest 5 (MD5) Supports MD5 authentication and

authentication and requires the requires the packet digest to be
packet digest to be contained in contained in the Authentication
the Authentication field and all TLV and part of the packet content
packet content to be calculated for to be calculated for authentication.
authentication.
Route Supports manual summarization Supports automatic summarization

summarization based on advertised routes. and interface-based manual
summarization.
Route import Supports the import of direct Supports the import of direct
routes and dynamic routes. Only routes and dynamic routes. The
the route cost can be configured route metric, including the delay
for imported routes. and bandwidth can be configured
for imported routes.
Table 5-20 Advantages and disadvantages of OSPF and EIGRP

Characteristic OSPF EIGRP
s
Convergence OSPF uses the SPF algorithm for EIGRP uses DUAL for route
speed route calculation. After routing calculation and needs to
information is flooded, each node periodically check for feasible
calculates routes locally without successors to achieve route
depending on neighbors' routing convergence. Route convergence
information. This mechanism depends on neighbors' routing
ensures fast convergence and is information. On a large-scale
more advantageous in large-scale network, the convergence
networks. performance of EIGRP is much
lower than that of OSPF.
Number of On broadcast and NBMA On broadcast and NBMA

devices that networks, OSPF can elect the DR networks, every two EIGRP
exchange and BDR to enable all the other devices establish a neighbor
routing devices to exchange routing relationship to exchange routing
information information with only the DR and information. When there are a
BDR, which effectively reduces large number of EIGRP devices on
the number of transmitted protocol a shared network segment,
packets. protocol packets occupy a lot of
bandwidth resources.


s
Protocol OSPF is an open protocol EIGRP is a Cisco proprietary

openness developed by the IETF and protocol. Cisco has no obligation
supported by major network to notify any other vendors of the
devices in the world. Therefore, modification to EIGRP. Therefore,
its interoperability, scalability, and there are uncertainties in network
reliability are guaranteed due to its upgrade and extension. In
openness. addition, EIGRP cannot be used to
interwork with other vendors,
leading to poor scalability.
Area OSPF implements hierarchical EIGRP has no area concept and is

partitioning route management through area generally applicable to small-scale
partitioning. On a large-scale networks. On a large-scale
network, OSPF can plan and limit network, EIGRP cannot
the number of routes by dividing implement hierarchical route
the network into areas. management and cannot limit the
number of nodes involved in
topology computation. Therefore,
on a large-scale network, the route
calculation performance of EIGRP
is poorer than that of OSPF.
Special areas OSPF supports stub areas, totally EIGRP proposed the use of stub
stub areas, and not-so-stubby devices but lacks a detailed
areas (NSSAs). Configuring these implementation scheme.
types of areas can minimize the
number of routes and route
calculations to ensure network
stability.
Load balancing OSPF supports only equal-cost EIGRP is the only protocol that
load balancing. That is, load supports unequal load balancing.
balancing is performed when the That is, load balancing can be
routes to the same destination performed when the routes to the
address have the same cost. same destination address have
different costs.
Performance OSPF needs to store the network EIGRP is easy to implement and
requirements topology of the entire area and use does not need to store the entire
the SPF algorithm to compute area topology. Therefore, EIGRP
routes. Therefore, OSPF has high has lower requirements for the
requirements for the CPU and CPU and memory than OSPF.
memory. However, with the
continuous improvement of router
performance and declining
hardware costs, this disadvantage
is not that important.


s
Configuration OSPF is complex to configure. EIGRP is easier to configure than

complexity Due to complex mechanisms such OSPF. In the simplest case, you
as area partitioning, DR election, only need to enable EIGRP and
hierarchical routing, and area network segments.
border router (ABR)
summarization, network
administrators must be familiar
with OSPF before planning and
managing OSPF networks.
Table 5-21 Comparisons between Huawei OSPF and Cisco OSPF and EIGRP Commands
Function Huawei OSPF Commands Cisco OSPF and EIGRP
Commands
Creates an ospf process-id router-id router- l OSPF: router ospf process-id

OSPF/EIGRP id l EIGRP: router eigrp
process. autonomous-system-number
Configures an An OSPF router ID is configured l OSPF: router-id router-id

OSPF/EIGRP during the creation of an OSPF l EIGRP: eigrp router-id router-
router ID. process. id
Creates an area area-id l OSPF: An OSPF area is created

OSPF area. when an OSPF network
segment is being enabled.
l EIGRP: EIGRP has no area
concept.
Enables an network network-address l OSPF: network ip-address

OSPF/EIGRP wildcard-mask wildcard-mask area area-id
network l EIGRP: network ip-address
segment wildcard-mask
Configures the preference preference l OSPF: distance ospf

OSPF/EIGRP { external dist1 | inter-area
priority. dist2 | intra-area dist3 }
l EIGRP: distance eigrp
internal-distance external-
distance
Imports external import-route l OSPF: redistribute

routes. l EIGRP: redistribute
Displays OSPF/ display ospf peer l OSPF: show ip ospf neighbors

EIGRP neighbor l EIGRP: show ip eigrp
relationship. neighbors

Function Huawei OSPF Commands Cisco OSPF and EIGRP

Commands
Displays OSPF display ospf lsdb l OSPF: show ip ospf database

LSDB/EIGRP l EIGRP: show ip eigrp
topology table topology
information.
Displays OSPF/ display ospf routing l OSPF: show ip route ospf

EIGRP routing l EIGRP: show ip route eigrp
table
information.
5.8.3 OSPF and EIGRP Interoperation and Replacement Solution

EIGRP is a Cisco proprietary protocol. Huawei switches cannot interoperate with EIGRP-
enabled devices directly. To enable Huawei OSPF-enabled switches to interoperate with or
replace Cisco EIGRP-enabled switches, two solutions are available.
Solution Description
OSPF interoperates Use OSPF on Cisco EIGRP-enabled switches to exchange

with EIGRP routing information with Huawei OSPF-enabled switches. This
solution enables Huawei OSPF-enabled switches to interoperate
with Cisco EIGRP-enabled switches.
OSPF replaces with Configure OSPF to replace EIGRP on Cisco switches so that all
EIGRP devices on the network run OSPF. This solution enables Huawei
switches and Cisco switches to communicate with each other
through OSPF.
5.8.4 OSPF and EIGRP Interoperation and Replacement Case 1:

OSPF Interoperates with EIGRP
This section includes:
l Overview
l Procedure
Overview
OSPF can be used on Cisco EIGRP-enabled switches to exchange routing information with
Huawei OSPF-enabled switches. This solution enables Huawei OSPF-enabled switches to
interoperate with Cisco EIGRP-enabled switches.

Configuration Notes
l This case applies to OSPF-supporting Huawei switches.
l This case provides only the basic configuration for interoperation between OSPF and
EIGRP.
l The subnets parameter needs to be configured when EIGRP routes need to be imported
into OSPF. Otherwise, only major network routes but no subnet routes can be imported
into OSPF.
l The metric-related parameters need to be configured when OSPF routes need to be
imported into EIGRP. Otherwise, the metric value of the imported OSPF routes is
infinite, and these routes cannot be transmitted to other EIGRP devices.
In Figure 5-34, a Cisco switch is running EIGRP on the network. Based on service
requirements, a Huawei switch needs to be added to the network to enable the Huawei OSPF-
enabled switch to interoperate with the Cisco EIGRP-enabled switch. Both OSPF and EIGRP
need to run on the network.
In this example, HuaweiA running OSPF needs to interoperate with CiscoA running EIGRP.
Figure 5-34 Interoperation between OSPF and EIGRP
Internet
CiscoA EIGRP CiscoB
HuaweiA CiscoC CiscoD

OSPF EIGRP EIGRP
HuaweiB CiscoE CiscoF

1. Configure basic EIGRP functions on the Cisco switch.
2. Configure basic OSPF functions on the Huawei switch.
3. Configure basic OSPF functions on the Cisco switch for interoperation with the Huawei
switch through OSPF.
4. Configure OSPF and EIGRP to import routes from each other on the Cisco switch so that
the Huawei OSPF-enabled switch can interoperate with the Cisco EIGRP-enabled
switch.
Procedure
Step 1 Configure basic EIGRP functions on the Cisco switch.
# Create VLAN 10, and add GE1/0/1 to VLAN 10.
CISCO(config)# vlan 10
CISCO(config-vlan)# exit
CISCO(config)# interface gigabitEthernet 1/0/1
CISCO(config-if)# switchport trunk encapsulation dot1q
CISCO(config-if)# switchport mode trunk
CISCO(config-if)# switchport trunk allowed vlan 10
CISCO(config-if)# exit
# Configure the IP address 192.168.1.2/24 for VLANIF 10.

