华为S9300 交换机QOS配置

华为S9300核心交换机链路聚合配置实例配置静态LACP模式链路聚合示例组网需求如图1所示，在两台S9300设备上配置静态LACP模式链路聚合组，提高两设备之间的带宽与可靠性，具体要求如下：•2条活动链路具有负载分担的能力。

•两设备间的链路具有1条冗余备份链路，当活动链路出现故障链路时，备份链路替代故障链路，保持数据传输的可靠性。

图1 配置静态LACP模式链路聚合组网图配置思路采用如下的思路配置静态LACP模式链路聚合：1.在S9300设备上创建Eth-Trunk，配置Eth-Trunk为静态LACP模式。

2.将成员接口加入Eth-Trunk。

3.配置系统优先级确定主动端。

4.配置活动接口上限阈值。

5.配置接口优先级确定活动链路。

数据准备为完成此配置例，需准备如下的数据：•两端S9300设备链路聚合组编号。

•S9300-A系统优先级。

•活动接口上限阈值。

•活动接口LACP优先级。

操作步骤1.创建编号为1的Eth-Trunk，配置它的工作模式为静态LACP模式# 配置S9300-A。

<Quidway> system-view[Quidway] sysname S9300-A[S9300-A] interface eth-trunk 1[S9300-A-Eth-Trunk1] mode lacp-static[S9300-A-Eth-Trunk1] quit# 配置S9300-B。

<Quidway> system-view[Quidway] sysname S9300-B[S9300-B] interface eth-trunk 1[S9300-B-Eth-Trunk1] mode lacp-static[S9300-B-Eth-Trunk1] quit2.将成员接口加入Eth-Trunk# 配置S9300-A。

[S9300-A] interface gigabitethernet 1/0/1[S9300-A-Gigabitethernet1/0/1] eth-trunk 1[S9300-A-Gigabitethernet1/0/1] quit[S9300-A] interface gigabitethernet 1/0/2[S9300-A-Gigabitethernet1/0/2] eth-trunk 1[S9300-A-Gigabitethernet1/0/2] quit[S9300-A] interface gigabitethernet 1/0/3[S9300-A-Gigabitethernet1/0/3] eth-trunk 1[S9300-A-Gigabitethernet1/0/3] quit# 配置S9300-B。

Realize Your Potential华为技术有限公司Huawei S9300系列交换机详版彩页01 Huawei S9300系列交换机Huawei S9300系列是华为公司面向融合多业务的网络架构而推出的新一代高端智能T比特核心路由交换机。

该产品基于华为公司智能多层交换的技术理念，在提供稳定、可靠、安全的高性能L2/L3层交换服务S9303 S9306 S9312S9310产品特点S9300敏捷交换机，让网络更敏捷地为业务服务• S9300 敏捷单板内置高速灵活的以太网络处理器ENP，针对以太网专属设计。

借其灵活的报文处理及流量控制能力，深入贴近业务，满足现在及未来的各种挑战，助力客户构建弹性扩展的网络。

ENP芯片采用全可编程架构，可以完全自定义流量的转发模式、转发行为和查找算法。

通过微码编程实现新业务，客户无需更换新的硬件，快速灵活，6个月即可上线，而传统AS I C 芯片采用固定的转发架构和转发流程，新业务无法快速部署，需要等待1～3年的硬件支持。

• 凭借敏捷单板，S9300支持统一用户管理功能，屏蔽了接入层设备能力和接入方式的差异，支持802.1X/ MAC/Portal等多种认证方式，支持对用户进行分组/分域/分时的管理，用户、业务可视可控，实现了从“以设备管理为中心”到“以用户管理为中心”的飞跃。

• 凭借敏捷单板，S9300支持iPCA网络包守恒算法，改变了传统利用模拟流量做故障定位的检测模型，可对任意业务流随时随地逐点检测网络质量，无需额外开销；可在短时间内立刻检测业务闪断性故障，检测直接精准到故障端口，实现从“粗放式运维”到“精准化运维”的大转变。

• 凭借敏捷单板，S9300支持1588v2和同步以太，满足网络设备间的高精度时间同步，相比GPS的时间不同方案，提升安全的同时降低成本。

创新的CSS集群技术• S9300可通过集群卡连接和业务口连接两种方式实现虚拟化。

CSS集群创新性采用交换网集群技术，提供业界主机间最大的320G集群带宽；业务口集群支持成员机通过LPU上的普通业务口连接，将LPU上的业务口配置为堆叠物理成员端口后加入逻辑堆叠端口，通过SFP+光模块和光纤或SFP+堆叠线缆将堆叠物理成员端口连接。

华为路由器QoS功能设置教程对于网管来说，在路由器设置中经常会遇到针对IP 配置，为了让大家更好地了解其配置过程，今天就以华为路由器为例，给大家详细介绍一下。

QoS有上行带宽和下行带宽两项参数，可将上行带宽和下行带宽理解为用户申请的宽带线路的实际上下行带宽，必须先开启QoS并填入线路实际的上下行带宽，然后才能在IPQoS页面继续配置，否则会提示错误。

