Wednesday, July 12, 2006

 

Huawei Training - Day 3


How to set ACL?


[system view]
acl number 3000
rule deny ip
rule permit icmp source 192.168.1.0 0.0.0.255 (source address must be set, bug fixed in new version)
rule permit destination-port eq 23

int e1/0/1
packet-filter inbound ip-group 3000

disp acl all

3000, ACL applies to whole switch instead of port level or vlan level.
Currently, only 8500 supports ACL in vlan level.
number of rules to number of mask in the ratio of 8:1
6500 reboots with ACL runs before QoS
3900 and 5600 support "eq" only, without "gt" and "lt" in rule setting

Cisco vs Huawei
default deny = default permit
rules checked from first to last = rules checked from last to first 後發先至


How to set STP?

stp enable
stp priority 4096/8192 (for root and backup root switch, default 32768, bridge id = stp priority.mac address)

disp stp [brief]

BPDU root bridge selection order:
Root Bridge ID, Path Cost, Native Bridge ID, Port ID
1, 2, own bridge id, 3

TCN BPDU - Topology Change

Cisco vs Huawei
spanning-tree portfast = stp edged-port enable

STP vs RSTP
Blocking = Discarding
Listening = Discarding
Learning = Learning
Forwarding = Forwarding

Alternate Port and Backup Port added in RSTP


How to set Link Aggregation?

int g1/1/3
lacp enable
port link-type trunk
port trunk permit vlan all
int g1/1/4
lacp enable
port link-type trunk
port trunk permit vlan all


How to set password and enable password for console and telnet?

user-int aux 0 7 (line con 0)
set authentication pass cipher
authentication-mode password
user privilege level 0

user-int vty 0 4 (line vty 0 4)
set authentication pass cipher
authentication-mode password

super pass cipher


Today's lunch at Foodrepublic,
http://www.mpfinance.com/cfm/NewsContent.cfm?PublishDate=20060309&Topic=fz&File=fza1.txt, Curry Chicken Rice with an Indian Naan at HK$35



Comments: Post a Comment



<< Home

This page is powered by Blogger. Isn't yours?