CISCO(config)# interface vlan 10
CISCO(config-if)# ip address 192.168.1.2 255.255.255.0
CISCO(config-if)# no shutdown
# Configure the IP address 192.168.3.1/32 for Loopback1.

CISCO> enable
CISCO# config terminal
CISCO(config)# interface loopback 1
# Configure basic EIGRP functions.

CISCO(config)# router eigrp 1
CISCO(config-router)# eigrp router-id 2.2.2.2
CISCO(config-router)# network 192.168.3.1 0.0.0.0
CISCO(config-router)# exit
Step 2 Configure basic OSPF functions on the Huawei switch.

[HUAWEI] vlan 10
[HUAWEI] interface GigabitEthernet 0/0/1
[HUAWEI-GigabitEthernet0/0/1] port link-type trunk
[HUAWEI-GigabitEthernet0/0/1] port trunk allow-pass vlan 10
# Configure the IP address 192.168.1.1/24 to VLANIF 10.

[HUAWEI] interface vlanif 10
[HUAWEI-Vlanif10] ip address 192.168.1.1 24
[HUAWEI-Vlanif10] quit


[HUAWEI] interface Loopback 1
[HUAWEI-LoopBack1] ip address 192.168.2.1 32
[HUAWEI-LoopBack1] quit
# Configure basic OSPF functions.

[HUAWEI] ospf 1 router-id 1.1.1.1
[HUAWEI-ospf-1] area 0
[HUAWEI-ospf-1-area-0.0.0.0] network 192.168.1.0 0.0.0.255
[HUAWEI-ospf-1-area-0.0.0.0] return
Step 3 Configure basic OSPF functions on the Cisco switch for interoperation with the Huawei
switch through OSPF.
CISCO(config)# router ospf 1
CISCO(config-router)# router-id 2.2.2.2
CISCO(config-router)# network 192.168.1.0 0.0.0.255 area 0
Step 4 Configure OSPF and EIGRP to import routes from each other on the Cisco switch so that the
Huawei OSPF-enabled switch can interoperate with the Cisco EIGRP-enabled switch.
# Configure OSPF to import EIGRP routes.
CISCO(config-router)# redistribute eigrp 1 subnets
# Configure EIGRP to import OSPF routes.

CISCO(config-router)# redistribute ospf 1 metric 1 1 1 1 1
CISCO(config-router)# end

# View the OSPF routing table of the Huawei switch.
<HUAWEI> display ospf 1 routing
Destination Cost Type NextHop AdvRouter Area
192.168.1.0/24 1 Transit 192.168.1.1 1.1.1.1 0.0.0.0
192.168.2.1/32 0 Stub 192.168.2.1 1.1.1.1 0.0.0.0
Routing for ASEs

Destination Cost Type Tag NextHop AdvRouter
192.168.3.1/32 20 Type2 0 192.168.1.2 2.2.2.2 //
EIGRP route of the Cisco switch imported through OSPF of the Cisco switch
Total Nets: 3
Intra Area: 2 Inter Area: 0 ASE: 1 NSSA: 0
# View the OSPF routing table of the Cisco switch.

CISCO# show ip route ospf
192.168.2.0/32 is subnetted, 1 subnets
O IA 192.168.2.1 [110/1] via 192.168.1.1, 00:09:07, Vlan10 //OSPF route of
the Huawei switch learned through OSPF of the Cisco switch
# View the EIGRP topology table of the Cisco switch.

CISCO# show ip eigrp topology
IP-EIGRP Topology Table for AS(1)/ID(2.2.2.2)
Codes: P - Passive, A - Active, U - Update, Q - Query, R - Reply,

r - reply Status, s - sia Status
P 192.168.1.0/24, 1 successors, FD is 2560000256 //Imported OSPF route of the

Cisco switch
via Redistributed (2560000256/0)
P 192.168.3.1/32, 1 successors, FD is 128256
via Connected, Loopback1
P 192.168.2.1/32, 1 successors, FD is 2560000256 //OSPF route of the Huawei
switch imported through OSPF of the Cisco switch
via Redistributed (2560000256/0)
# View the IP routing table of the Huawei switch.

<HUAWEI> display ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 9 Routes : 9
Destination/Mask Proto Pre Cost Flags NextHop Interface
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0

192.0.0.0/8 Static 60 0 RD 192.89.5.1 Vlanif4094
192.89.5.0/24 Direct 0 0 D 192.89.5.57 Vlanif4094
192.89.5.57/32 Direct 0 0 D 127.0.0.1 Vlanif4094
192.168.1.0/24 Direct 0 0 D 192.168.1.1 Vlanif10
192.168.1.1/32 Direct 0 0 D 127.0.0.1 Vlanif10
192.168.2.1/32 Direct 0 0 D 127.0.0.1 LoopBack1
192.168.3.1/32 O_ASE 150 20 D 192.168.1.2 Vlanif10 //
EIGRP route of the Cisco switch imported through OSPF of the Cisco switch
# View the routing table of the Cisco switch.

CISCO# show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set

C 192.168.3.1 is directly connected, Loopback1
C 192.168.1.0/24 is directly connected, Vlan10
O 192.168.2.1 [110/1] via 192.168.1.1, 00:06:59, Vlan10 //OSPF route of
S 192.0.0.0/8 [1/0] via 192.89.5.1
# Check whether the Huawei OSPF-enabled switch can communicate with the Cisco EIGRP-
enabled switch.
<HUAWEI> ping 192.168.3.1
PING 192.168.3.1: 56 data bytes, press CTRL_C to break
Reply from 192.168.3.1: bytes=56 Sequence=1 ttl=255 time=1 ms
--- 192.168.3.1 ping statistics ---

5 packet(s) transmitted
5 packet(s) received

0.00% packet loss

round-trip min/avg/max = 1/1/1 ms
----End
5.8.5 OSPF and EIGRP Interoperation and Replacement Case 2:

OSPF Replaces EIGRP
This section includes:
l Overview
l Procedure
Overview
OSPF can be configured to replace EIGRP on Cisco switches so that all devices on the
network run OSPF. This solution enables Huawei switches and Cisco switches to
communicate with each other through OSPF.
Configuration Notes
l This case applies to OSPF-supporting Huawei switches.
l This case provides only the basic configuration for the replacement of EIGRP with
OSPF.
l If route summarization has been used on the EIGRP network before protocol
replacement, during OSPF configuration, summary routes need to be advertised first, and
then specific routes of the connected network segments can be advertised. This avoids
the situation where OSPF specific routes take effect but EIGRP summary routes do not.
l EIGRP route summarization and filtering are implemented based on interfaces and can
be performed on each router. OSPF route summarization and filtering are implemented
based on areas and can be configured on only ABRs or autonomous system boundary
routers (ASBRs). Therefore, if route summarization and filtering have been deployed on
a large number of devices on the existing EIGRP network, you need to adjust the EIGRP
route summarization and filtering configuration before configuring OSPF and make the
new configuration similar to the configuration of an OSPF network. That is, route
summarization and filtering are configured on only ABRs or ASBRs so that OSPF routes
can override EIGRP routes and OSPF can replace EIGRP.
l If you adjust the EIGRP route preference on a large-scale network, you are advised to
adjust the preference on edge devices first and then on core devices. Loops may occur on
the network because within a short period of time, EIGRP routes take effect on some
devices while OSPF routes take effect on other devices. Therefore, the EIGRP route
preference needs to be adjusted quickly. You are advised to use the configuration script
to perform batch adjustment through the NMS.
l If the network scale is large and multiple branch networks exist, replace EIGRP on the
branch networks with OSPF gradually, and then replace EIGRP the backbone network
with OSPF. In this scenario, EIGRP and OSPF coexist. To ensure that routes on the

entire network are reachable during the replacement, you need to configure EIGRP and
OSPF to import routes from each other on the border devices of the EIGRP and OSPF
networks.
In Figure 5-35, a Cisco switch is running EIGRP on the network. Based on service
requirements, a Huawei switch needs to be added to the network, and all network devices
need to run OSPF only to enable the Huawei and Cisco switches to interoperate with each
other through OSPF.
In this example, HuaweiA running OSPF needs to replace CiscoA running EIGRP.
Figure 5-35 Replacing EIGRP with OSPF
Internet
CiscoA EIGRP CiscoB
HuaweiA CiscoC CiscoD

OSPF EIGRP EIGRP
HuaweiB CiscoE CiscoF
1. Configure basic EIGRP functions on the Cisco switch.
2. Configure basic OSPF functions on the Huawei switch.
3. Back up the EIGRP topology table and routing table of the Cisco switch to a local PC.
4. Adjust the EIGRP route preference to be higher than the OSPF route preference.
5. Configure OSPF on the Cisco switch and check OSPF routes to ensure that OSPF routes
are consistent with EIGRP routes.
6. Adjust the EIGRP route preference to be lower than the OSPF route preference.
7. Delete the EIGRP configuration from the Cisco switch after services on the live network
has been running stably for a certain period of time to enable all network devices to run
OSPF only.

