Huawei S9700 Series Switch S9706 Introduction

Huawei S9700 comes in the following models: S9703, S9706, and S9712. In this article, HongTelecom will introduce the Huawei S9706 switches.

S9700 Introduction

The S9700 series core routing switches (S9700 for short) are high-end switches designed for service integration in next-generation campus networks and data centers. Based on Huawei Versatile Routing Platform (VRP), the S9700 switches provide high-performance L2/L3 switching and integrate a range of services, such as MPLS VPN, hardware IPv6, desktop cloud, video conferencing, and wireless access. They also provide a variety of reliability technologies including in-service software upgrade, non-stop forwarding, hardware OAM/BFD, and ring network protection. These improve the network efficiency and maximize the normal operation time, thereby reducing the total cost of ownership (TCO).

The S9700 comes in the following models: S9703, S9706, and S9712. These models support a maximum of 3, 6, and 12 line processing units (LPUs), respectively.

Version Mapping

Table 1 Mapping between the S9706 chassis and software versions
CHASSIS VERSION
S9706 chassis V200R001C00 and later versions
S9706 chassis, FCC certified V200R001C00 and later versions

Appearance and Structure

 NOTE:

The figures in this document are for reference only.

The S9706 chassis is 10 U high (1 U = 44.45 mm). When the chassis has no cable management frame installed, the dimensions are 442 mm x 489 mm x 441.7 mm (W x D x H). When the chassis has cable management frames installed, the dimensions are 442 mm x 585 mm x 441.7 mm (W x D x H). Figure 1 and Figure 2 show the S9706 chassis.

Figure 1 S9706 chassis (front view)

Figure 1 S9706 chassis (front view)

Figure 2 S9706 chassis (rear view)

Figure 2 S9706 chassis (rear view)

 NOTE:

S9706 chassis include FCC-certified chassis or common chassis.

Figure 3 shows the front structure of the S9706 chassis.

Figure 3 S9706 chassis structure (front view)
Figure 3 S9706 chassis structure (front view)
1. Six service cards, including:

  • Value-Added Service Unit
  • Open Service Platform Unit
  • 100M Interface Card
  • 1000M Interface Card
  • GE/10GE Interface Card
  • 10GE Interface Card
  • 40GE Interface Card
  • 40GE/100GE Interface Card
  • 100GE Interface Card
NOTE:

The cards supported by a switch depend on the software version. For details, see Version Requirements for Components.

2. Two MPUs 3. A pair of mounting brackets

NOTE:

The mounting brackets are used to secure the chassis in the cabinet.

4. Four power modules 5. Two EH1D200CMU00-Centralized Monitoring Unit 6. Reserved slot

NOTE:

Install a filler panel in the reserved slot.

7. Front ESD jack

NOTE:

The ground terminal of an ESD wrist strap can be inserted in this jack. The ESD wrist strap can provide ESD protection when the chassis is reliably grounded.

8. Cable management frames

NOTE:

Cable management frames are used to route cables.

Figure 4 shows the rear structure of the S9706 chassis.

Figure 4 S9706 chassis structure (rear view)

Figure 4 S9706 chassis structure (rear view)
1. Two Fan Module 2. Rear ESD jack

NOTE:

The ground terminal of an ESD wrist strap can be inserted in this jack. The ESD wrist strap can provide ESD protection when the chassis is reliably grounded.

3. JG ground terminal

NOTE:

The JG ground terminal is used to ground the chassis.

4. Air filter

NOTE:

The air filter prevents dust from entering the chassis.

5. A pair of removable handles

NOTE:

You can install these handles on two sides of the chassis to lift the chassis.

Slot Configuration on the Chassis

The S9706 chassis provides 6 LPU slots, 2 SRU slots, 2 CMU slots, and 4 power supply slots.

Figure 5 shows the slot layout at the front of the S9706 chassis, and Figure 6 shows the slot layout at the rear of the S9706.

Figure 5 Slot layout on the S9706 chassis (front)
Figure 5 Slot layout on the S9706 chassis (front)
Figure 6 Slot layout on the S9706 chassis (rear)
Figure 6 Slot layout on the S9706 chassis (rear)

Table 2 describes the slot configuration in a chassis.

Table 2 S9706 slot configuration
Slot Type Slot ID Module Supported Remarks
MPU slot SLOT07 and SLOT08 MPUs The SRUs work in active/standby mode.
LPU slot SLOT01 to SLOT06
  • Value-Added Service Unit
  • Open Service Platform Unit
  • 100M Interface Card
  • 1000M Interface Card
  • GE/10GE Interface Card
  • 10GE Interface Card
  • 40GE Interface Card
  • 40GE/100GE Interface Card
  • 100GE Interface Card
NOTE:

The cards supported by a switch depend on the software version. For details, see Version Requirements for Components.

Power slot PWR1 to PWR4 power modules
CMU slot CMU1 and CMU2 EH1D200CMU00 The CMUs work in active/standby mode.
Fan module slot FAN1, FAN2 Fan Module

Power Supply Slot Configuration

 NOTE:

If a switch is running a version prior to V200R010C00, it does not allow mixing of AC and DC power modules or power modules of different power values. If the switch is running V200R010C00 or a later version, it allows mixing of 2200 W AC and DC power modules.

The S9706 provides slots PWR1 to PWR4 for DC or AC power modules, as shown in Slot layout on the S9706 chassis (front).

The S9706 series switches support three redundancy modes of power modules: N+N, N+1, and N+0. The value of N depends on the maximum power actually required by the system. Ensure that the total maximum output power of N power modules (N x maximum output power of each power module) is larger than the maximum power actually required by the system. For example, the maximum power required by the system is 4000 W. If two 2200 W power modules are installed in the chassis, they work in 2+0 mode. If three 2200 W power modules are installed, they work in 2+1 redundancy mode. If four 2200 W power modules are installed, they work in 2+2 redundancy mode. The system can identify the power redundancy mode, and you do not need to manually configure the power redundancy mode. Table 3 describes the three power redundancy modes and the specific redundancy modes supported by the S9706 series switches.

Table 3 Description of power redundancy modes
Redundancy Mode Description Scenario Product Support
N+N

  • System power supply is not affected if no more than N power modules are removed or fail.
  • All the power modules work in load balancing mode.
  • The maximum output power of the system is the total maximum output power of N power modules.
  • N power modules are mandatory, and the other N power modules are optional.
NOTE:

The N+N redundancy mode is often used when two power supply systems are available. In this case, N power modules are mandatory for the first power supply system, and the other N power modules are mandatory for the second power supply system. The use of double power supply systems provides redundancy for both power modules and power supply systems.

1+1, and 2+2 redundancy
N+1

  • System power supply is not affected if one power module is removed or fails.
  • All the power modules work in load balancing mode.
  • The maximum output power of the system is the total maximum output power of N power modules.
  • N power modules are mandatory, and one power module is optional.
The 800 W AC power module is configured for 220 V AC input or 110 V dual-live-wire AC input. 1+1, 2+1, and 3+1 redundancy
  • The 2200 W AC power module is configured for 220 V AC input or 110 V dual-live-wire AC input.
  • The 2200 W DC power module is configured for DC input.
1+1, and 2+1 redundancy
The 800 W AC or 2200 W AC power module is configured for 110 V single-live-wire AC input. 1+1, 2+1, and 3+1 redundancy
N+0 (no redundancy)

  • System power supply is affected once any power module is removed or fails.
  • All the power modules work in load balancing mode.
  • The maximum output power of the system is the total maximum output power of N power modules.
  • N power modules are mandatory, and there are no optional power modules.
The 800 W AC power module is configured for 220 V AC input or 110 V dual-live-wire AC input. 1+0, 2+0, 3+0, and 4+0
  • The 2200 W AC power module is configured for 220 V AC input or 110 V dual-live-wire AC input.
  • The 2200 W DC power module is configured for DC input.
1+0, and 2+0
The 800 W AC or 2200 W AC power module is configured for 110 V single-live-wire AC input. 1+0, 2+0, 3+0, and 4+0
 NOTE:

  • To use the N+N redundancy mode, equally divide the power modules into two groups and connect the two groups of power modules to two independent power supply systems. This configuration provides redundancy of power supply systems to enhance system reliability.
  • To use the N+N redundancy mode, you are advised to install N power modules in the power supply slots at the left side and install the other N power modules in the power supply slots at the right side. Power slots are marked PWR.
  • If the system power consumption exceeds 50% of a single power module’s power, all power modules equally share the power consumption. This reduces the load of a single power module and improves the system reliability.

The power module configuration for an S9706 switch varies according to the power supply environment:

  • If DC power input is provided, configure power modules according to DC power input.
  • If 220 V single-phase AC input or 110 V dual-live-wire AC input is provided, configure power modules according to AC power input (220 V single-phase or 110 V dual-live-wire input).
  • If 110 V single-live-wire AC input is provided, configure power modules according to AC power input (110 V single-live-wire input).

DC power input

Table 4 describes the power module configuration for the S9706 series switches when DC power input is provided.

Table 4 Power module configuration (DC power input)
Power Module Type Redundancy Mode Maximum Output Power
2200 W DC power module N+N A maximum of 4 (2+2) 2200 W DC power modules can be configured, providing a maximum output power of 4400 W.
N+1 A maximum of 3 (2+1) 2200 W DC power modules can be configured, providing a maximum output power of 4400 W.
N+0 (no redundancy) A maximum of 2 (2+0) 2200 W DC power modules can be configured, providing a maximum output power of 4400 W.

AC power input (220 V single-phase or 110 V dual-live-wire input)

 NOTE:

If the input voltage is 110 V, the dual-live-wire input mode is recommended. In this case, the maximum output power of a 2200 W AC power module is 2200 W, and the maximum output power of an 800 W AC power module is 800 W.

Table 5 describes the power module configuration for the S9706 series switches when 220 V single-phase or 110 V dual-live-wire AC power input is provided.

Table 5 Power module configuration (220 V single-phase or 110 V dual-live-wire AC power input)
Power Module Type Redundancy Mode Maximum Output Power
2200 W AC power module N+N A maximum of 4 (2+2) 2200 W AC power modules can be configured, providing a maximum output power of 4400 W.
N+1 A maximum of 3 (2+1) 2200 W AC power modules can be configured, providing a maximum output power of 4400 W.
N+0 (no redundancy) A maximum of 2 (2+0) 2200 W AC power modules can be configured, providing a maximum output power of 4400 W.
800 W AC power module N+N A maximum of 4 (2+2) 800 W AC power modules can be configured, providing a maximum output power of 1600 W.
N+1 A maximum of 4 (3+1) 800 W AC power modules can be configured, providing a maximum output power of 2400 W.
N+0 (no redundancy) A maximum of 4 (4+0) 800 W AC power modules can be configured, providing a maximum output power of 3200 W.

AC power input (110 V single-live-wire input)

 NOTE:

When 110 V single-live-wire AC power input is provided, the maximum output power of a 2200 W AC power module is 1100 W, and the maximum output power of an 800 W AC power module is 400 W. In this case, it is recommended that you use the N+1 or N+0 redundancy mode to increase the maximum output power of the system.

Table 6 describes the power module configuration for the S9706 series switches when 110 V single-live-wire AC power input is provided.

Table 6 Power module configuration (110 V single-live-wire AC power input is provided)
Power Module Type Redundancy Mode Maximum Output Power
2200 W AC power module N+N A maximum of 4 (2+2) 2200 W AC power modules can be configured, providing a maximum output power of 2200 W.
N+1 A maximum of 4 (3+1) 2200 W AC power modules can be configured, providing a maximum output power of 3300 W.
N+0 (no redundancy) A maximum of 4 (4+0) 2200 W AC power modules can be configured, providing a maximum output power of 4400 W.
800 W AC power module N+N A maximum of 4 (2+2) 800 W AC power modules can be configured, providing a maximum output power of 800 W.
N+1 A maximum of 4 (3+1) 800 W AC power modules can be configured, providing a maximum output power of 1200 W.
N+0 (no redundancy) A maximum of 4 (4+0) 800 W AC power modules can be configured, providing a maximum output power of 1600 W.

