Huawei Switch: Two Connected Optical Ports Cannot Turn Up

What Can I Do If Two Connected Optical Ports Cannot Turn Up of Huawei switch? Such as S2700-26TP-EI-AC, S3700-28TP-SI-AC…

Do the following if two connected optical ports cannot be up:

1. Check the port configurations. Ensure that the two ports are not shut down and have the

same duplex mode, rate, and negotiation mode.

2. Check the optical modules and fibers. Ensure that the two ports use the same type of optical

modules, and the port rate is the same as the rate of optical modules. The optical modules

must match the fibers. Single-mode fibers are inserted into single-mode optical modules

and the multi-mode fibers are inserted into multi-mode optical modules.

3. Check whether the receive or transit power of the optical ports is within the allowed range.

If the receive or transmit power is excessively high or low, ports cannot turn Up. The

excessively long transmission distance or low optical fiber quality may also be the reason

why ports cannot turn Up.

4. If the preceding items are all normal, perform internal loopback test on the ports. Connect

the head and tail of a fiber to an optical module to check whether the port can go Up.

You can also run the loopback internal command in the interface view to configure the

loopback function on Ethernet ports. This function can test port hardware performance

without connecting optical fibers to the port. If the port is Up, the port hardware is in good

condition.

5. If the fault cannot be located after the preceding operations are performed, replace the

optical modules or fibers.

Reference commands:

Configuring a DNS Test Instance on Huawei Switch

Before configuring a DNS test instance, you should know the NQA:

Network Quality Analysis (NQA) is a feature that monitors network performance in real time and helps diagnose faults occurring on the network.

As increasing services and applications are deployed on the Internet, traditional network performance analysis tools (such as Ping and Tracert) cannot meet customer requirements for diversified services and real-time monitoring.

NQA sends test packets to analyze the network performance and quality of service. NQA can provide various network performance parameters, including latency variation, total latency of the HTTP application, TCP connection latency, FTP connection latency, and file transfer rate. Using NQA test results, you can:

Obtain the network performance in real time and take measures to improve the network performance.

Diagnose the network and identify causes of network faults.

Before configuring a DNS test instance, configure a DNS server and ensure reachable routes between the DNS client and the DNS server.

A DNS test can detect the speed at which a DNS name is resolved into an IP address.

The NQA client also functions as the DHCP client. Perform the following steps on the NQA client

Configuration overview:

Step 1 Run:

system-view

The system view is displayed.

Step 2 Run:

dns resolve

Dynamic DNS resolution is enabled.

By default, dynamic DNS resolution is disabled.

Step 3 Run:

nqa test-instance admin-name test-name

An NQA test instance is created, and the NQA view is displayed.

Step 4 Run:

test-type dns

The test type is set to DNS.

Step 5 Run:

destination-address url urlstring

The name of the destination host is configured.

Step 6 (Optional) Run the following commands as required to configure parameters for the DNS test.

 Run:

description string

A description is configured for the test instance.

 Run:

frequency interval

The test period is set for the NQA test instance.

 Run:

timeout time

The timeout period of a probe is set for the NQA test instance.

By default, the timeout period of a DNS probe is 3 seconds.

 Run:

records history number

The maximum number of historical records is set for the NQA test instance.

 Run:

records result number

The maximum number of result records is set for the NQA test instance.

 Run:

agetime hh:mm:ss

The aging time is set for the NQA test instance.

 Run:

dns-server ipv4 ip-address

The DNS server address is configured.

----End

This configuration also works for S2700 Huawei, Huawei Quidway S5700, S6700.

Five Common Question of Huawei S2700

Question 1 : Can the S2700 Switch Function as a Gateway?

Answer 1: The S2700 Huawei switch cannot be used as a gateway. The S2700 is a Layer 2 switch. If it is used as a gateway, it sends all packets that need to be forwarded at Layer 3 to the CPU to forward the packets through software. This causes a high CPU usage. Because CAR parameters are configured to protect the CPU, a large number of packets are dropped, affecting forwarding of service packets.

