Scribd
Upload
921 views

HUAWEI Commands

The document describes Huawei switch command styles and provides examples of common commands. It discusses commands for system view, interface configuration, saving configurations, and protocols like HTTP, SSH, and Telnet. Examples are given for commands related to flash memory, display outputs, setting the local console password, and configuring user authentication and access protocols.

Uploaded by

brayhan olarte
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
921 views

HUAWEI Commands

The document describes Huawei switch command styles and provides examples of common commands. It discusses commands for system view, interface configuration, saving configurations, and protocols like HTTP, SSH, and Telnet. Examples are given for commands related to flash memory, display outputs, setting the local console password, and configuring user authentication and access protocols.

Uploaded by

brayhan olarte
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 21

HUAWEI Commands BY: Fawzy Abdelbaset

Command style contrast


• User view, use “< >” as prompt, e.g. <Huawei>
• System view, use “[ ]” as prompt, e.g. [Huawei]
• Other configuration view, use “[ ]” as prompt, e.g. [Huawei-XX]
User View
<Huawei>
System View
<Huawei> system-view
Interface
[Huawei] interface Gigabitethernet 0/0/1
Interface range
[Huawei] interface range Gigabitethernet 0/0/1 to Gigabitethernet 0/0/15
Or
[Huawei] interface range Gigabitethernet 0/0/1 Gigabitethernet 0/0/5 Gigabitethernet 0/0/7
Interface Description
[Huawei] interface Gigabitethernet 0/0/1
[Huawei-gigabitethernet0/0/1] description link to core
Exit Command
[Huawei] quit
Save Configuration
<Huawei> save
Save Configuration in another file
<Huawei> save newconfig.cfg
Switch Name
[Huawei] sysname Huawei-switch
Shutdown Port
[Huawei-gigabitethernet0/0/1] shutdown
Delete command
[Huawei-gigabitethernet0/0/1] undo shutdown
Show configuration
<Huawei>,[Huawei],[Huawei-gigabitethernet0/0/1] display current-configuration
Device local clock
[Huawei] clock datetime 12:10:2 2023-6-1

1|Page
Fawzy Abdelbaset | LinkedIn
HUAWEI Commands BY: Fawzy Abdelbaset

Flash
<Huawei> pwd Display the current working
directory.
<Huawei> dir Command displays information
about files and directories in the
storage medium.
<HUAWEI> dir /all Display information about all files
and directories in the current
directory.
dir /all-filesystems Display information about files and
directories in the root directories
of all the storage media on the
devices in a stack.
<Huawei> dir vrpcfg.cfg Display information about the file
vrpcfg.cfg in the current directory.
<Huawei> more command to display the file
content directly on a device.
<Huawei> mkdir [File name] command to create a subdirectory
in a specified directory, and the
subdirectory name must be unique.
<Huawei> rmdir [File name] command deletes a specified
directory from the remote SFTP
server.
<Huawei> copy flash:/config.cfg flash:/temp/temp.cfg command copies a file
<Huawei> move flash:/test/sample.txt flash:/sample.txt command moves the source file
from a specified directory to a
destination directory.
<Huawei> rename sample.txt sample.bak command renames a file or folder.
<Huawei> delete test.txt command delete file
Delete flash:/test.txt?[Y/N]:y
Info: Deleting file flash:/test.txt...succeeded.
<Huawei> undelete sample.bak Restore file sample.bak from the
Undelete flash:/sample.bak ?(y/n)[n]:y recycle bin.
Undeleted file flash:/sample.bak.
<Huawei> undelete flash: Restore a file that has been moved
Undelete flash:/test.txt?(y/n)[n]:y from the root directory to the
Undeleted file flash:/test.txt. recycle bin.

