Why 802.1x or MAC Address Authentication Does Not Take Effect After Being Enabled and the Configuration Is Displayed in the Configuration File

Issue Description

Why 802.1x or MAC Address Authentication Does Not Take Effect After Being Enabled and the Configuration Is Displayed in the Configuration File?

Solution

If ACL resources are used up, the dot1x enable or mac-authen command run globally or on an interface does not take effect.

Contact information:

Telephone: 852-30623083
Email: Sales@Thunder-link.com
Supports@Thunder-link.com
Website: http://www.thunder-link.com

 

Advertisements

Why Are Only Two Optical Interfaces Displayed After a 4-Port Front subcard Is Installed in an S5700

Issue Description

Why Are Only Two Optical Interfaces Displayed After a 4-Port Front subcard Is Installed in an S5700?

Solution

This is because no extended channel rear card is installed in the switch.

An S5700SI or S5700EI switch can provide only two optical interfaces for front subcard. If a 4-port front subcard is installed, the switch must use an ES5D00ETPB00 extended channel rear subcard to provide the other two interfaces. Without an extended channel rear subcard, only two optical interfaces are displayed.

If a 4-port GE front subcard (ES5D000G4S01/ES5D00G4SA01) and an ES5D00ETPC00 rear stack card (working normally) are used together in a switch, only the first and second interfaces on the front card can work normally, and the other two interfaces cannot be used.

QQ图片20170915094002

If a 4-port 10GE front subcard (ES5D000X4S01) and an ES5D00ETPC00 rear stack card (working normally) are used together in a switch, only the first and third interfaces on the front subcard can work normally, and the other two interfaces cannot be used.

QQ图片20170915094053

NOTE:
The available interfaces on the ES5D000X4S01 front subcard are displayed as XGigabitEthernet */1/1 and XGigabitEthernet */1/2 on the CLI, corresponding to physical interfaces 1 and 3 on the front subcard.
* indicates a slot ID on the switch.

loopback internal on S2326 cause packets loss

Issue Description

QQ图片20170824163304

As shown above, S2326 and S5328 trunk vlan 200 and gateway is S9306. The packets loss when do ping test from S9306 to clients.

Alarm Information

  1. There are  RX power too low warnings on S5328:
    Oct  5 2008 03:00:28+08:00 DS_ADMIN %%01SRM/3/RXPOWER_EXCEEDMINOR(l)[13]:Optical module in interface GigabitEthernet0/0/21 exception, RX power too low.
    Oct  5 2008 02:59:12+08:00 DS_ADMIN %%01IFNET/4/IF_STATE(l)[14]:Interface GigabitEthernet0/0/4 has turned into UP state.
    Oct  5 2008 02:56:08+08:00 DS_ADMIN %%01SRM/3/RXPOWER_EXCEEDMINOR(l)[15]:Optical module in interface GigabitEthernet0/0/21 exception, RX power too low.
    2. There are reboo logs on both S5328 and S2326
    <DS_ADMIN>[42D                                          [42D
    =======================================================
    ===============display reboot-info===============
    =======================================================
    Slot ID   Times          Reboot Type          Reboot Time
    ===========================================================================
    0         1              POWER               2008/10/01 00:02:28
    0         2              POWER               2008/10/01 00:02:24
    0         3              POWER               2008/10/01 00:02:24
    0         4              POWER               2008/10/01 00:02:25
    0         5              POWER               2008/10/01 00:02:25
    0         6              POWER               2008/10/01 00:02:25
    0         7              POWER               2008/10/01 00:02:24
    0         8              POWER               2008/10/01 00:02:25
    0         9              MANUAL              2009/04/14 02:19:42
    0         10             POWER               2008/10/01 00:02:25
    3. There are CPCAR drop logs on S9306
    Jul  8 2013 13:50:10+06:00 UNJ-Core %%01DEFD/4/CPCAR_DROP_LPU(l)[0]:Some packets are dropped by cpcar on the LPU in slot 3. (Protocol=arp-reply, Drop-Count=0273)
    Jul  8 2013 13:40:10+06:00 UNJ-Core %%01DEFD/4/CPCAR_DROP_LPU(l)[1]:Some packets are dropped by cpcar on the LPU in slot 3. (Protocol=arp-reply, Drop-Count=076)
    Jul  8 2013 13:40:10+06:00 UNJ-Core %%01DEFD/4/CPCAR_DROP_LPU(l)[2]:Some packets are dropped by cpcar on the LPU in slot 3. (Protocol=arp-request, Drop-Count=0888)