一、地址段包含了从10到20总共11个IP地址，地址段允许输入和路由器LAN口IP 地址不在同一网段的IP地址，内网如果采用三层交换设备规划了不同子网的方案下，我们的路由器也可以支持对不同网段IP的带宽限制。

二、模式独立带宽，下面的最大带宽和最小带宽是针对这段IP地址里面的每一个IP 而言，如果模式选择了共享带宽也就是这段IP共享下面的参数。

三、上行和下行路由器上、下行数据流分开来进行了限制，假设配置了192.168.1.10这个IP 地址的电脑正在进行P2P下载，那么这台电脑的数据流量会比较大，这台电脑的数据流分两部分：一部分是它从别的服务器下载数据，一部分是它上传数据给别的电脑，路由器的IP QoS将会对这台电脑下载和上传两个方向的数据流量分别进行规定限制。

这台电脑在上行的数据流量最小保证50Kbps、最大不超过100Kbps的带宽，下行的数据流量最小保证100Kbps、最大不超过200Kbps的带宽。

这里上行数据和下行数据的可用带宽是以线路实际上/下行带宽作为参考的。

四、具体配置步骤1、将内网的电脑的IP手工指定，并且是连续的，192.168.1.1()作为网关，不能用所以从192.168.1.2～192.168.1.100，这样方便后面的设置;2、在IP QOS设置开关处设置您的线路的带宽，分别设置线路的上行带宽和下行带宽，如10M的光纤线路需要填入10000;然后开启QOS总开关;3、进入IP QOS规则设置页面，添加新条目，设置：IP地址段如192.168.1.2～192.168.1.100，模式选择为独立;上行最小带宽：线路真实上行带宽/内网电脑数，在此例中为10000/99=101;最大带宽的设置关系不大，推荐设置800或1000或2000;下行最小带宽：线路真实下行带宽/内网电脑数，在此例中为10000/99=101;最大带宽的设置关系不大，推荐设置800或1000或2000;4、保存，设置完成。

华为S9300策略路由配置华为S9300策略路由配置华为S9300策略路由配置需求描述：公司目前有两条带宽，一条为AC设备，用于普通用户上网，一条为VPN设备，用户服务器对外发布，AC跟VPN均连到核心交换机上，核心上需配置默认数据走AC，服务器(192.168.0.12)数据走VPN1.创建ACL规则#需要策略路由的源地址acl number 2000rule 10 permit source 192.168.0.12 0#内网地址时不需要走策略路由acl number 3000rule 10 permit ip destination 192.168.0.0 0.0.255.255rule 15 permit ip destination 172.16.0.0 0.0.255.255rule 20 permit icmp destination 192.168.0.0 0.0.255.255rule 25 permit icmp destination 172.16.0.0 0.0.255.2552.创建behavior#指定策略网关（下一跳地址必须为直接可达，当不存在时，走系统默认路由）traffic behavior 2000redirect ip-nexthop 172.16.1.150#172.16.1.150为VPN内网地址#未定义时走默认路由traffic behavior 30003.创建classifiertraffic classifier 2000 operator or precedence 10if-match acl 2000traffic classifier 3000 operator or precedence 5 if-match acl 30004.创建策略traffic policy servervpnclassifier 3000 behavior 3000classifier 2000 behavior 20005.查找服务器对应的端口dis arp | in 192.168.0.12192.168.0.12s c81f-66dc-3a39 20 D-0 GE1/0/16 #显示IP对应的MAC及端口信息6.应用到指定的端口interface GigabitEthernet1/0/16traffic-policy servervpn inbound。

1 产品定位Quidway® S9300系列以太汇聚交换机（以下简称S9300）是基于新一代的硬件和华为公司统一的VRP®（Versatile Routing Platform）平台而推出的下一代以太网汇聚交换机，提供超大容量、高密度、模块化体系架构，提供二、三层线速转发能力，具有强大组播功能，VLAN交换功能，EPON接口，完善的QoS保障、有效的安全管理机制和传输级高可靠设计，满足城域网、企业园区网对Multi-Play业务承载和全光接入的组网需求，为运营商和企业网提供强大的网络交换和业务运营能力，支持IP专线、VPN、IPTV、IPv6等多种服务。

为了降低运营成本，满足节能减排需求，S9300作为新一代以太汇聚平台采用了多种绿色节能的创新技术，大幅降低设备能耗、减小噪声污染。

图1 Quidway S9300 系列以太汇聚交换机全家福S9300系列包括S9303、S9306、S9312三个产品形态，整个系列秉承模块与备件通用化、归一化的设计理念，最小化备板、备件成本，在保证设备扩展性的同时最大限度地保护用户投资。

同时，S9300整个系列均采用紧凑化设计，满足从城域边缘接入到核心汇聚、从企业高密汇聚到企业核心多种产品密度要求。

2 系统概述2.1 体系架构S9300在传统交换机的数据转发、管理控制双平面基础上进行了创新，在双平面的基础上增加了独立的环境监控平面，率先实现整机三平面设计。

业界首创的环境监控板，核心芯片采用华为自主知识产权的中控芯片，实现硬件级的按流量动态调整功率、风扇分区控制、风扇智能调速、端口休眠技术等多项节能控制技术，独立环境监控与网管联动，实现整机运营维护的全面可视化管理。

