HUAWEI Switch CLI

contrast with
CISCO

www.huawei.com

Copyright © 2013 Huawei Technologies Co., Ltd. All rights reserved.

Huawei Enterprise USA, Inc. proprietary. Available for use by authorized partners.
Huawei Enterprise USA, Inc. proprietary. Provided for use by authorized partners or by

Objectives
Agend
 Upon completion of this course, you will be able to:
 Understand the characteristic of Huawei CLI

 Be familiar with some common Huawei commands

 Configure some basic Huawei Switch features

Copyright © 2010 Huawei Technologies Co., Ltd. All rights Page1

Huawei Enterprise USA, Inc. proprietary. Provided for use by authorized partners or by

Agend
1 Abstract

2 Huawei and Cisco command-view contrast

3 Switch Features configuration contrast

Copyright © 2010 Huawei Technologies Co., Ltd. All rights Page2

Huawei Enterprise USA, Inc. proprietary. Provided for use by authorized partners or by

Abstract
Agend
 The overall mechanism of Huawei and Cisco CLI are similar.
 The styles of Huawei and Cisco CLI are identical.

 Huawei CLI has corresponding relationship with Cisco's in

particular command.

 After learning these sameness and differences between

Huawei and Cisco CLI, you can skillfully practice Huawei
CLI in short time if you learnt well the Cisco CLI.

Copyright © 2010 Huawei Technologies Co., Ltd. All rights Page3

Huawei Enterprise USA, Inc. proprietary. Provided for use by authorized partners or by

Agend
1 Abstract

2 Huawei and Cisco command-view contrast

1 Command style contrast

2 Common commands contrast

3 Switch Features configuration contrast

Copyright © 2010 Huawei Technologies Co., Ltd. All rights Page4

Huawei Enterprise USA, Inc. proprietary. Provided for use by authorized partners or by

Command style
 Huawei configuration views and Cisco configuration modes contrast
 Huawei configuration views and Cisco configuration modes are quite similar
 Cisco:
 User mode, use “>” as prompt, e.g. Cisco>
 Privileged mode, use “#” as prompt, e.g. Cisco#
 Configuration mode, use “#” as prompt, e.g. Cisco(config)#
 Other configuration mode, use “#” as prompt, e.g. Cisco(config-XX)#

 Huawei:
 User view, use “< >” as prompt，e.g. <Huawei>
 System view, use “[ ]” as prompt, e.g. [Huawei]
 Other configuration view, use “[ ]” as prompt, e.g. [Huawei-XX]
 You can see that Huawei never have the single configuration mode like Cisco，
the system view of Huawei is equivalent to privileged mode plus configuration
mode of Cisco.

Copyright © 2010 Huawei Technologies Co., Ltd. All rights Page5

Huawei Enterprise USA, Inc. proprietary. Provided for use by authorized partners or by

Command
Command style
style contrast
 Command structure contrast
 Huawei and Cisco have similar command structure

Cisco>show running-configuration

prompt command space Keyword, parameter

Huawei>display current-configuration

Copyright © 2010 Huawei Technologies Co., Ltd. All rights Page6

Huawei Enterprise USA, Inc. proprietary. Provided for use by authorized partners or by

Command style
 Common shortcut keys contrast
 The same to use up cursor key “↑” and down cursor key “↓” to show the
history commands

 The same to use “?” to help to find the following command/parameter

 The same to use Tab key to full fill the command

 The same to use Backspace key to Deletes a character before the cursor

 Huawei supports to defining hotkeys, and you can use the command “display
hotkey” to show the hotkeys in use

Copyright © 2010 Huawei Technologies Co., Ltd. All rights Page7

Huawei Enterprise USA, Inc. proprietary. Provided for use by authorized partners or by

Agenda style
Command
1 Abstract

2 Huawei and Cisco command-view contrast

1 Command style contrast

2 Common commands contrast

3 Switch Features configuration contrast

Copyright © 2010 Huawei Technologies Co., Ltd. All rights Page8

Huawei Enterprise USA, Inc. proprietary. Provided for use by authorized partners or by

Common command
 Command keywords contrast
 Most part of Huawei command keywords has the fixed contrast to Cisco, know
about these will help you to learn Huawei command quickly if you have a good
skill on Cisco.
 Common command keywords contrast:
 show <- -> display
 no <- -> undo
 exit <- -> quit
 clear <- -> reset
 debug <- -> debugging
 neighbor <- -> peer
 detail <- -> verbose
 delete <- -> delete
 match <- ->if-match

Copyright © 2010 Huawei Technologies Co., Ltd. All rights Page9

Huawei Enterprise USA, Inc. proprietary. Provided for use by authorized partners or by

Common command contrast

 Common command contrast
 Configure host name
 Cisco(config)# hostname <hostname>
 [huawei] sysname <sysname>

 Display information about version

 Cisco# show version
 [huawei] display version

 Display information about configuration

 Cisco# show running-configuration
 [huawei] display current-configuration

 Display information about configuration

 Cisco# show interface [ interface-type [ interface-number ] ]
 [huawei] display interface [ interface-type [ interface-number ] ]

 Huawei command “display this“ is a convenient command to show the configuration in the
current view

Copyright © 2010 Huawei Technologies Co., Ltd. All rights Page1

 Common command contrast
Huawei command Cisco command
Press Enter key into the user view Enter the privileged mode

<Quidway> Cisco> enable

Cisco#
Enter the system view
Enter configuration mode
<Quidway> system-view
[Quidway] Cisco# configure terminal
Cisco (config)#
Enter interface view
Enter interface-configuration mode
[Quidway] interface interface-mode
[Quidway-interface-mode] Cisco (config)# interface interface-mode
Cisco (config-if)#
Enter router view
Enter router-configuration mode
[Quidway] ospf 1
[Quidway-ospf-1] Cisco (config)# router ospf 1
Cisco (config-router)#
Enter AAA view
Enter AAA-configuration mode
[Quidway] aaa
[Quidway-aaa] Cisco (config)# aaa new-model

Copyright © 2010 Huawei Technologies Co., Ltd. All rights Page1

Huawei Enterprise USA, Inc. proprietary. Provided for use by authorized partners or by

Agenda the local

Configuring
1 Abstract
Huawei Cisco

2 Huawei and Cisco command-view contrast

3 Switch Features configuration contrast

1 Basic Configuration

2 Ethernet Configuration

3 Reliability

4 QoS

5 Security

6 Device Management

Copyright © 2010 Huawei Technologies Co., Ltd. All rights Page1

Huawei Enterprise USA, Inc. proprietary. Provided for use by authorized partners or by
7 Network Management

Configuring the local

Huawei Cisco

Copyright © 2010 Huawei Technologies Co., Ltd. All rights Page1

 Huawei Enterprise USA, Inc. proprietary. Provided for use by authorized partners or by

Configuring the local

Huawei Cisco

Enter the system view Enter the configuration mode

<Quidway> system-view Cisco# configure terminal

Enter the AAA view Create a local user and set the password

[Quidway] aaa Cisco (config)# username Huawei password 123456

Create a local user and set the password Specify the local user’s level
[Quidway-aaa] local-user Huawei password simple 123456 Cisco (config)# username Huawei privilege 3

Specify the local user’s level

[Quidway-aaa] local-user Huawei level 3

Specify the local user’s service-type

[Quidway-aaa] local-user Huawei service-type telnet

Copyright © 2010 Huawei Technologies Co., Ltd. All rights Page1

Login by console
 When login through console port ,please use the following parameter

Parameter Value
Bit per second (Baud rate) 9600

Data bits 8

Parity check None

Stop bits 1

Flow control None

Copyright © 2010 Huawei Technologies Co., Ltd. All rights Page1

 Huawei Enterprise USA, Inc. proprietary. Provided for use by authorized partners or by

Login by
Telnet Cisco
Enter the system view Enter the configuration mode

<Quidway> system-view Cisco# configure terminal

Configure VTY user interfaces Configure VTY user interfaces

[Quidway] user-interface vty 0 4 Cisco (config)# line 0 4

Set the authentication mode Set the authentication mode

[Quidway-ui-vty0-4] authentication-mode {none | password | aaa } Cisco (config-line)# no login | login { <cr> | local | tacacs }
If you use the authentication-mode as password, you If you use the authentication-mode as login, you need
need to set the password to set the password

[Quidway-ui-vty0-4] set authentication password { cipher | simple } Cisco (config-line)# password password
password

Set the VTY user level

Set the VTY user level
Cisco (config-line)# privilege level 3
[Quidway-ui-vty0-4] user privilege level 3

Copyright © 2010 Huawei Technologies Co., Ltd. All rights Page1

 Huawei Enterprise USA, Inc. proprietary. Provided for use by authorized partners or by

Login by
Telnet Cisco

IP Network
SSH Client SSH Server
Pre-conditions:
SSH client login the SSH server with the password mode
IP routing is normal between SSH client and SSH Server

Huawei command Cisco command

Configure the SSH user and the password of the user Configure the local user and the password of the user

<Quidway> system-view Cisco# configure terminal

[Quidway] aaa Cisco (config)# username Huawei password 123456
[Quidway-aaa] local-user Huawei password simple 123456 Cisco (config)# username Huawei privilege 3
[Quidway-aaa] local-user Huawei service-type ssh
[Quidway-aaa] local-user Huawei level 3
[Quidway-aaa] quit

Copyright © 2010 Huawei Technologies Co., Ltd. All rights Page1

 Huawei Enterprise USA, Inc. proprietary. Provided for use by authorized partners or by