Heat Dissipation

 NOTE:

It is recommended that you replace the air filter of a device every six months.

The S9706 cooling system consists of fan modules and air filters. A fan module is located behind the air exhaust vent (rear of the chassis), and an air filter is located outside the air intake vent (left side of the chassis).

  • The S9706 has two fan modules respectively, located at the rear of the chassis. The fan modules absorb cold air into the chassis to dissipate heat generated by working components, ensuring that the chassis operates within a normal temperature range. For details about the performance and attributes of a fan module, see Fan Module.
  • The air filter prevents dust from entering the chassis with airflow.

The S9706 chassis are divided into multiple zones. If there are empty slots in a zone, the fans corresponding to that zone operate at a low speed, which reduces power consumption and noise.

As shown in Figure 7, two fan modules of the S9706 serve two zones, with four cards in each zone.

Figure 7 S9706 fan zones
Figure 7 S9706 fan zones

Airflow

The S9706 chassis uses a left-to-back airflow design. Cold air is absorbed into the chassis from the left side, dissipates heat in the chassis, and is exhausted from the rear of the chassis. Figure 8 shows the airflow in the chassis.

Figure 8 Airflow in the chassis
Figure 8 Airflow in the chassis

Air Filter

 NOTE:

The switches may use honeycomb air filters or non-honeycomb air filters. The switches with honeycomb air filters installed in all air filter slots comply with Federal Communications Commission (FCC) standards.

The S9706 uses sponge air filters or honeycomb air filters. An FCC-certified chassis must use honeycomb air filters. Figure 9 shows a sponge air filter, and Figure 10 shows a honeycomb air filter.

Figure 9 Sponge air filter
Figure 9 Sponge air filter_S9306
Figure 10 Honeycomb air filter
Figure 10 Honeycomb air filter_S9306

Specifications

Item Description
Table 7 S9706 chassis specifications
Item Description
LPU slots 6
MCU slots 2
Fan slots 2
Power slots 4
Maximum port density

  • V200R001C00: 288xFE, 288xGE, 240x10GE
  • V200R002C00 and V200R003C00: 288xFE, 288xGE, 240x10GE, 48x40GE
  • V200R005C00 to V200R007C10: 288xFE, 288xGE, 288x10GE, 48x40GE
  • V200R008C00 to V200R009C00: 288xFE, 288xGE, 288x10GE, 48x40GE, 12x100GE
  • V200R010C00 and later versions: 288xFE, 288xGE, 288x10GE, 48x40GE, 24x100GE
Installation In an N66E or N68E cabinet, one or two chassis in a cabinet
CSS Service port or CSS card clustering
Maximum power consumption (fully loaded)

NOTE:

The heat dissipation value of a chassis equals the current power consumption of the chassis.
2400 W
Power specifications
  • DC input voltageRated voltage: -48 V DC/-60 V DC

    Maximum voltage range: -40 V DC to -72 V DC

  • AC input voltageRated voltage: 110 V AC/220 V AC, 50/60 Hz

    Maximum voltage range: 90 V AC to 290 V AC; 47 Hz to 63 Hz (The output power reduces to half of the maximum output when the input voltage is in the range of 90 V AC to 175 V AC.)

Dimensions (W x D x H, excluding rack-mounting brackets)

  • With cable management frames: 442 mm x 585 mm x 441.7 mm (17.4 in. x 23.0 in. x 17.39 in. (10 U))
  • Without cable management frames: 442 mm x 489 mm x 441.7 mm (17.4 in. x 19.3 in. x 17.39 in. (10 U))
Weight (empty/fully loaded) 29 kg/75.8 kg (63.9 lb/167.1 lb)
Reliability and availability
  • Mean time between failures (MTBF): 24.2 years
  • Mean time to repair (MTTR): 52 minutes
  • Availability: 0.9999959
NOTE:

The preceding values are calculated based on the typical configuration of the product. The actual values will vary depending on the modules configured in the equipment.

Environment parameters
  • Operating temperature and altitude:-60 m to +1800 m (197 ft. to 5906 ft.): 0°C to 45°C (32°F to 113°F)

    1800 m to 4000 m (5906 ft. to 13123 ft.): Operating temperature decreases by 1°C (1.8°F) every time the altitude increases 220 m (722 ft.).

    4000 m (13123 ft.): 0°C to 35°C (32°F to 95°F)

  • Operating relative humidity: 5% RH to 95% RH (noncondensing)
  • Storage temperature: -40°C to +70°C (-40°F to +158°F)
  • Storage altitude: < 5000 m (16404 ft.)
  • Storage relative humidity: 5% RH to 95% RH (noncondensing)
Noise at normal temperature (acoustic power)

≤ 72 dB(A)

Certification
  • EMC certification
  • Safety certification
  • Manufacturing certification
Part Number
  • S9706 chassis: 02113548
  • S9706 chassis, FCC certified: 02113612

About Us

As a world leading Huawei networking products supplier, Hong Telecom Equipment Service LTD(HongTelecom) keeps regular stock of Huawei router and switch and all cards at very good price, also HongTelecom ship to worldwide with very fast delivery.

For related articles, visit the HongTelecom Blog and HongTelecom WordPress.
For real pictures of related product, visit the HongTelecom Gallery.
To buy related product, visit the HongTelecom Online Shop.

何诗名片

Example for Configuring Egress Devices on Small- and Medium-Sized Campus or Branch Networks

Huawei Campus Switch includes S1700, S2300, S2700, S3300, S3700, S5300, S5700, S600-E, S6300, S6700, S7700, S7900, S9300, S9300X, S9700, S12700 Series. In this article, HongTelecom will introduce the Example for Configuring Egress Devices on Small- and Medium-Sized Campus or Branch Networks for Huawei S7700/S9700 Switch.

Example for Configuring Egress Devices on Small- and Medium-Sized Campus or Branch Networks

Overview

A campus network egress is often located between an enterprise’s internal network and external network to provide the only ingress and egress for data traffic between the internal and external networks. Small- and medium-scale enterprises want to deploy multiple types of services on the same device to reduce initial investment on enterprise network construction and long-term O&M cost. Enterprise network users require access to the Internet and virtual private networks (VPNs). To reduce network construction and maintenance costs, small- and medium-scale enterprises often lease the Internet links of carriers to build VPNs. Some campus networks requiring high reliability often deploy two egress routers to implement device-level reliability and use reliability techniques such as link aggregation, Virtual Router Redundancy Protocol (VRRP), and active and standby routes to ensure campus network egress reliability. Huawei AR series routers can be used as egress devices and work with Huawei S series switches to provide a cost-effective network solution for small- and medium-scale campus networks. Campus network egress devices must provide the following functions:

  • Provide the network address translation (NAT) outbound and NAT server functions to translate between private and public network addresses, so that internal users can access the Internet and Internet users can access internal servers.
  • Support the construction of VPNs through the Internet so that branches of the enterprise can communicate over VPNs.
  • Encrypt data to protect data integrity and confidentiality, ensuring service transmission security.
  • Egress devices of small- and medium-scale campus networks must be reliable, secure, low-cost, and easy to maintain.

Configuration Notes

This configuration example:

  • Applies to small- and medium-sized enterprise campus/branch egress solutions.
  • Provides only the enterprise network egress configuration. For the internal network configuration, see “Small- and Mid-Sized Campus Networks” in the HUAWEI S Series Campus Switches Quick Configuration.
  • Uses S series switches running V200R008 and AR series routers running V200R003.

Networking Requirements

The headquarters and branch of an enterprise are located in different cities and far from each other. The headquarters has two departments (A and B), and the branch has only one department. A cross-regional enterprise campus network needs to be constructed to meet the following requirements:

  • Both users in the headquarters and branch have access to the Internet. In the headquarters, users in Department A can access the Internet, but users in Department B are not allowed to access the Internet. In the branch, all users can access the Internet.
  • The headquarters has a web server to provide WWW service so that external users can access the internal server.
  • The headquarters and branch need to communicate through VPNs over the Internet and communication contents must be protected.
  • The headquarters’ campus network egress requires link-level reliability and device-level reliability.
  • The branch does not need high reliability.

A comprehensive configuration solution, as shown in Figure 1, is provided to meet the preceding requirements. The solution adopts a multi-layer, modular, redundant, and secure design and applies to small- and medium-scale enterprise or branch campus networks.

Solution Overview

  • Deploy Huawei S2700&S3700 switches (ACC1, ACC2, and SwitchA) at the access layer, deploy Huawei S5700 switches (CORE) at the core layer, and deploy Huawei AR3200 routers (RouterA, RouterB, and RouterC) at the campus network egress.
  • In the headquarters, use redundancy between two AR egress routers (RouterA and RouterB) to ensure device-level reliability. In the branch, deploy one AR router as the egress router.
  • In the headquarters, set up a stack (CORE) between two S5700 core switches to ensure device-level reliability.
  • In the headquarters, deploy Eth-Trunks between access switches, the CORE, and egress routers to ensure link-level reliability.
  • In the headquarters, assign a VLAN to each department and transmit services between departments at Layer 3 through VLANIF interfaces of the CORE.
  • Use the CORE of the headquarters as the gateway for users and servers, and deploy a DHCP server to assign IP addresses to users.
  • Deploy the gateway for branch users on the egress router.
  • Deploy VRRP between the two egress routers of the headquarters to ensure reliability.
  • Construct an Internet Protocol Security (IPSec) VPN between the headquarters and branch over the Internet to enable communication while ensuring data transmission security.
  • Deploy Open Shortest Path First (OSPF) between the two egress routers and CORE of the headquarters to advertise user routes for future capacity expansion and maintenance.

Configuration Roadmap

The configuration roadmap is as follows:

  1. Deploy the headquarters and branch campus networks.In the headquarters, deploy a stack and link aggregation, configure VLANs and IP addresses for interfaces, and deploy a DHCP server to allow users in the headquarters campus network to communicate. Users within a department communicate at Layer 2 through access switches, and users in different departments communicate at Layer 3 through the VLANIF interfaces of the CORE.

    In the branch, configure VLANs and IP addresses for interfaces on access switches and egress routers, and deploy a DHCP server to allow users in the branch campus network to communicate.

  2. Deploy VRRP.To ensure reliability between the CORE and two egress routers of the headquarters, deploy VRRP between the two egress routers so that VRRP heartbeat packets are exchanged through the CORE. Configure RouterA as the master device and RouterB as the backup device.

    To prevent service interruption in the case of an uplink failure on RouterA, associate the VRRP status with the uplink interface of RouterA. The association ensures a fast VRRP switchover when the uplink fails.

  3. Deploy routes.To steer uplink traffic of devices, configure a default route with the VRRP virtual address as the next hop on the CORE of the headquarters, and configure a default route on each egress router of the headquarters and branch, with the next hop pointing to the IP address of the connected carrier network device (public network gateway address).

    To steer the return traffic of two egress routers of the headquarters, configure OSPF between the two egress routers and CORE, and advertise all user network segments on the CORE into OSPF and then to the two egress routers.

    On RouterD, to steer traffic generated by access to the web server from external networks, configure two static routes of which the destination address is the public network address of the web server and next-hop addresses are uplink interface addresses of the two egress routers. To ensure simultaneous route switchover and VRRP switchover, set the route with next hop pointing to RouterA as the preferred one. When this route fails, the route with next hop pointing to RouterB takes effect.

  4. Configure NAT outbound.To enable internal users to access the Internet, configure NAT on the uplink interfaces of the two egress routers for translation between private network addresses and public network addresses. Use an ACL to permit the source IP address of packets from Department A so that users in Department A can access the Internet while users in Department B cannot.
  5. Configure a NAT server.To enable external users to access the internal web server, configure a NAT server on the uplink interfaces of the two egress routers to translate between the public and private network addresses of the server.
  6. Deploy IPSec VPN.To enable users in the headquarters and branch to communicate through a VPN, configure IPSec VPN between the egress routers of the headquarters and branch for secure communication.
 NOTE:

For the enterprise internal network configuration, see “Small- and Mid-Sized Campus Networks” in the HUAWEI S Series Campus Switches Quick Configuration.

Data Plan

Table 1, Table 2, and Table 3 provide the data plan.