Procedure
Step 1 Configure basic EIGRP functions on the Cisco switch.
CISCO> enable
CISCO(config)# vlan 10
CISCO(config-vlan)# exit
CISCO(config)# interface gigabitEthernet 1/0/1
CISCO(config-if)# switchport trunk encapsulation dot1q
CISCO(config-if)# switchport mode trunk
CISCO(config-if)# switchport trunk allowed vlan 10
# Configure the IP address 192.168.1.2/24 for VLANIF 10.

CISCO(config)# interface vlan 10
CISCO(config-if)# no shutdown


# Configure basic EIGRP functions.

CISCO(config-router)# eigrp router-id 2.2.2.2
Step 2 Configure basic OSPF functions on the Huawei switch.

[HUAWEI] vlan 10
[HUAWEI] interface GigabitEthernet 0/0/1
[HUAWEI-GigabitEthernet0/0/1] port link-type trunk
[HUAWEI-GigabitEthernet0/0/1] port trunk allow-pass vlan 10
# Configure the IP address 192.168.1.1/24 to VLANIF 10.

[HUAWEI] interface vlanif 10
[HUAWEI-Vlanif10] ip address 192.168.1.1 24
[HUAWEI-Vlanif10] quit

[HUAWEI] interface Loopback 1
[HUAWEI-LoopBack1] ip address 192.168.2.1 32
[HUAWEI-LoopBack1] quit


[HUAWEI] ospf 1 router-id 1.1.1.1
[HUAWEI-ospf-1] area 0
[HUAWEI-ospf-1-area-0.0.0.0] return
Step 3 Back up the EIGRP topology table and routing table of the Cisco switch to a local PC.

IP-EIGRP Topology Table for AS(1)/ID(2.2.2.2)
Codes: P - Passive, A - Active, U - Update, Q - Query, R - Reply,

r - reply Status, s - sia Status

via Summary (128256/0), Null0
via Connected, Vlan10
via Summary (128256/0), Null0

192.168.3.0/24 is variably subnetted, 2 subnets, 2 masks

D 192.168.3.0/24 is a summary, 00:04:09, Null0
C 192.168.3.1/32 is directly connected, Loopback1
192.168.4.0/24 is variably subnetted, 2 subnets, 2 masks
D 192.168.4.0/24 is a summary, 00:01:02, Null0
C 192.168.4.1/32 is directly connected, Loopback2
S 192.0.0.0/8 [1/0] via 192.89.5.1
Step 4 Adjust the EIGRP route preference to be higher than the OSPF route preference.
The following table lists the route preferences on Cisco switches, a smaller priority value
indicates a higher priority.
Route Type Route Preference
Direct route 0
Static route 1
EIGRP internal route 90
OSPF route 110

Route Type Route Preference
IS-IS route 115
RIP route 120
EIGRP external route 170
# Set the preference value of EIGRP external routes to 100 to make the preference of EIGRP
internal and external routes be higher than that of OSPF routes (with the preference value
110).
CISCO(config-router)# distance eigrp 90 100
Step 5 Configure OSPF on the Cisco switch and check OSPF routes to ensure that OSPF routes are
consistent with EIGRP routes.
CISCO(config-router)# router-id 2.2.2.2
# View the routing table to check whether OSPF routes have overridden EIGRP routes.
CISCO# show ip protocols
*** IP Routing is NSF aware ***
Routing Protocol is "eigrp 1"

Outgoing update filter list for all interfaces is not set
Incoming update filter list for all interfaces is not set
Default networks flagged in outgoing updates
Default networks accepted from incoming updates
EIGRP metric weight K1=1, K2=0, K3=1, K4=0, K5=0
EIGRP maximum hopcount 100
EIGRP maximum metric variance 1
Redistributing: eigrp 1
EIGRP NSF-aware route hold timer is 240s
EIGRP NSF disabled
NSF signal timer is 20s
NSF converge timer is 120s
Automatic network summarization is in effect
Automatic address summarization:
192.168.4.0/24 for Loopback1, Vlan10
Summarizing with metric 128256
192.168.3.0/24 for Loopback2, Vlan10
Summarizing with metric 128256
192.168.1.0/24 for Loopback1, Loopback2
Maximum path: 4
Routing for Networks:
192.168.1.0 //EIGRP route of the Cisco switch
192.168.3.1/32 //EIGRP route of the Cisco switch
192.168.4.1/32 //EIGRP route of the Cisco switch
Routing Information Sources:
Gateway Distance Last Update
Distance: internal 90 external 100
Routing Protocol is "ospf 1"

Outgoing update filter list for all interfaces is not set

Incoming update filter list for all interfaces is not set
Router ID 2.2.2.2
It is an area border router
Number of areas in this router is 2. 2 normal 0 stub 0 nssa
Maximum path: 4
Routing for Networks:
192.168.1.0 0.0.0.255 area 0 //OSPF route of the Cisco switch
Routing Information Sources:
Gateway Distance Last Update
1.1.1.1 110 00:20:54
Distance: (default is 110)
Step 6 Adjust the EIGRP route preference to be lower than the OSPF route preference.
# Set the preference values of EIGRP internal and external routes to 130 and 170 respectively
to make the preferences of EIGRP routes be lower than that of OSPF routes (with the
preference value 110).
CISCO(config-router)# distance eigrp 130 170
Step 7 Delete the EIGRP configuration from the Cisco switch after services on the live network has
been running stably for a certain period of time to enable all network devices to run OSPF
only.
CISCO(config)# no router eigrp 1
CISCO(config)# exit

# View the OSPF routing table of the Huawei switch.
<HUAWEI> display ospf 1 routing
OSPF Process 1 with Router ID 1.1.1.1
Routing Tables
Routing for Network

Destination Cost Type NextHop AdvRouter Area
192.168.1.0/24 1 Transit 192.168.1.1 1.1.1.1 0.0.0.0
192.168.2.1/32 0 Stub 192.168.2.1 1.1.1.1 0.0.0.0
192.168.3.1/32 2 Inter-area 192.168.1.2 2.2.2.2 0.0.0.0 //
OSPF route of the Cisco switch learned through OSPF of the Huawei switch
192.168.4.1/32 2 Inter-area 192.168.1.2 2.2.2.2 0.0.0.0 //
OSPF route of the Cisco switch learned through OSPF of the Huawei switch
Total Nets: 4
Intra Area: 2 Inter Area: 2 ASE: 0 NSSA: 0
# View the OSPF routing table of the Cisco switch.

CISCO# show ip route ospf

//The EIGRP configuration of the Cisco switch
has been deleted, so the topology table is empty.
# View the IP routing table of the Huawei switch.

<HUAWEI> display ip routing-table
Route Flags: R - relay, D - download to fib

------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 10 Routes : 10
Destination/Mask Proto Pre Cost Flags NextHop Interface

192.0.0.0/8 Static 60 0 RD 192.89.5.1 Vlanif4094
192.89.5.0/24 Direct 0 0 D 192.89.5.57 Vlanif4094
192.89.5.57/32 Direct 0 0 D 127.0.0.1 Vlanif4094
192.168.1.0/24 Direct 0 0 D 192.168.1.1 Vlanif10
192.168.1.1/32 Direct 0 0 D 127.0.0.1 Vlanif10
192.168.2.1/32 Direct 0 0 D 127.0.0.1 LoopBack1
192.168.3.1/32 OSPF 10 2 D 192.168.1.2 Vlanif10 //OSPF
route of the Cisco switch learned through OSPF of the Huawei switch
192.168.4.1/32 OSPF 10 2 D 192.168.1.2 Vlanif10 //OSPF
route of the Cisco switch learned through OSPF of the Huawei switch


S 192.0.0.0/8 [1/0] via 192.89.5.1
# Check whether the Huawei switch can communicate with the Cisco switch through OSPF.
<HUAWEI> ping 192.168.3.1

0.00% packet loss
----End

Switches
Interoperation and Replacement Guide 6 Interoperation Between Huawei Switches and SolarWinds

and SolarWinds
About This Chapter
6.1 Introduction to SolarWinds

6.2 Network Planning
6.3 Adding Devices
6.4 Managing Devices
6.5 Log and Trap Management
6.1 Introduction to SolarWinds

SolarWinds is network management software and can be used to configure, manage, and
monitor enterprise networks of various sizes.
This document provides instructions for configuring interoperation between Huawei switches
and SolarWinds.
6.2 Network Planning

NOTE
l This document is written based on lab operations. The network diagram and data planning are
provided for reference only.
l This document provides only key configurations required for interoperation between Huawei
switches and SolarWinds. Basic network configurations such as VLANs, IP addresses, and routes
are not provided. You can configure these parameters based on your networking requirements.
l The SolarWinds Orion Platform 2016.2.100 and Network Configuration Manager (NCM) 7.5.1 are
used in this document.