Software
Login by Upgrade by
Generate a local key pair on the server Generate a local key pair on the server

[Quidway] rsa local-key-pair create Cisco(config)# ip domain-name test

The key name will be: Quidway_Host The range of public key size is Cisco(config)# crypto key generate rsa
(512 ~ 2048). The name for the keys will be: Cisco.test
NOTES: If the key modulus is greater than 512, I Choose the size of the key modulus in the range of 360 to 2048
t will take a few minutes. for your General Purpose Keys. Choosing a key modulus greater
Input the bits in the modulus [default = 512]: 1024 than
Generating keys..........++++++++++++..........+++++++++++ 512 may take a few minutes.
+................................. How many bits in the modulus [512]: 1024
..++++++++......++++++++ % Generating 1024 bit RSA keys, keys will be non-exportable...[OK]

Enable the STelnet service on the SSH server Configure authentication-mode of the VTY as SSH
[Quidway] stelnet server enable Cisco (config)# line 0 4
[Quidway] ssh user Huawei authentication-type password Cisco (config-line)# login local
Cisco (config-line)# transport input ssh

Configure authentication-mode of the VTY as SSH

[Quidway] user-interface vty 0 4

[Quidway-ui-vty0-4] authentication-mode aaa
[Quidway-ui-vty0-4] protocol inbound ssh

Copyright © 2010 Huawei Technologies Co., Ltd. All rights Page1

 Huawei Enterprise USA, Inc. proprietary. Provided for use by authorized partners or by

Software
Login by Upgrade by
Huawei command Cisco command
Login the FTP Server, then enter the username Login the FTP Server and get the new system software
and the password on the FTP Server from the FTP Server
<Quidway> ftp 192.168.161.141 Cisco# copy ftp://huawei:[email protected]/S9999.bin
Bootflash:S9300.bin
Trying ftp 192.168.161.141
Press CTRL+K to abort
Configure the new system software as the next startup
Connected to ftp 192.168.161.141
220 FTP service ready. Cisco(config)# boot system flash:S9300.bin
Cisco(config)# end
User (192.168.161.141:(none)):huawei
331 Password required for huawei Reboot the device
Password: 8031
Cisco# reload
Get the new system software from the FTP Server
[ftp] get S9999.cc S9300.cc

Configure the new system software as the next startup

<Quidway> startup system-software S9300.cc

Reboot the device

<Quidway> reboot

Copyright © 2010 Huawei Technologies Co., Ltd. All rights Page1

 Huawei Enterprise USA, Inc. proprietary. Provided for use by authorized partners or by

Software Upgrade by
Huawei command Cisco command

Login the TFTP Server and get the new system Login the TFTP Server and get the new system
software from the TFTP Server software from the TFTP Server
<Quidway> tftp 192.168.161.141 get S9300.cc Cisco# copy tftp://192.168.161.141/S9300.bin bootflash:
Configure the new system software as the next startup Configure the new system software as the next startup

<Quidway> startup system-software S9300.cc Cisco(config)# boot system flash:S9300.bin

Cisco(config)# end
Reboot the device
Reboot the device
<Quidway> reboot
Cisco# reload

Copyright © 2010 Huawei Technologies Co., Ltd. All rights Page1

Huawei
HuaweiEnterprise
EnterpriseUSA,
USA,Inc.
Inc.proprietary.
proprietary.Provided
Providedfor
foruse
useby
byauthorized
authorizedpartners
partnersor
orby
byNDA.

NTP Function
Software Upgrade by

NTP Server NTP Client

172.16.1.1/16 NTP

Switch A Switch B

Pre-conditions:
The operating mode of NTP is client/server mode

IP routing between Switch A and Switch B is normal

Copyright © 2010 Huawei Technologies Co., Ltd. All rights Page2

 Huawei Enterprise USA, Inc. proprietary. Provided for use by authorized partners or by

NTP Function
Switch A (Server):

Huawei command Cisco command

Configure Switch A as the NTP Server and Specify Configure Switch A as the NTP Server and Specify
the stratum of the NTP master clock the stratum of the NTP master clock

<Quidway_A> system-view Cisco_A# configure terminal

[Quidway_A] ntp-service refclock-master 2 Cisco_A(config)# ntp master 2

Switch B (Client):
Specify the IP address of the remote NTP server Specify the IP address of the remote NTP server

<Quidway_B> system-view Cisco_B# configure terminal

[Quidway_B] ntp-service unicast-server 172.16.1.1 Cisco_B(config)# ntp server 172.16.1.1

Copyright © 2010 Huawei Technologies Co., Ltd. All rights Page2

Huawei Enterprise USA, Inc. proprietary. Provided for use by authorized partners or by

Agenda
1 Abstract

2 Huawei and Cisco command-view contrast

3 Switch Features configuration contrast

1 Basic Configuration

2 Ethernet Configuration

3 Reliability

4 QoS

5 Security

6 Device Management

Copyright © 2010 Huawei Technologies Co., Ltd. All rights Page2

Huawei Enterprise USA, Inc. proprietary. Provided for use by authorized partners or by
7 Network Management

Copyright © 2010 Huawei Technologies Co., Ltd. All rights Page2

 Huawei Enterprise USA, Inc. proprietary. Provided for use by authorized partners or by

Auto-negotiation of the
Interfaces
Huawei command Cisco command

Enter the system view Enter the configuration mode

<Quidway> system-view Cisco# configure terminal

Configure the port as the auto negotiation mode, by Configure the port as the auto negotiation mode, by
default, an interface works in auto negotiation mode default, an interface works in auto negotiation mode

[Quidway] interface GigabitEthernet1/0/1 Cisco(config)# interface Gigabitethernet1/0/1

[Quidway-GigabitEthernet1/0/1] negotiation auto Cisco(config-if)# no speed

You can set the speed on an electrical interface You can set the speed on an electrical interface
work in auto-negotiation mode work in auto-negotiation mode

[Quidway-GigabitEthernet1/0/1] auto speed { 10 | 100 | 1000 }* Cisco(config-if)# speed auto { 10 | 100 | 1000 }*

You can set the duplex mode on an electrical You can set the duplex mode on an electrical
interface worked in auto negotiation mode interface worked in auto negotiation mode

[Quidway-GigabitEthernet1/0/1] auto duplex { full | half } * Cisco(config-if)# duplex auto

Copyright © 2010 Huawei Technologies Co., Ltd. All rights Page2

 Huawei Enterprise USA, Inc. proprietary. Provided for use by authorized partners or by

Forcible Setting the Rate and

Duplex Mode
Huawei command Cisco command

Enter the system view Enter the configuration mode

<Quidway> system-view Cisco# configure terminal

Set the interface to work in non-automatic negotiation Set the interface to work in non-automatic negotiation
mode mode

[Quidway] interface GigabitEthernet1/0/1 Cisco(config)# interface GigabitEthernet1/0/1

[Quidway-GigabitEthernet1/0/1] undo negotiation auto Cisco(config-if)# speed nonegotiate

You can set the speed on an electrical

You can set the speed on an electrical interface
interface worked in non-automatic negotiation
mode Cisco(config-if)# speed { 10 | 100 | 1000 }

[Quidway-GigabitEthernet1/0/1] speed { 10 | 100 | 1000 }

You can set the duplex on an electrical
interface worked in non-automatic negotiation
You can set the duplex mode on an electrical
mode
interface worked in non-automatic negotiation mode
Cisco(config-if)# duplex { full | half }
[Quidway-GigabitEthernet1/0/1] duplex { full | half }

Copyright © 2010 Huawei Technologies Co., Ltd. All rights Page2

 Huawei Enterprise USA, Inc. proprietary. Provided for use by authorized partners or by

Jumbo frame function

Huawei command Cisco command

Enter the system view Enter the configuration mode

<Quidway> system-view Cisco# configure terminal

Under the port view, set the maximum length of the Set the maximum length of the frames that can pass
frames that can pass through the interface through the interface
[Quidway] interface GigabitEthernet1/0/1 Cisco(config)# system mtu jumbo value
[Quidway-GigabitEthernet1/0/1] jumbo enable value

Copyright © 2010 Huawei Technologies Co., Ltd. All rights Page2

 Huawei Enterprise USA, Inc. proprietary. Provided for use by authorized partners or by

Power over Ethernet function

Huawei command Cisco command

Enable the POE function on the interface, by default, Enable the POE function on the interface, by default,
the POE function is auto-enable on the interface the POE function is auto-enable on the interface

<Quidway> system-view [Quidway] Cisco# configure terminal

interface Ethernet0/0/1 [Quidway- Cisco(config)# interface fastEthernet0/0/1
Ethernet0/0/1] poe enable Cisco(config-if)# power inline auto

(Optional) Configure the maximum output power of the (Optional) Configure the maximum output power of the
interface interface

[Quidway-Ethernet0/0/1] poe max-power power_values Cisco(config-if)# power inline [auto | static] max power_values
[Quidway-Ethernet0/0/1] quit
(Optional) Configure the POE mode as manual
(Optional) Configure the POE mode as manual and
supply the power over the interface by manual Cisco(config-if)# power inline static

[Quidway] poe power-management manual

[Quidway] poe power-on interface Ethernet0/0/1

Copyright © 2010 Huawei Technologies Co., Ltd. All rights Page2

 Huawei Enterprise USA, Inc. proprietary. Provided for use by authorized partners or by

