H3C: Performance Half-Kick Switch

Published on November 13, 2012

H3C: Performance Half-Kick Switch

In the partnership of HP and 3Com, the acronym name for active network equipment was born - H3C. In the golden middle of the gigabit line of manufacturer switches was the H3C S5120SI.
Despite the detailed and exciting reading of the User Guide and Command Reference in the amount of 800 pages each, the settings and controls can be stacked in 4 sheets, available for the layman.
Tips for initial setup, under the cut.

Installation and commissioning


All actions for configuring the switch require a direct, active connection to the console port. Connection using Linux as an example:
sudo apt-get install minicom
dmesg |grep tty узнать соотв-ее устройство COM-порт, напр. ttyS0
sudo minicom -s //указать порт /dev/ttySX, скорость 9600 8N1
sudo minicom

For a switch that is new or removed from the warehouse, the configuration must be reset.
reset saved-configuration
reboot

The basic configuration is the device name, banner, administration interface and password, current date and time (required to navigate the logs).
sysname %hostname%
undo copyright-info enable
undo ip http enable //убираем шелуху
vlan %NUM%
description vlan_Managment
name vlan_Managment
interface vlan-interface %NUM%
ip address %SWITCH_IP% 255.255.255.0
ip route-static 0.0.0.0 0.0.0.0 %GW_IP%
ntp-service unicast-server 217.71.128.77 //сервер времени страта-2, НГТУ
clock timezone NOVT add 07:00:00 //актуальный часовой пояс
super password cipher %PWD_super%
user-interface aux 0
authentication-mode password
set authentication password cipher %PWD_AUX%
telnet server enable
user-interface vty 0 4
authentication-mode scheme
local-user %USER%
password cipher %PWD%
service-type telnet
user-interface vty 5 15
authentication-mode password
set authentication password cipher %PWD_recovery% //используется пароль на случай отказа схемы и домена авторизации.

Authorization Domain


To use single administration accounts on the switch group, the login-password can be stored on the RADIUS server.
The radcheck table in the RADIUS database:
username, attribute, op, value:
%user%, Cleartext-Password, :=, %password%

In the radgroupreply table, entries are added with the group name and the values ​​Service-Type = Administrative-User and Acct-Status-Type = Accounting-On are set. The user is added to the corresponding group in the radusergroup table:
username, groupname, priority:
%user%, %group%, 1

Allow connection to RADIUS and specify the exchange key in the clients.conf file:
client %SWITCH_NET%/24 {
secret
= %KEY%
shortname = h3c
}

On the switch, you must configure the scheme for connecting to the authorization server:
radius scheme %scheme_name%
primary authentication %IP_RADIUS%
primary accounting %IP_RADIUS%
key authentication %KEY%
key accounting %KEY%
user-name-format without-domain

Setting up a domain allows you to log in using local-user and RADIUS server accounts.
domain %domain_name%
authentication login radius-scheme %scheme_name%
authorization login radius-scheme %scheme_name%
accounting login radius-scheme %scheme_name%
access-limit disable
state active
idle-cut disable
self-service-url disable
domain default enable %domain_name%

Multiple Spanning Tree Protocol


The Layer 2 MSTP layer control protocol allows you to create redundant connections between switches without looping. The root switch specified for the case (instance, 0 - by default) supports all connections in the transfer mode (designated, forwarding), and the switches connected below determine the nearest port to the root and activate them (root, forwarding), other ports are blocked to avoid loops ( alte, discarding). It was determined empirically - after the link is lost on the root switch, the second link is unlocked and data transfer resumes in less than 1 second. MSTP allows you to build independent trees for each case (including one or more vlans).
[DeviceD] display stp brief 
MSTID Port Role STP State Protection 
0 GigabitEthernet1/0/1 ROOT FORWARDING NONE 
0 GigabitEthernet1/0/2 ALTE DISCARDING NONE 

An example stand includes three switches and one public vlan:

interface Vlan-interface %vlan_num%
ip address %IP_switch% 255.255.255.0
stp region-configuration
region-name %region_name%
instance 1 vlan %vlan_num%
active region-configuration
stp enable

For the root switch, you must set the priority:
stp instance 1 root primary

Ports 17, 18 are enabled for access and do not exchange STP packets:
interface GigabitEthernet1/0/1
port link-type trunk
port trunk permit vlan %vlan_num%
interface GigabitEthernet1/0/2
port link-type trunk
port trunk permit vlan %vlan_num%
interface GigabitEthernet1/0/17
port access vlan %vlan_num%
stp disable
stp edged-port enable
interface GigabitEthernet1/0/18
port access vlan %vlan_num%
stp disable
stp edged-port enable

Bridge Aggregation Port Aggregation


Aggregation of physical ports allows you to use a group as a single logical link. In addition to redundancy and redundancy, in case of an accident, such a group summarizes the bandwidth of the included ports.

On each switch, you need to create an aggregation logical group:
interface Bridge-Aggregation %agg_num%
link-aggregation mode dynamic //используется например при соединении с Cisco

For all ports involved in the group, you must specify the appropriate aggregation:
interface GigabitEthernet %port_num% //перебрать также все включенные интерфейсы
port link-aggregation group %agg_num%

After setting the port binding to the corresponding aggregation groups, you can set the options for the involved channel:
interface Bridge-Aggregation %agg_num%
port link-type trunk //может быть и access vlan_id
port trunk permit vlan %vlan_num%

If aggregation is used in MSTP, then the tree configuration for the node will take the form (instead of blocking physical ports, the state will change for logical links):
display stp brief
 MSTID   Port Role      STP  State      Protection 
  0 Bridge­Aggregation1 ALTE DISCARDING    NONE
  0 Bridge­Aggregation2 ROOT FORWARDING    NONE


UPD: Some more information for beginners on this switch at alexkoh : Configuring HUAWEI network equipment

Recommended reading:

  1. Configuration Guide - www.h3c.com/portal/Technical_Support___Documents/Technical_Documents/Switches/H3C_S5120_Series_Switches/Configuration/Operation_Manual/H3C_S5120-SI_CG-Release_1101-6W105
  2. Command Reference - www.h3c.com/portal/Technical_Support___Documents/Technical_Documents/Switches/H3C_S5120_Series_Switches/Command/Command/H3C_S5120-SI_CR-Release_1101-6W105