Switches
Network Diagram
Figure 6-1 Network diagram for interoperation between Huawei switches and SolarWinds
Core layer
S12704-1
192.168.21.20/24
SolarWinds
192.168.26.232/24
Aggregation layer
S7706
192.168.21.17/24
Access layer Access layer

S5720HI-1 S5720HI-2
192.168.21.14/24 192.168.21.15/24
Data Plan
Table 6-1 SNMP and Telnet data plan

Item Data
SNMP l SNMP version: SNMPv2c

l Name of the SNMP read-write
community: Huawei@2018
l Destination host to which traps are sent:
192.168.26.232
l SNMP trap function: enable the SNMP
trap function of all modules to send traps
to SolarWinds
Telnet l Authentication mode: AAA, that is, user

name and password authentication
l User name: huawei
l Password: Huawei@123
l User level: 15

Switches
6.3 Adding Devices

6.3.1 Adding a Single Device
Configuration Logic
1. Configure a Huawei switch.
a. Configure SNMP parameters to ensure that SolarWinds can communicate with the
switch.
b. Configure Telnet parameters to ensure that SolarWinds can log in to the switch.
2. Add a single switch to SolarWinds.
Procedure
Step 1 Configure a Huawei switch.
1. Configure SNMP parameters.
[HUAWEI] sysname S5720HI-1
[S5720HI-1] snmp-agent sys-info version v2c //Allow SolarWinds to
communicate with the switch using SNMPv2c.
[S5720HI-1] snmp-agent community write cipher Huawei@2018 //Set the SNMPv2c
community name to Huawei@2018.
[S5720HI-1] snmp-agent trap enable //Enable the SNMP trap function of all
modules to send traps to SolarWinds.
Warning: All switches of SNMP trap/notification will be open. Continue? [Y/
N]:y
[S5720HI-1] snmp-agent target-host trap address udp-domain 192.168.26.232
params securityname cipher Huawei@2018 //Configure the switch to send traps
to SolarWinds.
NOTE
You can run the display snmp-agent trap [ feature-name feature-name ] all command to check
the status of the SNMP trap function of a specified module or all modules. If you want to enable
the switch to send traps of a specified module to SolarWinds, run the snmp-agent trap enable
feature-name feature-name [ trap-name trap-name ] command to enable the SNMP trap function
of this module, instead of running the snmp-agent trap enable command.
2. Configure Telnet parameters.
[S5720HI-1] user-interface maximum-vty 15 //Configure the maximum number of
users that can remotely log in to the switch.
[S5720HI-1] user-interface vty 0 14
[S5720HI-1-ui-vty0-14] authentication-mode aaa //Set the user
authentication mode to AAA, that is, user name and password authentication.
[S5720HI-1-ui-vty0-14] protocol inbound telnet //Allow SolarWinds to log in
to the switch using Telnet.
[S5720HI-1-ui-vty0-14] quit
[S5720HI-1] aaa
[S5720HI-1-aaa] local-user huawei password cipher Huawei@123 //Configure
the user name and password.
[S5720HI-1-aaa] local-user huawei privilege level 15 //Set the user level
to 15 (highest).
[S5720HI-1-aaa] local-user huawei service-type telnet //Allow the user to
log in to the switch using Telnet.
[S5720HI-1-aaa] quit
Step 2 Add a single switch (node) to SolarWinds.

1. Log in to SolarWinds using the administrator account.

Switches
2. Click SETTINGS > Manage Nodes. Then click ADD NODE.

3. On the DEFINE NODE tab page, configure node information.
a. Set the node name or IP address.
b. Select a polling method and set polling parameters. You can click TEST to check
whether SolarWinds can communicate with the node using this method. After the
test, click Next.
NOTE
The SNMP parameters configured on SolarWinds must be the same as those on the switch.
Otherwise, SolarWinds cannot communicate with the switch.
4. On the CHOOSE RESOURCES tab page, select statistics and resources to be

monitored, and then click Next.
5. Adjust configurations on the ADD POLLERS tab page if needed. For details, see the
SolarWinds product documentation.
6. On the CHANGE PROPERTIES tab page, review and set node properties.
a. In the Polling area, you can adjust the intervals for updating the node status,
collecting statistics, and polling topology information.

Switches
b. If you need to adjust trap thresholds for the CPU load, memory usage, response
time, or percent packet loss, select Override Orion General Thresholds and set
values for the Warning or Critical level.
c. Add the node to SolarWinds NCM. If you need to manage the node using
SolarWinds NCM (for example, backing up or restoring configurations of the
node), select Yes in the drop-down list of Manage Node(s) with NCM. Create a
new credential profile or select an existing credential profile. Ensure that the
credentials under Connection Profile are the same as the SSH/Telnet parameter
settings on the switch. Otherwise, SolarWinds NCM cannot manage the switch. You
can click TEST to test the connectivity between the switch and SolarWinds NCM.

Switches
d. Click OK, ADD NODE. The node is added. In the node list, Status of the node is
displayed as Node status is Up.
----End
6.3.2 Adding Automatically Discovered Devices (in Batches)
Configuration Logic
1. Configure Huawei switches.
a. Configure SNMP parameters to ensure that SolarWinds can communicate with the
switches.
b. Configure Telnet parameters to ensure that SolarWinds can log in to the switches.
2. Configure SolarWinds to automatically discover devices on the network.
3. Add automatically discovered devices.
Procedure
Step 1 Configure Huawei switches.

Switches
1. Configure SNMP parameters.

[HUAWEI] sysname S5720HI-1
[S5720HI-1] snmp-agent sys-info version v2c //Allow SolarWinds to
communicate with the switch using SNMPv2c.
[S5720HI-1] snmp-agent community write cipher Huawei@2018 //Set the SNMPv2c
community name to Huawei@2018.
[S5720HI-1] snmp-agent trap enable //Enable the SNMP trap function of all
modules to send traps to SolarWinds.
Warning: All switches of SNMP trap/notification will be open. Continue? [Y/
N]:y
[S5720HI-1] snmp-agent target-host trap address udp-domain 192.168.26.232
params securityname cipher Huawei@2018 //Configure the switch to send traps
to SolarWinds.
NOTE
You can run the display snmp-agent trap [ feature-name feature-name ] all command to check
the status of the SNMP trap function of a specified module or all modules. If you want to enable
the switch to send traps of a specified module to SolarWinds, run the snmp-agent trap enable
feature-name feature-name [ trap-name trap-name ] command to enable the SNMP trap function
of this module, instead of running the snmp-agent trap enable command.
2. Configure Telnet parameters.
[S5720HI-1] user-interface maximum-vty 15 //Configure the maximum number of
users that can remotely log in to the switch.
[S5720HI-1] user-interface vty 0 14
[S5720HI-1-ui-vty0-14] authentication-mode aaa //Set the user
authentication mode to AAA, that is, user name and password authentication.
[S5720HI-1-ui-vty0-14] protocol inbound telnet //Allow SolarWinds to log in
to the switch using Telnet.
[S5720HI-1-ui-vty0-14] quit
[S5720HI-1] aaa
[S5720HI-1-aaa] local-user huawei password cipher Huawei@123 //Configure
the user name and password.
[S5720HI-1-aaa] local-user huawei privilege level 15 //Set the user level
to 15 (highest).
[S5720HI-1-aaa] local-user huawei service-type telnet //Allow the user to
log in to the switch using Telnet.
[S5720HI-1-aaa] quit
Step 2 Configure SolarWinds to automatically discover devices on the network.