图2 创新的三平面设计2.2 产品特点S9300满足城域网以及企业园区网未来发展需求，能够实现交换容量、承载业务的全方位扩展，硬件级运维检测与设备安全防护，平滑升级保护用户投资。

●超大容量交换平台，弹性可扩展硬件架构作为新一代的以太汇聚平台，S9300单槽位支持12×10GE线速线卡，最大可以支持4.8T的背板容量和2T的交换能力，更好地满足IPTV等大带宽业务和IDC机房的接入需求。

一、删除接口下配置9300交换机如果要更改端口模式（如access模式改为trunk模式，或trunk模式改为hybrid 模式），需要清楚接口下所有配置后，才能变更。

命令如下：说明：为方便记忆，本例中部分命令单词采用缩写，命令末尾说明中追加完整命令单词。

1、删除trunk接口所有配置信息：undo port trunk allow vlan all //allow的完整为allow-passport trunk allow vlan 1undo port link trunk //link的完整为link-type2、删除hybrid接口所有配置信息：undo port hyb vlan all //hyb的完整为hybridport hyb untag vlan 1 //untag的完整为untagged3、删除access接口所有配置信息：undo port def vlan xxxx //def的完整为default二、透传vlanport hybrid tagged vlan 100 to 200//tag模式透传vlan，效果相当于trunk模式透传vlanport hybrid untagged vlan 150 to 200//untag模式透传vlan，通常只有需要把QINQ vlan的外层剥掉的情况下这么配置。

port trunk allow-pass vlan 100 to 200//trunk模式透传vlan，通常上下行接设备的时候这么配置。

port default vlan 100//access模式透传vlan，转发出去的报文不带vlan标签，通常接PC时候需要这么配置。

说明：vlan之间是连续的，可以使用to将首尾vlan连起来输入，如上。

如果vlan是不连续的，可以使用空格分隔开。

三、典型配置步骤9300交换机一般配置流程：vlan batch 100 to 200 //批量创建VLAN 100到200interface vlan 100 //配置三层vlanif接口，这里以管理vlan为100举例ip address 1.1.1.2 30 //配置IP地址#interface gig1/0/0 //进入接口（上行或下行，都可以）disp this一定要看一下接口有没有配置，如果现有配置的端口模式跟考试内容有冲突，需要删除。

一、删除接口下配置9300交换机如果要更改端口模式（如access模式改为trunk模式，或trunk模式改为hybrid 模式），需要清楚接口下所有配置后，才能变更。

命令如下：说明：为方便记忆，本例中部分命令单词采用缩写，命令末尾说明中追加完整命令单词。

1、删除trunk接口所有配置信息：undo port trunk allow vlan all //allow的完整为allow-passport trunk allow vlan 1undo port link trunk //link的完整为link-type2、删除hybrid接口所有配置信息：undo port hyb vlan all //hyb的完整为hybridport hyb untag vlan 1 //untag的完整为untagged3、删除access接口所有配置信息：undo port def vlan xxxx //def的完整为default二、透传vlanport hybrid tagged vlan 100 to 200//tag模式透传vlan，效果相当于trunk模式透传vlanport hybrid untagged vlan 150 to 200//untag模式透传vlan，通常只有需要把QINQ vlan的外层剥掉的情况下这么配置。

port trunk allow-pass vlan 100 to 200//trunk模式透传vlan，通常上下行接设备的时候这么配置。

port default vlan 100//access模式透传vlan，转发出去的报文不带vlan标签，通常接PC时候需要这么配置。

说明：vlan之间是连续的，可以使用to将首尾vlan连起来输入，如上。

如果vlan是不连续的，可以使用空格分隔开。

三、典型配置步骤9300交换机一般配置流程：vlan batch 100 to 200 //批量创建VLAN 100到200interface vlan 100 //配置三层vlanif接口，这里以管理vlan为100举例ip address 1.1.1.2 30 //配置IP地址#interface gig1/0/0 //进入接口（上行或下行，都可以）disp this一定要看一下接口有没有配置，如果现有配置的端口模式跟考试内容有冲突，需要删除。

整机结构S9300采用分布式硬件平台。

S9300的硬件系统由机箱、背板、电源模块、风扇框、主控路由板SRU（Switch Routing Unit）或主控板MCU（Main Control Unit）、线路板LPU（Line Processing Unit）和集中监控板CMU （Central Management Unit）组成。