Handling Process

  1. Check the optical interface by command “display transceiver interface” , the RX and TX power is normal. The warning is false alarm.
    2. Check CPU usage on switches, found CPU usage on S2326 is too high
    AS_E_FBS_2326POE_01 %%01VOSCPU/4/CPU_USAGE_HIGH(l)[2]:The CPU is overloaded, and the tasks with top three CPU occupancy are GVRP(56%), POE (10%), tCOUNTER.0(8%). (CpuUsage=99%, Threshold=95%)
    3. As CPCAR drop warning on S9306, suspect there is a loop on S2326-1. Check interface state by command “display stp brief” , found Ethernet0/0/17 is loopback and this S2326 didn’t enable STP:
    < AS_E_FBS_2326POE_01>display stp brief
    MSTID      Port                  Role  STP State     Protection
    0        GigabitEthernet0/7    DESI  FORWARDING      NONE
    0        GigabitEthernet0/17   DESI  FORWARDING  LOOPBACK
    0        GigabitEthernet0/18   DESI  FORWARDING      NONE
    4. Because of  loopback, MAC address learning will be refeshed to this interface, which causes swithes learn incorrect MAC addresses.
    5. This problem is resolved by enabling STP protocol on this S2326

Root Cause

Following reasons may cause packets loss:
1. Link quality is bad
2. CPU usage is too high
3. MAC floating
4. Other reasons

Suggestions

Enabling STP to avoid loop in Layer-2 network is necessary.

Interface is in RSTP mode while MSTP is activated on the switch

Issue Description

Customer had several questions:
1) Why are all interfaces in instance 0 while VLANs of this interface are in instance 1
2) While interface is in RSTP Mode while STP  mode is MSTP
3) Customer changed priority for instance 1, so S53-2 became Root-bridge, but RSTP switches in the ring still used S53-1 as  Root bridge. Why?

stp region-configuration
region-name Nano110
revision-level 1
instance 1 vlan 2048 to 2056
instance 2 vlan 2064 to 2072
instance 3 vlan 2080 to 2088
instance 4 vlan 2096 to 2104
 instance 5 vlan 2560 to 2568
 instance 6 vlan 2112 to 2124
instance 7 vlan 2128 to 2136
instance 8 vlan 2144 to 2152
instance 9 vlan 2160 to 2168
instance 10 vlan 3008 to 3016
active region-configuration

interface GigabitEthernet0/0/17 
description n110ch33

port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 2560 to 2568 

stp instance 5 cost 19
trust 8021p
storm-control broadcast min-rate 1 max-rate 500
storm-control multicast min-rate 1 max-rate 50000
storm-control interval 180
storm-control action shutdown
storm-control enable trap
storm-control enable log 

[A3-1102-GigabitEthernet0/0/17]display stp instance 0 
——-[CIST Global Info][Mode MSTP]——-
CIST Bridge         :16384.7054-f595-4910
Config Times        :Hello 2s MaxAge 20s FwDly 15s MaxHop 20
Active Times        :Hello 2s MaxAge 20s FwDly 15s MaxHop 20
CIST Root/ERPC      :4096 .7054-f595-4920 / 2
CIST RegRoot/IRPC   :16384.7054-f595-4910 / 0
CIST RootPortId     :128.1
BPDU-Protection     :Disabled
TC or TCN received  :5891
TC count per hello  :0
STP Converge Mode   :Normal
Share region-configuration :Enabled
Time since last TC  :0 days 0h:14m:55s
Number of TC        :2339
Last TC occurred    :Eth-Trunk1

