Huawei Commands :

Basic Configuration:
Huawei privileges note Privilege note: 0-VISIT, 1-
<switch1>super MONITOR, 2-SYSTEM, 3-MANAGE
Super command for manage
mode.
Changing switch hostname
<Huawei>system-view
[Huawei]sysname switch1
[switch1]quit
Log in with console
<Huawei>system-view
[Huawei]user-interface console 0
[Huawei-ui-console0]user privilege level 3
[Huawei-ui-console0] quit
Configuring passwords
[switch1]user-interface vty 0 4 To set number of users concurrently work with.
[switch1-ui-vty0-4]user privilege level 3 Default privilege level is 0. Set 3 for manage.
[switch1-ui-vty0-4]authentication-mode password Authentication mode aaa is recommended.
[switch1-ui-vty0-4]set authentication password aaa AAA authentication
none Login without checking
cipher password password Authentication through the
[switch1-ui-vty0-4]display this To check configuration.
Configuring passwords with username
[Huawei]user-interface vty 0 4
[Huawei-ui-vty0-4]authentication-mode aaa
[Huawei-ui-vty0-4]quit
[Huawei]aaa
[Huawei-aaa]local-user user1 password cipher
password1
Info: Add a new user.
[Huawei-aaa]local-user user1 service-type telnet
[Huawei-aaa]local-user user1 privilege level 3
[Huawei-aaa]display this
[Huawei-aaa]quit
Giving the switch an IP address
<Huawei>system-view
[Huawei]interface Vlanif 1
[Huawei-Vlanif1]ip address 10.1.1.1 30
[Huawei-Vlanif1]display this
[Huawei-Vlanif1]quit
<Huawei>display ip interface brief
Setting the default route
[Huawei]ip route-static 0.0.0.0 0 10.1.1.1
[Huawei]display ip routing-table
Saving configuration
<Huawei>save
The current configuration will be written to the device.
Are you sure to continue?[Y/N]Y
Info: Please input the file name ( *.cfg, *.zip )
[vrpcfg.zip]:
Aug 10 2018 22:53:09-08:00 Huawei
%%01CFM/4/SAVE(l)[0]:The user chose Y when dec
iding whether to save the configuration to the device.
Now saving the current configuration to the slot 0.
Save the configuration successfully
 Configuring switch to use SSH
[Huawei]rsa local-key-pair create To generate rsa key
[Huawei]user-interface vty 0 4
[Huawei-ui-vty0-4]authentication-mode aaa
[Huawei-ui-vty0-4]protocol inbound ssh
[Huawei-ui-vty0-4]quit

[Huawei]aaa
[Huawei-aaa]local-user user1 password cipher user1
[Huawei-aaa]local-user user1 privilege level 3 User1 is username
[Huawei-aaa]local-user user1 service-type ssh
[Huawei-aaa]quit
[Huawei]ssh authentication-type default password