Static LACP Link Aggregation

Group
GE1/0/1

Switch A GE1/0/8
Switch B

Huawei command Cisco command

Enter the system view Enter the configuration mode

<Quidway> system-view Cisco# configure terminal

Create a channel group Create a channel group

[Quidway] interface Eth-Trunk 1 Cisco(config)# interface port-channel 1

Cisco(config-if)# switchport
Cisco(config-if)# exit

Copyright © 2010 Huawei Technologies Co., Ltd. All rights Page2

 Huawei Enterprise USA, Inc. proprietary. Provided for use by authorized partners or by

Static LACP Link Aggregation

Group
Configuring the Channel group Load Balancing Configuring the Channel group Load Balancing

[Quidway-Eth-Trunk1] load-balance method Cisco(config)# port-channel load-balance method

Specify the channel group mode as LACP Assign the port to the channel group, and specify the
port as LACP mode
[Quidway-Eth-Trunk1] mode lacp-static
[Quidway-Eth-Trunk1] bpdu enable Cisco(config)# interface GigabitEthernet1/0/1
[Quidway-Eth-Trunk1] quit Cisco(config-if)# channel-group 1 mode active
Cisco(config-if)# channel-protocol lacp
Assign the port to the channel group
Specify the LACP port priority
[Quidway] interface GigabitEthernet1/0/1
[Quidway-GigabitEthernet1/0/1] eth-trunk 1
Cisco(config-if)# lacp port-priority priority-value
Cisco(config-if)# exit
Specify the LACP port priority

[Quidway-GigabitEthernet1/0/1] lacp port-priority priority-value Configure the LACP System priority

[Quidway-GigabitEthernet1/0/1] quit
Cisco(config)# lacp system-priority priority-value
Configure the LACP System priority

[Quidway] lacp port-priority priority-value

Copyright © 2010 Huawei Technologies Co., Ltd. All rights Page2

 VLAN Configuration Based on
Port
Huawei command Cisco command

Vlan can be Created singly or batch: Vlan can be Created singly or batch:

[Quidway] vlan 2 Cisco(config)# vlan 2

[Quidway] vlan bacth 2 to 10 Cisco(config)# vlan 2-10

Configure the VLAN on the access port Configure the VLAN on the access port

[Quidway] vlan 2 Cisco(config)# interface GigabitEthernet1/0/1

[Quidway-vlan2] port GigabitEthernet1/0/1 to GigabitEthernet1/0/2 Cisco(config-if)# switchport mode access
Cisco(config-if)# switchport access vlan 2
OR
Configure the VLAN on the trunk Port
[Quidway] interface GigabitEthernet1/0/1
[Quidway-GigabitEthernet1/0/1] port link-type access Cisco(config)# interface GigabitEthernet1/0/1
[Quidway-GigabitEthernet1/0/1] port default vlan 2 Cisco(config-if)# switchport trunk encapsulation dot1q
Cisco(config-if)# switchport mode trunk
Cisco(config-if)# switchport trunk allowed vlan 2-10
Configure the VLAN on the trunk Port

[Quidway] interface GigabitEthernet1/0/1

[Quidway-GigabitEthernet1/0/1] port link-type trunk
[Quidway-GigabitEthernet1/0/1] port trunk allow vlan 2 to 10

Copyright © 2010 Huawei Technologies Co., Ltd. All rights Page2

Huawei Enterprise USA, Inc. proprietary. Provided for use by authorized partners or by

Voice VLAN with LLDP-

Switch heightens voice traffic priority (set
COS = 6) to ensure voice traffic forwarding if DHCP Server FTP Server Call Agent
the Source MAC-address of the traffic
matches the OUI configured on the Switch

VLAN-ID =0 LLDP data

VLANID=8 (COS =0) Voice data VLANID=8 (COS =6) Voice data

WAN
VLAN-ID =8 LLDP data

Switch AR

Huawei Switch specifies the VLAN-ID of

IP Phone voice traffic as voice-vlan by
LLDP-MED

Copyright © 2010 Huawei Technologies Co., Ltd. All rights Page3

 Huawei Enterprise USA, Inc. proprietary. Provided for use by authorized partners or by

Voice VLAN with LLDP-

Step1: configure voice-
vlan
Huawei command Cisco command

Create a VLAN as voice VLAN on the system view Create a VLAN as voice-vlan on the configuration mode

<Quidway> system-view Cisco# configure terminal

[Quidway] vlan 8 Cisco(config)# vlan 8
[Quidway-vlan-8] quit Cisco(config-vlan)# exit

Set the OUI of the voice VLAN Enable QoS for the entire switch

[Quidway] voice-vlan mac-address mac-address mask oui-mask Cisco(config)# mls qos

[description text]
Enable voice VLAN and trust COS on the interface
Enable voice VLAN and trust COS on the interface connected to IP phone
connected to IP phone
Cisco(config)# interface fastEthernet1/0/1
[Quidway] interface Ethernet1/0/1
Cisco(config-if)# switchport voice vlan 8
[Quidway-Ethernet1/0/1] voice-vlan 8 enable
Cisco(config-if)# mls qos trust cos
[Quidway-Ethernet1/0/1] trust 8021p
Cisco(config-if)# exit
[Quidway-Ethernet1/0/1] quit

Copyright © 2010 Huawei Technologies Co., Ltd. All rights Page3

 Huawei Enterprise USA, Inc. proprietary. Provided for use by authorized partners or by

Voice VLAN with LLDP-

Step2: configure LLDP-MED

Globally enable LLDP on the system view Globally enable LLDP on the configuration mode

[Quidway] lldp enable Cisco(config)# lldp run

Enable BPDU on the interface connected IP phone Enable LLD-MED on the interface connected IP phone

[Quidway] interface Ethernet1/0/1 Cisco(config)# interface fastEthernet1/0/1

[Quidway-Ethernet1/0/1] bpdu enable Cisco(config-if)# lldp receive
Cisco(config-if)# lldp transmit
Cisco(config-if)# lldp med-tlv-select network-policy

Copyright © 2010 Huawei Technologies Co., Ltd. All rights Page3

 Huawei Enterprise USA, Inc. proprietary. Provided for use by authorized partners or by

Basic function of
Switch A Root

GE1/0/1 GE1/0/2

Switch B STP/PVST (Cisco) Switch D

GE1/0/2 GE1/0/1

Switch C

All switches:

Huawei command Cisco command

Configure the spanning tree mode as STP and enable Configure the spanning tree mode as PVST on the
stp on the system view configuration mode

<Quidway> system-view Cisco# configure terminal

[Quidway] stp mode stp Cisco(config)# spanning-tree mode pvst
[Quidway] stp enable

Copyright © 2010 Huawei Technologies Co., Ltd. All rights Page3

 Huawei Enterprise USA, Inc. proprietary. Provided for use by authorized partners or by

Basic function of
All switches:
Enable BPDU on the interfaces on the ring Configure the spanning-tree link-type as point-to-point
on the interfaces on the ring
[Quidway] interface GigabitEthernet1/0/1
[Quidway-GigabitEthernet1/0/1] bpdu enable Cisco(config)# interface GigabitEthernet1/0/1
[Quidway-GigabitEthernet1/0/1] quit Cisco(config-if)# spanning-tree link-type point-to-point
[Quidway] interface GigabitEthernet1/0/2 Cisco(config-if)# exit
[Quidway-GigabitEthernet1/0/2] bpdu enable Cisco(config)# interface GigabitEthernet1/0/2
Cisco(config-if)# spanning-tree link-type point-to-point

Switch A (root):
Configure Switch A as the root of the ring Configure Switch A as the root of the ring

[Quidway] stp root primary Cisco(config)# spanning-tree vlan vlan-id root primary

OR OR
[Quidway] stp priority 0 Cisco(config)# spanning-tree vlan vlan-id priority 0

Copyright © 2010 Huawei Technologies Co., Ltd. All rights Page3

 Huawei Enterprise USA, Inc. proprietary. Provided for use by authorized partners or by

Basic function of
Switch A Root
GE1/0/1 GE1/0/2

Switch B RSTP/Rapid-PVST Switch D

(Cisco)
GE1/0/2 GE1/0/1

Switch C

All switches:

Huawei command Cisco command

Configure the spanning tree mode as RSTP and Configure the spanning tree mode as Rapid-PVST on
enable stp on the system view the configuration mode

<Quidway> system-view Cisco# configure terminal

[Quidway] stp mode rstp Cisco(config)# spanning-tree mode rapid-pvst
[Quidway] stp enable

Copyright © 2010 Huawei Technologies Co., Ltd. All rights Page3

 Huawei Enterprise USA, Inc. proprietary. Provided for use by authorized partners or by

Basic function of
All switches:
Enable BPDU on the interfaces on the ring Configure the spanning-tree link-type as point-to-point
on the interfaces on the ring
[Quidway] interface GigabitEthernet1/0/1
[Quidway-GigabitEthernet1/0/1] bpdu enable Cisco(config)# interface GigabitEthernet1/0/1
[Quidway-GigabitEthernet1/0/1] quit Cisco(config-if)# spanning-tree link-type point-to-point
[Quidway] interface GigabitEthernet1/0/2 Cisco(config-if)# exit
[Quidway-GigabitEthernet1/0/2] bpdu enable Cisco(config)# interface GigabitEthernet1/0/2
Cisco(config-if)# spanning-tree link-type point-to-point

Switch A (root):
Configure Switch A as the root of the ring Configure Switch A as the root of the ring