—-[Port19(GigabitEthernet0/0/17)][FORWARDING]—-
Port Protocol       :Enabled
Port Role           :Designated Port
Port Priority       :128
Port Cost(Dot1T )   :Config=auto / Active=20000
Designated Bridge/Port   :16384.7054-f595-4910 / 128.19
Port Edged          :Config=default / Active=disabled
Point-to-point      :Config=auto / Active=true
Transit Limit       :147 packets/s
Protection Type     :None
Port STP Mode       :
RSTP  
Port Protocol Type  :Config=dot1s / Active=dot1s
BPDU Encapsulation  :Config=stp / Active=stp
PortTimes           :Hello 2s MaxAge 20s FwDly 15s RemHop 20
TC or TCN send      :6
TC or TCN received  :1
BPDU Sent           :463
TCN: 0, Config: 0, RST: 458, MST: 5
BPDU Received       :4
TCN: 0, Config: 0, RST: 4, MST: 0 

Contact information:

Telephone: 852-30623083
Email: Sales@Thunder-link.com
Supports@Thunder-link.com
Website: http://www.thunder-link.com

How Can Multiple Observing Ports Be Configured During Port Mirroring?

Issue Description

The networking is as follows.

QQ图片20170724155417

Alarm Information

None

Handling Process

The following provides a configuration example:
Reserve VLAN 3500.
#
vlan batch 3 10 20 100 300 to 301 3000 to 3002 3500 4000
#
Add an observing port to VLAN 3500.
#
observe-port 1 interface GigabitEthernet0/0/21 vlan 3500
#
Configure three mirrored ports.
#
interface GigabitEthernet0/0/3
port-mirroring to observe-port 1 both
#
interface GigabitEthernet0/0/4
port-mirroring to observe-port 1 both
#
interface GigabitEthernet0/0/5
port-mirroring to observe-port 1 both
#
Configure three observing ports.
#
interface GigabitEthernet0/0/11
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 3500
#
interface GigabitEthernet0/0/12
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 3500
#
interface GigabitEthernet0/0/13
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 3500
#
Configure the loopback interface.
#
interface GigabitEthernet0/0/21
description neibuhuanhui
loopback internal
mac-address learning disable
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 3500
stp disable

Root Cause

None

Suggestions

After packets on all mirrored ports are copied to an observing port, internal loopback is performed on the observing port. Then this observing port advertises the packets to other observing ports in the local VLAN. Before sending the packets out, the observing ports remove the VLAN tags from the packets.
Remarks: If the switch is configured with the stp enable command globally, you must run the stp disable command on the loopback interface; otherwise, when the loopback interface receives STP packets sent by itself, the interface enters the Discarding state and discards all incoming loopback packets.

Contact information:

Telephone: 852-30623083
Email: Sales@Thunder-link.com
Supports@Thunder-link.com
Website: http://www.thunder-link.com

S5320-32C-HI-24S-AC

S5700-28P-LI-AC

S5720-36C-EI-28S-AC

S6720-30C-EI-24S-AC

How Can I Delete a Console Login Password

Issue Description

How Can I Delete a Console Login Password?

Solution

Deleting the Console Login Password of a Fixed Switch Running V100R002/V100R003

1.  Restart the switch. When the BootROM menu is displayed, choose option “5.Enter filesystem submenu” to display the file system submenu.

2.  When the file system submenu is displayed, choose option “4.Rename file from flash” to rename the default configuration file vrpcfg.zip. For example, change the file name to vrptest.zip.

3.  Log in to the switch after the restart. The system uses the factory settings now.

4.  Decompress the vrptest file and name the decompressed file vrpcfg.bat.

<Quidway> unzip vrptest vrpcfg.bat

5.  Run the execute command to invoke the original configuration and delete the console login password.

<Quidway> system-view
[Quidway] execute vrpcfg.bat
[Quidway] user-interface console 0
[Quidway-ui-console0] undo authentication-mode
[Quidway-ui-console0] quit
[Quidway] quit

6.   Save the configuration in the vrpcfg.zip file.

<Quidway> save
The current configuration will be written to the device. Continue? [Y/N]:y
Info: Please input the file name(*.cfg,*.zip)[vrpcfg.zip]:
Jun 25 2010 11:41:59 Quidway %%01CFM/4/SAVE(l): The user chose Y when deciding w
hether to save the configuration to the device.    vrpcfg.zip   //Enter the default configuration file name vrpcfg.zip.

7.  After the switch restarts, the console login password is deleted, and the original service configurations are retained.