1. Log in to SolarWinds using the administrator account.
2. Click SETTINGS > Network Discovery. Then click Add New Discovery and then
click START.
3. On the NETWORK tab page, specify subnets or IP addresses and then click NEXT.
4. Adjust configurations on the AGENTS and VIRTUALIZATION tab pages. For details,
see the SolarWinds product documentation.
5. Add switches to SolarWinds NCM. If you want to use SolarWinds NCM to manage the
devices (for example, backing up or restoring configurations), configure SSH/Telnet

Switches
credentials on the CONFIG MANAGEMENT tab page. Click Add SSH/Telnet

Credentials to add a new credential profile, or select an existing credential profile.
Ensure that the credentials are the same as the SSH/Telnet parameter settings on Huawei
switches. Otherwise, SolarWinds NCM cannot manage the switches. The following
example adds a new credential profile. After it is added, click ADD and then click
NEXT.
6. On the SNMP tab page, add SNMP credentials and ensure that these credentials are the
same as the SNMP parameter settings on the switches. Otherwise, SolarWinds cannot
use SNMP to communicate with the switches. After the configuration is complete, click
NEXT.
7. Adjust configurations on the WINDOWS, MONITORING SETTINGS, and

DISCOVERY SETTINGS tab pages if needed. For details, see the SolarWinds product
documentation.

Switches
8. On the DISCOVERY SCHEDULING tab page, set the intervals for automatically
discovering nodes and subnets. Click DISCOVER. SolarWinds starts automatically
discovering devices on the network.
Step 3 Add automatically discovered devices.
1. Click NEXT.
2. On the INTERFACES tab page, select interfaces to be monitored and then click NEXT.
3. Adjust configurations on the VOLUMES tab page if needed. For details, see the
SolarWinds product documentation.
4. Select devices to be added, click IMPORT, and then click FINISH.

Switches
5. Click SETTINGS > Manage Nodes. On the page that is displayed, the value of Status
is displayed Node status is Up, indicating that the automatically discovered devices
have been added successfully.
----End
6.4 Managing Devices

6.4.1 Configuring SSH/Telnet Credentials for SolarWinds NCM
to Manage Devices
Overview of SSH/Telnet Credentials

If you want to use SolarWinds Network Configuration Manager (NCM) to manage devices
(for example, backing up or restoring configurations), configure SSH/Telnet credentials for
SolarWinds NCM to manage devices and add the devices to SolarWinds NCM.
SSH/Telnet credentials include the login credentials (user name and password),
communication transfer protocol, and transfer ports.
NOTE
SSH/Telnet credentials used by SolarWinds NCM must be the same as the SSH/Telnet parameter
settings on Huawei switches. Otherwise, SolarWinds NCM cannot manage the switches.
Methods of Configuring SSH/Telnet Credentials

l Global default SSH/Telnet credentials: If you do not specify SSH/Telnet credentials
when adding devices to SolarWinds NCM, SolarWinds NCM uses the global default
SSH/Telnet credentials to manage the devices.
l SSH/Telnet connection profile: SolarWinds NCM can use one SSH/Telnet connection
profile to manage multiple devices.

Switches
Procedure
Step 1 Click SETTINGS > All Settings.
Step 2 Under PRODUCT SPECIFIC SETTINGS, click NCM Settings.

l Configuring global default SSH/Telnet credentials
# Under Global Device Defaults, click Global Device Defaults, set parameters as
required, and click SUBMIT.

Switches
l Creating an SSH/Telnet connection profile

# Under Global Device Default, click Connection Profiles. Click CREATE NEW to
create an SSH/Telnet connection profile. Set parameters as required and click SUBMIT.
----End
6.4.2 Adding Devices to SolarWinds NCM
Context
If you want to use SolarWinds NCM to manage devices (for example, backing up or restoring
configurations), configure SSH/Telnet credentials for SolarWinds NCM to manage
devices and add the devices to SolarWinds NCM.
Procedure
l When adding a single device, add it to SolarWinds NCM.
l When adding automatically discovered devices, add them to SolarWinds NCM.
l If a device is added to SolarWinds but not added to SolarWinds NCM, add this device to
SolarWinds NCM.
a. Click SETTINGS > Manage Nodes.

Switches
b. Select one or more devices, and click EDIT PROPERTIES.

c. Select Yes from the drop-down list of Manage node(s) with NCM.
n If multiple devices are selected, you can only use the global default SSH/
Telnet credentials.
n If a single device is selected, you can use the global default SSH/Telnet
credentials, an existing or a created new SSH/Telnet connection profile, or
SSH/Telnet credentials specified for this device.
d. Click SUBMIT.
----End
6.4.3 Downloading Device Configuration Files

Prerequisites
Devices have been added to SolarWinds NCM.
Procedure
Step 1 Click MY DASHBORADS > CONFIGS > Configuration Management.
Step 2 Select one or more devices, and click DOWNLOAD. Select a type of configuration files to be
downloaded. Running indicates configuration files running on the devices, and Startup
indicates configuration files used for startup of devices.

Switches
Step 3 In the DOWNLOAD CONFIGS dialog box that is displayed, click YES. SolarWinds NCM
starts to download configuration files.
Step 4 Click a time point in the Name column to check configuration files downloaded at this time
point.
----End
6.4.4 Daily Backing Up Device Configuration Files
Prerequisites
Procedure
Step 1 Click MY DASHBORADS > CONFIGS > Jobs.
Step 2 Click CREATE NEW JOB.

1. Set the job name, set Job Type to Download Configs from Devices, set the execution
interval, and then click NEXT.
2. Select nodes to which this job is to be executed and click NEXT.

Switches
3. Select the notification mode after the job is executed, and click NEXT.
4. Select a type of configuration files to be downloaded and click NEXT.
5. Verify the job settings and click FINISH.
Step 3 The job is created and will be executed based on the configured schedule. You can also select
the job and click START JOB to execute this job immediately.
Step 4 Click MY DASHBORADS > CONFIGS > Configuration Management. Click a time point
in the Name column to check configuration files that are backed up at this time point.

Switches
----End
6.4.5 Uploading Configuration Files to Devices
Prerequisites
Procedure
Step 2 Select a node to which a configuration file is to be uploaded, and click UPLOAD
Step 3 Select a configuration file to be uploaded. If needed, edit the configuration file in the pane on
the right.
Step 4 Click Advanced. Select one option and then click UPLOAD to upload the configuration file.
Step 5 After the configuration file is uploaded successfully, an upload record is displayed.
----End

Switches
6.4.6 Uploading Configuration Changes to Devices
Prerequisites
Method of Uploading Configuration Changes

l Edit the configuration file of a device on SolarWinds and then upload the edited
configuration file to the device.
l Execute a script to upload configuration changes to the device.
Procedure
l Edit the configuration file of a device on SolarWinds and then upload the edited
configuration file to the device. The following uses creation of VLAN 100 as an
example.
a. 6.4.3 Downloading Device Configuration Files.
b. Before uploading the configuration file, check the VLAN configuration on
S12704-1.
[S12704-1] display vlan summary
Static VLAN:
1 12 to 16
Dynamic VLAN:
Reserved VLAN:
c. Upload the configuration file to the device. Select the configuration file
downloaded in step 1 and edit it.
d. After the configuration file is uploaded successfully, check the VLAN configuration
on S12704-1 again. It is found that VLAN 100 has been created on S12704-1.
Static VLAN:
1 12 to 16 100
Dynamic VLAN:
Reserved VLAN:

Switches
l Execute a script to upload configuration changes to a device. The following uses creation
of VLAN 100 as an example.
a. Click MY DASHBORADS > CONFIGS > Configuration Management.
b. Select a device and click EXECUTE SCRIPT.
c. Before executing the script, check the VLAN configuration on S12704-1.
Static VLAN:
1 12 to 16
Dynamic VLAN:
Reserved VLAN:
d. Edit the script content, that is, commands you want to execute on the device, and
then click EXECUTE.
e. In the EXECUTE SCRIPT dialog box that is displayed, click YES.

f. After the script is executed, check the VLAN configuration on S12704-1 again. It is
found that VLAN 100 has been created on S12704-1.
Static VLAN:
1 12 to 16 100
Dynamic VLAN:
Reserved VLAN:
----End
6.4.7 Comparing Configuration Files of Devices

Procedure
Step 2 Select a device, click COMPARE NODE(S) CONFIGS, and then click Compare node(s)
configs.