Table 1 Data plan for link aggregation of interfaces
DEVICE LAG INTERFACE PHYSICAL INTERFACE
RouterA Eth-Trunk1 GE2/0/0GE2/0/1
RouterB Eth-Trunk1 GE2/0/0GE2/0/1
CORE Eth-Trunk1 GE0/0/1GE1/0/1
Eth-Trunk2 GE0/0/2GE1/0/2
Eth-Trunk3 GE0/0/3GE1/0/3
Eth-Trunk4 GE0/0/4GE1/0/4
ACC1 Eth-Trunk1 GE0/0/1GE0/0/2
ACC2 Eth-Trunk1 GE0/0/1GE0/0/2
 NOTE:

All Eth-Trunk interfaces work in Link Aggregation Control Protocol (LACP) mode.

Table 2 VLAN plan
DEVICE DATA REMARKS
RouterA Eth-Trunk1.100: Configure a dot1q termination sub-interface to terminate packets of VLAN 100. Connects to the CORE of the headquarters.
RouterB Eth-Trunk1.100: Configure a dot1q termination sub-interface to terminate packets of VLAN 100. Connects to the CORE of the headquarters.
CORE Eth-Trunk1: a trunk interface that transparently transmits packets of VLAN 10. Connects to department A of the headquarters.
Eth-Trunk2: a trunk interface that transparently transmits packets of VLAN 20. Connects to department B of the headquarters.
GE0/0/5: an access interface with VLAN 30 as the default VLAN. Connects to the web server of the headquarters.
Eth-Trunk3: a trunk interface that transparently transmits packets of VLAN 100. Connects to RouterA of the headquarters.
Eth-Trunk4: a trunk interface that transparently transmits packets of VLAN 100. Connects to RouterB of the headquarters.
ACC1 Eth-Trunk1: a trunk interface that transparently transmits packets of VLAN 10. Connects to the CORE of the headquarters.
Ethernet0/0/2: an access interface with VLAN 10 as the default VLAN. Connects to PC1 in department A.
ACC2 Eth-Trunk1: a trunk interface that transparently transmits packets of VLAN 20. Connects to the CORE of the headquarters.
Ethernet0/0/2: an access interface with VLAN 20 as the default VLAN. Connects to PC3 in department B.
RouterC GE2/0/0.200: Configure a dot1q termination sub-interface to terminate packets of VLAN 200. Connects to SwitchA (access switch) of the branch.
SwitchA GE0/0/1: a trunk interface that transparently transmits packets of VLAN 200. Connects to RouterC (egress router) of the branch.
Ethernet0/0/2: an access interface with VLAN 200 as the default VLAN. Connects to PC5 in the branch.

Table 3 IP address plan
DEVICE DATA REMARKS
RouterA GE1/0/0: 202.10.1.2/24Eth-Trunk1.100: 10.10.100.2/24 GE1/0/0 connects to the carrier network.Eth-Trunk1.100 connects to the CORE of the headquarters.
RouterB GE1/0/0: 202.10.2.2/24Eth-Trunk1.100: 10.10.100.3/24
CORE VLANIF 10: 10.10.10.1/24VLANIF 20: 10.10.20.1/24

VLANIF 30: 10.10.30.1/24

VLANIF 100: 10.10.100.4/24

VLANIF 10 functions as the user gateway of department A.VLANIF 20 functions as the user gateway of department B.

VLANIF 30 functions as the gateway of the web server.

VLANIF 100 connects to egress routers.

Web server IP address: 10.10.30.2/24Default gateway: 10.10.30.1 Public network IP address translated by the NAT server: 202.10.100.3
PC1 IP address: 10.10.10.2/24Default gateway: 10.10.10.1 IP address 10.10.10.2/24 is allocated to the PC through DHCP in this example.
PC3 IP address: 10.10.20.2/24Default gateway: 10.10.20.1 IP address 10.10.20.2/24 is allocated to the PC through DHCP in this example.
RouterD InterfaceB: interface number GigabitEthernet1/0/0 and IP address 202.10.1.1/24InterfaceC: interface number GigabitEthernet2/0/0 and IP address 202.10.2.1/24 RouterD is a carrier network device. The interface number used here is an example. When configuring a device, use the actual interface number.
RouterE InterfaceA: interface number GigabitEthernet1/0/0 and IP address 203.10.1.1/24 RouterE is a carrier network device. The interface number used here is an example. When configuring a device, use the actual interface number.
RouterC GE1/0/0: 203.10.1.2/24GE2/0/0.200: 10.10.200.1/24
PC5 IP address: 10.10.200.2/24Default gateway: 10.10.200.1 IP address 10.10.200.2/24 is allocated to the PC through DHCP in this example.

 

About Us

As a world leading Huawei networking products supplier, Hong Telecom Equipment Service LTD(HongTelecom) keeps regular stock of Huawei router and switch and all cards at very good price, also HongTelecom ship to worldwide with very fast delivery.

For related articles, visit the HongTelecom Blog and HongTelecom WordPress.
For real pictures of related product, visit the HongTelecom Gallery.
To buy related product, visit the HongTelecom Online Shop.

何诗名片

MQC for Huawei S7700/S9700 Switch

Huawei Campus Switch includes S1700, S2300, S2700, S3300, S3700, S5300, S5700, S600-E, S6300, S6700, S7700, S7900, S9300, S9300X, S9700, S12700 Series. In this article, HongTelecom will introduce the MQC for Huawei S7700/S9700 Switch.

MQC

Involved Network Elements

Other network elements are not required.

Licensing Requirements

MQC is a basic feature of the switch and is not under license control.

Version Requirements

Table 1 describes the products and versions supporting MQC.

Table 1 Products and versions supporting MQC
PRODUCT PRODUCT MODEL SOFTWARE VERSION
S7700 S7703, S7706, and S7712 V100R003C01, V100R006C00, V200R001(C00&C01), V200R002C00, V200R003C00, V200R005C00, V200R006C00, V200R007C00, V200R008C00, V200R009C00, V200R010C00, V200R011C10, V200R012C00
S9700 S9703, S9706, and S9712 V200R001(C00&C01), V200R002C00, V200R003C00, V200R005C00, V200R006C00, V200R007(C00&C10), V200R008C00, V200R009C00, V200R010C00, V200R011C10, V200R012C00
 NOTE:

For details about software mappings, visit Hardware Query Tool and search for the desired product model.

Feature Limitations

  • Table 2 describes the specifications of MQC.

    Table 2 Specifications of MQC
    ITEM SPECIFICATION
    Maximum number of traffic classifiers
    • Versions earlier than V100R006: 255
    • V100R006 to V200R002: 256
    • V200R003 and later versions: 512
    Maximum number of if-match rules in a traffic classifier 2048
    Maximum number of traffic behaviors 256
    Maximum number of traffic policies 256
    Maximum number of traffic classifiers bound to a traffic policy 256
  • Applying a traffic policy consumes ACL resources. If ACL resources are insufficient, the traffic policy will fail to be applied. Assume that an if-match rule in a traffic policy occupies one ACL. When the traffic policy is applied to M interfaces, M ACLs are occupied. When the traffic policy is applied to L VLANs on a switch with N LPUs, L*N ACLs are occupied. When the traffic policy is applied to the system on a switch with N LPUs, N ACLs are occupied. Table 3 describes the ACL resource usage of if-match rules.

    Table 3 ACLs occupied by traffic classification rules
    TRAFFIC CLASSIFICATION RULE ACL RESOURCE USAGE
    if-match vlan-id start-vlan-id [ to end-vlan-id ] [ cvlan-id cvlan-id ]if-match cvlan-id start-vlan-id [ to end-vlan-id ] [ vlan-id vlan-id ] Rules are delivered according to the VLAN ID range and multiple ACLs are occupied. You can run the display acl division start-id to end-id command to check how ACL resources are used in a specified VLAN range.
    if-match acl { acl-number | acl-name }if-match ipv6 acl { acl-number | acl-name } Uplink: When the range resources are exhausted, rules containing range port-start port-end are delivered and multiple ACLs are occupied. Each rule containing tcp-flag established occupies two ACLs. (The ACL resource usage on X series cards is similar to that in the downlink direction.)Downlink: Rules containing range port-start port-end are delivered according to the port number range, and multiple ACLs are occupied. In other situations, one rule occupies one ACL. You can run the display acl division start-id to end-id command to check how ACL resources are used in a specified port number range.
    Other if-match rules Each rule occupies one ACL.
  • A traffic policy can be applied to the system, a VLAN, an SSID profile, or an interface. When a traffic policy needs to be applied in multiple views, apply the traffic policy in the interface view/SSID profile view, VLAN view, and system view in sequence. If the switch supports the SSID profile view and different interface views, apply the traffic policy in the VLANIF interface view, WLAN-ESS interface view/SSID profile view, sub-interface view of physical interfaces/Eth-Trunk sub-interface view, and physical interface view/Eth-Trunk interface view/port group view in sequence.
  • When packets match multiple traffic policies, the following rules apply:
    • If traffic classification rules in the traffic policies are of the same type, only one traffic policy takes effect. The precedence of the traffic policies depends on the objects to which they are applied: interface/SSID profile > VLAN > system. That is, the traffic policy applied to an interface has the highest priority, whereas the traffic policy applied to the system has the lowest priority. If the traffic policies are applied to an SSID profile and different interfaces, the precedence of the traffic policies is as follows: VLANIF interface > WLAN-ESS interface/SSID profile > sub-interface of physical interface/Eth-Trunk sub-interface > physical interface/Eth-Trunk interface/port group. When different traffic policies are applied in the same view, the precedence of the policies depends on the configuration sequence.
    • For the X series cards: If traffic classification rules in the traffic policies are of different types, only one traffic policy takes effect. The precedence of the traffic policies depends on the objects to which they are applied: interface > VLAN > system. That is, the traffic policy applied to an interface has the highest priority, whereas the traffic policy applied to the system has the lowest priority. If traffic policies are applied to the same object, the traffic policy that contains the traffic classifier with the highest priority takes effect.
    • For other cards except the X series cards: If traffic classification rules in the traffic policies are of different types and the actions do not conflict, all the traffic policies take effect. If actions conflict, the precedence of the traffic policies depends on the precedence of rules in the policies: Layer 2 rule + Layer 3 rule > advanced ACL6 rule > basic ACL6 rule > Layer 3 rule > Layer 2 rule > user-defined ACL rule.

    You are advised to configure traffic policies in descending order of priority; otherwise, traffic policies may not take effect immediately. For details about traffic classification rules, see “Overview of MQC”.

  • If an MQC-based traffic policy and an ACL-based simplified traffic policy matching the same ACL are applied to the same object, the ACL-based simplified traffic policy takes effect.
  • If the ACL rule matches the VPN instance name of packets, the ACL-based traffic policy fails to be delivered.
  • If a traffic policy fails to be applied due to insufficient ACL resources on the switch, you are advised to delete the configuration of the traffic policy. Otherwise, if the configuration is saved and the switch is restarted, configuration of other services that run properly will fail to be restored.
  • If the traffic policy that you want to delete has been applied to the system, an interface, or a VLAN, run the undo traffic-policy command to unbind the traffic policy. Then run the undo traffic policy command in the system view to delete the traffic policy. The traffic policy that is not applied can be deleted directly.
  • On switches in a version earlier than V200R009C00, a traffic policy cannot be applied to a VLANIF interface.

About Us

As a world leading Huawei networking products supplier, Hong Telecom Equipment Service LTD(HongTelecom) keeps regular stock of Huawei router and switch and all cards at very good price, also HongTelecom ship to worldwide with very fast delivery.

For related articles, visit the HongTelecom Blog and HongTelecom WordPress.
For real pictures of related product, visit the HongTelecom Gallery.
To buy related product, visit the HongTelecom Online Shop.

何诗名片

Static VXLAN deployment for Huawei S7700/S9700 Switch

Huawei Campus Switch includes S1700, S2300, S2700, S3300, S3700, S5300, S5700, S600-E, S6300, S6700, S7700, S7900, S9300, S9300X, S9700, S12700 Series. In this article, HongTelecom will introduce the Static VXLAN deployment for Huawei S7700/S9700 Switch.