Huawei]stelnet server enable

From client/remote switch
ssh client first-time enable
[Huawei]stelnet 10.1.1.1 This section from other switch.
Please input the username:user1 Client switch configuration
The server is not authenticated. Continue to
access it? [Y/N] :Y
Save the server's public key? [Y/N] :
%01SSH/4/SAVE_PUBLICKEY(l)[3]:When deciding
whether to save the server's public key 10.1.1.1,
the user chose Y.
Enter password:
Description, speed and duplex
[huawei]interface GigabitEthernet 0/0/1
[huawei-GigabitEthernet0/0/1]speed 100
[huawei-GigabitEthernet0/0/1]duplex full
[huawei-GigabitEthernet0/0/1]description Uplink
Verify Basic Configuration
[huawei]display version To display version of VRP.
[huawei]display version Shows the current configuration file stored in flash default
file is vrpcfg.cfg
<switch1>display startup To check the statrtup files used for the next startup.
<switch1>display history-command Lists the commands currently held in the history buffer.
<switch1>display ip interface brief Shows an overview of all interfaces, their physical status,
protocol status and ip address if assigned.
[switch1]display user-interface To check the user interface that a device supports
[switch1]display interface Ethernet To display ether interface
brief
[switch1]display interface To display interface description
description
[switch1]display arp all To show all arp entry
Port Security
[sw1]interface GigabitEthernet 0/0/2 The sticky MAC function
[sw1-GigabitEthernet0/0/2]port-security enable usually applies to networks
[sw1-GigabitEthernet0/0/2]port-security mac-address where terminal users seldom
sticky change
[sw1-GigabitEthernet0/0/2]port-security max-mac-num 5
[sw1-GigabitEthernet0/0/2]quit
port-security protect-action { protect | restrict | It’s optional. By default mode is
shutdown } restrict.
 VLAN Configuration
<switch1>system-view Create a new VLAN and give it a
[switch1]vlan 10 name
[switch1-vlan10]name technical Name is not supported by all
[switch1-vlan10]quit
switches.
[switch1]vlan vlan-name ece_dept After a name is configured for a VLAN,
[switch1-vlan10]quit we can directly enter the VLAN view
using the name.

There are three types VLAN in huawei  Hybrid interface allows tagged
 Access frames from multiple VLANs
 Trunk Frames send out from a hybrid
 Hybrid interface are tagged or untagged
according to the VLAN
Default VLAN on Huawei devices is Hybrid. configuration.
 Hybrid interface has the ability
to selectively perform and
removal of VLAN tags from
frames that differ from PVID of
the port interface.
Assign an access interface to access a specific
VLAN:
[switch1]interface GigabitEthernet 0/0/2
[switch1-GigabitEthernet0/0/2]port link-type
access
[switch1-GigabitEthernet0/0/2]port default vlan
10
[switch1-GigabitEthernet0/0/2]quit
Configuring the trunk interface:
[switch1]interface GigabitEthernet 0/0/4
[switch1-GigabitEthernet0/0/4]port link-type  To set the link type as trunk.
trunk
[switch1-GigabitEthernet0/0/4]port trunk allow-  Allow specific VLANS to this
pass vlan 10 to 20 interface
[switch1-GigabitEthernet0/0/4]port trunk allow-
pass vlan all  Allow all vlans
[switch1-GigabitEthernet0/0/4]port trunk pvid
vlan 10  Set default VLAN for trunk
[switch1-GigabitEthernet0/0/4]quit interface.
Configuring the hybrid interface:
[switch1]interface GigabitEthernet 0/0/5
[switch1-GigabitEthernet0/0/5]port link-type  To set port type hybrid
hybrid
[switch1-GigabitEthernet0/0/5]port hybrid  The hybrid interface is added to
untagged vlan 10 to 20 the VLAN in untagged mode
[switch1-GigabitEthernet0/0/5]port hybrid  The hybrid interface is added to
tagged vlan 5 to 7 the VLAN in tagged mode
[switch1-GigabitEthernet0/0/5]port hybrid pvid  The default VLAN is configured
vlan 10 for the hybrid interface.
[switch1-GigabitEthernet0/0/5]quit
Create multiple VLAN:
[switch1]vlan batch 11 to 20
[switch1]vlan batch 10 15 to 19 25 28 to 30
 Link Type Negotiation protocol(LNP) Like Cisco DTP ( Optional)
Link-type Negotiation Protocol (LNP) dynamically negotiates the link type of an Ethernet Interface.The negotiated
link type can be access or trunk.
 The Ethernet interface that is negotiated as an access interface joins VLAN 1 by default.
 The Ethernet interface that us negotiated as a trunk interface joins VLAN1 to VLAN 4094 by default.
After LNP is enabled, LNP negotiation is triggered in the following situations.
 The local device receives LNP packets from the remote device.
 The local configuration or interface status changes.
In addition to access, hybrid, trunk, Dot1q tunnel. LNP provides following link types:
Negotiation-desireable: The local device actively sends LNP packets.
Negotiation-auto : The local device does not actively send LNP packets.