2|Page
Fawzy Abdelbaset | LinkedIn
HUAWEI Commands BY: Fawzy Abdelbaset

Undelete flash:/rr.bak?(y/n)[n]:y
Undeleted file flash:/rr.bak.
<Huawei> reset recycle-bin flash:/test/test.txt command permanently deletes
Squeeze flash:/test/test.txt?(y/n)[n]:y files from the recycle bin.
Clear file from flash will take a long time if
needed...Done.
%Cleared file flash:/test/test.txt.
Common display Commands
display this Verify configurations in the current view
display interface brief command displays brief information about the
status and configuration of interfaces.
display diagnostic-information Basic information
display device Device information
display interface Interface information
display startup Startup file information
display version Versions
display patch-information Patch information
display device elabel Electronic label information
display health Device status
display configuration recover-result Configuration recovery information
display current-configuration Current configurations
display saved-configuration Saved configurations
display clock Time
display ntp status NTP clock information
display logbuffer User logs
display memory Memory usage
display cpu CPU usage
display switchover state Active/standby switchover status
display alarm active Device alarms
display device alarm hardware Hardware alarms
display device temperature all Temperature information
display device fan Fan information
display device power Power supply information
Console Local Password
[Huawei] user-interface console 0
[Huawei -ui-console0] user privilege level 15
[Huawei -ui-console0] authentication-mode Password
[Huawei -ui-console0] set authentication Password Huawei@123
[Huawei -ui-console0] quit
Console local Authentication
[Huawei] user-interface console 0
[Huawei -ui-console0] authentication-mode aaa
[Huawei -ui-console0] quit

3|Page
Fawzy Abdelbaset | LinkedIn
HUAWEI Commands BY: Fawzy Abdelbaset

[Huawei] aaa
[Huawei-aaa] local-user admin password irreversible-cipher Huawei@123
[Huawei-aaa] local-user admin privilege-level 15
[Huawei-aaa] local-user admin service-type Terminal
HTTP
<Huawei> system-view
[Huawei] http server enable
[Huawei] http server-source -i vlanif [Management Vlanif]
[Huawei] aaa
[Huawei-aaa] local-user admin password irreversible-cipher Huawei@123
[Huawei-aaa] local-user admin privilege-level 15
[Huawei-aaa] local-user admin service-type http
STelnet (SSH)
[Huawei] stelnet server enable
[Huawei] ssh server-source -i vlanif [Management Vlanif]
[Huawei] user-interface vty 0 4
[Huawei-ui-vty0-4] authentication-mode aaa
[Huawei-ui-vty0-4] protocol inbound ssh
[Huawei-ui-vty0-4] quit
[Huawei] aaa
[Huawei-aaa] local-user admin password irreversible-cipher Huawei@123
[Huawei-aaa] local-user admin privilege level 15
Warning: This operation may affect online users, are you sure to change the user privilege level
?[Y/N]y
[Huawei-aaa] local-user admin service-type ssh
[Huawei-aaa] quit
Telnet
[Huawei] telnet server enable
[Huawei] telnet server-source -i vlanif [Management Vlanif]
[Huawei] user-interface vty 0 4
[Huawei-ui-vty0-4] authentication-mode aaa
[Huawei-ui-vty0-4] protocol inbound telnet
[Huawei-ui-vty0-4] quit
[Huawei] aaa
[Huawei-aaa] local-user admin password irreversible-cipher Huawei@123
[Huawei-aaa] local-user admin privilege level 15

4|Page
Fawzy Abdelbaset | LinkedIn
HUAWEI Commands BY: Fawzy Abdelbaset

Warning: This operation may affect online users, are you sure to change the user privilege level
?[Y/N]y
[Huawei-aaa] local-user admin service-type telnet
[Huawei-aaa] quit
FTP
[Huawei] ftp server enable
[Huawei] aaa
[Huawei-aaa] local-user admin password
irreversible-cipher Huawei@123
[Huawei-aaa] local-user admin privilege level 15
[Huawei-aaa] local-user admin service-type ftp
[Huawei-aaa] local-user admin ftp-directory flash:/
[Huawei-aaa] quit
[Huawei] quit
<Huawei> save
FTP
<Huawei> ftp 192.168.161.141 Login the FTP Server, then enter the
Trying ftp 192.168.161.141 username
Press CTRL+K to abort and the password on the FTP Server
Connected to ftp 192.168.161.141
220 FTP service ready.
User (192.168.161.141:(none)):huawei
331 Password required for huawei
Password: 8031

[ftp] get S9300.cc Get the new system software from the
FTP Server

[ftp] put S9300.cc Put the new system software to the FTP
client

<huawei> startup system-software S9300.cc Configure the new system software as


<huawei> reboot the next startup
TFTP
<Huawei> tftp 192.168.161.141 get S9300.cc Login the TFTP Server and get the new
system software from the TFTP Server