VXLAN

Involved Network Elements

Other network elements are not required.

Licensing Requirements

Static VXLAN deployment is a basic feature of a switch and is not under license control. The distributed VXLAN gateway and BGP EVPN functions are enhanced VXLAN functions under license control. To use an enhanced VXLAN function, apply for and purchase the required license from the device dealer.

The BGP EVPN-control license does not control route exchanges between devices. However, it regulates the status of the VXLAN tunnel established using BGP EVPN. If the license is not loaded or is invalid, no VXLAN tunnel can be established using BGP EVPN.

For details about how to apply for a license, see Applying for Licenses in the S7700 and S9700 Series Switches License Usage Guide.

Version Requirements

Table 1 Products and versions supporting VXLAN
SERIES PRODUCT MINIMUM VERSION REQUIRED
S7700 S7703 Not supported
S7706 and S7712 V200R011C10, V200R012C00
S9700 S9703, S9706, and S9712 Not supported
 NOTE:

For details about software mappings, visit Hardware Query Tool and search for the desired product model.

Feature Limitations

Only the switches using SRUE, or SRUH main control units support VXLAN.

On a VXLAN network, interfaces can be classified into access-side interfaces and tunnel-side interfaces based on their locations.

  • Access-side interface: is used to connect a traditional network to a VXLAN network. The switch can provide VXLAN network access based on VLANs or traffic encapsulation types. For access based on a VLAN, the access-side interface is a member interface of the VLAN on a switch. For access based on a traffic encapsulation type, the access-side interface is the interface configured with the traffic encapsulation type.
  • Tunnel-side interface: forwards VXLAN packets to a VXLAN tunnel. After VXLAN encapsulation is performed on a switch, the interface performs route iteration based on the destination IP address (IP address of the remote end of the VXLAN tunnel) in the packets. For example, check the VXLAN tunnel and routing table information on the switch. The destination address of the VXLAN tunnel is 10.1.1.1, and the outbound interface of the route whose destination IP address is 10.1.1.1 is GE1/0/1. Therefore, the tunnel-side interface is GE1/0/1.

When a switch functions as a VXLAN tunnel endpoint (VTEP) on a VXLAN network, there must be a tunnel-side interface. Therefore, a card that supports tunnel-side interfaces must be installed on the switch and the tunnel-side interface must reside on the card. Only the interfaces on the X series cards can function as tunnel-side interfaces. If both access-side interfaces and tunnel-side interfaces exist, the cards providing access-side interfaces and those providing tunnel-side interfaces must meet the following mapping requirements:

ACCESS-SIDE TUNNEL-SIDE REMARKS
X series card X series card In this networking scenario, if an inter-card Eth-Trunk is deployed on the tunnel-side, all Eth-Trunk member interfaces must be able to work as tunnel interfaces. Otherwise, VXLAN packets cannot be forwarded on the Eth-Trunk functioning as a tunnel-side interface.
EA or EC series card X series card
  • In this networking scenario, if an inter-card Eth-Trunk is deployed on the tunnel-side, all Eth-Trunk member interfaces must be able to work as tunnel interfaces. Otherwise, VXLAN packets cannot be forwarded on the Eth-Trunk functioning as a tunnel-side interface.
  • In this networking scenario, the card on the access-side cannot function as a VXLAN Layer 3 gateway, and therefore cannot forward user-sent traffic that needs to be routed over VXLAN Layer 3.
  • In this networking scenario, if the access-side interface is also used as an inbound interface of multicast flows, multicast data cannot be forwarded properly.
B, F, SC, EE series card of the S7700 X series card
Be aware of the following when deploying the access-side of VXLAN on the switch:

  • When the encapsulation type of a VXLAN Layer 2 sub-interface is qinq or dot1q, the role of a switch in the VCMP domain cannot be client. Run the vcmp role { server | silent | transparent } command to set the switch to another role or run the vcmp disable command to disable VCMP on the interface.
  • The TPID value for the outer VLAN tag of QinQ packets configured on a VXLAN access-side interface does not take effect on packets entering the VXLAN network.
  • If the VXLAN access-side interface is a Layer 2 sub-interface and its encapsulation type is default, it can only communicate with a Layer 2 sub-interface of the encapsulation type default.
Be aware of the following when deploying the tunnel-side of VXLAN on the switch:

  • The switch does not support VXLAN over MPLS LSP tunnel. If VXLAN packets received from a peer are encapsulated by MPLS, the VTEP fails to decapsulate the packets.
  • The switch does not support VXLAN over GRE tunnel. If VXLAN packets received from a peer are encapsulated by GRE, the VTEP fails to decapsulate the packets.
  • If a VXLAN Network Identifier (VNI) has been created on the switch but not bound to VXLAN tunnels, the switch can still encapsulate and decapsulate VXLAN packets received from peers. However, the virtual tunnel end point (VTEP) access service is implemented in only one direction, but service transmission is abnormal.
  • The maximum transmission unit (MTU) determines the maximum number of bytes that can be sent by a device at a time. When a packet enters a VXLAN tunnel, 50 bytes are added to the packet. The switch importing traffic to a VXLAN tunnel cannot fragment packets. Instead, it normally forwards the packet even if the packet size exceeds the interface MTU.
Be aware of the following when deploying VXLAN on the switch in other situations:

  • If a card fails to deliver entries during the VXLAN tunnel establishment due to a hash conflict, the alarm ADPVXLAN_1.3.6.1.4.1.2011.5.25.227.2.1.42 hwVxlanTnlCfgFailed is triggered. To solve the problem, you are advised to adjust VNI IDs and re-configure VXLAN tunnels.
  • In V200R011C10, when an inter-card Eth-Trunk interface is created, it is recommended that you do not bind different Layer 2 VXLAN sub-interfaces of the Eth-Trunk interface to the same BD. Otherwise, Layer 2 unicast services may fail to be forwarded between the Layer 2 sub-interfaces. In addition, you are not advised to configure the Eth-Trunk interface at the tunnel side and the access side simultaneously in this scenario. Otherwise, Layer 2 unicast services may fail to be forwarded between the tunnel side and the access side.
  • In a distributed VXLAN gateway scenario, VXLAN Layer 2 wireless user roaming is supported if the user access VLANs and BD domains of the user access devices are consistent before and after user roaming.
  • In VXLAN scenarios, do not advertise routes destined for the local VTEP address to the peer end of a VXLAN tunnel through a VBDIF interface during route configuration. Otherwise, the next hop of the remote VTEP address of the VXLAN tunnel may be the VBDIF interface on the ingress of the tunnel, causing a loop on the device.
  • If the DHCP relay function is to be deployed in a distributed VXLAN gateway scenario, fixed switches are generally used as aggregation switches. The aggregation switches are configured as distributed VXLAN gateways on which the DHCP relay function is deployed. As routes are randomly selected for load balancing, response packets sent by the DHCP server may be centrally sent to a single user gateway for relay. If the number of BDs is too small or users are unevenly distributed in BDs, the DHCP server may send a large number of response packets to a gateway. As a result, the rate of received packets exceeds the CAR value on the gateway, affecting the rate at which users obtain IP addresses. Therefore, you are advised to take the following measures when there are too many users:

    • In a distributed VXLAN gateway scenario, the rate of concurrent online users (including wired and wireless users) on each aggregation switch depends on the number of aggregation switches. As the number of aggregation switches increases, the rate of concurrent online users on each aggregation switch decreases linearly. The following table provides sample data to describe the maximum rate of concurrent online users on each aggregation switch (S5730HI or S6720HI) with different numbers of aggregation switches.

      NUMBER OF AGGREGATION SWITCHES MAXIMUM RATE OF CONCURRENT ONLINE USERS ON EACH AGGREGATION SWITCH
      Less than or equal to 30 Not limited
      32 25 users per second
      48 15 users per second
      64 5 users per second

      If the S5720HI, S6720EI, or S6720S-EI switches are used as aggregation switches, users on an S5720HI include both wired and wireless users, and users on an S6720EI or S6720S-EI include only wired users. The maximum rate of concurrent online users on each S6720EI or S6720S-EI is 5 users per second.

      To ensure that the user online rate meets the preceding requirements, you can configure the CAR value for packets of the dhcp-server type on aggregation switches. When configuring the CAR value for packets of the dhcp-server type, obey the following formula between the value of cir_value (committed information rate) and the rate of concurrent online users: Rate of concurrent online users = cir_value x 1024/400/8. Assume that the rate of concurrent online users is 5 users per second. The value of cir_value is then calculated as 16, and the DHCP rate limit is configured as follows:

      <HUAWEI> system-view
      [HUAWEI] cpu-defend-policy policy1
      [HUAWEI-cpu-defend-policy-policy1] car packet-type dhcp-server cir 16
      [HUAWEI-cpu-defend-policy-policy1] quit
      [HUAWEI] cpu-defend-policy policy1
      [HUAWEI] cpu-defend-policy policy1 global
      
    • Run the car packet-type packet-type cir cir-value [ cbs cbs-value ] command to increase the CAR value for packets with the packet type being dhcp-client. You can run the display cpu-defend configuration command to view the CAR value for packets. Improper CAR settings affect services on your network. If you need to adjust CAR settings, you are advised to contact technical support personnel for help.
    • Allocate users to different BDs evenly and ensure that the number of BDs is not less than the number of gateway devices. This configuration increases the number of routes involved in route selection, so that the response packets sent by the DHCP server are evenly load balanced among distributed gateway devices.
    • During configuration planning, allocate users to different BDs evenly if possible. The VLAN pool mode is recommended for wireless users, and the number of associated VLANs in each BD must be the same. In this way, users are allocated to different BDs evenly.
    • When planning the IP addresses of distributed gateways, use the first IP addresses of contiguous address segments if possible. This increases the dispersion of hash calculation results during load balancing.
  • When the DHCP relay function is configured on distributed gateways in a distributed VXLAN gateway scenario, you need to run the auto-port-defend whitelist whitelist-number interfaceinterface-type interface-number command to add the tunnel-side interface to the whitelist for port attack defense.

About Us

As a world leading Huawei networking products supplier, Hong Telecom Equipment Service LTD(HongTelecom) keeps regular stock of Huawei router and switch and all cards at very good price, also HongTelecom ship to worldwide with very fast delivery.

For related articles, visit the HongTelecom Blog and HongTelecom WordPress.
For real pictures of related product, visit the HongTelecom Gallery.
To buy related product, visit the HongTelecom Online Shop.

何诗名片

Link Aggregation of Ethernet Switching for Huawei S7700/S9700 Switch

Huawei Campus Switch includes S1700, S2300, S2700, S3300, S3700, S5300, S5700, S600-E, S6300, S6700, S7700, S7900, S9300, S9300X, S9700, S12700 Series. In this article, HongTelecom will introduce the Link Aggregation of Ethernet Switching for Huawei S7700/S9700 Switch.

Link Aggregation

Involved Network Elements

Other network elements are not required.

Licensing Requirements

Ethernet link aggregation is a basic feature of a switch and is not under license control.

Version Requirements

Table 1 Products and versions supporting link aggregation
PRODUCT PRODUCT MODEL SOFTWARE VERSION
S7700 S7703, S7706, S7712 V100R003C01, V100R006C00, V200R001(C00&C01), V200R002C00, V200R003C00, V200R005C00, V200R006C00, V200R007C00, V200R008C00, V200R009C00, V200R010C00, V200R011C10, V200R012C00
S9700 S9703, S9706, S9712 V200R001(C00&C01), V200R002C00, V200R003C00, V200R005C00, V200R006C00, V200R007(C00&C10), V200R008C00, V200R009C00, V200R010C00, V200R011C10, V200R012C00
 NOTE:

For details about software mappings, visit Hardware Query Tool and search for the desired product model.

Feature Limitations

Configuration Notes Before an Eth-Trunk Is Configured

  • You can run the assign trunk { trunk-group group-number | trunk-member member-number }* command to configure the maximum number of Eth-Trunks and maximum number of member interfaces in each Eth-Trunk only when cards with Eth-Trunk specification extension are installed on the switch. For details, see the description of the assign trunk command in “Ethernet Switching Configuration Commands” in the Command Reference of the corresponding version. After the configuration, you can run the display trunk configuration command to check the default specifications of the maximum number of Eth-Trunks that are supported and maximum number of member interfaces in each Eth-Trunk, current specifications, and configured specifications.