整机宽度符合业界标准尺寸，可以安装到IEC297标准机柜或ETSI标准机柜中。

说明：∙SRU、CMU适用于S9312和S9306设备。

∙MCU只适用于S9303设备。

S9303整机结构产品外观S9303产品外观如图1所示。

图1 S9303产品外观图2 S9303产品外观（背面）S9303的机箱外型尺寸为442mm×476mm×175mm（宽×深×高）。

机箱正面从上到下分别为线路板、主控板和电源模块。

整个机箱采用后抽风散热。

搬运把手位于机箱两侧。

板件布局图3 S9303板件布局∙S9303采用前维护设计，单板区共有5个横插拔的单板槽位。

其中，下部两个槽位为半高槽位，固定为主控板MCU槽位，MCU板支持1+1备份；其他为线路板LPU槽位。

∙风扇区和防尘网位于机箱的后面。

∙电源区位于机箱的底部，电源采用1+1冗余备份，支持双电网输入。

可选择交流电源（AC）和直流电源（DC）两种供电方式。

∙支持PoE供电。

仅支持交流电源（AC），且不支持备份。

S9306整机结构产品外观图1 S9306产品外观图2 S9306产品外观（背面）S9306的机箱外型尺寸为442mm×476mm×441.7mm（宽×深×高）。

机箱正面从上到下分别为线路板、主控板、集中监控板和电源模块。

整个机箱采用后抽风散热。

搬运把手位于机箱两侧。

板件布局图3 S9306板件布局∙S9306的单板区共有8个横插拔的单板槽位。

其中，中间两个槽位固定为主控板SRU槽位，SRU板支持1+1备份；其它为线路板LPU槽位∙风扇区和防尘网位于机箱的后面。

Quidway S9300灵活QinQ配置指导内部公开Quidway S9300灵活QinQ配置指导(仅供内部使用）For internal use only拟制: Prepared by 维优项目组日期：Date2009-08-18审核: Reviewed by 日期：Date审核: Reviewed by 日期：Date批准: Granted by日期：Date华为技术有限公司Huawei Technologies Co., Ltd.版权所有侵权必究All rights reserved修订记录Revision record目录Catalog1 QinQ简介 (5)1.1 原理介绍 (5)1.2 QinQ实现方式 (5)2 S9300 QinQ配置 (7)2.1 普通QinQ配置 (7)2.2 基于ACL的灵活QinQ配置 (7)2.3 基于VLAN转换的灵活QinQ配置 (8)2.3.1 VLAN MAPPING (8)2.3.2 VLAN STACKING (9)3 S9300 灵活QinQ两种实现方式比较 (10)4 使用限制及常见问题 (11)4.1 配置注意事项 (11)4.2 使用及限制注意事项 (12)4.3 MAC学习 (12)5 应用场景配置举例 (13)5.1 S9300 VLAN STACKING灵活QinQ (13)5.1.1组网需求 (13)5.1.2配置过程和解释 (14)5.1.3完整配置 (15)5.2 S9300使用基于ACL的灵活QinQ (15)5.2.1组网需求 (16)5.2.2配置过程和解释 (16)5.2.3完整配置 (18)5.3 S9300灵活QinQ 802.1p值映射 (18)5.3.1组网需求 (19)5.3.2配置过程和解释 (19)5.3.3完整配置 (20)5.4 S9300全局灵活QinQ配置 (21)5.4.1组网需求 (21)5.4.2配置过程和解释 (21)5.4.3完整配置 (22)Quidway S9300灵活QinQ配置指导关键词Key words：MAC、VLAN、ACL、QinQ摘要Abstract：本文简单介绍QinQ的基本概念，然后给出在S9300系列交换机上部署灵活QinQ的配置指导及注意事项。

