华为交换机的配置S2700

11策略路由配置关于本章通过配置策略路由，可以用于提高网络的安全性能和负载分担。

11.1 配置策略路由配置策略路由可以将到达接口的转发报文重定向到指定的下一跳地址。

11.2 配置举例配置示例中包括组网需求和配置思路等。

11.1 配置策略路由配置策略路由可以将到达接口的转发报文重定向到指定的下一跳地址。

背景信息通过配置重定向，设备将符合流分类规则的报文重定向到指定的下一跳地址。

包含重定向动作的流策略只能在全局、接口或VLAN的入方向上应用。

说明对于S2700系列交换机，只有S2700-52P-EI和S2700-52P-PWR-EI交换机支持策略路由。

前置任务在配置策略路由前，需要完成以下任务：●配置相关接口的IP地址和路由协议，保证路由互通。

●如果使用ACL作为策略路由的流分类规则，配置相应的ACL。

操作步骤1.配置流分类a.执行命令system-view，进入系统视图。

b.执行命令traffic classifier classifier-name [ operator { and | or } ]，创建一个流分类并进入流分类视图，或进入已存在的流分类视图。

and表示流分类中各规则之间关系为“逻辑与”，指定该逻辑关系后：▪当流分类中有ACL规则时，报文必须匹配其中一条ACL规则以及所有非ACL规则才属于该类；▪当流分类中没有ACL规则时，则报文必须匹配所有非ACL规则才属于该类。

or表示流分类各规则之间是“逻辑或”，即报文只需匹配流分类中的一个或多个规则即属于该类。

缺省情况下，流分类中各规则之间的关系为“逻辑与”。

c.请根据实际情况定义流分类中的匹配规则。

d.执行命令quit，退出流分类视图。

2.配置流行为a.执行命令traffic behavior behavior-name，创建一个流行为，进入流行为视图。

b.请根据实际需要进行如下配置：▪执行命令redirect ip-nexthop ip-address &<1-4> [ forced ]，将符合流分类的报文重定向到下一跳。

2 VLAN配置关于本章VLAN具有隔离广播域、增强保密性、组网灵活和扩展性良好等特点。

2.1 VLAN概述介绍VLAN的定义、由来和作用。

2.2 设备支持的VLAN特性设备支持的VLAN特性包括VLAN的划分、VLAN间的通信、VLAN聚合、MUX VLAN、管理VLAN。

2.3 缺省配置介绍了VLAN参数的缺省配置。

2.4 划分VLAN创建并划分VLAN，将没有互通需求的用户进行隔离，增强网络的安全性、减少广播流量，同时也减少了广播风暴的产生。

2.5 配置VLANIF接口实现VLAN间的通信VLANIF接口是三层逻辑接口，在设备上创建VLANIF接口后，可实现VLAN间的通信。

2.6 配置VLAN聚合节约IP地址VLAN聚合解决了IP地址资源浪费问题，同时可实现不同VLAN间通信。

2.7 配置MUX VLANMUX VLAN可实现VLAN间通信，也可实现VLAN内的用户相互隔离。

2.8 配置管理VLAN实现网管集中管理设备配置管理VLAN功能，用户通过管理VLAN的VLANIF接口登录到管理交换机，实现网管集中管理设备。

2.9 维护VLAN维护VLAN，包括查看和清除VLAN的统计信息。

2.10 配置举例介绍VLAN的配置举例。

配置示例中包括组网需求、配置思路、操作步骤等。

2.11 常见配置错误介绍VLAN常见配置错误的处理方法。

2.1 VLAN概述介绍VLAN的定义、由来和作用。

VLAN（Virtual Local Area Network）即虚拟局域网，是将一个物理的LAN在逻辑上划分成多个广播域的通信技术。

以太网是一种基于CSMA/CD（Carrier Sense Multiple Access/Collision Detection）的共享通讯介质的数据网络通讯技术。