Configuration:
port link-type negotiation-auto Configure the link dynamic negotiation mode as auto.
port link-type negotiation-desirable Configure the link dynamic negotiation mode as
desirable
port trunk allow-pass only-vlan 1 to Remove an interface from a VLAN in negotiation
9 11 to 4094 mode. For example, remove an interface from VLAN
10.
port negotiation disable Disable auto-negotiation of an interface.
lnp disable Disable global LNP
portswitch If the interface is not layer2
display lnp summary To view auto negotiation to all interface
display lnp interface gig0/0/5 To view information to a specific interface

Verify VLAN Configuration

[switch1]display vlan summary Summary information of vlans
[switch1]display vlan Display all vlan
[switch1]display vlan 10 Show all information of vlan 10
[switch1]display port vlan To view types of port and VLAN configuration

GVRP/ Dynamic VLAN configuration.

The Generic Attribute Registration Protocol (GARP) defined by IEEE effectively reduces the manual workload
in VLAN configuration. GARP includes two protocols:
GARP Multicast Registration Protocol (GMRP) and
GARP VLAN Registration Protocol (GVRP).
Manually created VLANs are called static VLANs, and VLANs created by the GVRP are called dynamic VLANs.
GVRP allows VLAN attribute transmission between switches to implement dynamic VLAN registration and
deregistration on switches.
After configuring GVRP, you only need to manually configure VLANs on a few switches, and then these
switches deliver VLAN configurations to other switches.
[sw1]gvrp Enable GVRP on a port. (Note: GVRP must be globally
enabled on a switch before it is enabled on a port of the
switch.
[sw1-GigabitEthernet0/0/1]gvrp GVRP can be configured only on Trunk ports.
[sw1]display vlan summary After GVRP configuration, It shows Total 8 dynamic
vlan.
 Link technology (Link aggregation)
Ethernet Link aggregation, also called Eth-Trunk, bundles multiples physical links to form a logical link to increase
link bandwidth.
 Bundle links back up each other, increase reliability.
Link aggregation has two modes a) Manual mode. b) LACP (Link aggregation control protocol) mode
Manual Mode: All links are active links. All active links participate in data forwarding.
LACP Mode: Some links are active links. All active links participate in data forwarding. If an active links
fails, the system selects a link among the inactive links as the active link.
Link aggregation manual mode configuration To create a Ethernet-Trunk interface. The
[sw1]interface Eth-Trunk 1 value of trunk-id ranges from 0 to 127
[sw1-Eth-Trunk1]mode manual load-balance .Mode configuration.
[sw1-Eth-Trunk1]trunkport GigabitEthernet 0/0/1 . Add physical ports GE1/0/1, GE1/0/2,
to 0/0/3 and GE1/0/3 to logical port Eth-Trunk1
[sw1-Eth-Trunk1]port link-type trunk . Logical port works like a physical trunk port
[sw1-Eth-Trunk1]port trunk allow-pass vlan 10 Enable eth-trunk to allow frame from
[sw1-Eth-Trunk1]quit specific VLAN
Link aggregation LACP mode configuration
[sw1]interface Eth-Trunk 2
[sw1-Eth-Trunk2]mode lacp-static LACP mode configure
[sw1-Eth-Trunk2]trunkport GigabitEthernet 0/0/4
to 0/0/10
[sw1-Eth-Trunk2]max active-linknumber 4 Set maximum active link (By default, it is 8)
[sw1-Eth-Trunk2]least active-linknumber 2 Set minimum active link (By default, it is1 )
[sw1-Eth-Trunk2]port link-type trunk Port configuration in trunk mode
[sw1-Eth-Trunk2]port trunk allow-pass vlan all
[sw1-Eth-Trunk2]quit

LACP Priority configure: In system-view, The LACP system

priority is set.
[sw1]lacp priority 100 A smaller LACP priority value indicates a
higher priority. By Default LACP priority
id 32768.It ranges from 0 to 65535

[sw1-GigabitEthernet0/0/6]lacp priority 100 Set priority to interface.