园区交换机配置模板下面以97机房9306为例一、配置系统名sysname SM-SY-XY-S9306-L3-1.MAN二、配置网管VLAN及其IP地址vlan 101qinterface Vlan-interface 101description WangGuanip address 172.16.96.12 255.255.255.0三、配置远程登陆时的本地用户及超级用户的用户名、密码user-interface vty 0 14authentication-mode aaaidle-timeout 15 0qaaalocal-user admin password cipher sm-adminlocal-user admin service-type telnetlocal-user admin level 1qsuper password level 3 cipher sm@770四、配置防病毒访问控制列表acl number 3000rule 1 deny tcp destination-port eq 135rule 2 deny tcp destination-port eq 136rule 3 deny tcp destination-port eq 137rule 4 deny tcp destination-port eq 138rule 5 deny tcp destination-port eq 139rule 6 deny udp destination-port eq 135rule 7 deny udp destination-port eq 136rule 8 deny udp destination-port eq netbios-nsrule 9 deny udp destination-port eq netbios-dgmrule 10 deny udp destination-port eq netbios-ssnrule 11 deny tcp destination-port eq 1434rule 12 deny udp destination-port eq 1434rule 13 deny tcp destination-port eq 445rule 14 deny udp destination-port eq 445五、配置网管地址及团体属性snmp-agent trap enable standardsnmp-agent trap enable basetrapsnmp-agent target-host trap address udp-domain 192.168.254.3 params securityname S9306snmp-agent community read S9306snmp-agent community write S/S9306snmp-agent sys-info version allntp-service unicast-server 192.168.254.22ntp-service unicast-server 192.168.254.21 preference六、配置默认路由ip route-static 0.0.0.0 0.0.0.0 172.16.96.1七、配置上行端口数据interface GigabitEthernet1/0/0description To-SM-SY-XY-SE800-A-1.MAN GE14/0/4------------对端口进行描述undo negotiation auto----------------------------------------------------强制千兆，全双工模式port link-type hybridport hybrid tagged vlan 102undo port hybrid vlan 1broadcast-suppression 10 -----------------------------------------------设置广播抑制八、灵活QinQ 以青山三村上连列东S9306为例SE800G 1/0/0S9306G 1/0/47S3552以vlan 205到214打上外标1001vlan 215到224打上外标1002interface GigabitEthernet1/0/47description To_QingShangShanChun_S3552 -------------对端口进行描述undo negotiation auto------------------------------------------强制千兆，全双工模式port link-type hybrid 端口类型为Hybridport hybrid tagged vlan 107 透传网管Vlan 107port hybrid untagged vlan 1001 to 1002 透传Vlan 1001和1002port vlan-stacking vlan 205 to 214 stack-vlan 1001 添加外层标签1001port vlan-stacking vlan 215 to 224 stack-vlan 1002 添加外层标签1002quit上行口透传interface GigabitEthernet1/0/0description To-SM-LD-5F-SE800-A-3.MAN GE2/0/3undo negotiation autoport link-type hybridport hybrid tagged vlan 1001 1002 107undo port hybrid vlan 1broadcast-suppression 10九、端口限速(城域网需要)acl number 3000rule 0 permit iptraffic classifier TC_2M_Rate operator andif-match acl 3000traffic classifier TC_4M_Rate operator andif-match acl 3000traffic classifier TC_6M_Rate operator andif-match acl 3000traffic classifier TC_8M_Rate operator andif-match acl 3000traffic classifier TC_10M_Rate operator andif-match acl 3000traffic classifier TC_20M_Rate operator andif-match acl 3000traffic classifier TC_30M_Rate operator andif-match acl 3000traffic behavior TB_1M_Ratecar cir 2048 pir 2048 cbs 16384 pbs 16384 green pass yellow pass red discardtraffic behavior TB_4M_Ratecar cir 4096 pir 4096 cbs 32768 pbs 32768 green pass yellow pass red discardtraffic behavior TB_6M_Ratecar cir 6144 pir 6144 cbs 49152 pbs 49152 green pass yellow pass red discardtraffic behavior TB_8M_Ratecar cir 8192 pir 8192 cbs 65536 pbs 65536 green pass yellow pass red discardtraffic behavior TB_10M_Ratecar cir 10240 pir 10240 cbs 81920 pbs 81920 green pass yellow pass red discardtraffic behavior TB_20M_Ratecar cir 20480 pir 20480 cbs 163840 ebs 163840 pir 20480 green pass yellow pass red discardtraffic behavior TB_30M_Ratecar cir 30720 pir 30720 cbs 245760 ebs 245760 pir 30720 green pass yellow pass red discard（注：cbs=8*cir 效果比较好）traffic policy QP_2M_Rateclassifier TC_2M_Rate behavior TB_2M_Ratetraffic policy QP_4M_Rateclassifier TC_4M_Rate behavior TB_4M_Ratetraffic policy QP_6M_Rateclassifier TC_6M_Rate behavior TB_6M_Ratetraffic policy QP_8M_Rateclassifier TC_8M_Rate behavior TB_8M_Ratetraffic policy QP_10M_Rateclassifier TC_10M_Rate behavior TB_10M_Rateqos policy QP_20M_Rateclassifier TC_20M_Rate behavior TB_20M_Rateqos policy QP_30M_Rateclassifier TC_30M_Rate behavior TB_30M_Rateinterface Ethernet 3/1/1port access vlan 1000description TO_LanYueLiang_WangBa_2Mtraffic-policy QP_2M_Rate inbound 入方向限速qos lr cir 2048 outbound 出方向限速interface Ethernet 3/1/1port access vlan 1000description TO_LanYueLiang_WangBa_4Mtraffic-policy QP_4M_Rate inbound 入方向限速qos lr cir 4096 outbound 出方向限速interface Ethernet 3/1/1port access vlan 1000description TO_LanYueLiang_WangBa_6Mtraffic-policy QP_6M_Rate inbound 入方向限速qos lr cir 6144 outbound 出方向限速interface Ethernet 3/1/1port access vlan 1000description TO_LanYueLiang_WangBa_10Mtraffic-policy QP_8M_Rate inbound 入方向限速qos lr cir 8192 outbound 出方向限速interface Ethernet 3/1/1port access vlan 1000description TO_LanYueLiang_WangBa_10Mtraffic-policy QP_10M_Rate inbound 入方向限速qos lr cir 10240 outbound 出方向限速interface Ethernet 3/1/1port access vlan 1000description TO_LanYueLiang_WangBa_20Mtraffic-policy QP_20M_Rate inbound 入方向限速qos lr cir 20480 outbound 出方向限速interface Ethernet 3/1/1port access vlan 1000description TO_LanYueLiang_WangBa_30Mtraffic-policy QP_30M_Rate inbound 入方向限速qos lr cir 30720 outbound 出方向限速。