当主机数目较多时会导致冲突严重、广播泛滥、性能显著下降甚至造成网络不可用等问题。

通过交换机实现LAN（Local AreaNetwork）互连虽然可以解决冲突严重的问题，但仍然不能隔离广播报文和提升网络质量。

华为交换机的配置——S2700<Quidway>system-view //进入配置模式[Quidway]sysname B1 //给交换机命名为B1[B1]http server load flash:/S2700?.... zip //加载WEB管理程序[B1]http server enable //开启WEB管理功能[B1]user-interface console 0 //进入console 0端口的配置[B1-ui-con0]authentication-mode password //启用密码认证[B1-ui-con0]set authentication password cipher qqgroup //设置密文密码[B1-ui-con0]user privilege level 3 //安全级别为3[B1-ui-con0]quit //退出[B1]user-interface vty 0 4 //进入VTY配置[B1-ui-vty0-4]authentication-mode password[B1-ui-vty0-4]set authentication password cipher qq[B1-ui-vty0-4]user privilege level 3[B1-ui-vty0-4]quit[B1]vlan 10 //创建VLAN 10[B1-vlan10]interface Ethernet 0/0/1 //进入交换机的端口[B1-ethernet 0/0/1]port link-type access //设置端口模式为接入模式[B1-ethernet 0/0/1]port default vlan 10 //把该端口加入VLAN10 [B1-ethernet 0/0/1]interface Ethernet 0/0/24[B1-ethernet 0/0/24]port link-type trunk //设置端口模式为TRUNK [B1-ethernet 0/0/24]port trunk permit vlan 10 //设置TRUNK允许通过的VLAN[B1-ethernet 0/0/24]quit[B1]interface vlan 10 //进入VLAN接口[B1]ip add 192.168.10.1 24 //给VLAN配置管理地址。

9监控口配置关于本章通过配置监控口，可以实现对设备的使用环境进行监控，方便管理员对设备进行维护。

9.1 监控口简介介绍监控口的定义和目的。

9.2 配置注意事项介绍监控口特性的注意事项及设备支持的监控口。

9.3 配置监控口介绍监控口的详细配置过程。

9.4 配置举例介绍监控口配置举例。

配置示例中包括组网需求、配置思路等。

9.1 监控口简介介绍监控口的定义和目的。

定义监控口是位于设备上用于监控机柜门、设备电源、电池电量和空调电源等设备的接口。

目的在某些应用场景中，如交换机部署在接入侧作为楼道交换机实现宽带用户接入，因为楼道应用环境的特殊性，交换机需要安装在定制的机箱内，机箱内配置了备用电源。

由于这些设备与网络管理员所在的中心机房距离较远，当这些设备发生故障时，由于设备无法主动上报故障，导致网络管理员无法及时感知。

为了解决这个问题，交换机提供了环境监控接口，连接机柜门、备用电源等设备，当机箱门、备用电源等设备应用状况异常时，交换机发送Trap至网管站，实现对交换机应用环境的监控。

图9-1监控口应用示意图机柜门备用电源电池电量空调电源9.2 配置注意事项介绍监控口特性的注意事项及设备支持的监控口。

监控口特性的注意事项只有S3700-28TP-EI-MC支持此特性。

设备支持的监控口设备提供两个监控口，一个为监控输入口，另外一个为监控输出口。

●监控输入口：监控输入口为普通的以太网接口，提供4条输入线路，用来监控4种不同的源，例如机柜门、设备电源、电池电量和空调电源等设备（具体监控的设备由用户决定，可以监控但不限于上述设备）。

以直通网线为例，如图9-2所示，线序为：橙白、橙、绿白、蓝、蓝白、绿、褐白、褐。

每两根线为一路输入线路，这样依次橙白、橙为1号输入线路；绿白、绿为2号输入线路；蓝白、蓝为3号输入线路；褐白、褐为4号输入线路。

橙白、绿白、蓝白、褐白线要求连接到被监控设备的一个电平可变的端子上，被监控设备状态变化时，该端子的电平会由高变低或由低变高。

华为S2100/S2300/S2700二层交换机配置端口安全公司为了提高信息安全，将Switch连接员工PC侧的接口使能了接口安全功能，并且设置了接口学习MAC地址数的上限为信任的设备总数，这样其他外来人员使用自己带来的PC无法访问公司的网络。

下面是店铺收集整理的华为S2100/S2300/S2700二层交换机配置端口安全，希望对大家有帮助~~华为S2100/S2300/S2700二层交换机配置端口安全工具/原料华为交换机方法/步骤1请自行准备好华为交换机和电脑并且让你的电脑和交换机连接上2采用如下的思路配置接口安全：创建VLAN，并配置接口的链路类型为Trunk。