[Quidway_A] stp root primary Cisco_A(config)# spanning-tree vlan vlan-id root primary

OR OR
[Quidway_A] stp priority 0 Cisco_A(config)# spanning-tree vlan vlan-id priority 0

Copyright © 2010 Huawei Technologies Co., Ltd. All rights Page3

Huawei Enterprise USA, Inc. proprietary. Provided for use by authorized partners or by

Basic function of
Switch A
GE1/0/1 GE1/0/2

Switch B MSTP Switch D

GE1/0/2 GE1/0/1

Switch C

MSTI1 (root switch: Switch A) VLAN 1-10 --> MSTI1

MSTI2 (root switch: Switch C) VLAN 11-20 --> MSTI2

Copyright © 2010 Huawei Technologies Co., Ltd. All rights Page3

 Huawei Enterprise USA, Inc. proprietary. Provided for use by authorized partners or by

Basic function of
All switches:
Huawei command Cisco command
Configure the spanning tree mode as MSTP and Configure the spanning tree mode as MSTP on the
enable STP on the system view configuration mode
<Quidway> system-view Cisco# configure terminal
[Quidway] stp mode mstp Cisco(config)# spanning-tree mode mst
[Quidway] stp enable

Configure the MST region Configure the MST region

[Quidway] stp region-configuration [Quidway-- Cisco(config)#spanning-tree mst configuration

mst-region] region-name Huawei [Quidway--mst- Cisco(config-mst)#name Huawei
region] instance 1 vlan 1 to 10 [Quidway--mst- Cisco(config-mst)#instance 1 vlan 1-10
region] instance 2 vlan 11 to 20 [Quidway--mst- Cisco(config-mst)#instance 2 vlan 11-20
region] active region-configuration

Enable BPDU on the interfaces on the ring

[Quidway] interface GigabitEthernet1/0/1

[Quidway-GigabitEthernet1/0/1] bpdu enable
[Quidway-GigabitEthernet1/0/1] quit
[Quidway] interface GigabitEthernet1/0/2
[Quidway-GigabitEthernet1/0/2] bpdu enable

Copyright © 2010 Huawei Technologies Co., Ltd. All rights Page3

 Huawei Enterprise USA, Inc. proprietary. Provided for use by authorized partners or by

Basic function of
Switch A (root of instance 1):
Configure Switch A as the root of the instance 1 Configure Switch A as the root of the instance 1

[Quidway_A] stp instance 1 root primary Cisco_A(config)# spanning-tree mst 1 root primary

OR OR
[Quidway_A] stp instance 1 priority 0 Cisco_A(config)# spanning-tree mst 1 priority 0

Switch C (root of instance 2):

Configure Switch C as the root of the instance 2 Configure Switch C as the root of the instance 2

[Quidway_C] stp instance 2 root primary Cisco_C(config)# spanning-tree mst 2 root primary

OR OR
[Quidway_C] stp instance 2 priority 0 Cisco_C(config)# spanning-tree mst 2 priority 0

Copyright © 2010 Huawei Technologies Co., Ltd. All rights Page3

 Huawei Enterprise USA, Inc. proprietary. Provided for use by authorized partners or by

BPDU
Huawei command Cisco command

Enter the system view Enter the configuration mode

<Quidway> system-view Cisco# configure terminal

Globally enable STP and BPDU guard Globally enable BPDU guard

[Quidway] stp bpdu-protection Cisco(config)# spanning-tree portfast bpduguard default

Configure the interface as the edge interface and Enable the Port Fast feature
enable BPDU on the interface
Cisco(config)# interface GigabitEthernet1/0/1
[Quidway] interface GigabitEthernet1/0/1 Cisco(config-if)# spanning-tree portfast
[Quidway-GigabitEthernet1/0/1] stp edged-port enable
[Quidway-GigabitEthernet1/0/1] bpdu enable
OR

Cisco# configure terminal

Cisco(config)# interface GigabitEthernet1/0/1
Cisco(config-if)# spanning-tree bpduguard enable

Copyright © 2010 Huawei Technologies Co., Ltd. All rights Page4

Huawei Enterprise USA, Inc. proprietary. Provided for use by authorized partners or by

Agenda
BPDU
1 Abstract

2 Huawei and Cisco command-view contrast

3 Switch Features configuration contrast

1 Basic Configuration

2 Ethernet Configuration

3 Reliability

4 QoS

5 Security

6 Device Management

Copyright © 2010 Huawei Technologies Co., Ltd. All rights Page4

Huawei Enterprise USA, Inc. proprietary. Provided for use by authorized partners or by
7 Network Management

BPDU

Copyright © 2010 Huawei Technologies Co., Ltd. All rights Page4

 Huawei Enterprise USA, Inc. proprietary. Provided for use by authorized partners or by

DLDP/UDLD
Huawei Cisco

Enter the system view Enter the configuration mode

<Quidway> system-view Cisco# configure terminal

Enable DLDP on the system view Enable UDLD on the configuration mode

[Quidway] dldp enable Cisco(config)# udld enable

Enable DLDP on the interface Enable UDLD on the interface

[Quidway] interface GigabitEthernet1/0/1 Cisco(config)# interface Gigabitethernet1/0/1

[Quidway-GigabitEthernet1/0/1] dldp enable Cisco(config-if)# udld port

Copyright © 2010 Huawei Technologies Co., Ltd. All rights Page4

Huawei Enterprise USA, Inc. proprietary. Provided for use by authorized partners or by

Basic OSPFV2 Function

DLDP/UDLD
Huawei Cisco
Area 0
Switch A Switch B
VLANIF 10 VLANIF 10
192.168.0.1/2 192.168.0.2/2
4 4

VLANIF 20 VLANIF 30
192.168.1.1/2 192.168.2.1/2
4 4
Area 1 Area 2
VLANIF 20 VLANIF 30
192.168.1.2/2 192.168.2.2/2
4 4

Switch C Switch D

Pre-conditions:

OSPF runs on the all Switches, including 3 areas in the AS

Switch A and Switch B as the ABR

Copyright © 2010 Huawei Technologies Co., Ltd. All rights Page4

 Huawei Enterprise USA, Inc. proprietary. Provided for use by authorized partners or by

Basic VRRP
OSPFV2Function
Huawei Cisco

On the all Switches, configure IP addresses on the On the all Switches, configure IP addresses on the
virtual layer 3 interfaces (e.g. with Switch A) virtual layer 3 interfaces (e.g. with Switch A)
<Quidway_A>system-view Cisco_A # configure terminal
[Quidway_A] interface vlanif 10 Cisco_A(config)# interface vlan 10
[Quidway_A-Vlanif10] ip address 192.168.0.1 255.255.255.0 Cisco_A(config-if)# ip address 192.168.0.1 255.255.255.0
[Quidway_A-Vlanif10] quit Cisco_A(config-if)# exit
[Quidway_A] interface vlanif 20 Cisco_A(config)# interface vlan 20
[Quidway_A-Vlanif20] ip address 192.168.1.1 255.255.255.0 Cisco_A(config-if)# ip address 192.168.1.1 255.255.255.0
[Quidway_A-Vlanif20] quit Cisco_A(config-if)# exit

Configure OSPF (e.g. with Switch A) Configure OSPF (e.g. with Switch A)

[Quidway_A] ospf 100 Cisco_A(config)# router ospf 100

[Quidway_A-ospf-100] area 0.0.0.0 Cisco_A(config-router)# network 192.168.0.0 0.0.0.255 area
[Quidway_A-ospf-100-area-0.0.0.0] network 192.168.0.0 0.0.0.255 0.0.0.0
[Quidway_A-ospf-100-area-0.0.0.0] quit Cisco_A(config-router)# network 192.168.1.0 0.0.0.255 area
[Quidway_A-ospf-100] area 0.0.0.1 0.0.0.1
[Quidway_A-ospf-100-area-0.0.0.1] network 192.168.1.0 0.0.0.255

Copyright © 2010 Huawei Technologies Co., Ltd. All rights Page4

Huawei Enterprise USA, Inc. proprietary. Provided for use by authorized partners or by

Basic VRRP
OSPFV2Function
Huawei Switch A Cisco
Switch B
Maste Standby
r
VLANIF 10 VLANIF 10
209.0.0.2/24 VRRP 209.0.0.3/2
4

Master (Switch A): priority of the VRRP group is 200

Standby (Switch B): priority of the VRRP group is 150

Copyright © 2010 Huawei Technologies Co., Ltd. All rights Page4

 Huawei Enterprise USA, Inc. proprietary. Provided for use by authorized partners or by

Basic VRRP
Basic VRRP Function
Function
Switch A (master):

Huawei command Cisco command

Configure a virtual layer 3 interface and assign a IP Configure a virtual layer 3 interface and assign a IP
address to the virtual layer 3 interface address to the virtual layer 3 interface
<Quidway_A>system-view Cisco_A# configure terminal
[Quidway_A] interface Vlanif 10 Cisco_A(config)# interface vlan 10
[Quidway_A-Vlanif10] ip address 209.0.0.2 255.255.255.0 Cisco_A(config-if)# ip address 209.0.0.2 255.255.255.0

Create a VRPP group and assign a virtual IP address Create a VRPP group and assign a virtual IP address
to the VRRP group to the VRRP group

[Quidway_A-Vlanif10] vrrp vrid 1 virtual-ip 209.0.0.10 Cisco_A(config-if)# vrrp 1 ip 209.0.0.10