    NOTE:

    • If cards without Eth-Trunk specification extension are installed on the switch, this command cannot be run to change the maximum number of Eth-Trunks that are supported and maximum number of member interfaces in each Eth-Trunk. In this case, the switch supports a maximum of 128 Eth-Trunks with each Eth-Trunk supporting a maximum of eight member interfaces in each Eth-Trunk.
    • Cards are classified into cards with and without Eth-Trunk specification extension depending on the support for the assign trunk command. Cards with Eth-Trunk specification extension are as follows and other cards do not support Eth-Trunk specification extension:
      • S7700: FC series, SC series, EE series, and X series cards
      • S9700: FC series, SC series, EE series, X series, ET1D2X48SEC0, and EH1D2X48SEC0 cards
  • Member interfaces cannot be configured with some services or static MAC address entries. For example, when an interface is added to an Eth-Trunk, the interface must use the default link type.
  • Do not configure any member port of an Eth-Trunk as an observing port. If you must do so, ensure that the bandwidth of service traffic on this port and the bandwidth occupied by the mirrored traffic do not exceed the bandwidth limit of the port.
  • Member interfaces of an Eth-Trunk cannot be an Eth-Trunk.
  • In versions earlier than V200R011C10, interfaces with different rates cannot join the same Eth-Trunk. In V200R011C10 and later versions, interfaces with different rates can temporarily join the same Eth-Trunk by running the mixed-rate link enable command.
  • When an Eth-Trunk performs load balancing calculation, the interface rate cannot be used as the calculation weight. When interfaces with different rates are added to the same Eth-Trunk, traffic is evenly load balanced among all the links. Therefore, the bandwidth of member interfaces is calculated by the minimum rate of the member interfaces in the Eth-Trunk. For example, when a GE interface and a 10GE interface are added to the same Eth-Trunk, the rate of the GE interface is used in calculation and the bandwidth of the Eth-Trunk is 2G.
  • Both devices of the Eth-Trunk must use the same number of physical interfaces, interface rate, duplex mode, and flow control mode.
  • If an interface of the local device is added to an Eth-Trunk, an interface of the remote device directly connected to the interface of the local device must also be added to the Eth-Trunk. Otherwise, communication between the two devices will fail.
  • Both devices of an Eth-Trunk must use the same link aggregation mode.
  • In V200R008 and earlier versions, the assign trunk command fails to be executed on the device enabled with SVF, and Eth-Trunk specifications can only use the default settings.
  • When the number of active interfaces falls below the lower threshold, the Eth-Trunk goes Down. This ensures that the Eth-Trunk has a minimum available bandwidth.
  • Before the software version V100R006 is upgraded to any version in the range from V200R001 to V200R011C10, ensure that no Eth-Trunk is established across an ES1D2X40SFC0/ES1D2X16SFC0 board and a non-ES1D2X40SFC0/ES1D2X16SFC0 board. If such an Eth-Trunk exists, traffic forwarding may fail on the Eth-Trunk after the upgrade.

In the following scenarios, there are other configuration notes in addition to the preceding ones.

Table 2 Configuration notes in different scenarios
USAGE SCENARIO PRECAUTION
Switches Are Connected Across a Transmission Device
  • The switches at both ends must use link aggregation in LACP mode.
  • The transmission device between the switches must be configured to transparently transmit LACPDUs.
Switches Connect to Transmission Devices
  • The link aggregation mode on the transmission device must be the same as that of the switch. Configure the transmission device according to its operation guide.
A Switch Connects to a Server
  • Network adapters of the server must be of the same type.
  • The link aggregation modes on the server and access device must be consistent.For example, if an Intel network adapter is used, a server often uses static or IEEE 802.3ad dynamic link aggregation. When the server uses static link aggregation, the access device must use the manual mode. When the server uses IEEE 802.3ad dynamic link aggregation, the access device must use the LACP mode.
  • When a server needs to obtain the configuration file from the remote file server through a switch and link aggregation needs to be used, run the lacp force-forward command on the Eth—Trunk of the switch.
Switches Are Connected Through Inter-card Link Aggregation
Interfaces on different cards of a switch can join the same Eth-Trunk, that is, inter-card Eth-Trunk. Interfaces on cards without Eth-Trunk specification extension can constitute an inter-card Eth-Trunk. Before interfaces on a card with Eth-Trunk specification extension and interfaces on another card constitute an inter-card Eth-Trunk, use the eth-trunk load-balance hash-mode command to configure the hash mode for the card with Eth-Trunk specification extension.

  • When interfaces on different cards with Eth-Trunk specification extension form an Eth-Trunk, ensure that the cards use the same hash mode.
  • When interfaces on the card with Eth-Trunk specification extension form an Eth-Trunk with interfaces on the card without Eth-Trunk specification extension, configure the normal hash mode on the card with Eth-Trunk specification extension.

In earlier versions of V200R010C00, only X series cards among cards with Eth-Trunk specification extension support the hash mode configuration. The hash mode on other cards with Eth-Trunk specification extension has a fixed value of advance. In V200R010C00 and later versions, interfaces on only X series cards among cards with Eth-Trunk specification extension can form Eth-Trunks with interfaces on cards without Eth-Trunk specification extension. Interfaces on other cards with Eth-Trunk specification extension cannot form Eth-Trunks with interfaces on cards without Eth-Trunk specification extension.

In V200R010C00 and later versions, cards with Eth-Trunk specification extension support the hash mode configuration. When the hash mode on a card with Eth-Trunk specification extension is set to normal, interfaces on the card with Eth-Trunk specification extension can form an Eth-Trunk with interfaces on the card without Eth-Trunk specification extension.

Configuration Notes After an Eth-Trunk Is Configured

  • An Ethernet interface can be added to only one Eth-Trunk. To add an Ethernet interface to another Eth-Trunk, delete it from the original one first.
  • After an interface is added to an Eth-Trunk, the Eth-Trunk learns MAC address entries or ARP entries, but the member interface does not.
  • Before deleting an Eth-Trunk, delete member interfaces from the Eth-Trunk.

SpecificationsLink aggregation mode:

  • Manual
  • LACPIf both devices support LACP, link aggregation in LACP mode is recommended.

Link aggregation modes supported by the device:

  • Intra-card: Member interfaces of an Eth-Trunk are located on the same card.
  • Inter-card: Member interfaces of an Eth-Trunk are located on different cards.
  • Inter-chassis: Member interfaces of an Eth-Trunk are located on member devices of a CSS. For details, see Link Aggregation in CSS Scenarios.
  • Inter-device: The inter-device link aggregation refers to E-Trunk. E-Trunk allows links between multiple devices to be aggregated using LACP. For details, see E-Trunk.

Load balancing modes supported by the device:

To prevent data packet mis-sequencing, an Eth-Trunk uses flow-based load balancing.

You can use the following load balancing modes based on actual networking:

  • Source MAC addresses of data frames
  • Destination MAC addresses of data frames
  • Source IP addresses of data frames
  • Destination IP addresses of data frames
  • Exclusive-Or result of source and destination MAC addresses of data frames
  • Exclusive-Or result of source and destination IP addresses of data frames
  • (Enhanced load balancing) VLAN IDs and source physical interface numbers for Layer 2, IPv4, IPv6, and MPLS data frames

About Us

As a world leading Huawei networking products supplier, Hong Telecom Equipment Service LTD(HongTelecom) keeps regular stock of Huawei router and switch and all cards at very good price, also HongTelecom ship to worldwide with very fast delivery.

For related articles, visit the HongTelecom Blog and HongTelecom WordPress.
For real pictures of related product, visit the HongTelecom Gallery.
To buy related product, visit the HongTelecom Online Shop.

何诗名片

Ethernet Interface of Product Use Precautions for Huawei S7700/S9700 Switch

Huawei Campus Switch includes S1700, S2300, S2700, S3300, S3700, S5300, S5700, S600-E, S6300, S6700, S7700, S7900, S9300, S9300X, S9700, S12700 Series. In this article, HongTelecom will introduce the Ethernet Interface of Product Use Precautions for Huawei S7700/S9700 Switch.

Ethernet Interface

Involved Network Element

Other network elements are not required.

Licensing Requirements

An Ethernet interface is a basic feature of a switch and is not under license control.

Version Requirements

Table 1 Products and versions supporting Ethernet interfaces
PRODUCT PRODUCT MODEL VERSION SUPPORTING DIFFERENT TYPES OF INTERFACES
S7700 S7703, S7706, S7712
  • FE electrical interfaces/GE electrical interfaces/GE optical interfaces/XGE optical interfaces:V100R003C01, V100R006C00, V200R001(C00&C01), V200R002C00, V200R003C00, V200R005C00, V200R006C00, V200R007C00, V200R008C00, V200R009C00, V200R010C00, V200R011C10, V200R012C00
  • FE optical interfaces:Not supported in any version
  • 40GE optical interfaces:V200R002C00, V200R003C00, V200R005C00, V200R006C00, V200R007C00, V200R008C00, V200R009C00, V200R010C00, V200R011C10, V200R012C00
  • 100GE optical interfaces:V200R008C00, V200R009C00, V200R010C00, V200R011C10, V200R012C00
S9700 S9703, S9706, S9712
  • FE electrical interfaces/GE electrical interfaces/FE optical interfaces/GE optical interfaces/XGE optical interfaces:V200R001(C00&C01), V200R002C00, V200R003C00, V200R005C00, V200R006C00, V200R007(C00&C10), V200R008C00, V200R009C00, V200R010C00, V200R011C10, V200R012C00
  • 40GE optical interfaces:V200R002C00, V200R003C00, V200R005C00, V200R006C00, V200R007C00, V200R008C00, V200R009C00, V200R010C00, V200R011C10, V200R012C00
  • 100GE optical interfaces:V200R008C00, V200R009C00, V200R010C00, V200R011C10, V200R012C00

 NOTE:

For details about software mappings, visit Hardware Query Tool and search for the desired product model.

Feature Limitations

  • Table 2 lists the common attributes of Ethernet interfaces.

    Table 2 Common attributes of Ethernet interfaces
    INTERFACE TYPE COMMON ATTRIBUTES REMARKS
    FE electrical interfaces
    • Transmission medium: network cable
    • Rate: 10 Mbit/s and 100 Mbit/s
    • Duplex mode: full-duplex/half-duplex
    • Auto-negotiation: supported
    • Flow control: supported
    • Flow control auto-negotiation: supported
    GE electrical interfaces
    • Transmission medium: network cable
    • Rate: 10 Mbit/s, 100 Mbit/s, and 1000 Mbit/s
    • Duplex mode: full-duplex/half-duplex. When the rate is 1000 Mbit/s, only full-duplex is supported.
    • Auto-negotiation: supported
    • Flow control: supported
    • Flow control auto-negotiation: supported
    The duplex mode cannot be configured for interfaces on the X1E series cards working in either auto-negotiation or non-auto-negotiation mode.
    FE optical interfaces
    • Transmission medium: FE optical module
    • Rate: 100 Mbit/s
    • Duplex mode: full-duplex
    • Auto-negotiation: not supported
    • Flow control: supported
    • Flow control auto-negotiation: not supported
    GE optical interfaces

    When the transmission medium is an FE optical module:

    • Rate: 100 Mbit/s
    • Duplex mode: full-duplex
    • Auto-negotiation: not supported
    • Flow control: supported
    • Flow control auto-negotiation: not supported

    When the transmission medium is a GE optical module:

    • Rate: 100 Mbit/s and 1000 Mbit/s
    • Duplex mode: full-duplex
    • Auto-negotiation: supported
    • Flow control: supported
    • Flow control auto-negotiation: supported

    When the transmission medium is a GE copper module:

    • Rate: 10 Mbit/s, 100 Mbit/s, and 1000 Mbit/s
    • Duplex mode: full-duplex/half-duplex. When the rate is 1000 Mbit/s, only full-duplex is supported.
    • Auto-negotiation: supported
    • Flow control: supported
    • Flow control auto-negotiation: supported
    • By default, auto-negotiation is enabled on GE optical interfaces and rate auto-negotiation is disabled. You can run the speed auto-negotiation command to enable rate auto-negotiation.
    • After a copper module is installed on a GE optical interface of an X2E/X2S series card, the interface can work at the rate of 100 Mbit/s or 1000 Mbit/s (including forcible configuration and auto-sensing), and cannot work at the rate of 10 Mbit/s. When the interface works as an optical interface, it can only work at the rate of 1000 Mbit/s, and cannot work at the rate of 100 Mbit/s.
    XGE (10GE) optical interface

    When the transmission medium is an XGE optical module:

    • Rate: 10000 Mbit/s
    • Duplex mode: full-duplex
    • Auto-negotiation: not supported
    • Flow control: supported
    • Flow control auto-negotiation: not supported

    When the transmission medium is an XGE or GE optical module:

    • Rate: 1000 Mbit/s and 10000 Mbit/s
    • Duplex mode: full-duplex
    • Auto-negotiation: not supported
    • Flow control: supported
    • Flow control auto-negotiation: not supported

    When the transmission medium is a GE optical module:

    • Rate: 1000 Mbit/s
    • Duplex mode: full-duplex
    • Auto-negotiation: supported
    • Flow control: supported
    • Flow control auto-negotiation: not supported

    When the transmission medium is a GE copper module:

    • Rate: 1000 Mbit/s
    • Duplex mode: full-duplex
    • Auto-negotiation: supported
    • Flow control: supported
    • Flow control auto-negotiation: supported
    • Only cards with MAB version 1 in V200R007 and later versions support XGE/GE optical modules. The cards include:

      • SC series cards
      • ES1D2X16SFC00, ES1D2X40SFC0, ES1D2X40SFC0, ES1D2X16SFC00, EH1D2X16SFC0, and EH1D2X40SFC0 cards in the FC series
      • EH1D2X48SEC0 and ET1D2X48SEC0 cards in the EC series
    • Assume that an XGE optical interface has an XGE/GE optical module installed and the interface rate is set to 1000 Mbit/s using the speed auto 1000command. When you run the display interface command on the interface, the command output shows that auto-negotiation is enabled. However, you cannot run the negotiation auto command to configure the auto-negotiation mode.
    • On the S7700, the interfaces on the ES0D0X12SA00 and ES1D2X08SED4 cards, and XGE optical interfaces on the ES1D2S04SX1E and ES1D2S08SX1E cards do not support GE copper modules.
    • On the S9700, the interfaces on the EH1D2X12SSA0, ET1D2X12SSA0 and EH1D2X08SED4 cards, and XGE optical interfaces on the EH1D2S04SX1E, ET1D2S04SX1E, ET1D2S08SX1E and EH1D2S08SX1E cards do not support GE copper modules.
    • After a GE copper module is installed on an XGE interface of an X2E/X2H/X2S series card, the interface can work at the rate of 100 Mbit/s or 1000 Mbit/s, and cannot work at the rate of 10 Mbit/s.
    • After a 1000M optical module is installed on an XGE interface of an X2E/X2H/X2S series card, the interface can work at the rate of 1000 Mbit/s.
    40GE optical interfaces

    When the transmission medium is a 40GE optical module:

    • Rate: 40000 Mbit/s
    • Duplex mode: full-duplex
    • Auto-negotiation: not supported
    • Flow control: supported
    • Flow control auto-negotiation: not supported

    When the transmission medium is a high-speed cable:

    • Rate: 40000 Mbit/s
    • Duplex mode: full-duplex
    • Auto-negotiation: supported
    • Flow control: supported
    • Flow control auto-negotiation: not supported
    • When you run the display interface command on a 40GE optical interface that has a high-speed cable installed, the command output shows that auto-negotiation is enabled. However, you cannot run the negotiation autocommand to configure the auto-negotiation mode.
    100GE optical interfaces

    When the transmission medium is a 100GE optical module:

    • Rate: 100000 Mbit/s
    • Duplex mode: full-duplex
    • Auto-negotiation: not supported
    • Flow control: supported
    • Flow control auto-negotiation: not supported

    When the transmission medium is a 40GE optical module:

    • Rate: 40000 Mbit/s
    • Duplex mode: full-duplex
    • Auto-negotiation: not supported
    • Flow control: supported
    • Flow control auto-negotiation: not supported

    When the transmission medium is a high-speed cable:

    • Rate: 40000 Mbit/s and 100000 Mbit/s
    • Duplex mode: full-duplex
    • Auto-negotiation: supported
    • Flow control: supported
    • Flow control auto-negotiation: not supported
    • Only the EE series cards, ES1D2C04HX2E, ES1D2C04HX2S, ES1D2H02QX2E, ES1D2H02QX2S, ET1D2C04HX2E, ET1D2C04HX2S, ET1D2H02QX2E and ET1D2H02QX2S cards support 100GE interfaces.
    • 100GE interfaces on the EE series cards can only have 100GE optical modules installed.
    • After a 40GE optical module or 40GE high-speed cable is installed on a 100GE interface of an X2E/X2H/X2S series card, the interface can work at the rate of 40 Gbit/s.
  • X series cards do not support the duplex mode configuration.
  • The EH1D2G48TBC0 and EH1D2G48SBC0 cards of the S9700 do not support flow control or flow control auto-negotiation.
  • On the S7700, only the ES1D2L02QFC0 interface card supports the IFG configuration.On the S9700, only the EH1D2L08QFC0, EH1D2L02QFC0, ET1D2L08QSC0, and ET1D2L02QSC0 interface cards support the IFG configuration.
  • On the S7700, only the E series cards (excluding EE cards), ES0D0X12SA00 card and SC cards in the S series, and FC cards in the F series support unidirectional single-fiber communication. A license is required. On the S9700, only the E series cards (excluding EE cards and EH1D2S24CEA0), ET1D2X12SSA0 card, EH1D2X12SSA0 card and SC cards in the S series, and FC cards in the F series support unidirectional single-fiber communication. A license is required.

About Us

As a world leading Huawei networking products supplier, Hong Telecom Equipment Service LTD(HongTelecom) keeps regular stock of Huawei router and switch and all cards at very good price, also HongTelecom ship to worldwide with very fast delivery.

For related articles, visit the HongTelecom Blog and HongTelecom WordPress.
For real pictures of related product, visit the HongTelecom Gallery.
To buy related product, visit the HongTelecom Online Shop.

何诗名片

USB-based Deployment for Huawei S9700 Switches

Huawei Campus Switch includes S1700, S2300, S2700, S3300, S3700, S5300, S5700, S600-E, S6300, S6700, S7700, S7900, S9300, S9300X, S9700, S12700 Series. In this article, HongTelecom will introduce the USB-based Deployment for Huawei S9700 Switches.

USB-based Deployment

Involved Network Elements

 

Other network elements are not required.

Licensing Requirements

USB-based deployment is a basic feature of a switch and is not under license control.

Version Requirements

Table 1 Products and versions supporting USB-based deployment
SERIES PRODUCT MODEL SOFTWARE VERSION
S9700 S9703 Not supported
S9706, S9712 V200R005C00, V200R006C00, V200R007C00, V200R008C00, V200R009C00, V200R010C00, V200R011C10, V200R012C00

NOTE:

For details about software mappings, visit Hardware Query Tool and search for the desired product model.

Feature Limitations

Before USB-based deployment

  • Only the switches using SRUH, SRUE or SRUC main control units support USB-based deployment.
  • USB-based deployment is mutually exclusive with the SVF and EasyDeploy functions.
  • Before using a USB flash drive to upgrade a device, ensure that the device can start successfully and has sufficient space to store the required files.
  • Devices to be deployed are unconfigured devices and do not have security measures configured. Therefore, when onsite non-professionals perform deployment task, ensure that they do not perform any unauthorized operations on the devices, USB flash drive, and deployment files.

  • Only one USB flash drive can be connected to a device.
  • The USB flash drive must be connected to the master MPU of a device. If it is connected to the standby MPU, the USB-based deployment process will not start. In a cluster, the USB flash drive must be connected to the system master MPU of the cluster.
  • In USB-based deployment scenarios, the devices may be upgraded to V200R009C00 or a later version after restart. In this case, the devices check whether the configuration file for next startup contains WLAN configuration that conflicts with the software package for next startup. If so, the devices cannot restart and the USB-based deployment fails. The error report file usbload_error.txt is generated in the root directory of the USB flash drive, which records the failure causes. To solve this problem, you need to use eDesk to convert the configuration file and then set it as the next startup configuration file.
  • The file system format of the USB flash drive must be FAT32, and standard for the USB interface is USB2.0. USB flash drives from different vendors differ in model compatibility and drivers. If a USB flash drive cannot be used, try to replace it with another one from a mainstream vendor. Switches support a maximum of 128 GB USB flash drives.

During USB-based deployment

  • Before saving files to a USB flash drive, disable the write-protection function of the USB flash drive.
  • Do not power off the device during a USB-based deployment process. Otherwise, the upgrade fails or the device cannot start.
  • Do not remove the USB flash drive before the USB-based deployment process is complete. Otherwise, data in the USB flash drive may be corrupted.
  • If upgrade files include a configuration file, you are advised to configure an encryption password for the configuration file, and enable HMAC check to enhance security.
  • In USB-based deployment, the deployment may fail because the device configuration is not restored. In this case, you can remove and then install the USB to resolve this problem.

About Us

As a world leading Huawei networking products supplier, Hong Telecom Equipment Service LTD(HongTelecom) keeps regular stock of Huawei router and switch and all cards at very good price, also HongTelecom ship to worldwide with very fast delivery.

For related articles, visit the HongTelecom Blog and HongTelecom WordPress.
For real pictures of related product, visit the HongTelecom Gallery.
To buy related product, visit the HongTelecom Online Shop.

何诗名片

Easy Deploy Basic Configuration for Huawei S7700 and S9700 Switch

Huawei Campus Switch includes S1700, S2300, S2700, S3300, S3700, S5300, S5700, S600-E, S6300, S6700, S7700, S7900, S9300, S9300X, S9700, S12700 Series. In this article, HongTelecom will introduce the Easy Deploy Basic Configuration for Huawei S7700 and S9700 Switch.

EasyDeploy

Involved Network Elements

EasyDeploy networking involves the following components:

  • DHCP server
  • File server
  • Commander and client

Licensing Requirements

EasyDeploy is a basic feature of a switch and is not under license control.

Version Requirements

Table 1 Products and versions supporting EasyDeploy
SERIES PRODUCT MODEL SOFTWARE VERSION
S9700 S9703, S9706, S9712 V200R003C00, V200R005C00, V200R006C00, V200R007C00, V200R008C00, V200R009C00, V200R010C00, V200R011C10, V200R012C00
S7700 S7703S7706, S7712 V200R003C00, V200R005C00, V200R006C00, V200R007C00, V200R008C00, V200R009C00, V200R010C00, V200R011C10, V200R012C00
 NOTE:

For details about software mappings, visit Hardware Query Tool and search for the desired product model.