Smart Link
[sw1]interface GigabitEthernet 0/0/1 To enable smart link we have to
[sw1-GigabitEthernet0/0/2]stp disable disable STP to all port connected via
[sw1-GigabitEthernet0/0/2]quit smart link group
[sw1]smart-link group 1 Create a smart-link group.
[sw1-smlk-group1]port GigabitEthernet 0/0/1 master Set primary link
[sw1-smlk-group1]port GigabitEthernet 0/0/2 slave Set secondary link
[sw1-smlk-group1]flush send control-vlan 10 To enable smart link group 1 to send
password simple abc123 send flush frames.
[sw1-smlk-group1]restore enable Restore command is used for
switchback function.
[sw1-smlk-group1]timer wtr 50 Timer for switchback function.
[sw1-smlk-group1]smart-link enable Finally enable the smart link
[sw1-smlk-group1]quit
Others switches: smart-link flush receive command to
[sw2-GigabitEthernet0/0/1]smart-link flush receive enable their ports capable of receiving
control-vlan 10 password simple abc123 and processing flush frames that carry
[sw3-GigabitEthernet0/0/2]quit control VLAN ID 10.
[sw1]display smart-link group 1 To view the information of smart link
group 1
 Monitor link
A Monitor link group consists of one uplink port and one or more downlink ports. If the uplink port goes down, all
download port are immediately set to down state.
 This protocols sometimes used with smart link minimize of frame loss
[sw1]monitor-link group 1 To create a monitor link.
[sw1-mtlk-group1]smart-link group 1 uplink Set uplink port
[sw1-mtlk-group1]port GigabitEthernet 0/0/3 Set download port
downlink 1
[sw1-mtlk-group1]timer recover-time 10 Set recovery time in seconds
[sw1-mtlk-group1]quit
[sw1]display monitor-link group 1 To view monitor link group info.

STP
[sw1]stp mode stp Set the STP mode. The mode is set to MSTP by default.
[sw1]stp mode rstp
[sw1]stp root primary Set the root bridge Once the command is run on the
device, the device’s bridge priority value is
automatically set to 0
[sw2]stp root secondary Set the secondary root bridge.
Optional: Setting a Priority for a A priority is set for the switching device.
Switching Device The default priority value of a switching device is
32768.
If the stp root primary or stp root secondary command
[sw1]stp priority 100 has been executed to configure the device as the root
bridge or secondary root bridge, run the undo stp root
command to disable the root bridge or secondary root
bridge function and then run the stp priority priority
command to set a priority.
Optional: Setting a Path Cost for a Port A path cost calculation method is specified.
By default, the IEEE 802.1t standard (dot1t) is used to
calculate the path costs.
[sw3]stp pathcost-standard dot1t All switching devices on a network must use the same
path cost calculation method.
[sw3-GigabitEthernet0/0/1]stp cost 100 A path cost is set for the interface.
When the Huawei calculation method is used, cost
ranges from 1 to 200000.
When the IEEE 802.1d standard method is used, cost
ranges from 1 to 65535.
When the IEEE 802.1t standard method is used, cost
ranges from 1 to 200000000.
Setting a priority for a port In spanning tree calculation, priorities of the ports in a
[sw1-GigabitEthernet0/0/1]stp port ring affect designated port election.
priority 16 To block a port on a switching device, set a greater
[sw1-GigabitEthernet0/0/1]quit priority value than the default priority value for the port.
In spanning tree calculation, priorities of the ports in a
ring affect designated port election.
To block a port on a switching device, set a greater
priority value than the default priority value for the port.
[sw1]display stp brief To checking STP configuration.
[sw1]display stp interface
GigabitEthernet 0/0/1
[sw1]stp enable Configurations on a switching device, such as the device priority and port priority, affect
spanning tree calculation. Any change to the configurations may cause network flapping. To
ensure rapid, stable spanning tree calculation, perform basic configuration on the switching
device and its ports before enabling STP/RSTP.
 MSTP
MSTP implements load balancing among VLANs. Traffic in different VLANs is transmitted along different paths.
MSTP Implements fast convergence and provides multiple paths to load balance VLAN Traffic.
MSTP divides a switching network into multiple regions, each of which has multiple spanning trees that are
independent of each other.
 An MST (Multiple spanning tree) region consists of several switching devices on the switching network
and the network segments between the switches.
 Each spanning tree is called an MSTI(MST Instance). The VLANs in a region are allocated into different
groups. Each group has certain topology. Then MST instances are configured. MSTP maps one or multiple
VLANs to each MSTI.
MSTP Configuration
[sw1]stp mode mstp The working mode of the switching device is configured as
MSTP. By default, the working mode is MSTP.
MSTP region configuration. Configure to
all switches.
[sw1]stp region-configuration MST region view is displayed.
[sw1-mst-region]region-name RG1 Create MST region
[sw1-mst-region]instance 1 vlan 2 Configure VLAN-to-instance mappings.
to 10
[sw1-mst-region]instance 2 vlan 11
to 20
[sw1-mst-region]active region- MST configurations are activated.
configuration
[sw1-mst-region]quit
Configuring root bridge and secondary
root bridge.
[sw1]stp instance 1 root primary Set switch1 as primary root for instance 1
[sw1]stp instance 2 root secondary Set switch1 as secondary root for instance 2