Switches
Step 3 Select configuration files to be compared to check for their differences.
----End
6.5 Log and Trap Management

6.5.1 Checking Logs and Traps Reported by Devices
Procedure
Step 1 The following example checks whether SolarWinds receives traps from S12704-1 after an
interface on it is shut down/brought up.
[S12704-1] interface GigabitEthernet 1/1/1/2
[S12704-1-GigabitEthernet1/1/1/2] shutdown
Step 2 Click ALERTS & ACTIVITY > Traps. It is found that SolarWinds receives traps indicating
that the interface goes Down and the OSPF link status changes. These traps are generated
after GE1/1/1/2 on S12704-1 is shut down.
Step 3 Bring GE1/1/1/2 on S12704-1 Up.

[S12704-1-GigabitEthernet1/1/1/2] undo shutdown
Step 4 Check traps on SolarWinds. It is found that SolarWinds receives traps indicating that the
interface goes Up, and the OSPF link status, LLDP neighbor status, device configuration, and
MSTP topology change. These traps are generated after GE1/1/1/2 on S12704-1 is brought
up.

Switches
----End

Switches 7 Guide for Replacement and Interoperation Between
Interoperation and Replacement Guide Huawei Switches and Cisco Switches
7 Guide for Replacement and Interoperation

Between Huawei Switches and Cisco Switches
A campus network has two branches. Branch B encounters problems such as network
congestion, insufficient bandwidth, and outdated devices. To address these problems, the
customer wants to replace devices at the aggregation and access layers of branch B by Huawei
devices, with the network plan remaining unchanged.
Figure 7-1 shows the networking before the replacement, on which Cisco switches are
deployed. A port channel is established between core switches and between aggregation
switches of each branch to provide link redundancy. HSRP is configured on core switches to
implement virtual gateway backup. In the networking, Rapid PVST+ is configured on
switches to prevent loops.

Figure 7-1 Networking before the replacement
Internet
Core CiscoA CiscoB
Aggregation CiscoC CiscoD
Access CiscoE CiscoF
Branch A Branch B Port Channel
Figure 7-2 shows the networking after the replacement.

Key requirements of the aggregation layer are as follows:
l Use two S12704 switches that set up a CSS to replace Cisco switches CiscoC and
CiscoD at the aggregation layer.
l Use the CSS to replace Cisco HSRP. The switchover time upon a CSS single point of
failure is shorter than HSRP-based active/standby switchover.
l Interoperate with Cisco switches CiscoA and CiscoB through LACP, CDP, OSPF, and
Rapid PVST+.
– Huawei LACP can interoperate with Cisco LACP. For details about the
implementation, see 5.6 Interoperation and Replacement Guide for Link
Aggregation on Huawei and Cisco Switches.
– Huawei LLDP can interoperate with Cisco CDP.
– Huawei OSPF can interoperate with Cisco OSPF.
– Huawei VBST can interoperate with Cisco Rapid PVST+. For details about the
implementation, see 5.5 Interoperation and Replacement Guide for Spanning
Tree Protocols on Huawei and Cisco Switches.
l Retain the original configurations of Cisco switches such as ACL policies, OSPF, and
interface configurations.
Key requirements of the access layer are as follows:
l Use two S5730HI switches that set up a stack to replace Cisco access switches CiscoE
and CiscoF to improve reliability.
l Retain the original configurations of Cisco switches, such as ACL policies, access
terminal negotiation mode, port security, and storm control.

Figure 7-2 Networking after the replacement
Internet
Core CiscoA CiscoB
CSS
Aggregation S12704-1 S12704-2
S5730HI
Access
Branch A Branch B
Check Before the Replacement

Before the replacement, run the commands listed in Table 7-1 to check the status of Cisco
switches. This facilitates service comparison after the replacement.
Table 7-1 Commands for checking status of Cisco switches before the replacement
Item Command
Checking the clock status show clock
Checking the interface status show interface brief
Checking the MAC address table show mac address-table
Checking the neighbor status show cdp neighbors
Checking the ARP table show ip arp
Checking the routing table show ip route
Checking the STP status show spanning-tree summary

show spanning-tree detail
Checking the existing configurations show version

show running-config

1. Perform service configurations for the S12704 CSS, CiscoA, CiscoB, CiscoC, CiscoD,
and S5730HI stack.
2. Connect the S12704 CSS to CiscoA and CiscoB through physical cables.
3. Connect the S12704 CSS to CiscoC and CiscoD through physical cables.
4. Connect the S5730HI stack to the network to replace Cisco access switches CiscoE and
CiscoF.
5. Disable the switch virtual interfaces (SVIs) on CiscoC and CiscoD and enable VLANIF
interfaces for the S12704 CSS. SVIs on Cisco switches are equivalent to VLANIF
interfaces on Huawei switches.
6. Remove the cables between S12704 CSS and CiscoC and CiscoD and the cables
between CiscoC and CiscoD and between CiscoA and CiscoB.
7. Check whether services of the terminals connected to the S5730HI stack are normal.
Data Plan
Table 7-2 Data plan for link aggregation
Device Link Aggregation Physical Interface Function

Interface
CiscoA Port-channel 3 Te2/2 Interconnection with

Te4/3 the S12704 CSS
CiscoB Port-channel 3 Te2/2 Interconnection with

Te4/3 the S12704 CSS
CiscoC Port-channel 256 Gi3/1 Interconnection with

Gi3/2 the S12704 CSS
Gi8/1
Gi8/2
CiscoD Port-channel 256 Gi3/1 Interconnection with

Gi3/2 the S12704 CSS
Gi8/1
Gi8/2
S12704 CSS Eth-Trunk 2 XGE1/1/0/44 Interconnection with

XGE1/1/0/45 CiscoC
XGE1/2/0/44
XGE1/2/0/45
Eth-Trunk 3 XGE2/1/0/44 Interconnection with

XGE2/1/0/45 CiscoD
XGE2/2/0/44
XGE2/2/0/45

Device Link Aggregation Physical Interface Function

Interface

XGE2/2/0/46 CiscoA

XGE2/1/0/46 CiscoB
Table 7-3 IP address plan

Device Item Function
CiscoA l Port-channel 3: l Port-channel 3 is used to

10.1.194.161 interconnect with the
255.255.255.252 S12704 CSS.
l Loopback0: l The IP address of
10.1.194.254 Loopback0 is used as the
255.255.255.255 router ID.
CiscoB l Port-channel 3: l Port-channel 3 is used to

10.1.193.161 interconnect with the
255.255.255.252 S12704 CSS.
l Loopback0: l The IP address of
255.255.255.255 router ID.
CiscoC Loopback0: 10.1.7.254 The IP address of

router ID.
CiscoD Loopback0: 10.1.7.253 The IP address of

router ID.
S12704 CSS Eth-Trunk 4: 10.1.193.162 Eth-Trunk 4 is used to

255.255.255.252 interconnect with CiscoA.
Eth-Trunk 5: 10.1.194.162 Eth-Trunk 5 is used to

255.255.255.252 interconnect with CiscoB.
LoopBack0: 10.1.7.252 The IP address of

router ID.
Procedure
Step 1 Deploy the two S12704 switches in a CSS and two S5730HI switches in a stack and perform
the following configurations:

l Configure link aggregation in LACP mode and OSPF between S12704 switches and
Cisco core switches, and set the network type of OSPF interfaces to P2P.
# Configure Eth-Trunk 4 and Eth-Trunk 5 in LACP mode for the S12704 CSS and add
interfaces to the Eth-Trunks.
[HUAWEI] syaname CSS
[CSS] interface eth-trunk 4
[CSS-Eth-Trunk4] mode lacp
[CSS-Eth-Trunk4] quit
[CSS] interface XGigabitEthernet 1/2/0/46
[CSS-XGigabitEthernet1/2/0/46] eth-trunk 4
[CSS-XGigabitEthernet1/2/0/46] lldp compliance cdp txrx //Enable the
interface to exchange information with CDP-capable devices.
[CSS-XGigabitEthernet1/2/0/46] quit
[CSS-XGigabitEthernet2/2/0/46] lldp compliance cdp txrx
# Configure OSPF for the S12704 CSS.
[CSS] interface LoopBack0
[CSS-LoopBack0] ip address 10.1.7.252 255.255.255.255
[CSS-LoopBack0] quit
[CSS-Eth-Trunk4] undo portswitch
[CSS-Eth-Trunk4] ip address 10.1.193.162 255.255.255.252
[CSS-Eth-Trunk4] ospf authentication-mode md5 1 cipher Huawei@123 //The
password must be the same as that on the peer end.
[CSS-Eth-Trunk4] ospf network-type p2p
[CSS-Eth-Trunk5] undo portswitch
[CSS-Eth-Trunk5] ip address 10.1.194.162 255.255.255.252
[CSS-Eth-Trunk5] ospf authentication-mode md5 1 cipher Admin@123 //The
password must be the same as that on the peer end.
[CSS-Eth-Trunk5] ospf network-type p2p
[CSS] ospf 100 router-id 10.1.7.252
[CSS-ospf-100] silent-interface all
[CSS-ospf-100] undo silent-interface Eth-Trunk4
[CSS-ospf-100] undo silent-interface Eth-Trunk5 //Except for Eth-Trunk 4
and Eth-Trunk 5, disable the other interfaces from sending and receiving OSPF
packets.
[CSS-ospf-100] area 0.0.0.0
[CSS-ospf-100-area-0.0.0.0] authentication-mode md5
[CSS-ospf-100-area-0.0.0.0] network 10.1.193.160 0.0.0.3
[CSS-ospf-100-area-0.0.0.0] quit
[CSS-ospf-100] quit
# Configure the ICMP attribute for the S12704 CSS.
[CSS-Eth-Trunk4] undo icmp host-unreachable send //Disable the switch
from sending ICMP Host Unreachable packets. This prevents the peer device
from processing a large number of ICMP packets.
[CSS-Eth-Trunk4] undo icmp redirect send //Disable the switch from
sending ICMP redirect packets.