Deleting the Console Login Password of a Fixed Switch Running V100R005/V200R001/V200R002/V200R003

During a startup process, a switch loads the BootROM program and the system software in sequence. When the following information is displayed, press Ctrl+B within 2 seconds to display the BootROM menu.

BIOS LOADING …
Copyright (c) 2008-2010 HUAWEI TECH CO., LTD.
CX22EFFE (Ver124, Jun  9 2010, 17:41:46)
Press Ctrl+B to enter BOOTROM menu … 0
password:    //Enter the BootROM password. The default password is Admin@huawei.com.

After you enter the correct BootROM password, the following BootROM menu is displayed:

BOOTROM  MENU

1. Boot with default mode
2. Enter serial submenu
3. Enter startup submenu
4. Enter ethernet submenu
5. Enter filesystem submenu
6. Modify BOOTROM password
7. Clear password for console user
8. Reboot
Enter your choice(1-8): 7
Note: Clear password for console user? Yes or No(Y/N): y
Clear password for console user successfully. Choose “1” to boot, then set a new  password
Note: Do not choose “Reboot” or power off the device, otherwise this operation will not take effect

Choose option “7 .Clear password for console user” and then choose option “1. Boot with default mode.” The console login password is then deleted.

NOTICE:
After clearing the console login password, choose option “1. Boot with default mode” in the BootROM menu to restart the system. Do not choose option “8. Reboot” or power off the switch. Otherwise, the configuration will be lost.

Deleting the Console Login Password of a Modular Switch Running V100R001/V100R002/V100R003

1.  Restart the switch. When the BootROM menu is displayed, press CTRL+Z to display the hidden menu.

2.  Choose option “8-Rename file in CFCard” to rename the default configuration file vrpcfg.zip. For example, change the file name to vrptest.zip.

3.  Log in to the switch after the restart. The system uses the factory settings now.

4.  Decompress the vrptest file and name the decompressed file vrpcfg.bat.

<Quidway> unzip vrptest vrpcfg.bat

5.  Run the execute command to invoke the original configuration and delete the console login password.

<Quidway> system-view
[Quidway] execute vrpcfg.bat
[Quidway] user-interface console 0
[Quidway-ui-console0] undo authentication-mode
[Quidway-ui-console0] quit
[Quidway] quit

6.  Save the configuration in the vrpcfg.zip file.

<Quidway> save
The current configuration will be written to the device. Continue? [Y/N]:y
Info: Please input the file name(*.cfg,*.zip)[vrpcfg.zip]:
Jun 25 2010 11:41:59 Quidway %%01CFM/4/SAVE(l): The user chose Y when deciding w
hether to save the configuration to the device.    vrpcfg.zip   //Enter the default configuration file name vrpcfg.zip.

7.  After the Huawei switch restarts, the console login password is deleted, and the original service configurations are retained.

Deleting the Console Login Password of a Fixed Switch Running V100R006/V200R001/V200R002/V200R003

When you attempt to log in to a new switch through the console port for the first time, the system prompts you to enter the console login password. You can also run the set authentication password [ cipher password ] command in the console login user interface to set the console login password. If you forget the Telnet or console login password, clear the console login password in the BootROM menu. Perform the following steps:

During the startup process, press Ctrl+B as prompted and enter the password to enter the BootROM menu. Choose option 8 in the BootROM menu to clear the console login password.

MAIN  MENU

1. Boot with default mode
2. Boot from Flash
3. Boot from CFCard
4. Enter serial submenu
5. Enter ethernet submenu
6. Modify Flash description area
7. Modify BootROM password
8. Clear password for console user
9. Reboot
Enter your choice(1-9):8
Note: Clear password for console user? Yes or No(Y/N): y
Clear password for console user successfully. Choose “1” to boot, then set a new  password
Note: Do not choose “Reboot” or power off the device, otherwise this operation will not take effect

NOTICE:
After clearing the console login password, choose option “1. Boot with default mode” in the BootROM menu to restart the system. Do not choose option “9. Reboot” or power off the switch. Otherwise, the configuration will be lost.

S2309TP-EI-AC

S2700-9TP-SI-AC

S3328TP-EI-24S-AC

S3700-28TP-SI-AC