使能接口安全功能。

使能接口Sticky MAC功能。

配置接口安全功能的保护动作。

配置接口MAC地址学习限制数。

3创建VLAN，并配置接口的链路类型：system-view[Quidway] vlan 10[Quidway-vlan10] quit[Quidway] interface ethernet 0/0/1[Quidway-Ethernet0/0/1] port link-type trunk[Quidway-Ethernet0/0/1] port trunk allow-pass vlan 10配置接口安全功能# 使能接口安全功能。

[Quidway-Ethernet0/0/1] port-security enable# 使能接口Sticky MAC功能。

[Quidway-Ethernet0/0/1] port-security mac-address sticky # 配置接口安全功能的保护动作。

[Quidway-Ethernet0/0/1] port-security protect-action protect# 配置接口MAC地址学习限制数。

[Quidway-Ethernet0/0/1] port-security max-mac-num 4其他接口如需使能接口安全功能，请重复上述配置。

DataSheetIntroductionThe S2700 utilizes cutting-edge switching technologies and Huawei Versatile Routing Platform (VRP) software to meet the demand for multi-service provisioning and access on Ethernet networks. It is easy to install and maintain. With its flexiblenetwork deployment, comprehensive security and quality of service (QoS) policies, and energy-saving technologies, the S2700 helps enterprise customers build next-generation IT networks.The S2700 is a box device that is 1 U (44.45 mm or 1.75 in.) high. It is available in a standard version (SI) or an enhanced version (EI).Product OverviewModels and AppearancesAppearanceDescriptionS2700-9TP-SI-ACS2700-9TP-EI-ACS2700-9TP-EI-DC● 8 Ethernet 10/100 ports, 1 dual-purpose 10/100/1000 or SFP●AC and DC power supply for the EI version; AC power supply for the SI version ● Forwarding performance: 2.7 Mpps ●Switching Capacity: 32GbpsS2700-9TP-PWR-EI● 8 Ethernet 10/100 ports, 1 dual-purpose 10/100/1000 or SFP ● AC power supply ●PoE+● Forwarding performance: 2.7 Mpps ● Switching Capacity: 32GbpsS2700-18TP-SI-AC● 16 Ethernet 10/100 ports, 2 dual-purpose 10/100/1000 or SFP ●AC power supply● Forwarding performance: 5.4 Mpps ●Switching Capacity: 32GbpsS2700-18TP-EI-ACS2700-26TP-SI-ACS2700-26TP-EI-AC● 24 Ethernet 10/100 ports, 2 dual-purpose 10/100/1000 or SFP●AC power supply for the EI version; AC power supply for the SI version ● Forwarding performance: 6.6 Mpps ●Switching Capacity: 32GbpsS2700-26TP-PWR-EI● 24 Ethernet 10/100 ports, 2 dual-purpose 10/100/1000 or SFP ● AC power supply ●PoE+● Forwarding performance: 6.6 Mpps ● Switching Capacity: 32GbpsS2710-52P-SI-AC●48 Ethernet 10/100 ports, 4 Gig SFP ● AC power supply● Forwarding performance: 13.2 Mpps ● Switching Capacity: 32GbpsS2700-52P-EI-AC● 48 Ethernet 10/100 ports, 4 Gig SFP ●AC and DC power supply● Forwarding performance: 13.2 Mpps ● Switching Capacity: 32GbpsS2700-52P-PWR-EI● 48 Ethernet 10/100 ports, 4 Gig SFP ●AC power supply ● PoE+● Forwarding performance: 13.2 Mpps ● Switching Capacity: 32GbpsS2750-20TP-PWR-EI-AC● 16 Ethernet 10/100 ports, 2 Gig SFP and 2 dual-purpose 10/100/1000 or SFP ●AC power supply ● PoE+● Forwarding performance: 8.4 Mpps ● Switching Capacity: 64GbpsS2750-28TP-EI-AC●24 Ethernet 10/100 ports, 2 Gig SFP and 2 dual-purpose 10/100/1000 or SFP ● AC power supply● Forwarding performance: 9.6 Mpps ● Switching Capacity: 64GbpsS2750-28TP-PWR-EI-AC● 24 Ethernet 10/100 ports, 2 Gig SFP and 2 dual-purpose 10/100/1000 or SFP ●AC power supply ● PoE+● Forwarding performance: 9.6 Mpps ● Switching Capacity: 64GbpsS2720-28TP-EI-AC●24 Ethernet 10/100 ports,2 Gig SFP and 2 dual-purpose ● 10/100/1000 or SFP ● AC power supply● Forwarding performance: 9.6 Mpps ●Switching Capacity: 12.8GbpsFan TrayS2700 uses a new generation of high integrated chip and energy-saving circuit design, balanced heat, low power consumption, no fan of mute design.Power SupplyS2700 non-PoE model do not support pluggable power supplies.PoE/PoE+PWR in the model name indicates a PoE-capable switch, which supports IEEE 802.3af-compliant PoE and 802.3at-compliant PoE+. Each port delivers 15.4 W PoE or 30 W PoE+ power capacity.PoE