5|Page
Fawzy Abdelbaset | LinkedIn
HUAWEI Commands BY: Fawzy Abdelbaset

<Huawei> startup system-software S9300.cc Configure the new system software as


<Huawei> reboot the next startup
Verifying the Local Authentication and Authorization Configuration
[Huawei] aaa Display AAA configuration
[Huawei-aaa] display this
display aaa configuration Check the AAA summary.
display access-user username user-name [detail]
display access-user access
type {admin [ ftp | ssh | telnet | terminal | web] | ppp}
[ username user-name]

display local-user expire-time Verify the time when the local account expires.
display local-aaa-user password policy {access- Display the password policy for local users.
user | administrator}
POE
[Huawei] interface Ethernet0/0/1 Used to create shortcuts for long
[Huawei-Ethernet0/0/1] poe enable commands. Enable the POE function on
the interface, by default, the POE
function is auto-enable on the interface

[Huawei-Ethernet0/0/1] poe max-power (Optional) Configure the maximum


power_values output power of the interface
[Huawei-Ethernet0/0/1] quit

[Huawei] poe power-management manual (Optional) Configure the POE mode as


[Huawei] poe power-on interface Ethernet0/0/1 manual and supply the power over the
interface by manual
Verifying the PoE Configuration
display poe-power View the PoE power supply status
display lldp tlv-config View the TLV types supported by the interface
display lldp local View LLDP status on the interfaces and device
display lldp neighbor View information about interface neighbors
display lldp neighbor brief view information about device neighbors
display poe device View information about the devices that support
the PoE function.
display poe information [ slot slot-id ] View PoE information.
display poe power [ slot slot-id | interface interface- View the interface current power.
type interface-number ]
display poe power-state [ slot slot-id | interface interface- View the PoE power supply status on the
type interface-number ] interface.

6|Page
Fawzy Abdelbaset | LinkedIn
HUAWEI Commands BY: Fawzy Abdelbaset

Static LACP Link Aggregation Group


Eth-Trunk Interface to Work in Static LACP Mode
<Huawei> system-view Create a channel group
[Huawei] interface Eth-Trunk 1

[Huawei-Eth-Trunk1] mode lacp-static Specify the channel group mode as


[Huawei-Eth-Trunk1] bpdu enable LACP
[Huawei-Eth-Trunk1] quit
Assign the port to the channel group
[Huawei] interface GigabitEthernet1/0/1
[Huawei-GigabitEthernet1/0/1] eth-trunk 1

[Huawei] interface eth-trunk 1 Set the maximum number of active


[Huawei-Eth-Trunk1] max active-linknumber 2 links to 2.

[Huawei-GigabitEthernet1/0/1] lacp port-priority Specify the LACP port priority


priority-value
[Huawei-GigabitEthernet1/0/1]quit

[Huawei] lacp port-priority priority-value Configure the LACP System priority


Eth-Trunk Interfaces to Work in Manual Load Balancing Mode
[Huawei] interface Eth-Trunk 1 Create an Eth-Trunk interface in manual
[HUAWEI-Eth-Trunk1] mode manual load- load balancing mode on each device to
balance implement link aggregation
[Huawei-Eth-Trunk1] quit

[Huawei] interface GigabitEthernet1/0/1 Add Ethernet interfaces to each Eth-


Trunk interface and set a load balancing
[Huawei-GigabitEthernet1/0/1] eth-trunk 1
weight for each member interface to
increase bandwidth and implement load
balancing.
Verifying the Eth-Trunk Configuration
display eth-trunk [ trunk-id [ interface interface- check configuration of an Eth-Trunk
type interface number | verbose ] | brief ] interface.

7|Page
Fawzy Abdelbaset | LinkedIn
HUAWEI Commands BY: Fawzy Abdelbaset

display eth-trunk membership trunk-id command to check information about


member interfaces of an Eth-Trunk
interface.
Auto-negotiation of the Interfaces
[Huawei] interface GigabitEthernet1/0/1 Configure the port as the auto
[Huawei-GigabitEthernet1/0/1] negotiation auto negotiation mode, by default, an
interface works in auto negotiation
mode
[Huawei-GigabitEthernet1/0/1] auto speed { 10 | 100 You can set the speed on an electrical
| 1000 }* interface work in auto-negotiation
mode
[Huawei-GigabitEthernet1/0/1] auto duplex { full | You can set the duplex mode on an
half } * electrical interface worked in auto
negotiation mode
Duplex Mode
[Huawei] interface GigabitEthernet1/0/1 Set the interface to work in non-
[Huawei-GigabitEthernet1/0/1] undo negotiation automatic negotiation Mode.
auto
[Huawei-GigabitEthernet1/0/1] speed { 10 | 100 | You can set the speed on an electrical
1000 } interface worked in non-automatic
negotiation mode
[Huawei-GigabitEthernet1/0/1] duplex { full | half } You can set the duplex mode on an
electrical interface worked in non-
automatic negotiation mode
NTP Function
Switch A (Server): Configure Switch A as the NTP Server
<Huawei_A> system-view and Specify the
[Huawei_A] ntp-service refclock-master 2 stratum of the NTP master clock