Assign the VRRP group priority, and assign the Assign the VRRP group priority, and assign the
priority of the master of VRRP backup group is higher priority of the master of VRRP backup group is higher
than the standby one than the standby one

[Quidway_A-Vlanif10] vrrp vrid 1 priority 200 Cisco_A(config-if)# vrrp 1 priority 200

Copyright © 2010 Huawei Technologies Co., Ltd. All rights Page4

 Huawei Enterprise USA, Inc. proprietary. Provided for use by authorized partners or by

Basic VRRP Function

Switch B (Standby):
Configure a virtual layer 3 interface and assign another Configure a virtual layer 3 interface and assign another
IP address to virtual layer 3 interface IP address to the virtual layer 3 interface

<Quidway_B> system-view Cisco_B# configure terminal

[Quidway_B] interface Vlanif 10 Cisco_B(config)# interface vlan 10
[Quidway_B-Vlanif10] ip address 209.0.0.3 255.255.255.0 Cisco_B(config-if)# ip address 209.0.0.3 255.255.255.0

Create the same VRPP group and assign the same Create the same VRPP group and assign the same
virtual IP address to the VRRP group which configured virtual IP address to the VRRP group which configured
on the Switch A on the Switch A

[Quidway_B-Vlanif10] vrrp vrid 1 virtual-ip 209.0.0.10 Cisco_B(config-if)# vrrp 1 ip 209.0.0.10

Assign the VRRP group priority, and assign the Assign the VRRP group priority, and assign the
priority of the standby of VRRP backup group is lower priority of the standby of VRRP backup group is lower
than the master one than the master one

[Quidway_B-Vlanif10] vrrp vrid 1 priority 150 Cisco_B(config-if)# vrrp 1 priority 150

Copyright © 2010 Huawei Technologies Co., Ltd. All rights Page4

Huawei Enterprise USA, Inc. proprietary. Provided for use by authorized partners or by

Multicast (PIM SM +IGMP

Basic VRRP Function
Snooping)
Loopback1:5.5.5.5/32 Switch A RP

VLANIF 10 VLANIF 20
10.0.0.1/2 20.0.0.1/24
4
VLANIF 10 VLANIF 20
10.0.0.2/24 20.0.0.2/24
PIM-SM
VLANIF 30 VLANIF 30
Switch B 30.0.0.1/24 30.0.0.2/24 Switch C
VLANIF 40 VLANIF 40
40.0.0.1/24 40.0.0.2/24

IGMP
Switch D Switch E

Pre-conditions:

IP routing between Switches and Multicast Server is normal

Switch A as RP

Copyright © 2010 Huawei Technologies Co., Ltd. All rights Page4

 Huawei Enterprise USA, Inc. proprietary. Provided for use by authorized partners or by

Multicast-PIM
Switch A to C:
Huawei command Cisco command

Globally enable multicast routing function (e.g. with Globally enable multicast routing function (e.g. with
Switch B) Switch B)
<Quidway_B> system-view Cisco_B# configure terminal
[Quidway_B] multicast routing-enable Cisco_B(config)# ip multicast-routing

Enable the PIM-SM function on the virtual layer 3 Enable the PIM-SM function on the virtual layer 3
interface (e.g. with Switch B) interface (e.g. with Switch B)

[Quidway_B] interface vlanif 10 Cisco_B(config)# interface vlanif 10

[Quidway_B-Vlanif20] pim sm Cisco_B(config-if)# ip pim sparse-mode
[Quidway_B-Vlanif20] quit Cisco_B(config-if)# exit
[Quidway_B] interface vlanif 30 Cisco_B(config)# interface vlanif 30
[Quidway_B-Vlanif30] pim sm Cisco_B(config-if)# ip pim sparse-mode
[Quidway_B] interface vlanif 40 Cisco_B(config)# interface vlanif 40
[Quidway_B-Vlanif30] pim sm Cisco_B(config-if)# ip pim sparse-mode

Copyright © 2010 Huawei Technologies Co., Ltd. All rights Page5

 Huawei Enterprise USA, Inc. proprietary. Provided for use by authorized partners or by

Multicast-PIM
Multicast-PIM SM
Switch A (RP):

Globally Switch A as RP Globally Switch A as RP

[Quidway_A] interface loopback 1 Cisco_A(config)# interface loopback 1
[Quidway_A-loopback1] ip addresss 5.5.5.5 255.255.255.255 Cisco_A(config-if)# ip address 5.5.5.5 255.255.255.255
[Quidway_A-loopback1] pim sm Cisco_A(config-if)# ip pim sparse-mode
[Quidway_A-loopback1] quit Cisco_A(config-if)# exit
[Quidway_A] pim Cisco_A(config)# ip pim rp-candidate loopback 1
[Quidway_A-pim] c-rp loopback1 Cisco_A(config)# ip pim bsr-candidate loopback 1
[Quidway_A-pim] c-bsr loopback1

Switch B to C:
Enable IGMP on the on the virtual layer 3 interface
connected to the layer 2 multicast device (e.g. with
Switch B)

[Quidway_B] interface vlanif 40

[Quidway_B-vlanif-40] igmp enable

Copyright © 2010 Huawei Technologies Co., Ltd. All rights Page5

 Huawei Enterprise USA, Inc. proprietary. Provided for use by authorized partners or by

Multicast-IGMP
Switch D to E:

Enter the system view Enter the configuration view

<Quidway> system-view Cisco# configure terminal

Globally enable IGMP snooping function Globally enable IGMP snooping function
[Quidway] igmp-snooping enable Cisco(config)# ip igmp snooping

Enable IGMP snooping on the VLAN Enable IGMP snooping on the VLAN

[Quidway] vlan 40 Cisco(config)# ip igmp snooping vlan 40

[Quidway-vlan40] igmp-snooping enable

(Optional) Specify the IGMP version, by default, the

version is 2

[Quidway-vlan40] igmp-snooping version <1-3>

Copyright © 2010 Huawei Technologies Co., Ltd. All rights Page5

Huawei
HuaweiEnterprise
EnterpriseUSA,
USA,Inc.
Inc.proprietary.
proprietary.Provided
Providedfor
foruse
useby
byauthorized
authorizedpartners
partnersor
orby
byNDA.

Multicast-IGMP
Agenda
1 Abstract

2 Huawei and Cisco command-view contrast

3 Switch Features configuration contrast

1 Basic Configuration

2 Ethernet Configuration

3 Reliability

4 QoS

5 Security

6 Device Management

Copyright © 2010 Huawei Technologies Co., Ltd. All rights Page5

 7 USA, Network
Huawei Enterprise Management
Inc. proprietary. Provided for use by authorized partners or by

Multicast-IGMP

Copyright © 2010 Huawei Technologies Co., Ltd. All rights Page5

 QoS marking and remarking

Name Source IP DSCP Name Source IP DSCP

Stream 10.0.0.1 0~63 Stream 10.0.0.1 60

IP Network

Switch
Marking source IP value 10.0.0.1
to be remarked DSCP 60 on the
inbound direction of the interface

Copyright © 2010 Huawei Technologies Co., Ltd. All rights Page5

 Huawei Enterprise USA, Inc. proprietary. Provided for use by authorized partners or by

QoS
QoS marking
marking and
and remarking
Huawei command Cisco command

Configure an access list (e.g. IP standard access list) Configure an access list (e.g. IP standard access list)

<Quidway>system-view Cisco# configure terminal

[Quidway] acl 2000 Cisco(config)# access-list 1 permit 10.0.0.1 0.0.0.0
[Quidway -acl-basic-2000] rule permit source 10.0.0.1 0.0.0.0
[Quidway -acl-basic-2000] quit
Create a traffic classifier to match the access list
Create a traffic classifier to match the access list
Cisco(config)# class-map match-any c1
Cisco(config-cmap)# access-group 1
[Quidway] traffic classifier c1 Cisco(config-cmap)# exit
[Quidway-classifier-c1] if-match acl 2000
[Quidway-classifier-c1] quit
Configure a traffic policy, create a traffic behavior as
Create a traffic behavior as remark DSCP remark DSCP, and then bind the traffic behavior to
the classifier
[Quidway] traffic behavior b1
[Quidway -behavior-b1] remark dscp 60 Cisco(config)# policy-map p1
[Quidway -behavior-b1] quit Cisco(config-pmap)# class c1
Cisco(config-pmap-c)# set dscp 60
Cisco(config-pmap-c)# end

Copyright © 2010 Huawei Technologies Co., Ltd. All rights Page5

 Huawei Enterprise USA, Inc. proprietary. Provided for use by authorized partners or by

QoS marking and

Create a traffic policy, and bind the traffic behavior to Apply the traffic Policy to the inbound direction of the
the traffic classifier under the policy interface

[Quidway] traffic policy p1 Cisco# configure terminal

[Quidway-trafficpolicy-p1] classifier c1 behavior b1 Cisco(config)# interface fastEthernet0/0/1
[Quidway-trafficpolicy-p1] quit Cisco(config-if)# service-policy input p1

Apply the traffic Policy to the inbound direction of the

interface

[Quidway] interface Ethernet0/0/1

[Quidway-Ethernet0/0/1] traffic-policy p1 inbound
[Quidway-Ethernet0/0/1] quit

Copyright © 2010 Huawei Technologies Co., Ltd. All rights Page5

 PQ+DRR Scheduling
10M Internet
10M (COS=5)
Switch
250M(COS=3)
70M Soft Switch
IP Network
200M(COS=0)
20M
IPTV