[CSS-Eth-Trunk5] undo icmp host-unreachable send
[CSS-Eth-Trunk5] undo icmp redirect send
# The related CiscoA and CiscoB configuration files are as follows:

– CiscoA configuration file:
!
interface Loopback0
ip address 10.1.194.254 255.255.255.255
!
port-channel per-module load-balance
!
interface Port-channel3
ip address 10.1.194.161 255.255.255.252
no ip redirects
no ip unreachables
no ip proxy-arp
ip ospf authentication message-digest
ip ospf message-digest-key 1 md5 7 1108180B1206
ip ospf network point-to-point
ip ospf cost 1000
!
interface TenGigabitEthernet2/2
no ip address
channel-group 3 mode active
!
no ip address
!
router ospf 100
router-id 10.1.194.254
area 0 authentication message-digest
network 10.1.193.160 0.0.0.3 area 0
– CiscoB configuration file:

!
interface Loopback0
ip address 10.1.194.253 255.255.255.255
!
!
interface Port-channel3
ip address 10.1.193.161 255.255.255.252
no ip redirects
no ip unreachables
no ip proxy-arp
ip ospf message-digest-key 1 md5 7 104F08170003
ip ospf network point-to-point
ip ospf cost 1000
!
no ip address
!
no ip address
!
router ospf 100
router-id 10.1.194.253
network 10.1.193.160 0.0.0.3 area 0
l Connect the S12704 CSS and Cisco aggregation switches CiscoC and CiscoD through
Eth-Trunks in LACP mode. Cisco aggregation switches use Rapid PVST+ to prevent

loops. Therefore, VBST needs to be enabled for the S12704 CSS to interoperate with
Rapid PVST+.
# Configure Eth-Trunk 2 and Eth-Trunk 3 in LACP mode for the S12704 CSS, and add
interfaces to the Eth-Trunks.
# Configure VBST for the S12704 CSS.

[CSS] stp mode vbst
[CSS] vlan batch 2 4 33 73
[CSS] stp vlan 2 4 33 73 priority 12288
[CSS-Eth-Trunk2] port link-type trunk
[CSS-Eth-Trunk2] undo port trunk allow-pass vlan 1
[CSS-Eth-Trunk2] port trunk allow-pass vlan 2 4 33 73
[CSS-Eth-Trunk2] stp no-agreement-check //Configure the common fast
transition mechanism on the interface.
[CSS-Eth-Trunk3] port link-type trunk
[CSS-Eth-Trunk3] undo port trunk allow-pass vlan 1
[CSS-Eth-Trunk3] port trunk allow-pass vlan 2 4 33 73
[CSS-Eth-Trunk3] stp no-agreement-check
# The related CiscoC and CiscoD configuration files are as follows:

– CiscoC configuration file:
!
spanning-tree mode rapid-pvst
spanning-tree loopguard default
no spanning-tree optimize bpdu transmission

spanning-tree extend system-id

spanning-tree backbonefast
spanning-tree vlan 1,33,73 priority 8192
spanning-tree vlan 2,4 priority 4096
!
switchport
switchport trunk allowed vlan 2,4,33,73
switchport nonegotiate
!
switchport
!
switchport
!
switchport
– CiscoD configuration file:

!
spanning-tree mode rapid-pvst
spanning-tree loopguard default
no spanning-tree optimize bpdu transmission
spanning-tree extend system-id
spanning-tree backbonefast
spanning-tree vlan 1,33,73 priority 4096
spanning-tree vlan 2,4 priority 8192
!
switchport
!
switchport
!
switchport
!
switchport

l Create VLANIF2 for the S12704 CSS and create VLAN2 on Cisco aggregation switches
CiscoC and CiscoD to advertise routes of CiscoC and CiscoD to the S12704 CSS.
# Perform the following configurations for the S12704 CSS:
[CSS] interface Vlanif2
[CSS-Vlanif2] ip address 10.1.7.7 255.255.255.128
[CSS-Vlanif2] undo icmp host-unreachable send
[CSS-Vlanif2] undo icmp redirect send
[CSS-Vlanif2] ospf authentication-mode md5 1 cipher Huawei@345
[CSS-Vlanif2] ospf dr-priority 95
[CSS-Vlanif2] quit
[CSS] ospf 100 router-id 10.1.7.252
[CSS-ospf-100] undo silent-interface Vlanif2
[CSS-ospf-100] area 0.0.0.3
[CSS-ospf-100-area-0.0.0.3] authentication-mode md5
[CSS-ospf-100-area-0.0.0.3] quit
[CSS-ospf-100] quit
# The related CiscoC and CiscoD configuration files are as follows:

– CiscoC configuration file:
!
interface Loopback0
ip address 10.1.7.254 255.255.255.255
!
interface Vlan2
ip address 10.1.7.2 255.255.255.128
no ip redirects
no ip unreachables
no ip proxy-arp
ip ospf message-digest-key 1 md5 7 094D4F071C11
ip ospf priority 105
!
router ospf 100
router-id 10.1.7.254
passive-interface default
no passive-interface Vlan2
network 10.1.7.0 0.0.0.127 area 3
– CiscoD configuration file:

!
interface Loopback0
ip address 10.1.7.253 255.255.255.255
!
interface Vlan2
ip address 10.1.7.3 255.255.255.128
no ip redirects
no ip unreachables
no ip proxy-arp
ip ospf message-digest-key 1 md5 7 094D4F071C11
ip ospf priority 100
!
router ospf 100
router-id 10.1.7.253
passive-interface default
no passive-interface Vlan2
network 10.1.7.0 0.0.0.127 area 3
Step 2 Use physical cables to connect the S12704 CSS and Cisco core switches CiscoA and CiscoB
through the Eth-Trunks in LACP mode, as shown in Figure 7-3.

Core CiscoA CiscoB
CSS
Aggregation CiscoC CiscoD
S12704-1 S12704-2
Access
Branch B
# After cables are connected, run the display ospf peer brief command to check whether
OSPF is running properly. The following information indicates that OSPF is running properly:
<CSS> display ospf peer brief
Peer Statistic Information
----------------------------------------------------------------------------
Area Id Interface Neighbor id State
0.0.0.0 Eth-Trunk4 10.1.194.254 Full
0.0.0.0 Eth-Trunk5 10.1.194.253 Full
----------------------------------------------------------------------------
Total Peer(s): 2
# Ping CiscoA and CiscoB to check the connectivity between the S12704 CSS and CiscoA
and CiscoB. CiscoA is used as an example. The following information indicates that CiscoA
is pinged successfully.
<CSS> ping 10.1.194.161
--- 10.1.194.161 ping statistics ---

0.00% packet loss
Step 3 Use physical cables to connect the S12704 CSS and Cisco aggregation switches CiscoC and
CiscoD through the Eth-Trunks in LACP mode, as shown in Figure 7-4.