Switch B (Client): Specify the IP address of the remote


<Huawei_B> system-view NTP server
[Huawei_B] ntp-service unicast-server 172.16.1.1
Verifying NTP Configuration
display ntp-service status check the NTP service status.
display ntp event clock-unsync View the latest 10 reasons of NTP
synchronization failures
display ntp sessions View information about all sessions of local NTP
display ntp slot-status View the clock system status
display ntp-service sessions [ verbose ] check the NTP session status.

8|Page
Fawzy Abdelbaset | LinkedIn
HUAWEI Commands BY: Fawzy Abdelbaset
display ntp-service trace check the path from the local device to the
reference clock source.
VCMP
Switch A (Server):
[HUAWEI] vcmp role server
[HUAWEI] vcmp device-id 10
[HUAWEI] vcmp domain HUAWEI
[HUAWEI] vcmp authentication sha2-256 password Huawei@123

Switch B (Client):
[HUAWEI] vcmp role Client
[HUAWEI] vcmp domain HUAWEI
[HUAWEI] vcmp authentication sha2-256 password Huawei@123
Verifying VCMP Configuration
display vcmp status Check the VCMP configuration, including the
VCMP domain name, VCMP role, device ID,
configuration revision number, and VCMP
domain authentication password.
display vcmp interface brief Check the VCMP status on Layer 2 Ethernet
interfaces.
Default route
[HUAWEI] ip route-static 0.0.0.0 0.0.0.0 10.0.2.1
VLAN Configuration
<Huawei> system-view Create single VLAN
[Huawei] vlan 90
<Huawei> system-view Set of VLANS
[Huawei] vlan batch 1 to 30
<Huawei> system-view Separate set of VLANS
[Huawei] vlan batch 20 30 32 90
VLAN Description
[Huawei] vlan 1
[Huawei-vlanif1] description Management Vlan
Port Types
Access port
[Huawei-GigabitEthernet0/0/35] port link-type access
[Huawei-GigabitEthernet0/0/35] port default vlan 5
Trunk Port
[Huawei-GigabitEthernet0/0/30] port link-type trunk
[Huawei-GigabitEthernet0/0/30] port trunk allow-pass vlan 1 2 5

9|Page
Fawzy Abdelbaset | LinkedIn
HUAWEI Commands BY: Fawzy Abdelbaset

Hybrid Port
<Huawei> system-view
[Huawei] interface gigabitethernet 0/0/1
[Huawei-GigabitEthernet0/0/11] port link-type hybrid
[Huawei-GigabitEthernet0/0/11] port hybrid untagged vlan 2
[Huawei-GigabitEthernet0/0/11] port hybrid tagged vlan 30
[Huawei-GigabitEthernet0/0/11] port hybrid pvid vlan 2
Delete interface port type
[Huawei] interface G0/0/35
[Huawei-GigabitEthernet0/0/35] undo port link-type
VLAN Configuration Based on Port
[Huawei] vlan 2 Vlan can be Created singly or batch
[Huawei] vlan bacth 2 to 10

[Huawei] vlan 2
[Huawei-vlan2] port GigabitEthernet1/0/1 to Configure the VLAN on the access port
GigabitEthernet1/0/2
or
[Huawei] interface GigabitEthernet1/0/1
[Huawei-GigabitEthernet1/0/1] port link-type access
[Huawei-GigabitEthernet1/0/1] port default vlan 2

[Huawei] interface GigabitEthernet1/0/1


[Huawei-GigabitEthernet1/0/1] port link-type trunk Configure the VLAN on the trunk Port
[Huawei-GigabitEthernet1/0/1] port trunk allow-pass
vlan 2 to 10
Verifying the VLAN Configuration
display vlan [ { vlan-id | vlan-name vlan-name } [ verbose ] ] command to check information about all VLANs
or a specified VLAN.

Interface VLAN
[Huawei] interface vlanif 2
[Huawei-vlanif2] ip add 192.168.1.1 255.255.255.0
Also you can write prefix instant of subnet mask 192.168.1.1 24
[Huawei-vlanif2] ip add 192.168.1.1 24
Verifying interface VLAN Configuration
display interface vlanif [ vlan-id ] command to check the VLANIF
interface configuration.