Scheduling VOIP FLOW

Name queue Weight
Huawei Cisco IPTV FLOW

VOIP_FLOW 5 PQ PQ ------ HSI FLOW

IPTV_FLOW 3 DRR WFQ 70 GE
HSI_FLOW 1 DRR WFQ 20 FE

Copyright © 2010 Huawei Technologies Co., Ltd. All rights Page5

 Huawei Enterprise USA, Inc. proprietary. Provided for use by authorized partners or by

PQ+DRR
Huawei command Cisco command

Enter the system view Enter the configuration mode

<Quidway> system-view Cisco# configure terminal

Configure the Up-link and Down-link interfaces to trust Configure the Up-link and Down-link interfaces to trust
COS of the packets COS of the packets

[Quidway] interface Gigabitethernet0/0/1 Cisco(config)# mls qos

[Quidway-GigabitEthernet0/0/1] trust 8021p outer Cisco(config)# interface Gigabitethernet0/0/1
[Quidway-GigabitEthernet0/0/1] exit Cisco(config-if)# mls qos trust cos
[Quidway] interface Ethernet1/0/1 Cisco(config-if)# exit
[Quidway-Ethernet1/0/1] trust 8021p outer Cisco(config)# interface fastEthernet1/0/1
Cisco(config-if)# mls qos trust cos
Configure queue 5 of the Down-link Ethernet interface Cisco(config-if)# exit
as strict priority scheduling, queue 3 and queue 0 as
DRR scheduling Configure a traffic classifier to match COS value 5

[Quidway-Ethernet1/0/1]qos pq 5 drr 3 0 Cisco(config)# class-map match-any cisco-queue-5

Cisco(config-cmap)# match cos 5
Cisco(config-cmap)# exit

Copyright © 2010 Huawei Technologies Co., Ltd. All rights Page5

 Huawei
HuaweiEnterprise
EnterpriseUSA,
USA,Inc.
Inc.proprietary.
proprietary.Provided
Providedfor
foruse
useby
byauthorized
authorizedpartners
partnersor
orby
byNDA.

PQ+DRR
PQ+DRR Scheduling
Configure the queue 3 of the fast Ethernet interface as Configure a traffic classifier to match COS value 3
DRR scheduling, and set the weights of queue 3 to 70
Cisco(config)# class-map match-any cisco-queue-3
[Quidway-Ethernet1/0/1]qos queue 3 drr weight 70 Cisco(config-cmap)# match cos 3
Cisco(config-cmap)# exit

Configure the queue 0 of the Ethernet interface as

Configure a traffic classifier to match COS value 0
DRR scheduling, and set the weights of queue 0 to 20
Cisco(config)# class-map match-any cisco-queue-0
[Quidway-Ethernet1/0/1]qos queue 0 drr weight 20 Cisco(config-cmap)# match cos 0
Cisco(config-cmap)# exit

Configure a traffic Policy, bind a traffic behavior to

the classifier match the COS value 5, and transmit the
match flow by Strict priority Scheduling

Cisco(config)# policy-map Cisco

Cisco(config-pmap)# class cisco-queue-5
Cisco(config-pmap-c)# priority level 1
Cisco(config-pmap-c)# police cir 100000000 bc 3125000
Cisco(config-pmap-c-police)# conform-action transmit
Cisco(config-pmap-c-police)# exceed-action drop
Cisco(config-pmap-c-police)# exit
Cisco(config-pmap-c)# exit
Cisco(config-pmap)# exit

Copyright © 2010 Huawei Technologies Co., Ltd. All rights Page5

 Huawei Enterprise USA, Inc. proprietary. Provided for use by authorized partners or by

PQ+DRR
Cisco command

Bind traffic behaviors to the traffic classifiers match

the COS value 3 and 0, and transmit the match flow by
WFQ Scheduling

Cisco(config-pmap)# class cisco-queue-3

Cisco(config-pmap-c)# bandwidth percent 70
Cisco(config-pmap-c)# exit
Cisco(config-pmap)# class cisco-queue-0
Cisco(config-pmap-c)# bandwidth percent 20
Cisco(config-pmap-c)# end

Apply the traffic Policy to the outbound direction of

the Down-link interface

Cisco# configure terminal

Cisco(config)# interface fastEthernet1/0/1
Cisco(config-if)# service-policy output Cisco

Copyright © 2010 Huawei Technologies Co., Ltd. All rights Page5

Huawei Enterprise USA, Inc. proprietary. Provided for use by authorized partners or by

Agenda
PQ+DRR
1 Abstract

2 Huawei and Cisco command-view contrast

3 Switch Features configuration contrast

1 Basic Configuration

2 Ethernet Configuration

3 Reliability

4 QoS

5 Security

6 Device Management

Copyright © 2010 Huawei Technologies Co., Ltd. All rights Page6

Huawei Enterprise USA, Inc. proprietary. Provided for use by authorized partners or by
7 Network Management

PQ+DRR

Copyright © 2010 Huawei Technologies Co., Ltd. All rights Page6

 Huawei Enterprise USA, Inc. proprietary. Provided for use by authorized partners or by

Layer 2 Suppression
Huawei command Cisco command

Enter the system view Enter the configuration mode

<Quidway> system-view Cisco# configure terminal

Perform storm control on the interface Perform storm control on the interface

[Quidway] interface GigabitEthernet1/0/1 Cisco(config)# interface Gigabitethernet1/0/1

[Quidway-GigabitEthernet1/0/1] storm-control { broadcast | Cisco(config-if)# storm-control { broadcast | multicast | unicast }
multicast | unicast } min-rate value1 max-rate value2 pps value2 [value1]

Specify the action when a storm is detected Specify the action when a storm is detected

[Quidway-GigabitEthernet1/0/1] storm-control action shutdown Cisco(config-if)# storm-control action shutdown

If you want to generate an SNMP trap when a storm is If you want to generate an SNMP trap when a storm is
detected detected

[Quidway-GigabitEthernet1/0/1] storm-control enable trap Cisco(config-if)# storm-control action trap

Copyright © 2010 Huawei Technologies Co., Ltd. All rights Page6

802.1x authentication
Huawei Enterprise USA, Inc. proprietary. Provided for use by authorized partners or by

Layer 2
functionSuppression
Invalid Username
Invalid Password

802.1x
Intranet
Stop Radius
Server
Valid Username
Valid Password

Permit

Pre-conditions:
IP routing between Switch and Radius Server is normal

The Radius authentication function running on Switch is normal

Copyright © 2010 Huawei Technologies Co., Ltd. All rights Page6

 802.1x authentication
Huawei Enterprise USA, Inc. proprietary. Provided for use by authorized partners or by

function
Huawei command Cisco command

Globally enable 802.1x authentication function Globally enable 802.1x authentication function

<Quidway>system-view Cisco# configure terminal

[Quidway] dot1x Cisco(config)# dot1x system-auth-control

Specify the port connected to the client that is to be Specify the port connected to the client that is to be
enabled for 802.1x authentication enabled for 802.1x authentication

[Quidway] interface GigabitEthernet1/0/1 Cisco(config)# interface GigabitEthernet1/0/1

[Quidway-GigabitEthernet1/0/1] port link-type access Cisco(config-if)# switchport mode access
[Quidway-GigabitEthernet1/0/1] dot1x Cisco(config-if)# dot1x port-control auto
[Quidway-GigabitEthernet1/0/1] quit Cisco(config-if)# exit

Configure 802.1x authentication method as radius Configure 802.1x authentication method as radius
(commonly the domain default used to authenticate (commonly the domain default used to authenticate
the access user) the access user)

[Quidway-aaa] authentication-scheme default Cisco(config)# aaa new-model

[Quidway-aaa-authen-default] authentication-mode radius Cisco(config)# aaa authentication dot1x default group radius-
[Quidway-aaa-authen-default] quit group-name
[Quidway-aaa] accounting-scheme default
[Quidway-aaa-accounting-default] accounting-mode radius

Copyright © 2010 Huawei Technologies Co., Ltd. All rights Page6

 Huawei Enterprise USA, Inc. proprietary. Provided for use by authorized partners or by

Access Control Lists

Huawei command Cisco command

Configure an access list Configure an access list

<Quidway>system-view Cisco# configure terminal

[Quidway] acl {access-list-number | name} Cisco(config)# access-list access-list-number {deny | permit}
[Quidway-acl-number] rule rule-number {deny | permit} access- access-condition
condition
[Quidway-acl-number] quit
OR (configure an IP access list)
Create a traffic classifier to match the access list
Cisco(config)# ip access-list {standard | extended} name
Cisco(config-{std|ext}-nacl)# {deny | permit} access-condition
[Quidway] traffic classifier classifier-name
[Quidway-classifier-name] if-match acl {access-list-number | name}
[Quidway-classifier-name ] quit OR (configure a Mac access list)

Create a traffic behavior Cisco(config)# mac access-list extended name

Cisco(config-ext-macl)# {deny | permit} access-condition
[Quidway] traffic behavior behavior-name
[Quidway- behavior-name] {deny | permit} Apply an IP ACL to the interface
[Quidway- behavior-name] quit
Cisco(config)# interface GigabitEthernet1/0/1
Cisco(config-if)# ip access-group {access-list-number | name} {in |
out}
Cisco(config-if)# exit

Copyright © 2010 Huawei Technologies Co., Ltd. All rights Page6

 Huawei Enterprise USA, Inc. proprietary. Provided for use by authorized partners or by