1、开始建立本地配置环境，将主机的串口通过配置电缆与以太网交换机的Console口连接。

在主机上运行终端仿真程序（如Windows的超级终端等），设置终端通信参数为：波特率为9600bit/s、8位数据位、1位停止位、无校验和无流控，并选择终端类型为VT100。

以太网交换机上电，终端上显示以太网交换机自检信息，自检结束后提示用户键入回车，之后将出现命令行提示符（如<Quidway>）。

键入命令，配置以太网交换机或查看以太网交换机运行状态。

需要帮助可以随时键入"?" 2、命令视图0000(1)用户视图(查看交换机的简单运行状态和统计信息)<Quidway>:与交换机建立连接即进入(2)系统视图(配置系统参数)[Quidway]:在用户视图下键入system-view(3)以太网端口视图(配置以太网端口参数)[Quidway-Ethernet0/1]:在系统视图下键入int erface ethernet 0/1(4)VLAN视图(配置VLAN参数)[Quidway-Vlan1]:在系统视图下键入vlan 1(5)VLAN接口视图(配置VLAN和VLAN汇聚对应的IP接口参数)[Quidway-Vlan-interface1]:在系统视图下键入interface vlan-interface 1(6)本地用户视图(配置本地用户参数)[Quidway-luser-user1]:在系统视图下键入local-u ser user1(7)用户界面视图(配置用户界面参数)[Quidway-ui0]:在系统视图下键入user-interface00003、其他命令0000设置系统时间和时区<Quidway>clock time Beijing add 8<Quidway>clock datetime 12:00:00 2005/01/23设置交换机的名称[Quidway]sysname TRAIN-3026-1[TRAIN-3026-1]配置用户登录[Quidway]user-interface vty 0 4[Quidway-ui-vty0]authentication-mode scheme创建本地用户[Quidway]local-user huawei[Quidway-luser-huawei]password simple huawei[Quidway-luser-huawei] service-type telnet level 300004、VLAN配置方法000『配置环境参数』SwitchA端口E0/1属于VLAN2，E0/2属于VLAN3『组网需求』把交换机端口E0/1加入到VLAN2 ，E0/2加入到VLAN3数据配置步骤『VLAN配置流程』(1)缺省情况下所有端口都属于VLAN 1，并且端口是access端口，一个access端口只能属于一个vlan；(2)如果端口是access端口，则把端口加入到另外一个vlan的同时，系统自动把该端口从原来的vlan中删除掉；(3)除了VLAN1，如果VLAN XX不存在，在系统视图下键入VLAN XX，则创建VLAN XX并进入VLAN视图；如果VLAN XX已经存在，则进入VLAN视图。