10 | P a g e
Fawzy Abdelbaset | LinkedIn
HUAWEI Commands BY: Fawzy Abdelbaset
Display ip interface brief command displays brief information
about interface IP addresses, including
the IP address, subnet mask, physical
status, link-layer protocol status, and
number of interfaces in different states.
DHCP Server Based on the Global Address Pool
<Huawei> system-view
[Huawei] dhcp enable
Create address pools and set
[Huawei] ip pool 1
the attributes of the address
[Huawei-ip-pool-1] network 10.1.1.0 mask 255.255.255.128
pools
[Huawei-ip-pool-1] dns-list 10.1.1.2
[Huawei-ip-pool-1] gateway-list 10.1.1.1
[Huawei-ip-pool-1] excluded-ip-address 10.1.1.2
[Huawei-ip-pool-1] excluded-ip-address 10.1.1.4
[Huawei-ip-pool-1] lease day 10
[Huawei-ip-pool-1] quit

[Huawei] interface vlanif 10 Configure clients on VLANIF 10


[Huawei-Vlanif10] ip address 10.1.1.1 255.255.255.128
to obtain IP addresses from the
[Huawei-Vlanif10] dhcp select global
global address pool.
[Huawei-Vlanif10] quit
DHCP Server Based on Interface
<Huawei> system-view
[Huawei] dhcp enable
[Huawei] interface vlanif 20
[Huawei-Vlanif20] ip address 20.1.1.1 255.255.255.0 Configure clients on VLANIF 20
[Huawei-Vlanif20] dhcp select interface to obtain IP addresses from
[Huawei-Vlanif20] quit same vlan
Verifying DHCP
display ip pool [ name ip-pool-name [ start-ip-address [ end-ip-address ] command to check information about
| all | conflict | expired | used ] ] the specified global address pool.
display dhcp server database command to check information about
the DHCP database.
DHCP Relay
[Huawei] interface vlanif 30
[Huawei-Vlanif30] ip address 30.1.1.1 255.255.255.0
[Huawei-Vlanif30] dhcp select relay
[Huawei-Vlanif30] dhcp relay server-ip 192.168.1.1 DHCP Server IP
Verifying DHCP Relay

11 | P a g e
Fawzy Abdelbaset | LinkedIn
HUAWEI Commands BY: Fawzy Abdelbaset
display dhcp relay { all | interface interface-type interface-number } command to view
information about the
DHCP server or DHCP
server group on the
interface functioning
as a DHCP relay agent.
display dhcp server group [ group-name ] command to view the
configuration of the
DHCP server group.
Port isolation
<Huawei> system-view Port isolation includes
[Huawei] port-isolate mode all unidirectional isolation
[Huawei] interface gigabitethernet 1/0/1 and bidirectional
[Huawei-GigabitEthernet1/0/1] port-isolate enable group 3 isolation. Layer 2
isolation and Layer 3
interworking is used
by default. To
configure Layer 2 and
Layer 3 isolation, run
the port-isolate mode
all command.
Verifying Port isolation
display port-isolate group { group-id | all } command to check the
configuration of the
port isolation group.
Stacking
Master Switch

[Huawei]int stack-port 0\1


[Huawei-stack-port0/1] port interface XGigabitEthernet 0/0/3 enable
[Huawei]int stack-port 0\2
[Huawei-stack-port0/2] port interface XGigabitEthernet 0/0/4 enable
[Huawei]stack slot 0 renumber 0
[Huawei]stack slot 0 priority 200

Standby Switch

12 | P a g e
Fawzy Abdelbaset | LinkedIn
HUAWEI Commands BY: Fawzy Abdelbaset

[Huawei]int stack-port 0\1


[Huawei-stack-port0/1] port interface XGigabitEthernet 0/0/3 enable
[Huawei]int stack-port 0\2
[Huawei-stack-port0/2] port interface XGigabitEthernet 0/0/4 enable
[Huawei]stack slot 0 renumber 1