[sw2]stp instance 2 root primary Set switch2 as primary root for instance 2
[sw2]stp instance 1 root secondary Set switch2 as secondary root for instance 1
(Optional) Setting a Path Cost of a The MSTP path cost determines root port
Port in an MSTI selection in an MSTI. The port with the lowest
path cost to the root bridge is selected as a root
[sw3]stp pathcost-standard legacy port.
[sw3-GigabitEthernet0/0/3]stp dot1d-1998 IEEE 802.1D-1998
instance 2 cost 2000 dot1t IEEE 802.1T
[sw3-GigabitEthernet0/0/3]quit legacy Legacy [Huawei standard]

** Same as STP section describe above.

**Path cost is used for root port. Priority is used
for designated port.
Verify the configuration
[sw1]display stp brief To view brief information
[sw1]display stp region- To view region configuration
configuration [sw1]display To view brief information
[sw1]stp interface GigabitEthernet Display details information.
0/0/2 brief
[sw1]display stp interface
GigabitEthernet 0/0/2
 VRRP
VRRP is a redundancy protocol. VRRP groups several physical routers into a virtual router. If next hop
switch of a host fails, VRRP switches traffic to another switch, ensuring continuous and reliable
communication.
The VRRP virtual router is identified by the virtual router ID (VRID) and the virtual IP address. Multiple
virtual routers can be configured on an interface.
VRRP determines the device role in the virtual router based on device priorities. The device with higher
priority is more likely to become the master.
[sw1]interface Vlanif 100 Here vrid of the virtual router
[sw1-Vlanif100]vrrp vrid 1 virtual-ip composed of switch1 and switch2
10.1.1.254
[sw1-Vlanif100]vrrp vrid 1 priority
120
[sw1-Vlanif100]vrrp vrid 1 preempt-
mode timer delay 20
[sw1-Vlanif100]quit
[sw2]interface Vlanif 100 Default priority is 100.
[sw2-Vlanif100]vrrp vrid 1 virtual-ip
10.1.1.254
[sw2-Vlanif100]quit
[sw2]display vrrp To view vrrp information.
VRRP Load Balance
The load balancing monde has following characteristics:
 Each backup group consists if a master device and multiple backup devices.
 These backup groups can have different master devices.
 A device can join multiple backup groups and obtain different priorities in each group.
[sw1]interface Vlanif 100
[sw1-Vlanif100]vrrp vrid 1 virtual-ip
10.1.1.254
[sw1-Vlanif100]vrrp vrid 1 priority 120
[sw1-Vlanif100]vrrp vrid 1 preempt-mode timer
delay 20
[sw1-Vlanif100]quit
[sw1]interface Vlanif 100
[sw1-Vlanif100]vrrp vrid 2 virtual-ip
10.1.1.253
[sw1-Vlanif100]quit
[sw2]interface Vlanif 100
[sw2-Vlanif100]vrrp vrid 1 virtual-ip
10.1.1.254
[sw2-Vlanif100]quit
[sw2]interface Vlanif 100
[sw2-Vlanif100]vrrp vrid 2 virtual-ip
10.1.1.253
[sw2-Vlanif100]vrrp vrid 2 priority 120
[sw2-Vlanif100]vrrp vrid 2 preempt-mode timer
delay 20
[sw2-Vlanif100]quit
 VRRP tracking interface
VRRP can track the status of interfaces that are not enabled with vrrp. When the interface that is tracked