Huawei S9300 SwitchProduct BrochuresRealize Your Potential01 Huawei S9300 Switch ProductHuawei S9300 series (S9300 for short) terabit routing switches are next-generation high-end smart switches tailored for multiservice networks. The S9300 uses Huawei's intelligent multilayer switching concept to provideAn S9300 running a system software version of V2R5C00 or later can be upgraded to an agile switch by using S9303 S9306S9312 Product OverviewProduct FeaturesAgile Switch, Enabling Networks to Be More Agile for Services• The high-speed ENP is tailored for Ethernet networks. The ENP's flexible packet processing and traffic control capabilities can meet current and future service requirements and help build a highly scalable network. The ENP has a fully programmable architecture, in which customers can define their own forwarding models, forwarding behaviors, and lookup algorithms. Microcode programmability enables new services to be provisioned within six months, without the need of replacing the hardware. In contrast, with traditional ASIC chips, new services cannot be provisioned until new hardware is developed to support the services, which may take 1 to 3 years, because ASIC chips use a fixed forwarding architecture and follow a fixed forwarding process.• By using an X1E board, the S9300 supports the unified user management function to authenticate both wired and wireless users, ensuring a consistent user experience regardless of whether they use wired or wireless access devices to connect to the network. The unified user management function supports various authentication methods, including 802.1x, MA C, and Portal authentications, and is capable of managing users based on user groups, domains, and time ranges. This function visualizes user and service management and enables the transformation from device-centric management to user-centric management.• The X1E board supports the Packet Conservation Algorithm for Internet (iPCA) function, which changes the traditional method of using simulated traffic for fault location. iPCA technology can monitor network quality for any service flow at any network node, at any time, and without extra costs. It can detect temporary service interruptions in a very short time and precisely identify faulty ports. This cutting-edge fault detection technology turns "extensive management" to "fine granular management."Innovative CSS Technology• S9300 switches can set up a clustering switch system (CSS) through cluster cards or service ports. The CSS provides industry-leading 320 Gbps inter-chassis bandwidth due to Huawei's novel approach of using the switching fabric clustering technology in CSS. Member switches can be connected through the service ports on LPUs. These service ports can be configured as stack member ports and added to a logical stack port to enable connectionthrough SFP+ optical modules and fibers, or direct connection through SFP+ stack cables. Virtualization technology improves link use efficiency and preventssingle-point failures through inter-chassis link aggregation.• The S9300 uses route hot backup technology to backup and uninterruptedly forward all data of the controland data planes at Layer 3. This technology significantly improves reliability and performance of the S9300. Theinter-chassis links in a CSS can be bundled to improve linkuse efficiency and eliminate single-point failures.• The S9300 can use common service ports as cluster ports,and member switches can be connected through opticalfibers. This increases the permitted distance between switches in the CSS.• All member switches in a CSS are managed through asingle IP address, which simplifies network device and topology management, improves network operationefficiency, and reduces maintenance costs.Carrier-Class Reliability• The S9300's key components, such as MPUs, power supplies, and fans trays, use a redundant design, and all modules are hot swappable to ensure stable network running.• The S9300 supports 3.3 ms hardware-based BFD for staticroutes and routing protocols such as RIP, OSPF, BGP, IS-IS, VRRP, PIM, and MPLS. Hardware-based BFD significantly improves network reliability.• The S9300 supports High-speed Self Recovery (HSR) technology. Using Huawei's ENP cards, the S9300 is the industry's only switch that implements end-to-end IPMPLS bearer network protection switchover within 50 ms, improving network reliability.• The S9300 supports hardware-based Ethernet OA Min compliance with IEEE 802.3ah, 802.1ag, and ITU-Y.1731. Hardware-based Ethernet OAM can collect precise network parameters, such as transmission latency andjitter, to help customers monitor network operating statusin real time and to realize fast fault detection, location,and failover.• The S9300 supports Graceful Restart (GR) technology to implement nonstop forwarding (NSF) and ensure reliableand high-speed operation of the entire network.Powerful Service Processing Capabilities• The S9300 provides high-density 10GE ports and provide 2 x100GE line card, Each S9312 chassis can provide a maximumof 480 x 10GE ports and 24 x 100GE ports, meeting the requirements of bandwidth-consuming applications, such as multimedia conferencing and data access.02• Based on a multi-service routing and switching platform, the S9300 provides wireless access, voice, video, and data services for network access, aggregation, and core layers, helping customers build a highly reliable, low-latency, and multi-service network.• The S9300 supports distributed MPLS L2/L3VPN functions including MPLS, virtual private LA N service (VPLS), hierarchical VPLS (HVPLS), and virtual leased line (VLL), to provide secure access for VPN users.• The S9300 supports comprehensive Layer 2 and Layer 3 multicast protocols, including Protocol Independent Multicast Sparse Mode (PIM SM), PIM Dense Mode (DM), PIM Source-Specific Multicast (SSM), Multicast Listener Discovery (MLD), and Internet Group Management Protocol (IGMP) snooping, to ensure high-quality HD video surveillance and video conferencing services.• The S9300 supports multi-service virtualization technology to provide value-added service (VAS) solutions for campus networks. This technology virtualizes the VAS capabilities, such as firewall (FW), antivirus engine (AVE), and application security gateway (ASG), so that the network entities, such as switches, routers, ACs, APs, and terminals, can use these virtualized capabilities without the restriction of physical locations.• The software platform where the S9300 runs supports various routing protocols (including IPv6) to meet carriers' network requirements and allows carriers to smoothly upgrade their networks to IPv6.Various Network Traffic Analysis Functions• The S9300 supports NetStream, including V5/V8/V9 versions. The NetStream features involve aggregation traffic template, real-time traffic sampling, dynamic report generation, traffic attribute analysis, and traffic exception alarms. The S9300 sends traffic statistics logs to master and backup servers simultaneously to avoid data loss. NetStream helps monitor the operating status and traffic model on the entire network. It also provides fault pre-detection, effective fault rectification, fast problem handling, and security monitoring capabilities to help customers optimize network structure and adjust service deployment.Comprehensive Security Measures• The S9300 supports MAC security (MACSec) that enables hop-by-hop secure data transmission. The S9300 can be applied to scenarios that pose high requirements on data confidentiality, such as government and finance sectors.• NGFW is a next-generation firewall card installed on an S9300. In addition to the traditional defense functions, such as identity authentication and Anti-DDoS, the NGFWsupports IPS, anti-spam, web security, and application control functions.• The S9300 provides comprehensive network admission control (NAC) solutions, involving MAC, 802.1x, and Portal authentications as well as authentication triggered by DHCP snooping. These authentication methods ensure the security of various access users, such as dumb terminals, mobile users, and users allocated dynamic IP addresses. • The S9300 supports a two-level CPU protection mechanism, which supports 1K CPU hardware queues and separates the data plane from the control plane, to help minimize threats of DoS attacks, unauthorized access, and control plane overloading. With this mechanism, the S9300 offers an industry-leading integrated security solution.Comprehensive IPv6 Solution• The S9300 software and hardware platforms support IPv6. The Ministry of Industry and Information Technology (MIIT) has certified the S9300 as IPv6 network-access compliant and has awarded IPv6 Ready Logo Phase 2 certification.• The S9300 supports IPv6 routing protocols such as RIPng, OSPFv3, IS-ISv6, as well as IPv6 static routes, and supports BGP4+, MLD v1/v2, MLD snooping, PIM-SM/DMv6, and PIM-SSMv6.• The S9300 supports various IPv4-to-IPv6 technologies to ensure seamless network migration. The technologies include IPv6 manual tunnel, 6to4 tunnel, Intra-site Automatic Tunnel Addressing Protocol (ISATAP) tunnel, Generic Routing Encapsulation (GRE) tunnel, and IPv4-compatible automatic tunnel.Innovative Energy Saving Design• The S9300 uses a rotating ventilation channel to improve heat dissipation efficiency and a variable-current chip to dynamically adjust power according to traffic volume. These technologies reduce power consumption of the entire chassis by 11%. The S9300 supports port sleeping. Idle ports enter the sleeping state to reduce power consumption.• The S9300 supports intelligent fan-speed adjustment, in which fans are grouped into multiple zones and fan speed in each zone is adjusted individually based on service loads. This technology lowers power consumption, reduces noise, and extends the service life of fans.• The S9300 supports Energy Efficient Ethernet (EEE) in compliance with IEEE 802.3az. Transceivers on line cards can quickly transition to the lower power idle state to reduce power consumption when no traffic is being transmitted.03Product Specifications040506ApplicationsApplications in Carriers' MANsApplications in Large-Scale Data CentersThe S9300 provides carrier-class reliability, security, and manageability. By converging DSLAM, LAN, and enterprise access services, the S9300 provides large-capacity switching and high-density 10G interfaces. At the convergence layer, the interface rate can be smoothly upgraded from 10GE to 40GE/100GE, meeting the increasing bandwidth requirements of ISP networks. The S9300 supports features such as RRPP , Ethernet OAM, VRRP , and MPLS L2/L3VPN, and satisfies the requirements for IPTV, high speed Internet (HSI), and enterprise leased lines.The S9300 switches function as high-density 10G core and aggregation nodes in large-scale data centers, helping enterprises build highly reliable, non-blocking, and virtualized data center networks. The S9300 switches use various technologies, including IP FRR, hardware-level BFD, NSF, VRRP , and E-Trunk, to ensure uninterrupted services. In addition, the S9300 switches support the CSS function to improve network IT efficiency and reduce network maintenance costs.For more information, visit / or contact your local Huawei sales office.Web & Email Application Application DatabaseS2300Copyright © Huawei Technologies Co., Ltd. 2016. All rights reserved.No part of this document may be reproduced or transmitted in any form or by any means without prior written consent of Huawei Technologies Co., Ltd.Trademark Notice, HUAWEI, and are trademarks or registered trademarks of Huawei Technologies Co., Ltd.Other trademarks, product, service and company names mentioned are the property of their respective owners.General DisclaimerThe information in this document may contain predictive statements including,without limitation, statements regarding the future financial and operating results,future product portfolio, new technology, etc. There are a number of factors thatcould cause actual results and developments to differ materially from thoseexpressed or implied in the predictive statements. Therefore, such information isprovided for reference purpose only and constitutes neither an offer nor anacceptance. Huawei may change the information at any time without notice.。