Slave Switch

[Huawei]int stack-port 0\1


[Huawei-stack-port0/1] port interface XgigabitEthernet 0/0/3 enable
[Huawei]int stack-port 0\2
[Huawei-stack-port0/2] port interface XgigabitEthernet 0/0/4 enable
[Huawei]stack slot 0 renumber 2
Verifying Stacking Configuring
display stack command to check information about the
stack member switches. If all member
switches are displayed, the stack is set up
successfully.
display stack peers command to check whether neighboring
information about the stack is the same as
the actual hardware connections.
display device command to check the device model.
display elabel command to view the electronic label.
display elabel slot slot-id subcard-id command to check the electronic label of
the stack card.
display stack port [ brief | slot slot-id ] command to check whether stack cables
are correctly connected.
display stack configuration or display stack current-configuration command to check stack configuration.
CSS
Master Switch
<HUAWEI> system-view
[HUAWEI] sysname SwitchA
[SwitchA] set css mode lpu
[SwitchA] set css id 1
[SwitchA] set css priority 100
[SwitchA] interface css-port 1
[SwitchA-css-port1] port interface xgigabitethernet 1/0/1 to xgigabitethernet 1/0/2 enable
[SwitchA-css-port1] quit
[SwitchA] interface css-port 2

13 | P a g e
Fawzy Abdelbaset | LinkedIn
HUAWEI Commands BY: Fawzy Abdelbaset

[SwitchA-css-port2] port interface xgigabitethernet 2/0/1 to xgigabitethernet 2/0/2 enable


[SwitchA-css-port2] quit
[SwitchA] css enable
Warning: The CSS configuration will take effect only after the system is rebooted. T
he next CSS mode is LPU. Reboot now? [Y/N]:y

Standby Switch

<HUAWEI> system-view
[HUAWEI] sysname SwitchB
[SwitchB] set css mode lpu
[SwitchB] set css id 2
[SwitchB] set css priority 10
[SwitchB] interface css-port 1
[SwitchB-css-port1] port interface xgigabitethernet 1/0/1 to xgigabitethernet 1/0/2 enable
[SwitchB-css-port1] quit
[SwitchB] interface css-port 2
[SwitchB-css-port2] port interface xgigabitethernet 2/0/1 to xgigabitethernet 2/0/2 enable
[SwitchB-css-port2] quit
[SwitchB] css enable
Warning: The CSS configuration will take effect only after the system is rebooted. T
he next CSS mode is LPU. Reboot now? [Y/N]:y
Verifying CSS
display current-configuration | include css command to view the CSS physical port-Down
delay function configuration.

display device command to check the card status. If the card


status of two member switches is displayed in
the command output, the CSS is established
successfully.
display css status command to check the CSS status. If CSS
status of two member switches is displayed, the
CSS is established successfully.
display css channel command to check the cluster link status.
display css port all command to check the status of all CSS ports.
Voice VLAN with LLDP-MED
Step1: configure voice vlan
<Huawei> system-view Create a VLAN as voice VLAN on
[Huawei] vlan 8 the system view
[Huawei-vlan-8] quit

14 | P a g e
Fawzy Abdelbaset | LinkedIn
HUAWEI Commands BY: Fawzy Abdelbaset

[Huawei] voice-vlan mac-address mac-address mask oui- Set the OUI of the voice VLAN
mask
[description text]

[Huawei] interface Ethernet1/0/1 Enable voice VLAN and trust COS


[Huawei-Ethernet1/0/1] voice-vlan 8 enable on the interface connected to IP
[Huawei-Ethernet1/0/1] trust 8021p phone
[Huawei-Ethernet1/0/1] quit
Step2: configure LLDP-MED
[Huawei] lldp enable Globally enable LLDP on the
system view

[Huawei] interface Ethernet1/0/1 Enable BPDU on the interface


[Huawei-Ethernet1/0/1] bpdu enable connected IP phone
Basic function of STP

All switches:
<Huawei> system-view Configure the spanning tree mode
[Huawei] stp mode stp as STP and enable stp on the
[Huawei] stp enable system view

[Huawei] interface GigabitEthernet1/0/1


[Huawei-GigabitEthernet1/0/1] bpdu enable Enable BPDU on the interfaces on
[Huawei-GigabitEthernet1/0/1] quit the ring
[Huawei] interface GigabitEthernet1/0/2
[Huawei-GigabitEthernet1/0/2] bpdu enable

Switch A (root):
Configure Switch A as the root of
[Huawei] stp root primary
the ring
or
[Huawei] stp priority 0
15 | P a g e
Fawzy Abdelbaset | LinkedIn
HUAWEI Commands BY: Fawzy Abdelbaset

Basic function of RSTP

All switches:
Configure the spanning tree mode
<Huawei> system-view as RSTP and
[Huawei] stp mode rstp enable stp on the system view
[Huawei] stp enable