Question 2: How to Delete the Files in the Recycle Bin?

Answer 2: Using the reset recycle-bin [ filename ] command, you can delete the files in the recycle bin. The files in the recycle bin cannot be restored after being deleted.

Question 3: Does the Switch S2700-26TP-EI-AC Support the Remote Upgrade of the BootROM?

Answer 3: The switch supports the remote upgrade of the BootROM.

Log in to the switch where the BootROM needs to be upgraded through Telnet, and then run the upgrade basic-bootrom system-filename command in the system view to upgrade the

BootROM.

Question 4: Do I Need to Upgrade the BootROM When I Run the startup system-software Command on a Case-shaped Switch to Specify the Software Package for Next Startup?

Answer 4: In V100R006 and earlier versions, the system displays the following information when you run the startup system-software command to specify the software package for next startup:

"Warning: Basic BOOTROM will be upgraded. Continue?(Y/N)[N]." You must upgrade the

BootROM; otherwise, the switch cannot start. Follow the instruction in the upgrade guide when you upgrade a switch.

In versions later than V100R006, the system automatically upgrades the BootROM after you run the startup system-software command to specify the software package for next startup.

Question 5: How Do I Configure an IP Address for the Management Interface of a Switch?

Answer 5: The management interface is a Layer 3 interface that can be configured with an IP address. To configure an IP address for the management interface, run the following commands:

<HUAWEI> system-view

[HUAWEI] interface meth 0/0/1

[HUAWEI-MEth0/0/1] ip address 192.168.1.2 24

[HUAWEI-MEth0/0/1]

NOTE

Only some switch models have management interfaces. On these switch models, other physical interfaces cannot be configured with IP addresses.

What Is the Purpose of an OSPF Route Tag: Huawei Switch

What Is the Purpose of an OSPF Route Tag: Huawei Switch S2700, S3700, Huawei S5700, and Huawei S6700.

OSPF route tags are used in only Virtual Private Network (VPN) scenarios to prevent Type 5 link-state advertisement (LSA) loops in Customer Edge (CE) dual-homing networks.

When OSPF detects that the route tag of a Type 5 LSA is the same as a route tag on the Provider Edge (PE) router, this route is ignored.

When a CE router is connected to two PEs, PE1 sends the Type 5 LSA generated based on the redistributed Border Gateway Protocol (BGP) route. The CE then forwards this LSA to PE 2. Because an OSPF route has a higher priority than a BGP route to the CE, PE 2 replaces the BGP route with the OSPF route. Thus, a routing loop occurs. With a route tag configured, when the PE detects that the route tag of the LSA is the same as that of its route tag, the PE ignores the LSA, thereby avoiding routing loops.

The default route tag is calculated based on the AS numbers in the BGP. If BGP is not configured, the default value of route tag is 0.

Method 2 for configuration of Huawei ACL

Method 2 for configuration of Huawei ACL 

Here the Quidway S9300 (Huawei S9303)as an example

Configuration ACL (configuration sequential casually)

ACL num 3001 Mach Auto

Rule permit IP sour 10.10.10.0 0.0.0.255

Rule den IP

Rule deny IP sour 10.10.10.145 0

Rule permit IP sour 192.168.0.0 0.0.255.255

Under the ACL to port

Int e 1/0/2

Pack in IP 3001 rule 0 (rule 0 must be applied, otherwise all banned)

Pack in IP 3001

To configure the output:

ACL number 3000 (order 0123, according to the configuration order)

Rule 0 deny IP

Rule 1 permit IP source 192.168.0.0 0.0.255.255

Rule 2 permit IP source 10.10.10.0 0.0.0.255

Rule 3 deny IP source 10.10.10.145 0

ACL number 3001 match-order auto (order 3120, according to mask alignment)

Rule 3 deny IP source 10.10.10.145 0

Rule 1 permit IP source 10.10.10.0 0.0.0.255

Rule 2 permit IP source 192.168.0.0 0.0.255.255

Rule 0 deny IP

#

VLAN 1

#

Interface Aux1/0/0

#

Interface Ethernet1/0/1 (order 0123, and ACL order)