Access Control Lists

Create a traffic policy, and bind the traffic behavior to Apply a Mac ACL to interface
the traffic classifier under the policy
Cisco(config)# interface GigabitEthernet1/0/1
[Quidway] traffic policy policy-name Cisco(config-if)# mac access-group {name} {in}
[Quidway-policy-name] classifier classifier-name behavior Cisco(config-if)# exit
behavior-name
[Quidway-policy-name] quit Create a vlan access-map
Apply an ACL to the interface Cisco(config)# vlan access-map name [number]
Cisco(config-access-map)# action {drop | forward}
[Quidway] interface GigabitEthernet1/0/1 Cisco(config-access-map)# match {ip | mac} address access-list-
[Quidway-GigabitEthernet1/0/1] traffic-policy policy-name number
{ inbound | outbound } Cisco(config-access-map)# exit
[Quidway-GigabitEthernet1/0/1] quit
Apply an ACL to VLAN
Apply an ACL to VLAN
Cisco# configure terminal
[Quidway] vlan vlan-id Cisco(config)# vlan filter access-map-name vlan-list vlan-id
[Quidway-vlan-id] traffic-policy policy-name { inbound | outbound }

Copyright © 2010 Huawei Technologies Co., Ltd. All rights Page6

Huawei
HuaweiEnterprise
EnterpriseUSA,
USA,Inc.
Inc.proprietary.
proprietary.Provided
Providedfor
foruse
useby
byauthorized
authorizedpartners
partnersor
orby
byNDA.

Agenda
1 Abstract

2 Huawei and Cisco command-view contrast

3 Switch Features configuration contrast

1 Basic Configuration

2 Ethernet Configuration

3 Reliability

4 QoS

5 Security

6 Device Management

Copyright © 2010 Huawei Technologies Co., Ltd. All rights Page6

 7 USA, Network
Huawei Enterprise Management
Inc. proprietary. Provided for use by authorized partners or by

Copyright © 2010 Huawei Technologies Co., Ltd. All rights Page6

 Huawei Enterprise USA, Inc. proprietary. Provided for use by authorized partners or by

Remote port-
Local port-mirroring
mirroring function
Huawei command Cisco command

Enter the system view Enter the configuration mode

< Quidway > system-view Cisco# configure terminal

Specify the observe-port on which you can observe Specify the observe-port on which you can observe
the packets from the mirrored interface the packets from the mirrored interface

[Quidway] observe-port 1 interface GigabitEthernet1/0/1 Cisco(config)# monitor session 1 destination interface

GigabitEthernet1/0/1
Specify the mirrored interface the direction you want
to mirror on the interface Specify the mirrored interface and the direction you
want to mirror on the interface
[Quidway] interface GigabitEthernet1/0/2
[Quidway-GigabitEthernet1/0/2] port-mirroring to observe-port 1 Cisco(config)# monitor session 1 source interface
{ both | inbound | outbound } GigabitEthernet1/0/2 { both | rx | tx }

Copyright © 2010 Huawei Technologies Co., Ltd. All rights Page6

 Huawei Enterprise USA, Inc. proprietary. Provided for use by authorized partners or by

Remote port-
Local port-mirroring
mirroring function
Source Intermediate Destination
switch switch switch
RSPAN
VLAN
GE1/0/2 GE1/0/1 GE1/0/2 GE1/0/1
GE1/0/1 RSPAN GE1/0/2
VLAN

RSPAN RSPAN
source port destination port

Source switch:

Huawei command Cisco command

Create RSPAN VLAN on the system view Configure RSPAN VLAN on the configuration mode

<Quidway> system-view Cisco# configure terminal

[Quidway] vlan 900 Cisco(config)# vlan 900
Cisco(config-vlan)# remote span

Copyright © 2010 Huawei Technologies Co., Ltd. All rights Page7

 Huawei Enterprise USA, Inc. proprietary. Provided for use by authorized partners or by

Remote port-
mirroring
function
Configure the RSPAN VLAN on the Up-link Port Configure the RSPAN VLAN on the Up-link Port

[Quidway] interface GigabitEthernet1/0/2 Cisco(config)# interface GigabitEthernet1/0/2

[Quidway-GigabitEthernet1/0/2] port link-type trunk Cisco(config-if)# switchport trunk encapsulation dot1q
[Quidway-GigabitEthernet1/0/2] port trunk allow vlan 900 Cisco(config-if)# switchport mode trunk
Cisco(config-if)# switchport trunk allowed vlan 900
Specify the RSPAN session and the destination
RSPAN VLAN Specify the RSPAN session and the destination
RSPAN VLAN
[Quidway] observe-port 1 interface GigabitEthernet1/0/2 VLAN
900 Cisco(config)# monitor session 1 destination remote vlan 900

Specify the RSPAN source port and the direction

you want to mirror on the port Specify the RSPAN source port and the direction
you want to mirror on the port
[Quidway] interface GigabitEthernet1/0/1
[Quidway-GigabitEthernet1/0/1] port-mirroring to observe-port 1 Cisco(config)# monitor session 1 source interface
{ both | inbound | outbound } GigabitEthernet1/0/1 { both | rx | tx }

Copyright © 2010 Huawei Technologies Co., Ltd. All rights Page7

 Huawei Enterprise USA, Inc. proprietary. Provided for use by authorized partners or by

Remote port-
mirroring
function
Intermediate switch:

Create RSPAN VLAN on the system view Configure RSPAN VLAN on the configuration view

<Quidway> system-view Cisco# configure terminal

[Quidway] vlan 900 Cisco(config)# vlan 900
[Quidway-vlan900] quit Cisco(config-vlan)# remote span
Cisco(config-vlan)# exit
Add the ports to the RSPAN VLAN in trunk mode
Add the ports to the RSPAN VLAN in trunk mode
[Quidway] interface GigabitEthernet1/0/1
[Quidway-GigabitEthernet1/0/2] port link-type trunk Cisco(config)# interface GigabitEthernet1/0/1
[Quidway-GigabitEthernet1/0/2] port trunk allow vlan 900 Cisco(config-if)# switchport trunk encapsulation dot1q
[Quidway-GigabitEthernet1/0/2] quit Cisco(config-if)# switchport mode trunk
[Quidway] interface GigabitEthernet1/0/2 Cisco(config-if)# switchport trunk allowed vlan 900
[Quidway-GigabitEthernet1/0/2] port link-type trunk Cisco(config-if)# exit
[Quidway-GigabitEthernet1/0/2] port trunk allow vlan 900 Cisco(config)# interface GigabitEthernet1/0/2
Cisco(config-if)# switchport trunk encapsulation dot1q
Cisco(config-if)# switchport mode trunk
Cisco(config-if)# switchport trunk allowed vlan 900

Copyright © 2010 Huawei Technologies Co., Ltd. All rights Page7

 Huawei Enterprise USA, Inc. proprietary. Provided for use by authorized partners or by

Remote port-
mirroring
function
Create RSPAN VLAN on the system view Configure RSPAN VLAN on the configuration mode
Cisco# configure terminal
<Quidway> system-view Cisco(config)# vlan 900
[Quidway] vlan 900 Cisco(config-vlan)# remote span
Cisco(config-vlan)# exit
Add the port connected with the Intermediate switch to
the RSPAN VLAN in trunk mode, and add the RSPAN Add the port connected with the Intermediate switch to
destination port to the RSPAN VLAN in access mode the RSPAN VLAN in trunk mode
Cisco(config)# interface GigabitEthernet1/0/1
[Quidway] interface GigabitEthernet1/0/1 Cisco(config-if)# switchport trunk encapsulation dot1q
[Quidway-GigabitEthernet1/0/1] port link-type trunk Cisco(config-if)# switchport mode trunk
[Quidway-GigabitEthernet1/0/1] port trunk allow vlan 900 Cisco(config-if)# switchport trunk allowed vlan 900
[Quidway-GigabitEthernet1/0/1] quit Cisco(config-if)# exit
[Quidway] interface GigabitEthernet1/0/2
[Quidway-GigabitEthernet1/0/2] port link-type access Specify the RSPAN session and the RSPAN
[Quidway-GigabitEthernet1/0/2] port default vlan 900
destination port
Cisco(config)# monitor session 1 destination interface
GigabitEthernet1/0/2

Specify the RSPAN session and the source

RSPAN VLAN
Cisco(config)# monitor session 1 source remote vlan 900

Copyright © 2010 Huawei Technologies Co., Ltd. All rights Page7

Huawei Enterprise USA, Inc. proprietary. Provided for use by authorized partners or by

Remote
Agenda port-
mirroring
1
function
Abstract

2 Huawei and Cisco command-view contrast

3 Switch Features configuration contrast

1 Basic Configuration

2 Ethernet Configuration

3 Reliability

4 QoS

5 Security

6 Device Management

Copyright © 2010 Huawei Technologies Co., Ltd. All rights Page7

 7 USA, Network
Huawei Enterprise Management
Inc. proprietary. Provided for use by authorized partners or by

Remote port-
mirroring
function

Copyright © 2010 Huawei Technologies Co., Ltd. All rights Page7

 Huawei Enterprise USA, Inc. proprietary. Provided for use by authorized partners or by