[Huawei] interface GigabitEthernet1/0/1 Enable BPDU on the interfaces on


[Huawei-GigabitEthernet1/0/1] bpdu enable the ring
[Huawei-GigabitEthernet1/0/1] quit
[Huawei] interface GigabitEthernet1/0/2
[Huawei-GigabitEthernet1/0/2] bpdu enable

Switch A (root): Configure Switch A as the root of


[Huawei_A] stp root primary the ring
or
[Huawei_A] stp priority 0
Verifying the STP/RSTP/MSTP Configuration
display stp [ instance instance-id ] [ interface interface- command to check the spanning tree
type interface-number | slot slot-id ] [ brief ] status and statistics.
display stp [ instance instance-id ] abnormal-interface command to check information about
abnormal interfaces that run STP, RSTP,
or MSTP.
display stp active command to check the status of and
statistics on spanning trees of all up
interfaces.
display stp bridge { local | root } command to check details about the
spanning tree of the local or root bridge.
display stp global command to check the global STP, RSTP,
or MSTP information.
display stp vlan vlan-id [ blocked-interface ] command to check the spanning tree
status of interfaces in the specified VLAN.

16 | P a g e
Fawzy Abdelbaset | LinkedIn
HUAWEI Commands BY: Fawzy Abdelbaset

Basic function of MSTP

All switches:

<Huawei> system-view Configure the spanning tree mode


[Huawei] stp mode mstp as MSTP and enable STP on the
[Huawei] stp enable system view

[Huawei] stp region-configuration Configure the MST region


[Huawei--mst-region] region-name Huawei
[Huawei--mst-region] instance 1 vlan 1 to 10
[Huawei--mst-region] instance 2 vlan 11 to 20
[Huawei--mst-region] active region-configuration

[Huawei] interface GigabitEthernet1/0/1 Enable BPDU on the interfaces on


[Huawei-GigabitEthernet1/0/1] bpdu enable the ring
[Huawei-GigabitEthernet1/0/1] quit
[Huawei] interface GigabitEthernet1/0/2
[Huawei-GigabitEthernet1/0/2] bpdu enable

Switch A (root of instance 1):

[Huawei_A] stp instance 1 root primary Configure Switch A as the root of


or the instance 1
[Huawei_A] stp instance 1 priority 0

17 | P a g e
Fawzy Abdelbaset | LinkedIn
HUAWEI Commands BY: Fawzy Abdelbaset

Switch C (root of instance 2):

[Huawei_C] stp instance 2 root primary Configure Switch C as the root of


or the instance 2
[Huawei_C] stp instance 2 priority 0
BPDU Guard
<Huawei> system-view Enter the system view

[Huawei] stp bpdu-protection Globally enable STP and BPDU


guard

[Huawei] interface GigabitEthernet1/0/1 Configure the interface as the


[Huawei-GigabitEthernet1/0/1] stp edged-port enable edge interface and enable
[Huawei-GigabitEthernet1/0/1] bpdu enable BPDU on the interface
Port Security
[Switch] interface gigabitethernet 0/0/1
[Switch-GigabitEthernet0/0/1] port-security enable
[Switch-GigabitEthernet0/0/1] port-security mac-address sticky or port-security mac-address
mac-address vlan vlan-id
[Switch-GigabitEthernet0/0/1] port-security max-mac-num 1
[Switch-GigabitEthernet0/0/1] port-security protect-action { protect | restrict | shutdown }
Verifying Port Security
display mac-address security [ vlan vlan-id | interface-type interface- command to check dynamic secure
number ] * [ verbose ] MAC address entries.
display mac-address sec-config [ vlan vlan-id | interface-type interface- command to check static secure MAC
number ] * [ verbose ] address entries.
DLDP/UDLD function
<Huawei> system-view Enter the system view

[Huawei] dldp enable Enable DLDP on the system


view
Enable DLDP on the interface
[Huawei] interface GigabitEthernet1/0/1
[Huawei-GigabitEthernet1/0/1] dldp enable
Verifying dldp/udld
display dldp [ interface interface-type interface-number ] command to verify the DLDP
configuration and neighbor information
entries.

