Category Archives: ethernet

assigning multiple IP addresses to network interface

Why might we want to assign multiple IP addresses to the same interface? The following are the most common scenarios:

  • hosts in the network segment use IP addresses on different networks
  • there are not enough host addresses on a logical network segment, suppose a /24 address space and 300 hosts

How to configure multiple IP addresses on Huawei devices?

Let’s configure a pair of routers connected via a Gigabit Ethernet link and use four different logical networks. Continue reading

Advertisements

port security on Huawei switches

How to prevent unauthorized users from connecting their PCs to an enterprise network? How to prevent employees from connecting unauthorized devices to a LAN or moving their computers without permission?

Port Security is a Layer 2 feature, which can be enabled on an interface, to prevent devices with untrusted MAC address, from accessing a switch interface. When enabled, MAC address of the device connected to the port, is dynamically learned by the switch and stored in a memory (by default it is not aged out). Only this MAC address is then allowed to forward traffic over switch port (only one trusted MAC is allowed by default). Every different MAC address will cause the port to go into one of the following states:

  • Protect – packets coming from untrusted MAC address will be dropped,
  • Restrict – packets coming from untrusted MAC address will be dropped and SNMP trap message will be generated (default behavior),
  • Shutdown – port will be put into shutdown state.

Continue reading

Link Flapping Protection on Huawei switches

I have come across “link flapping protection” feature” recently. It is available on S5700 switches. It looks like it is a new feature on Huawei switches. I had not met it in older hardware versions. That’s why I decided to write a few words about it. Unfortunatelly, although this command is available in Huawei network simulator eNSP, it does not work properly. But maybe you will have possibility check it on your real devices.

Port flapping (port going UP and DOWN continually) can be caused by a faulty cable, link failure, active/standby switchover, port hardware failure, etc. Frequent status changes on an interface can lead to:

  • STP topology recalculation and changes,
  • ARP entries updates,
  • dynamic routing instability and convergence problems.

Continue reading

error-down auto-recovery on Huawei switches

Download as PDF

Some of you may know Cisco’s „err-disable recovery” feature, which allows to automatically bring a port from “err-disable” back to “up” state. Huawei switches have similar functionality, which is called “error-down auto-recovery”.

There are five reasons a port can enter into error-down state:

  • BPDU protection
  • EFM threshold
  • EFM remote failure
  • Auto defend
  • Link flapping
  • MAC address flapping

Let’s take a look, how this feature works, in a network running STP, when BPDU protection is the reason that a port goes into “down” state. If you are not familiar with BPDU protection feature, read my previous article “Protecting STP on Huawei switches”.

Continue reading