by vrrp goes Up or Down, the priority of the device automatically changes by a certain value.
 A VRRP backup group tracks a maximum of eight interfaces in two modes.
[sw1]interface Vlanif 100
[sw1-Vlanif100]vrrp vrid 1 track Set the tracking interface and certain value.
interface GigabitEthernet 0/0/2
reduced 50
[sw1-Vlanif100]quit
[sw1]display vrrp
VRRP fast Switchover
Bidirectional forwarding detection (BFD) quickly detects connectivity of network links or IP
routes. VRRP tracks BFD session status to perform fast switchover between master and backup
devices within 1 second.
[sw1]bfd Enable BFD
[sw1-bfd]quit
[sw1]bfd atob bind peer-ip 10.1.1.2 interface Set BFD peer interface ip
Vlanif 100
[sw1-bfd-session-atob]discriminator local 1 Set discriminator. Local discriminator is set
[sw1-bfd-session-atob]discriminator remote 2 Remote discriminator is set.s
[sw1-bfd-session-atob]commit
[sw1-bfd-session-atob]quit
[sw2]bfd
[sw2-bfd]quit
[sw2]bfd btoa bind peer-ip 10.1.1.1 interface
Vlanif 100
[sw2-bfd-session-btoa]discriminator local 2
[sw2-bfd-session-btoa]discriminator remote 1
[sw2-bfd-session-btoa]commit
[sw2-bfd-session-btoa]quit

BFD Command:
bfd session-name bind peer-ip ipaddress [vpn-instance vpn-name] interface interface-type
interface-number [source-ip ip-address ].
 VRRP Command for backup
quit Quit command allows you to exit from the current view and
return to the upper level view.
return Return command or ctrl+z allows you to go to the user view.
Display current configuration Display the current configuration of the device.
[Huawei]display user- To check the user interface that a device supports
interface
By default, the next startup configuration file is named vrpcfg.zip
[Huawei]save backup.zip Save the configuration file for backup

Saving configuration automatically

Autosave time on To enable schedule autosave
Autosave time 00:00:00 Specific time
Autosave interval on To enable periodical autosaving.
Autosave interval Time interval in minute. By default 1440 minute one day
time_in_minute
[Huawei] startup saved-
configuration backup.zip
[Huawei] compare To compare the current configuration to compare with the next
configuration startup configuration.
Dir To display the directory
Mkdir directory_name To create a new directory
Cd To change a directory
Copy Copy a file
[Huawei] tftp 10.1.1.1 get To download a file from ftp server
devicesoft.cc
[Huawei] tftp 10.1.1.1 put To upload a file to FTP server.
devicesoft.cc
<Huawei>ftp 10.1.1.1 21 To login ftp server . It needs username passoword.
delete [/unreserved] [/force] filename Deleting a file cannot be restored
<Huawei>undelete filename To restore deleted file
<Huawei>reset recycle-bin To delete all file in the recycle-bin
<Huawei>display startup To check the statrtup files used for the next startup.
Save Save the current configuration file
Reboot Reboot the device
Schedule reboot at time_00:00:00 Reboot specific time

Md. Al-Amin.
[email protected]