Packet-filter inbound ip-group 3000 rule 0

Packet-filter inbound ip-group 3000 rule 1

Packet-filter inbound ip-group 3000 rule 2

Packet-filter inbound ip-group 3000 rule 3

#

Interface Ethernet1/0/2 (order 0312 ACL, and not in the same order)

Packet-filter inbound ip-group 3001 rule 0

Packet-filter inbound ip-group 3001 rule 3

Packet-filter inbound ip-group 3001 rule 1

Packet-filter inbound ip-group 3001 rule 2

#

The user limit filter ACL like Cisco, execution, down from the standard of comparison, do not explain.

In addition to pay different switch ACL execution instructions:

Quidway S series of low-end switches most of the equipment support ACL matching rulesissued after Mr effect, including S3000-EI series, S3526E series, S3700 series, S5000series and S5700 series; and a part of the equipment support ACL matching rules are firstsent Mr effect, such as S3552 series and S5100-EI series. In addition, S3526 series switchessupport ACL matching is depth first, the minimum address range rule priority.

Method 1 for configuration of Huawei ACL

Huawei ACL has been relatively trouble, different version, different types of equipment are different.Here the Huawei 3700 (S3700-28TP-PWR-EI)as an example, tell you the ACL configuration and implementation skills.

Summary: rule arrangement rules and auto, config model, and the matching sequence and ACL application environment and sent to the port of the sequential.

Description:

1, ACL can be divided into auto mode and config mode, auto mode according to the longest matching principle arranged rule sequence (DIS ACL all can notice to view the rulesequential, appear 42301 is normal). Config mode according to the user profile and sequential arrangement of rule sequence. That is to say auto and config just rule sequencerelated, has nothing to do with the matching order.

2, either auto mode or config mode, when ACL applied to the packet filter and QOS,matching sequence is from the bottom to the top, but to VTY user responsibility is matchedfiltering down from above.

3, either auto mode or config mode, matching order ACL are sent to the port according tothe rules from the bottom to the top matching.

4, in a ACL simultaneously with a plurality of rule matching, in accordance with the longest matching precedence.

Packet filter ACL examples:

Prohibition of online PC 10.10.10.145 

Allow network access 10.10.10.0/24

Allow network access 192.168.0.0/16

Ban on all IP

Method 1 for configuration of Huawei ACL

Configuration ACL (need to strictly in accordance with the allocation of order configuration)

ACL num 3000 Mach config

Rule den IP

Rule permit IP sour 192.168.0.0 0.0.255.255

Rule permit IP sour 10.10.10.0 0.0.0.255

Rule deny IP sour 10.10.10.145 0

Under the ACL to port

Int e 1/0/1

Pack in IP 3000

What Is the Purpose of a Domain ID S2700-26TP-EI-AC?

What Is the Purpose of a Domain ID S2700-26TP-EI-AC?

OSPF domain ID is used in Virtual Private Network (VPN) scenarios.

When the domain ID carried by the packet received from the peer is the same as the local one, Type 3 link-state advertisements (LSAs) are generated for Type 1, 2, and 3 LSAs, and Type 5 and 7 LSAs are generated for Type 5 and 7 LSAs (depending on area type). When the Domain ID is the different from the local one, Type 5 or 7 LSAs (depending on area type) are generated for Type 1, 2, and 3 LSAs, and Type 5 and 7 LSAs are generated for Type 5 and 7 LSAs (depending on area type).

Before sending routes to a remote CE switch, a PE switch sends Type-3 LSAs or Type-5 LSAs to the CE based on domain ID. If local domain IDs are the same as or compatible with remote domain IDs in BGP routes, the PE advertises Type 3 routes. If local domain IDs are different from or incompatible with remote domain IDs in BGP routes, the PE advertises Type 5 routes. This problems also exit in the Huawei switch s3700, s5700.Such as S5710-28C-EI and S5700-28C-EI.