Core CiscoA CiscoB
Eth-Trunk5
CiscoC Eth-Trunk4
Aggregation
CiscoD
STP Protocol:Rapid PVST+
Eth-Trunk2
XGE1/1/0/44
XGE1/1/0/45 Eth-Trunk3
XGE1/2/0/44 XGE2/1/0/44 CSS
XGE1/2/0/45 XGE2/1/0/45 S12704-1 S12704-2
XGE2/2/0/44
XGE2/2/0/45
STP Protocol:VBST
# After cables are connected, run the display stp brief command to check the VBST status.
The status of Eth-Trunk 2 and Eth-Trunk 3 is normal in different VLANs.
<CSS> display stp brief
VLAN-ID Port Role STP State Protection
2 Eth-Trunk2 ALTE DISCARDING NONE
2 Eth-Trunk3 ROOT FORWARDING NONE
# Run the display ospf peer brief command to check whether routes of CiscoC and CiscoD
have been advertised to the S12704 CSS. The following information indicates that OSPF is
running properly:
<CSS> display ospf peer brief
Peer Statistic Information
----------------------------------------------------------------------------
Area Id Interface Neighbor id State
0.0.0.0 Eth-Trunk4 10.1.194.254 Full
0.0.0.0 Eth-Trunk5 10.1.194.253 Full
0.0.0.3 Vlanif2 10.1.7.254 Full
0.0.0.3 Vlanif2 10.1.7.253 Full
----------------------------------------------------------------------------
Total Peer(s): 4
# Ping CiscoC and CiscoD to check the connectivity between the S12704 CSS and CiscoC
and CiscoD. CiscoC is used as an example. The following information indicates that CiscoC
is pinged successfully.
<CSS> ping 10.1.7.254


0.00% packet loss
Step 4 Configure the S5730HI switches in a stack. Disconnect a physical link between CiscoC and
CiscoE, and connect one end of the physical link to the uplink interface of the S5730HI stack
and the other end to the S12704 CSS. Migrate cables connecting to downlink interfaces of
CiscoE to the corresponding downlink interfaces of the S5730HI. Migrate the other physical
link between CiscoC and CiscoE in a similar manner. Migrate the other access switches using
the same method. After the operations are completed, run the commands listed in Table 7-4
for the S5730HI stack to verify that services are running properly. The STP status does not
need to be checked.
Step 5 Run the shutdown command to disable the SVIs on Cisco aggregation switches CiscoC and
CiscoD where the interface vlan command has been run. The VLANIF interfaces of the
S12704 CSS are in Down state (excluding VLANIF2 corresponding to VLAN2). Then run the
undo shutdown command on a VLANIF interface to enable the VLANIF interface for the
S12704 CSS. Migrate the gateway from CiscoC and CiscoD to the S12704 CSS. After the
operations are completed, run the commands listed in Table 7-4 for the S12704 CSS to verify
that services are running properly.
Step 6 Remove the cables between S12704 CSS and CiscoC and CiscoD and the cables between
CiscoC and CiscoD and between CiscoA and CiscoB. Delete configurations such as the Eth-
Trunk, OSPF, and VBST that are related to CiscoC and CiscoD from the S12704 CSS. After
the operations are completed, run the commands listed in Table 7-4 for the S12704 CSS to
verify that services are running properly.
Step 7 Check whether services connected to the S5730HI stack are normal, for example, whether
PCs can access the Internet properly and whether APs can provide wireless access.
----End
Check After the Replacement

After the replacement, run the commands listed in Table 7-4 to check the status and entries of
Huawei switches and compare them with those on Cisco switches before the replacement.
Ensure that routing table entries, ARP table entries, MAC address table entries, and neighbors
remain unchanged after the replacement. This can only preliminarily determine whether the
network devices are normal. To check whether the migration is successful, check the service
status.
Table 7-4 Commands for checking the status of Huawei switches after the replacement
Item Command
Checking the clock status display clock
Checking the interface status display interface brief
Checking the MAC address table display mac-address
Checking the neighbor status display lldp neighbor

Item Command
Checking the ARP table display arp
Checking the routing table display ip routing-table
Checking the STP status display stp brief

display stp global
Checking the existing configurations display current-configuration

display saved-configuration
Checking logs and alarms display logbuffer

display alarm active
display alarm history

Switches 8 Using the Product/Feature Mapping Tool between
Interoperation and Replacement Guide Huawei and other vendors
8 Using the Product/Feature Mapping Tool

between Huawei and other vendors
Figure 8-1 shows the page of Product/Feature Mapping Tool. The tool can be used to query
network product or feature mapping between Huawei and other vendors.
Figure 8-1 Page of the Product/Feature Mapping Tool

S2700, S3700, S5700, S6700, S7700, and S9700 Series Switches Interoperation and Replacement Guide

Caricato da

Informazioni sul documento

Copyright

Formati disponibili

Condividi questo documento

Condividi o incorpora il documento

Opzioni di condivisione

Hai trovato utile questo documento?

Questo contenuto è inappropriato?

Copyright:

Formati disponibili

S2700, S3700, S5700, S6700, S7700, and S9700 Series Switches Interoperation and Replacement Guide

Caricato da

Copyright:

Formati disponibili

S2700, S3700, S5700, S6700, S7700, and S9700

Interoperation and Replacement

HUAWEI TECHNOLOGIES CO., LTD.

Trademarks and Permissions

Huawei Technologies Co., Ltd.

Issue 13 (2019-05-10) Copyright © Huawei Technologies Co., Ltd. i

About This Document

Indicates a potentially hazardous situation

NOTE Calls attention to important information,

Boldface The keywords of a command line are in boldface.

Italic Command arguments are in italics.

[] Items (keywords or arguments) in brackets [ ] are optional.

Issue 13 (2019-05-10) Copyright © Huawei Technologies Co., Ltd. ii

{ x | y | ... } Optional items are grouped in braces and separated by

[ x | y | ... ] Optional items are grouped in brackets and separated by

{ x | y | ... }* Optional items are grouped in braces and separated by

[ x | y | ... ]* Optional items are grouped in brackets and separated by

&<1-n> The parameter before the & sign can be repeated 1 to n

# A line starting with the # sign is comments.

Interface Numbering Conventions

Issue 13 (2019-05-10) Copyright © Huawei Technologies Co., Ltd. iii

Issue 13 (2019-05-10) Copyright © Huawei Technologies Co., Ltd. iv

About This Document.....................................................................................................................ii

3 Interoperation Between Huawei Switches and an Microsoft NLB Cluster................... 166

4 Interoperation Between a Huawei Switch and a Server with Multiple Network

Issue 13 (2019-05-10) Copyright © Huawei Technologies Co., Ltd. v

5.2.2 Comparison Between LNP and DTP.......................................................................................................................197

6 Interoperation Between Huawei Switches and SolarWinds.............................................295

Issue 13 (2019-05-10) Copyright © Huawei Technologies Co., Ltd. vi

6.1 Introduction to SolarWinds.........................................................................................................................................295

Issue 13 (2019-05-10) Copyright © Huawei Technologies Co., Ltd. vii

1 Interoperation Between Huawei Switches

About This Chapter

1.1 Overview of Interoperation Between Switches and IP Phones

1.1 Overview of Interoperation Between Switches and IP

Issue 13 (2019-05-10) Copyright © Huawei Technologies Co., Ltd. 1

PRI (3 bits) CFI (1 bit) VLAN ID (12 bits)

Table 1-1 Categories of packets sent by IP phones

No. Packet Description

1 The packets carry After IP phones connect to a switch, the

Issue 13 (2019-05-10) Copyright © Huawei Technologies Co., Ltd. 2

No. Packet Description

2 The packets carry After IP phones connect to a switch, the switch

3 The packets carry After IP phones connect to a switch, the switch

4 The packets carry After IP phones connect to a switch, the switch

5 The packets do not After IP phones connect to a switch, the switch

Physical Connection of an IP Phone for Interworking

Figure 1-1 Internal structure of the IP phone

Cisco IP Phone 7962

Issue 13 (2019-05-10) Copyright © Huawei Technologies Co., Ltd. 3

Figure 1-2 Connecting a downstream PC to an IP phone

Figure 1-3 Connecting the PC and IP phone to the switch separately

1.2 IP Phone Interoperation Solution

Issue 13 (2019-05-10) Copyright © Huawei Technologies Co., Ltd. 4

Table 1-2 Summary of solutions for connecting switches to IP phones

1.4 l IP phones cannot obtain voice All models of V200R003C00 and

1.6 l IP phones can obtain voice All models of V200R002 and

Issue 13 (2019-05-10) Copyright © Huawei Technologies Co., Ltd. 5

Interoperation Applicable Scenario Applicable S Series Switch

Issue 13 (2019-05-10) Copyright © Huawei Technologies Co., Ltd. 6

Interoperation Applicable Scenario Applicable S Series Switch

1.3 (Recommended) Interoperation Between Switches and

Issue 13 (2019-05-10) Copyright © Huawei Technologies Co., Ltd. 7

Figure 1-4 Networking diagram of connecting switches to IP phones through LLDP