Feature Limitations

  • The EasyDeploy cannot be applied on an IPv6 or VPN network.
  • EasyDeploy is mutually exclusive with USB-based deployment and SVF.
  • In the unconfigured device deployment or faulty device replacement scenarios, if you log in to a device to be configured through its console interface, the device stops the EasyDeploy process and starts to operate.
  • In the unconfigured device deployment and faulty device replacement scenarios, EasyDeploy can only run on the service interfaces in the default VLAN.
  • In the unconfigured device deployment scenario, you can decide whether to specify the configuration file based on actual requirements. If the configuration file is not specified and the upgrade system software is specified, you also need to specify the upgrade version number.
  • There is no limitation on the network location of the Commander as long as there are reachable routes between the Commander and clients that obtain IP addresses.
  • EasyDeploy allows a stack system to act as a client. In this case, the client MAC address is the system MAC address of the stack system, and the client ESN is the ESN of the stack master switch.
  • When the EasyDeploy topology collection function is enabled, the Commander that initiates topology collection will receive a large number of protocol packets if the Network Topology Discovery Protocol (NTDP) needs to collect the topology of more than 200 devices. If the rate of NTDP packets exceeds the default committed access rate (CAR), NTDP packets will be dropped. To prevent packet loss from affecting topology collection, you can run the car (attack defense policy view) command to increase the central processor CAR (CPCAR) of NTDP packets.
  • Datagram Transport Layer Security (DTLS) encryption
    • On a configured switch, EasyDeploy supports DTLS encryption. By default, DTLS encryption is enabled. In the unconfigured device deployment scenario, a switch can be normally deployed regardless of whether DTLS encryption is enabled.
    • If an active/standby switchover occurs on the Commander or between clients when DTLS encryption is enabled, the clients need to go online again. If DTLS encryption is disabled, an active/standby switchover does not affect online management of clients.
    • If a client in a version earlier than V200R010C00 needs to be managed by the Commander in V200R010C00 or a later version and DTLS encryption is enabled on the Commander, you must upgrade the system software of the client to V200R010C00 or a later version. Otherwise, the client cannot join the existing network.
    • If a client in V200R010C00 or a later version needs to be managed by the Commander in a version earlier than V200R010C00, you need to run the easy-operation dtls disable command on the client to disable DTLS encryption.
  • SpecificationsTable 2 lists the product models that support the EasyDeploy and specifications of this feature.

    Table 2 EasyDeploy specifications
    ROLE PRODUCT MODEL VERSION MAXIMUM NUMBER OF MANAGED CLIENTS DESCRIPTION
    Commander S7700 and S9700 S7700 and S9700: V200R003C00 and later 255
    • If the clients are modular switches, EasyDeploy can only be applied to the batch upgrade and batch configuration scenarios.
    • If the clients are fixed switches, EasyDeploy applies to the batch upgrade, batch configuration, unconfigured device deployment, and faulty device replacement scenarios.
    S12700 V200R005C00 and later 255
    S5700HI, S5710HI, S6700EI V200R003C00 to V200R005C00 128
    S5700EI and S5710EI 64
    S5720HI V200R006C00 and later 128
    S5720EI V200R007C00 and later 128
    S6720EI V200R008C00 and later 128
    S6720S-EI V200R009C00 and later 128
    S6720HI V200R012C00 128
    S5730HI V200R012C00 128
    Client
    • All fixed switch models except S1720GFR, S1720GW-E, S1720GWR-E and S1720X-E
    • All modular switch models
    V200R003C00 and later
  • Table 3 lists the types of files that can be loaded through EasyDeploy in various scenarios.

    Table 3 File types supported by EasyDeploy
    USAGE SCENARIO FILE TYPE
    Unconfigured device deployment System software, patch file, web page file, configuration file, and user-defined file
    Faulty device replacement System software, patch file, web page file, configuration file (automatically backed up), and user-defined file
    Batch upgrade System software, patch file, web page file, configuration file, license file (supported when the clients are modular switches), and user-defined file
    Batch configuration Command script

    Each device can download a maximum of three user-defined files, including batch file and login headline file.

About Us

As a world leading Huawei networking products supplier, Hong Telecom Equipment Service LTD(HongTelecom) keeps regular stock of Huawei router and switch and all cards at very good price, also HongTelecom ship to worldwide with very fast delivery.

For related articles, visit the HongTelecom Blog and HongTelecom WordPress.
For real pictures of related product, visit the HongTelecom Gallery.
To buy related product, visit the HongTelecom Online Shop.

何诗名片

EH1M00FBX000 Fan Module for Huawei S7700&S9700 Series

Huawei Campus Switch includes S1700, S2300, S2700, S3300, S3700, S5300, S5700, S600-E, S6300, S6700, S7700, S7900, S9300, S9300X, S9700, S12700 Series. In this article, HongTelecom will introduce the EH1M00FBX000 Fan Module for Huawei S7700&S9700 Series.

EH1M00FBX000 Fan Module

A fan module reports an alarm when a fan in it fails. When receiving such an alarm, fix the fault immediately to ensure effective cooling for the chassis.

Version Mapping

A fan module can be installed in:

  • Slot FAN1 in an S9703 chassis.
  • Slots FAN1 and FAN2 in an S9706 chassis.
  • Slots FAN1 to FAN4 in an S9712 chassis.
  • Slot FAN1 in an S7703 PoE chassis.
  • Slots FAN1 and FAN2 in an S7706 PoE chassis.

Table 1 Switch chassis and software versions matching a fan module
Model Name S9700
EH1M00FBX000 Wide-voltage 74 fan box Supported in V200R001C00 and later versions

Table 2 Switch chassis and software versions matching a fan module
Model Name S7703 PoE&S7706 PoE
EH1M00FBX000 Wide-voltage 74 fan box Supported in V200R013C00 and later versions

Appearance

Figure 1 Fan module
Figure 1 Fan module_S7700

Functions

Table 3 Functions of fan modules
Function Description
Hot swapping Supported

Other fan modules are not affected when you install or remove a fan module.

Automatic fan speed adjustment The switch provides intelligent fan speed adjustment based on temperature in each zone. The system monitors the temperature of key components, and adjusts the fan speed based on temperature changes. This intelligent fan speed adjustment function ensures that the system stays within the proper operating temperature range, and reduces power consumption and noise.

A fan module has two fans, and a failure of a fan does not immediately affect system operations. When any fan in a fan module fails, fix the fan module as soon as possible.

Panel Description

Figure 2 Fan module panel
Figure 2 Fan module panel_S7700
1. Air vent 2. Captive screw 3. Fan status indicator 4. Handle

Table 4 Indicators on a fan module panel
Indicator Color Description
RUN/ALM Green Slow blinking: The fan module is working properly, and the communication is normal.

Fast blinking: The fan module is working properly, but communication has not been established.

Red Slow blinking: An alarm was generated. You must determine whether to replace the fan module, depending on the actual situation.

Steady on: The fan module has a hardware failure and needs to be replaced.

Specifications

Table 5 Technical specifications of a fan module
Item Value
Dimensions (W x D x H) 323.9 mm x 74.8 mm x 126.6 mm (12.8 in. x 2.9 in. x 5.0 in.)
Number of fans 2
Weight 1540±20 g
Maximum power consumption 116 W
Maximum wind pressure 692 Pa
Maximum wind rate 245 CFM
Maximum noise 70 dB(A)
Operating voltage range -30 V DC to -73 V DC
Environment specifications
  • Operating temperature: 0°C to 45°C (32°F to 113°F)
  • Operating relative humidity: 5% RH to 95% RH (noncondensing)
  • Storage temperature: -40°C to +70°C (-40°F to +158°F)
  • Storage relative humidity: 5% RH to 95% RH (noncondensing)
Part number 02120666

About Us

As a world leading Huawei networking products supplier, Hong Telecom Equipment Service LTD(HongTelecom) keeps regular stock of Huawei router and switch and all cards at very good price, also HongTelecom ship to worldwide with very fast delivery.

For related articles, visit the HongTelecom Blog and HongTelecom WordPress.
For real pictures of related product, visit the HongTelecom Gallery.
To buy related product, visit the HongTelecom Online Shop.

何诗名片

Huawei S9700 Series Switches Product

Product overview

The S9700 series terabit routing switches are high-end switches designed for next-generation campus networks and data centers to implement service aggregation.

Based on the Huawei Versatile Routing Platform (VRP), the S9700 provide high L2/L3 switching capabilities and integrate diversified services such as MPLS VPN, hardware IPv6, desktop cloud, video conferencing, and wireless access. In addition, the S9700 also provide a variety of reliability technologies including non-stop forwarding, hardware OAM/BFD, and ring network protection. These technologies improve customers’ network operation efficiency, maximize the device running time, and reduce customers’ Total Cost of Ownership (TCO).

An S9700 switch can be upgraded to an agile switch when it is equipped with X2S/X2E/X2H/X1E cards, the line cards with Huawei’s first Ethernet Network Processor (ENP). Agile switches allow customers to innovate their networks.

The S9700 series is available in three models: S9703, S9706, and S9712.

Product characteristics

Agile switch, enabling networks to be more agile for services

  • The S9700 series’ native AC capabilities allow enterprises to build a wireless network without additional AC hardware. Each S9700 switch can manage up to 2,048 APs and 32,768 users. It is a core switch that provides T-bit AC capabilities, avoiding the performance bottleneck on independent AC devices. The native T-bit AC capabilities help organizations better cope with challenges in the high-speed wireless era.
  • The S9700 series’ unified user management function authenticates both wired and wireless users, ensuring a consistent user experience no matter whether they are connected to the network through wired or wireless access devices. The unified user management function supports various authentication methods, including 802.1x, MAC address, and Portal authentication, and is capable of managing users based on user groups, domains, and time ranges. These functions control user and service management and enable the transformation from device-centered management to user-centered management.
  • Packet Conservation Algorithm for Internet (iPCA) changes the traditional method that uses simulated traffic for fault location. iPCA technology monitors network quality for any service flow at any network node, at any time, and without extra costs. It can detect temporary service interruptions within one second and can identify faulty ports accurately. This cutting-edge fault detection technology turns “extensive management” into “finely-granular management.”
  • Super Virtual Fabric 2.0 (SVF 2.0) technology can not only virtualize fixed-configuration switches into S9700 switch line cards but also can virtualize APs as switch ports. With this virtualization technology, a physical network with core/aggregation switches, access switches, and APs can be virtualized into a “super switch”, offering the simplest network management solution.
  • The S9700 series’ Service Chain function can virtualize value-added service capabilities, such as next-generation firewall. Then these capabilities can be used by campus network entities (such as switches, routers, ACs, APs, and terminals), regardless of their physical locations. Service Chain provides a more flexible value-added service deployment solution, which reduces equipment investment and maintenance costs.
  • The S9700 series supports IEEE 1588 v2 and Synchronous Ethernet (SyncE), meeting the high-precision synchronization requirements of network systems.

Innovative CSS technology

  • The S9700 switches support switch fabric clustering and service port clustering through Cluster Switching System (CSS) technology. CSS technology virtualizes multiple physical switches into one logical device that has higher reliability, switching efficiency, and flexibility and is easier to manage.
  • High reliability: Through hot-backup of routes, all control plane and data plane information is backed up and forwarded continuously at Layer 3, which significantly improves the reliability and performance of the device. Inter-chassis link aggregation can also be used to eliminate single-point failure and prevent service interruption.
  • Flexibility: Service ports can be used as cluster ports so that cluster members can be connected through optical fibers. This expands the clustering distance substantially.
  • Easy management: The member switches in a cluster are managed using the same IP address, which simplifies network device and topology management, improves operation efficiency, and reduces maintenance costs.

Carrier-class reliability

  • All the key components of the S9700s (including MPUs, power supply units, and fans) use a redundant design, and all modules are hot-swappable to ensure stable network operation.
  • The S9700s support hardware-based BFD for protocols such as static routing, RIP, OSPF, BGP, ISIS, VRRP, PIM, and MPLS. Hardware-based BFD greatly improves network reliability.
  • The S9700s support High-speed Self Recovery (HSR) technology. Using Huawei’s ENP cards, the S9700 implements end-to-end IP MPLS transmission network protection switchover within 50 ms, improving network reliability.
  • The S9700s support hardware-based Ethernet OAM, including comprehensive IEEE 802.3ah, 802.1ag, and ITU-Y.1731 implementations. Hardware-based Ethernet OAM can collect accurate network parameters, such as transmission latency and jitter, to help customers monitor network operating status in real time and to realize quick detection, location, and switching when a network fault occurs.
  • The S9700 supports graceful restart to realize non-stop forwarding and supports non-stop routing, ensuring reliable and high-speed operation of the entire network.