power is divided into two types: 500W and 250W power supplies.S2700-9TP-PWR-EI Built-in single powersupply - 124 W PoE (15.4W): 8PoE+ (30W): 4S2700-26TP-PWR-EI W0PSA2500 - 123.2 W PoE (15.4W): 8PoE+ (30W): 4W0PSA5000 - 369.6W PoE (15.4W): 24PoE+ (30W): 12W0PSA2500 W0PSA2500 246.4W PoE (15.4W): 16PoE+ (30W): 8W0PSA5000 W0PSA5000 739.2W PoE (15.4W): 24PoE+ (30W): 24 S2700-52P-PWR-EI W0PSA2500 - 123.2 W PoE (15.4W): 8PoE+ (30W): 4W0PSA5000 - 369.6W PoE (15.4W): 24PoE+ (30W): 12W0PSA2500 W0PSA2500 246.4W PoE (15.4W): 16PoE+ (30W): 8W0PSA5000 W0PSA5000 739.2W PoE (15.4W): 48PoE+ (30W): 24S2750-20TP-PWR-EI-AC Built-in single powersupply - 370W PoE (15.4W): 16PoE+ (30W): 12S2750-28TP-PWR-EI-AC Built-in single powersupply - 370W PoE (15.4W): 24PoE+ (30W): 12When a switch has two power supplies installed, the two power supplies work in redundancy mode to provide power for the switch itself and in load balancing mode to provide power for powered devices (PDs).Product Features and HighlightsEasy Operation●The S2700 supports Huawei Easy Operation function. Thanks to this function, the S2700 implements easy installation, configuration, monitoring, and troubleshooting, greatly reduces initial installation and configuration costs, improves upgrade efficiency and lowers engineering costs. It provides a Web network management system (NMS) with a user-friendly graphical user interface (GUI) to implement alarm management and visual configuration, facilitating operation and maintenance. In addition, it supports faulty device replacement without configuration.●The S2700 offers a new application-specific integrated circuit (ASIC) switching technique and a fan-free design. This design reduces mechanical faults and protects the device against damages caused by condensed water and dust. Flexible service control●The S2700-EI supports various ACLs. ACL rules can be applied to VLANs to flexibly control ports and schedule VLAN resources.●The S2700 supports port-based VLAN assignment, MAC address-based VLAN assignment, protocol-based VLAN assignment, and network segment-based VLAN assignment. These secure and flexible VLAN assignment modes are used in networks where users move frequently.●The S2700 supports GARP VLAN Registration Protocol (GVRP), which dynamically distributes, registers, and propagates VLAN attributes to ensure correct VLAN configuration and reduce network administrator workloads. In addition, the S2700 supports SSH v2, HWTACACS, RMON, and port-based traffic statistics. The network quality analyzing (NQA) function assists users with network planning and upgrades.Excellent security features●The S2700 supports DHCP snooping, which generates user binding entries based on users' access interfaces, MAC addresses, IP addresses, IP address leases, VLAN IDs. The DHCP snooping function protects enterprises from common attacks such as bogus IP packet attacks, man-in-the-middle attacks, and bogus DHCP server attacks.●The S2700 can limit the number of MAC addresses that can be learned on an interface to prevent attackers from exhausting MAC address entries by using bogus source MAC addresses. This function minimizes packet flooding, which occurs when users' MAC addresses cannot be found in the MAC address table. The S2700 can also limit the number of ARP entries to prevent ARP spoofing attacks. In addition, it provides an IP source check function to prevent malicious users from using spoofed IP addresses to initiate DoS attacks.