Radius
Huawei Cisco

Enter the system view Enter the configuration mode

<Quidway>system-view Cisco# configure terminal

Configure a Radius template, set the Authentication Set the Authentication key
key and Identify the radius Server
Cisco(config)# radius-server host 200.0.0.1 key 123456
[Quidway] radius-server template Huawei
[Quidway-radius-Huawei] radius-server shared-key 123456 Enter AAA-configuration mode
[Quidway-radius-Huawei] radius-server authentication 200.0.0.1
[Quidway-radius-Huawei] radius-server accounting 200.0.0.1
Cisco(config)# aaa new-model

Enter AAA view

Configure the radius Servers group
[Quidway] aaa
Cisco(config)# aaa group server radius Huawei
Cisco(config-sg-radius)# server 200.0.0.1
Cisco(config-sg-radius)# exit

Copyright © 2010 Huawei Technologies Co., Ltd. All rights Page7

 Huawei Enterprise USA, Inc. proprietary. Provided for use by authorized partners or by

Radius
Radius function
Configure authentication and accounting schemes, Identify the authentication, authorization and
Huawei
then Identify authentication and accounting mode as
Cisco
accounting mode as radius to the radius Server group
radius to the schemes
Cisco(config)# aaa authentication login default group Huawei
[Quidway-aaa] authentication-scheme Huawei Cisco(config)# aaa authorization network default group Huawei
[Quidway-aaa-authen-Huawei] authentication-mode radius Cisco(config)# aaa authorization exec default group Huawei
[Quidway-aaa-authen-Huawei] quit Cisco(config)# aaa accounting exec default start-stop group
[Quidway-aaa] accounting-scheme Huawei Huawei
[Quidway-aaa-accounting-Huawei] accounting-mode radius Cisco(config)# aaa accounting network default start-stop group
[Quidway-aaa-accounting-Huawei] quit Huawei

Configure a domain, Identify the authentication and Configure authentication-mode of the VTY as AAA
accounting mode of the domain as radius, and specify
the server template Cisco(config)# line vty 0 4
Cisco(config-line)# login authentication default

[Quidway-aaa] domain Huawei

[Quidway-aaa-domain-Huawei] authentication-scheme Huawei
[Quidway-aaa-domain-Huawei] accounting-scheme Huawei
[Quidway-aaa-domain-Huawei] radius-server Huawei

Configure authentication-mode of the VTY as AAA

[Quidway] user-interface vty 0 4

[Quidway-ui-vty0-4] authentication-mode aaa

Copyright © 2010 Huawei Technologies Co., Ltd. All rights Page7

 Huawei Enterprise USA, Inc. proprietary. Provided for use by authorized partners or by

HWTACACS
Huawei Cisco

Enter the system view Enter the configuration mode

<Quidway>system-view Cisco# configure terminal

Configure a TACACS template, set the Identify the TACACS Server and set the
authentication key and Identify the HWTACACS authentication key
Server

[Quidway] hwtacacs-server template Huawei Cisco(config)# tacacs-server host 10.0.0.1 key 123456
[Quidway-hwtacacs-Huawei] hwtacacs-server shared-key 123456
[Quidway-hwtacacs-Huawei] hwtacacs-server authentication
10.0.0.1 Enter AAA-configuration mode
[Quidway-hwtacacs-Huawei] hwtacacs-server authorization
10.0.0.1 Cisco(config)# aaa new-model
[Quidway-hwtacacs-Huawei] hwtacacs-server accounting
10.0.0.1 configure the TACACS Server group

Enter AAA view Cisco(config)# aaa group server tacacs+ Huawei

Cisco(config-sg-tacacs+) # server 10.0.0.1
[Quidway] aaa Cisco(config-sg-tacacs+) # exit

Copyright © 2010 Huawei Technologies Co., Ltd. All rights Page7

 Huawei Enterprise USA, Inc. proprietary. Provided for use by authorized partners or by

HWTACACS
Configure authentication, authorization and accounting Configure the authentication, authorization and
schemes, then Identify authentication, authorization accounting mode as TACACS to the TACACS
and accountingHuawei
mode as HWTACAS to the schemes Server Cisco
[Quidway-aaa] authentication-scheme Huawei Cisco(config)# aaa authentication login default group Huawei
[Quidway-aaa-authen-Huawei] authentication-mode hwtacacs Cisco(config)# aaa authorization network default group Huawei
[Quidway-aaa-authen-Huawei] quit Cisco(config)# aaa authorization exec default group Huawei
[Quidway-aaa] authorization-scheme Huawei Cisco(config)# aaa accounting exec default start-stop group
[Quidway-aaa-author-Huawei] authorization-mode hwtacacs Huawei
[Quidway-aaa-author-Huawei] quit Cisco(config)# aaa accounting network default start-stop group
[Quidway-aaa] accounting-scheme Huawei Huawei
[Quidway-aaa-accounting-Huawei] accounting-mode hwtacacs
[Quidway-aaa-accounting-Huawei] quit
Configure authentication-mode of the VTY as AAA
Configure a domain, Identify the authentication,
Cisco(config)# line vty 0 4
authorization and accounting mode of the domain as Cisco(config-line)# login authentication default
HWTACACS, and specify the server template

[Quidway-aaa] domain Huawei

[Quidway-aaa-domain-Huawei] authentication-scheme Huawei
[Quidway-aaa-domain-Huawei] authorization-scheme Huawei
[Quidway-aaa-domain-Huawei] accounting-scheme Huawei
[Quidway-aaa-domain-Huawei] hwtacacs-server Huawei

Configure authentication-mode of the VTY as AAA

[Quidway] user-interface vty 0 4

[Quidway-ui-vty0-4] authentication-mode aaa

Copyright © 2010 Huawei Technologies Co., Ltd. All rights Page7

Huawei Enterprise USA, Inc. proprietary. Provided for use by authorized partners or by

Web

Intranet

Web
Server

Pre-conditions:
IP routing between Switch and Web management Server is normal

Copyright © 2010 Huawei Technologies Co., Ltd. All rights Page7

 Huawei Enterprise USA, Inc. proprietary. Provided for use by authorized partners or by

Web
Huawei command Cisco command

Globally enable HTTP Server function Globally enable HTTP Server function

<Quidway>system-view Cisco# configure terminal

[Quidway] http server enable Cisco (config)# ip http server

Configure the HTTP user and the password of the user Configure the local user and the password of the user

<Quidway> system-view Cisco# configure terminal

[Quidway] aaa Cisco (config)# username Huawei password 123456
[Quidway-aaa] local-user Huawei password simple Cisco (config)# username Huawei privilege 3
123456 [Quidway-aaa] local-user Huawei service-type http
[Quidway-aaa] local-user Huawei level 3 Log in device by local through HTTP
[Quidway-aaa] quit
Cisco (config)# ip http authentication local

Copyright © 2010 Huawei Technologies Co., Ltd. All rights Page7

 Huawei Enterprise USA, Inc. proprietary. Provided for use by authorized partners or by

SNMP v3
v1/v2c
Huawei command Cisco command

Enable SNMP agent function Enter the configuration mode

<Quidway>system-view Cisco# configure terminal

[Quidway] snmp-agent
Set version of SNMP as v1 or v2c, by default, the
Set version of SNMP as v1 or v2c, by default, the version is v1
version is all
Cisco(config)# no snmp-server
[Quidway] undo snmp-agent sys-info version all
[Quidway] snmp-agent sys-info version v1/v2c
Set the SNMP community name
Set the SNMP community name
Cisco(config)# snmp-server community public ro
[Quidway] snmp-agent community read public Cisco(config)# snmp-server community private rw
[Quidway] snmp-agent community write private

Copyright © 2010 Huawei Technologies Co., Ltd. All rights Page7

 Huawei Enterprise USA, Inc. proprietary. Provided for use by authorized partners or by

SNMP v3
v1/v2c
Huawei command Cisco command

Enable SNMP agent function on the system view Enter the configuration mode

<Quidway>system-view Cisco# configure terminal

[Quidway] snmp-agent
Set the version of SNMP as 3, the default version is v1
Set version of SNMP as v3, the default version is all
Cisco(config)# no snmp-server
[Quidway] undo snmp-agent sys-info version all
[Quidway] snmp-agent sys-info version v3
Add users into the SNMPv3 user group

Configuring an SNMPv3 User Group Cisco(config)# snmp-server group Huawei v3 {auth | noauth }

[Quidway] snmp-agent group v3 Huawei [authentication] Add an user into the SNMPv3 user group and need to
authenticate (e.g. with MD5)
Add an user into the SNMPv3 user group and need to
authenticate (e.g. with MD5)
Cisco(config)# snmp-server user 8031 Huawei V3 auth md5
123456
[Quidway] snmp-agent usm-user v3 8031 Huawei
authentication- mode md5 123456

Copyright © 2010 Huawei Technologies Co., Ltd. All rights Page8

Page 8
 Huawei Enterprise USA, Inc. proprietary. Provided for use by authorized partners or by

SNMP

Huawei command Cisco command

Enable the system view Enter the configuration mode

<Quidway>system-view Cisco# configure terminal

Specify hosts to receive SNMP notifications Specify hosts to receive SNMP notifications

[Quidway] snmp-agent target-host trap address udp-domain Cisco(config)# snmp-server host 192.180.1.27 version 2c public
192.180.1.27 params securityname public v2c
Enable the switch to send traps or specify the type of
Enable the switch to send traps or specify the type of
notifications to be sent
notifications to be sent
Cisco(config)# snmp-server enable traps [ trap-type ]
[Quidway] snmp-agent trap enable [ trap-type ]

Copyright © 2010 Huawei Technologies Co., Ltd. All rights Page8

Page 8
Thank you
www.huawei.com