Powerful service processing capability

  • The S9700s’ multi-service routing and switching platform meets requirements for service transmission at the access layer, aggregation layer, and core layer of enterprise networks. The S9700 provides wireless access, voice, video, and data services, helping enterprises build an integrated full service network with high availability and low latency.
  • The S9700s support distributed Layer 2/Layer 3 MPLS VPN functions, MPLS, VPLS, HVPLS, and VLL. These functions allow enterprise users to connect to the enterprise network through VPNs.
  • The S9700s support many Layer 2/Layer 3 multicast protocols such as PIM SM, PIM DM, PIM SSM, MLD, and IGMP snooping, to support multi-terminal high-definition video surveillance and video conferencing services.
  • The software platform provides various routing protocols and supports large routing tables for both SME networks and large-scale multi-national company networks. Moreover, it supports IPv6, allowing an enterprise network to smoothly migrate to IPv6.

Powerful network traffic analysis

  • The S9700 switches support Netstream and V5/V8/V9 packet formats. The Netstream feature supports aggregation traffic template, real-time traffic collection, dynamic report generation and traffic attribute analysis, and traffic exception report. The S9700s send traffic statistics logs to master and backup servers to avoid data loss. The S9700s can realize real-time network monitoring and the traffic analysis of the entire network. They also provide applications and analysis including fault pre-detection, effective fault rectification, fast problem handling, and security monitoring, to help customers optimize network structure and adjust service deployment.

Comprehensive security measures

  • The S9700s support MAC security (MACSec) that enables hop-by-hop secure data transmission. Therefore, the S9700s can be applied to scenarios that pose high requirements on data confidentiality, such as government and finance sectors.
  • NGFW is a next-generation firewall card that can be installed on an S9700. In addition to the traditional defense functions such as firewall, identity authentication, and Anti-DDoS, the NGFW supports IPS, anti-spam, web security, and application control functions.
  • The S9700s provide comprehensive NAC solutions for enterprise networks. They support MAC address authentication, portal authentication, 802.1x authentication, and DHCP snooping-triggered authentication. These authentication methods ensure security of various access modes such as dumb terminal access, mobile access, and centralized IP address allocation.
  • The S9700s are the industry leader in integrated security solutions. It uses a 2-level CPU protection mechanism, and protects the CPU by separating the data plane and control plane. Additionally, the S9700s defend against DoS attacks and unauthorized access, and prevents control plane overloading.

Comprehensive IPv6 solution

  • The S9700s software and hardware platforms support IPv6 and the S9700s have been granted an IPv6 Network Access License and the IPv6 Ready Logo Phase 2 Certification from the Ministry of Industry and Information Technology.
  • The S9700 series supports various IPv6 unicast routing protocols (such as IPv6 static routing, RIPng, OSPFv3, IS-ISv6, and BGP4+) and multicast features (such as MLDv1/v2, MLD snooping, PIM-SM/DMv6, and PIM-SSMv6), which provides customers with comprehensive IPv4/IPv6 solutions.
  • The S9700 switches support various IPv4-to-IPv6 technologies: IPv6 manual tunnels, 6-to-4 tunnel, ISATAP tunnel, GRE tunnel, and IPv4-compatible automatic tunnels. These technologies ensure smooth transition from an IPv4 network to an IPv6 network.

Innovative energy conservation

  • The S9700s use a rotating ventilation channel to improve heat dissipation efficiency. In addition, they use a variable current chip to dynamically adjust the power according to traffic. Ports can go into a sleeping state when there is no traffic to reduce power consumption.
  • The S9700 series uses intelligent fan-speed adjustment technology. The fan module monitors and controls the temperature in each zone, and adjusts the fan speed of each zone individually. This technology extends the service life of each fan and reduces power consumption.
  • The S9700 switches support IEEE 802.3az Energy Efficient Ethernet, provide a low-power idle mode for the PHY line card, and switch to a lower power state during low link utilization.

Product specifications

Item S9703 S9706 S9712
Switching Capacity 2.88 Tbit/s; 5.76 Tbit/s 6.72 Tbit/s; 14.72 Tbit/s 8.64 Tbit/s; 18.56 Tbit/s
Packet Forwarding Rates 2,160 Mpps 2,880 Mpps/5,040 Mpps 3,840 Mpps/6,480 Mpps
Service Slots 3 6 12
Wireless Network Management Native AC
AP access control, AP region management, and AP profile management
Radio profile management, uniform static configuration, and centralized dynamic management
Basic WLAN services, QoS, security, and user management
User Management Unified user management
802.1x, MAC address, and Portal authentication
Traffic- and time-based accounting
User authorization based on user groups, domains, and time ranges
iPCA Quality Awareness Marking real service packets to obtain real-time count of dropped packets and packet loss ratio
Counting number of dropped packets and packet loss ratio on devices and L2/L3 networks
SVF Virtualization Virtualizing Access Switches (ASs) and APs into one logical device to simplify management and maintenance
Two layers of ASs allowed in an SVF system
Third-party devices allowed between SVF parent and clients
VLAN Access, trunk, and hybrid interfaces supported
Default VLAN
VLAN switching
QinQ and selective QinQ
MAC address-based VLAN assignment
MAC Address Automatic learning and aging of MAC addresses
Static, dynamic, and blackhole MAC address entries
Packet filtering based on source MAC addresses
MAC address limiting based on ports and VLANs
STP/ERPS STP (IEEE 802.1d), RSTP (IEEE 802.1w), and MSTP (IEEE 802.1s)
BPDU protection, root protection, and loop protection
BPDU tunnel
ERPS (G.8032)
IP Routing IPv4 routing protocols, such as RIP, OSPF, BGP, and IS-IS
IPv6 dynamic routing protocols, such as RIPng, OSPFv3, ISISv6, and BGP4+
Multicast IGMP v1/v2/v3, IGMP v1/v2/v3 snooping
PIM-SM, PIM-DM, PIM-SSM
MSDP, MBGP
Fast leave
Multicast traffic control
Multicast querier
Multicast protocol packet suppression
Multicast CAC
Multicast ACL
MPLS MPLS functions
MPLS OAM
MPLS TE
Supports MPLS VPN/VLL/VPLS
Reliability LACP and E-Trunk
VRRP and BFD for VRRP
BFD for BGP/IS-IS/OSPF/static route
NSR, NSF, and GR for BGP/IS-IS/OSPF/LDP
TE FRR and IP FRR
Ethernet OAM (IEEE 802.3ah and 802.1ag) (hardware-based)
HSR
ITU-Y.1731
DLDP
QoS Traffic classification based on Layer 2 headers, Layer 3 protocols, Layer 4 protocols, and 802.1p priority
Actions of ACL, CAR, re-mark, and schedule
Queue scheduling algorithms, such as SP, WRR, DRR, SP + WRR, and SP + DRR
Congestion avoidance mechanisms, such as WRED and tail drop
H-QoS
Traffic shaping
Network Synchronization Ethernet synchronization
1588v2
Configuration and Maintenance Console, Telnet, and SSH login
Network management protocols, such as SNMP v1/v2/v3
File uploading and downloading using FTP and TFTP
BootROM upgrade and remote upgrade
Hot patches
User operation logs
Security and Management 802.1x authentication and portal authentication
MACsec
NAC
RADIUS and HWTACACS authentication for login users
Command line authority control based on user levels, preventing unauthorized users from using commands
Defense against DoS attacks, TCP SYN Flood attacks, UDP Flood attacks, broadcast storms, and heavy traffic attacks
1K CPU queues
Ping and traceroute functions based on ICMP packets
Supports remote network monitoring
Value-added Services Firewall
NAT
NetStream
IPSec
Load balancing
Wireless AC
IPS
Interoperability Interoperable with VBST (compatible with PVST/PVST+/RPVST)
Interoperable with LNP (similar to DTP)
Interoperable with VCMP (similar to VTP)
Energy Saving Supports IEEE 802.3az: Energy Efficient Ethernet (EEE)
Dimensions (H x W x D) 175 mm x 442 mm x 489 mm, 4U 441.7 mm x 442 mm x 489 mm, 10U 663.95 mm x 442 mm x 489 mm, 15U
Chassis Weight (empty) 11 kg 29 kg 37 kg
Operating Voltage DC: –40V to –72V
AC: 90V to 290V
Equipment Power Supply Capability 2,200W 4,400W 6,600W

*: The S9700s support the NGFW and IPS cards. For more specification information, see the brochures of the cards.

Ordering information

S9700 basic configuration

LE2BN66ED000 N66E DC Assembly Rack (Eight 60A Outputs, maximum 2,200W per output, 600 mm x 600 mm x 2,200 mm)

LE0BN66EAC N66E AC Assembly Rack (Eight 10A Outputs, maximum 1,600W per output, 600 mm x 600 mm x 2,200 mm)

LE2BN66EA000 N66E AC Assembly Rack (Four 16A Outputs, maximum 2,500W per output, 600 mm x 600 mm x 2,200 mm)

EH1BS9703E00 S9703 assembly chassis

EH1BS9706E00 S9706 assembly chassis

EH1BS9712E00 S9712 assembly chassis

EH1M00FBX000 Wide Voltage 74 Fan Box

Monitoring Unit (Sustain FCC)

EH1D200CMU00 Centralized monitoring unit

MPU

EH1D2MCUAC00 S9703 MCUA-clock (Sustain FCC)

EH1D2SRUDC00 S9706/S9712 SRUD-clock

EH1D2SRUC000 S9706/S9712, Main Control Unit C, Option clock

Service Subcards

EH1D2VS08000 8-port 10G Cluster Switching System Service Unit (SFP+)

LE0D00CKMA00 Clock Pinch Board-1588Service Processing Unit (Sustain FCC)

ET1D2FW00S00 NGFW Module A, with HW General Security Platform Software

ET1D2FW00S01 NGFW Module B, with HW General Security Platform Software

ET1D2FW00S02 NGFW Module C, with HW General Security Platform Software

ET1D2IPS0S00 IPS Module A, with HW General Security Platform Software

ACU2 WLAN ACU2 Access Controller Unit (128 AP Control Resource Included)

Power Supply Unit

W2PSA0800 800W AC Power Module (black)

IN6W18L10A AC Power Distribution Unit (Eight 800W Outputs, including power cable)

PAC-2200WF 2,200W AC Power Module

IM1W24APD AC Power Distribution Unit (Four 2,200W Outputs, including power cable)

W2PSD2200 2,200W DC Power Module (black)

EH1M00PDBS01 DC Power Distribution Unit (Eight 2,200W Outputs, including power cable)

Software

ES0SMS279700 S9700 Basic SW, V200R007

ES0SMS289700 S9700 Basic SW, V200R008

EH1SMS299700 S9700 Basic SW, V200R009

EH1SMS2A9700 S9700 Basic SW, V200R010

EH1SMS2B9700 S9700 Basic SW, V200R011

EH1SMPLS0000 MPLS Function License

EH1SNQA00000 NQA Function License

EH1SIPV60000 IPv6 Function License

EH1SSVFF0000 SVF Function License (applicable only to the S9700 series)

EH1SFIB128K0 X-series LPU FIB Resource License-128K

EH1SFIB512K0 X-series LPU FIB Resource License-512K

EH1SWL512AP0 WLAN Access Controller AP Resource License-512AP (with the X-series LPU used)

EH1SWL128AP0 WLAN Access Controller AP Resource License-128AP (with the X-series LPU used)

EH1SWL64AP00 WLAN Access Controller AP Resource License-64AP (with the X-series LPU used)

EH1SWL16AP00 WLAN Access Controller AP Resource License-16AP (with the X-series LPU used)

L-ACU2-128AP ACU2 Wireless Access Controller AP Resource License (128 AP)

L-ACU2-256AP ACU2 Wireless Access Controller AP Resource License (256 AP)

L-ACU2-384AP ACU2 Wireless Access Controller AP Resource License (384 AP)

L-ACU2-512AP L-ACU2-512AP

Documentation

EH1IV2RAC0E0 S9700 Series Switches V200R010C00 Product Documentation

ES1IV2RBC0E0 S9700 Series Switches V200R011C10 Product Documentation

Interface Card of S9700 Series Switch

About Us

As a world leading Huawei networking products supplier, Hong Telecom Equipment Service LTD(HongTelecom) keeps regular stock of Huawei S5300/ S2300/ S9300/ S1700/ S2700/ S5700/S6720/ S7700/ S9700/ S12700 all cards at very good price, also Hong Telecom Equipment Service LTD ship to worldwide with very fast delivery.