●The S2700 supports centralized MAC address authentication and 802.1x authentication. It authenticates users based on statically or dynamically bound user information such as IP address, MAC address, VLAN ID, access interface. VLANs, QoS policies, and ACLs can be dynamically applied to users.PoE function●The S2700 PWR series support improved Power over Ethernet (PoE) solutions and you can determine whether a PoE port provides power and the time a PoE port provides power. The S2700 PWR can use PoE power supplies with different power levels to provide the PoE function. Powered devices (PDs) such as IP Phones, WLAN APs, and Bluetooth APs can be connected to the S2700 PWR through network cables. The S2700 PWR provides -48V DC power for the PDs.●In its role as power sourcing equipment (PSE), the S2700 PWR complies with IEEE 802.3af and 802.3at (PoE+), and can work with PDs that are incompatible with 802.3af or 802.3at (PoE+). Each port provides a maximum of 30 W of power, complying with IEEE 802.3at. The PoE+ function increases the maximum power available on each port and implements intelligent power management for high-power consumption applications. This process facilitates the ease of PD use. PoE ports are still able to work while in power-saving mode.High scalability●The S2700 uses Intelligent Stack (iStack) to virtualize multiple switches into a single logical device to ease user management and configuration and expand the system switching capacity. iStack improves switching capacity, reliability, and scalability. Additionally, after the stack is established, all the member switches in a stack use the same IP address. You can use a single IP address to manage and maintain the switches uniformly. This greatly reduces system operation and maintenance (O&M) costs.●The iStack stacking architecture is designed for rapid failover capability with n-1 master redundancy, distributed Layer 2 and Layer 3 switching, link aggregation across the stack, and within 200 millisecond failover for path failure and hitlessmaster/backup failover.●Besides traditional STP, RSTP, and MSTP, the S2700 supports enhanced Ethernet technologies such as Smart Link and RRPP, implements millisecond-level protection switchover for links, and ensures the network quality.●The S2700 supports Smart Ethernet Protection (SEP) protocol, a ring network protocol applied to the link layer of an Ethernet network. SEP provides millisecond-level service switchovers and ensures nonstop forwarding of services. In addition, SEP features simplicity, high reliability, high switchover performance, convenient maintenance, and flexible topology and enables users to manage and plan networks conveniently.●The S2700 supports G.8032 Ethernet Ring Protection Switching (ERPS). The ERPS is based on traditional Ethernet MAC and bridging functions. It uses the mature Ethernet OAM and Ring Automatic Protection Switching (Ring APS or R-APS) technologies to implement millisecond-level protection switching on Ethernet. ERPS supports various services and flexible networking and lowers operating expense (OPEX) and capital expenditure (CAPEX) of users.Comprehensive QoS policies●The S2700 supports complex traffic classification based on packets' TCP/UDP port numbers, VLAN IDs, source MAC/IP addresses, destination MAC/IP addresses, IP protocols, or priorities. By limiting the traffic rate based on traffic classification results, the S2700 implements line-speed forwarding on each port to ensure high-quality voice, video, and data services. Each port supports a maximum of eight queues and multiple queue scheduling algorithms, such as WRR, SP, and WRR+SP. Powerful surge protection capability●The S2700 uses the Huawei patented surge protection technique that supports 7 kV surge protection capability on service ports. This effectively protects switches against over lightning induced overvoltage. The Huawei patented surge protection technique greatly reduces the possibility of equipment being damaged by