S9300系列T比特核心路由交换机S9303S9306S9300系列是华为公司面向融合多业务的网络架构而推出的新一代高端智能T 比特核心路由交换机。

该产品基于华为公司智能多层交换的技术理念，在提供稳定、可靠、安全的高性能L2/L3层交换服务基础上，实现高清视频流承载、大容量无线网络、弹性云计算、硬件IPv6、一体化安全等业务应用，同时具备强大扩展性和可靠性。

S9300系列交换机广泛适用于广域网、城域网、园区网络和数据中心，帮助企业构建面向应用的网络平台，提供交换路由一体化的端到端融合网络。

S9300系列提供S9303、S9306、S9312三种产品形态，支持不断扩展的交换能力和端口密度。

整个系列秉承模块通用化、部件归一化的设计理念，最小化备件成本，在保证设备扩展性的同时最大限度地保护用户投资。

此外，S9300作为新一代智能交换机采用了多种绿色节能创新技术，在不断提升性能及稳定性的同时，大幅降低设备能源消耗，减小噪声污染，为网络绿色可持续发展提供领先的解决方案。

S9300系列T 比特核心路由交换机产品概述先进交换架构提升网络扩展性• 背板具备良好的扩展性，可平滑扩展至更高带宽，支持单端口速率40G ，同时完美兼容现网板卡，保护初始投资。

• 超高万兆端口密度，单台设备支持480个万兆端口，助力企业园区和数据中心迎来全万兆核心时代。

运营级高可靠性设计，保障企业应用永续运行• S9300所有关键器件,如主控、电源、风扇等均采用冗余设计，所有模块均支持热插拔。

• CSS 集群创新性采用交换网集群技术，克服了业界普遍采用的线卡集群跨框多次交换，交换效率低下的架构难题，提供业界主机间最大的256G 集群带宽，同时可以通过跨框链路聚合提高链路的利用率，并消除单点故障。

产品特点S93121•支持完善的运维检测与性能管理802.3ah、802.1ag和ITU-Y.1731，能够对网络传输中的时延、抖动等参数进行精确统计，实时监测网络运行情况，并在设备故障发生时快速定位。