18 | P a g e
Fawzy Abdelbaset | LinkedIn
HUAWEI Commands BY: Fawzy Abdelbaset

ACL
Basic ACL
<HUAWEI> system-view Configuring a packet filtering
[HUAWEI] acl 2001 rule based on the source IP
[HUAWEI-acl-basic-2001] rule permit source 192.168.1.3 0 address (host address).
To allow the packets from a
host to pass, add a rule to an
ACL. For example, to allow
packets from host 192.168.1.3
to pass, create the following
rule in ACL 2001.
<HUAWEI> system-view Configuring a packet filtering
[HUAWEI] acl 2001 rule based on the source IP
[HUAWEI-acl-basic-2001] rule permit source 192.168.1.3 0 address segment
[HUAWEI-acl-basic-2001] rule deny source 192.168.1.0 To allow the packets from a
0.0.0.255 host to pass and reject the
[HUAWEI-acl-basic-2001] description permit only 192.168.1.3 packets from other hosts on the
through same network segment,
configure rules in an ACL. For
example, to allow the packets
from host 192.168.1.3 to pass
and reject the packets from
other hosts on network
segment 192.168.1.0/24,
configure the following rules in
ACL 2001 and set the
description of ACL 2001 to
Permit only 192.168.1.3
through.

Advanced ACL
<HUAWEI> system-view Configuring a packet filtering rule for
[HUAWEI] acl 3001 ICMP protocol packets based on the
[HUAWEI-acl-adv-3001] rule permit icmp source source IP address (host address) and
192.168.1.3 0 destination 192.168.2.0 0.0.0.255 destination IP address segment

19 | P a g e
Fawzy Abdelbaset | LinkedIn
HUAWEI Commands BY: Fawzy Abdelbaset

To allow the ICMP packets from a host


that are destined for a network
segment to pass, configure a rule in an
ACL. For example, to allow the ICMP
packets from host 192.168.1.3 that are
destined for network segment
192.168.2.0/24 to pass, configure the
following rule in ACL 3001.
<HUAWEI> system-view Configuring a packet filtering rule for
[HUAWEI] acl name deny-telnet TCP protocol packets based on the
[HUAWEI-acl-adv-deny-telnet] rule deny tcp TCP destination port number, source
destination-port eq telnet source 192.168.1.3 0 IP address (host address), and
destination 192.168.2.0 0.0.0.255 destination IP address segment

To prohibit Telnet connections


between the specified host and the
hosts on a network segment, configure
a rule in an advanced ACL. For
example, to prohibit Telnet
connections between host 192.168.1.3
and hosts on network segment
192.168.2.0/24, configure the
following rule in the advanced ACL
deny-telnet.
<HUAWEI> system-view To prohibit the specified hosts from
[HUAWEI] acl name no-web accessing web pages (HTTP is used to
[HUAWEI-acl-adv-no-web] description Web access access web pages, and TCP port
restrictions number is 80), configure rules in an
[HUAWEI-acl-adv-no-web] rule deny tcp destination- advanced ACL. For example, to
port eq 80 source 192.168.1.3 0 prohibit hosts 192.168.1.3 and
[HUAWEI-acl-adv-no-web] rule deny tcp destination- 192.168.1.4 from accessing web
port eq 80 source 192.168.1.4 0 pages, configure the following rules in
ACL no-web and set the description
for the ACL to Web access restrictions.

20 | P a g e
Fawzy Abdelbaset | LinkedIn
HUAWEI Commands BY: Fawzy Abdelbaset

Verifying the ACL Configuration


display acl { acl-number | name acl-name | all } command to check ACL configuration.
display time-range { all | time-name } command to view information about the time
range.
NAT
Configure outbound NAT on the AC.

[HUAWEI] nat address-group 1 10.1.1.100 10.1.1.200


[HUAWEI] nat address-group 2 10.1.1.80 10.1.1.83
[HUAWEI] acl 2000
[HUAWEI-acl-basic-2000] rule 5 permit source
192.168.20.0 0.0.0.255
[HUAWEI-acl-basic-2000] quit
[HUAWEI] acl 2001
[HUAWEI-acl-basic-2001] rule 5 permit source
10.0.0.0 0.0.0.255
[HUAWEI-acl-basic-2001] quit
[HUAWEI] interface vlanif 300
[HUAWEI-Vlanif300] nat outbound 2000 address-
group 1 no-pat
[HUAWEI-Vlanif300] nat outbound 2001 address-
group 2
[HUAWEI-Vlanif300] quit
[HUAWEI] quit
Verifying NAT
display nat outbound command on the AC to check the address
translation result.

‫اللهم إنى وهبت ثواب هذا العمل لوالدى رحمه للا‬


‫فال تنسوه من دعائكم‬
.‫زادكم للا علما ً ونفعنا للا وإياكم‬

21 | P a g e
Fawzy Abdelbaset | LinkedIn

You might also like