lightning, even in extreme situations or in scenarios where grounding is not feasible.Quiet operation, energy conservation, and low radiationThe S2700 uses an energy-saving integrated circuit design to ensure even heat dissipation. Idle ports can enter a sleep mode to further reduce power consumption. The S2700 generates no sound because it does not contain any fans. Radiation produced by the S2700 is within the standard range for electric appliances and causes no harm to the human body. Product SpecificationsDownlink ports S2700-9TP-SI**/S2700-9TP-EI/S2700-9TP-PWR-EI: 8 10/100Base-TX Ethernet portsS2700-18TP-SI/S2700-18TP-EI/S2750-20TP-PWR-EI-AC: 16 10/100Base-TX Ethernet portsS2700-26TP-SI/S2700-26TP-EI/S2700-26TP-PWR-EI/S2750-28TP-EI-AC/S2750-28TP-PWR-EI-AC: 2410/100Base-TX Ethernet portsS2710-52P-SI/S2700-52P-EI: 48 10/100Base-TX Ethernet portsUplink ports S2700-9TP-SI/S2700-9TP-EI/S2700-9TP-PWR-EI: 1 dual-purpose 10/100/1000 or SFPS2700-18TP-EI/S2700-18TP-SI/S2700-26TP-EI/S2700-26TP-EI/S2700-26TP-PWR-EI/S2700-26TP-SI:2 dual-purpose 10/100/1000 or SFPS2710-52P-SI/S2700-52P-EI: 4 gigabit SFPS2750-20TP-PWR-EI/S2750-28TP-EI-AC/S2750-28TP-PWR-EI: 2 Gig SFP and 2 dual-purpose10/100/1000 or SFPMAC address 8K MAC address entriesManual deletion of dynamicMAC address entriesAging time of MAC addressconfigurableBlackhole MAC addressentries 8K MAC address entriesManual deletion of dynamic MACaddress entriesAging time of MAC addressconfigurableBlackhole MAC address entriesMAC address learning controlwhich based on ports16K MAC address entriesManual deletion of dynamic MACaddress entriesAging time of MAC addressconfigurableMAC address learning controlwhich based on portsBlackhole MAC address entriesVLAN feature 4K active VLANs, complyingwith IEEE 802.1QPort-based VLAN assignment 4K active VLANs, complying with IEEE 802.1Q Port-based VLAN assignmentVLANIF interface number: 8N/A MAC address-based assignmentPort-based QinQQoS Outbound-Port-based ratelimiting and flow-based ratelimiting4 or 8 queues of differentpriorities on each portMapping between 802.1ppriorities and queuesSP, WRR, and SP+WRRalgorithms Port-based rate limiting and flow-based rate limiting4 or 8 queues of different prioritieson each portMapping between 802.1p prioritiesand queuesSP, WRR, and SP+WRRalgorithmsPort-based rate limiting and flow-based rate limiting8 queues of different priorities oneach portMapping between 802.1ppriorities and queuesSP, WRR, and SP+WRRalgorithmsN/A packet-based priority remark andpacket redirectionIPv4 routing Static routingRIP v1/v2（S2750-EI）IPv6 feature IPv6 protocol IPv6 protocolStatic IPv6 routes Static IPv6 routesSupports MLD v1/v2 snooping.Multicast IGMP v1/v2/v3 snoopingPort-based rate limiting formulticast packets MVLANControllable multicastIGMP v1/v2/v3 snoopingPort-based rate limiting for multicast packetsReliability S2700-SI: STP (IEEE802.1d), RSTP (IEEE802.1w)S2710-SI: STP (IEEE802.1d), RSTP (IEEE802.1w), MSTP (IEEE802.1s) STP (IEEE 802.1d), RSTP (IEEE802.1w), MSTP (IEEE 802.1s),and RRPP topology and RRPPmulti-instanceSTP (IEEE 802.1d), RSTP (IEEE802.1w), MSTP (IEEE 802.1s),and RRPP topology and RRPPmulti-instanceSEP and ERPS (G.8032)Smart Link tree topology andSmart Link multi-instance,implementing millisecond-levelprotective switchoverTraffic sampling N/A sFlowSecurity & access features S2700-SI: Storm suppressionS2710-SI: Stormsuppression , IP SourceGuard802.1x authentication and limit on the number of users on an interfaceStorm suppressionIP Source GuardS2700-SI: Multipleauthentication methodsincluding AAA, RADIUS, andTACACS+Port isolationSuppression of multicast,broadcast, and unknownunicast packetsCPU defenseS2710-SI: Multipleauthentication methodsincluding AAA, RADIUS, andTACACS+Port isolationSuppression of multicast,broadcast, and unknownunicast packetsCPU defenseDHCP snoopingMultiple authentication methods including AAA authentication, RADIUSauthentication, and TACACS+ authentication802.1x authentication, MAC address authentication, MAC bypassauthenticationDHCP snoopingPort isolation and sticky MACPacket filtering based on MAC addressesSuppression of multicast, broadcast, and unknown unicast packetsLimit on the number of learned MAC addressesCPU defenseS2750-EI: DHCP relaySurge protection Surge protection capability of service ports: 7kV Surge protection capability ofservice ports: 7 kVManagement Stack (S2710-52P-SI-AC, S2700-52P-EI-AC, S2700-52P-PWR-EI) Auto-ConfigCLI-based configurationRemote configuration using TelnetSNMP V1/V2C/V3Remote network monitoring StackEasy OperationCLI-based configuration Remote configuration using TelnetSNMP V1/V2C/V3SSHv2Web-based device managementRemote network monitoringSSHv2Web-based device management Interoperability N/A Supports VBST (Compatible withPVST/PVST+/RPVST)Supports LNP (Similar to DTP)Supports VCMP (Similar to VTP) OperatingenvironmentLong-term operating temperature: –5°C to + 50°CRelative humidity: 10% to 90% (non-condensing)Power AC:●Rated voltage range: 100 V to 240 V AC, 50/60 Hz●Maximum voltage: 90 to 264 V AC, 50/60 HzDC:●Rated voltage range: –48 V to –60 V DC●Maximum voltage range: –36 V to –72 V, DCNOTEPoE models do not use DC power supplies.Dimensions (W xD x H)●S2700-9TP-EI/SI: 250×180×43.6●S2700-9TP-PWR-EI: 320×220×43.6●S2700-18TP-EI/SI/S2700-26TP-EI/SI/S2750-28TP-EI-AC/S2720-28TP-EI-AC: 442×220×43.6●S2700-26TP-PWR-EI: 442×420×43.6●S2710-52P-SI/S2700-52P-EI: 442×220×43.6●S2750-20TP-PWR-EI-AC/S2750-28TP-PWR-EI-AC: 442×310×43.6Weight ●S2700-9TP-SI<1.4 kg●S2700-18TP-SI<2.4 kg●S2700-26TP-SI<2.4 kg●S2710-52P-SI<3 kg●S2700-9TP-EI<1.4 kg●S2700-9TP-PWR-EI<2.5 kg●S2700-18TP-EI<2.4 kg●S2700-26TP-EI<2.4 kg●S2700-52P-EI<3 kg●S2700-26TP-PWR-EI<4 kg(without power supply)●S2750-20TP-PWR-EI<4.5kg●S2750-28TP-EI<3 kg●S2750-28TP-PWR-EI<4.5kgPowerconsumption●S2700-9TP-SI<12.8 W●S2700-18TP-SI<14.5 W●S2700-26TP-SI<15.5 W●S2710-52P-SI<38 W●S2700-9TP-EI<12.8 W●S2700-9TP-PWR-EI<154 W(PoE: 124 W)●S2700-18TP-EI<14.5 W●S2700-26TP-EI<15.5 W●S2700-52P-EI<38 W●S2700-26TP-PWR-EI<808W(PoE: 740 W)●S2750-20TP-PWR-EI<435W(PoE: 370W)●S2750-28TP-EI<15.7 W●S2750-28TP-PWR-EI<445W(PoE: 370W)*: The S2700 is provided in the standard version (SI) and enhanced version (EI). The S2700 switches of the EI series are collectively called S2700-EI, and the S2700 switches of the SI series are collectively called S2700-SI. S2710-SI is a sub-series switch of S2700-SI. S2750-EI is the sub-series switches of S2700-EI.**: S2700-9TP-SI is short for S2700-9TP-SI-AC. As product versions are irrelevant to the power supply mode, the product names mentioned in product specifications do not contain AC or DC. This rule also applies to other product models.Hardware SpecificationsThe following table lists the S2700 hardware specifications.Memory (RAM) S2700: 64 MB (S2700-52P-EI/S2710: 128 MB); S2720/S2750: 256 MB Flash memory S2700/S2710: 16 MB; S2720/S2750: 200 MBMean Time Between Failures (MTBF), years ●S2700-9TP-SI-AC: 44.1●S2700-18TP-SI-AC: 39.2●S2700-26TP-SI-AC: 37.3●S2710-52P-SI-AC: 26.8●S2700-9TP-EI-AC: 44.1●S2700-9TP-EI-DC: 44.1●S2700-9TP-PWR-EI: 35.5●S2700-18TP-EI-AC: 39.2●S2700-26TP-EI-AC: 37.3●S2700-26TP-PWR-EI: 34.8●S2700-52P-EI-AC: 26.8●S2700-52P-PWR-EI: 35.4●S2720-EI: 44.3●S2750-28TP-EI-AC: 44.3●S2750-20TP-PWR-EI-AC: 78.68 ●S2750-28TP-PWR-EI-AC: 78.29Mean Time To Repair (MTTR), hours 2Availability > 0.99999Stack port ●Not supported by S2700-SI●S2710-SI: 2 1000Base-X optical ports●S2700-EI: 2 1000Base-X optical ports in S2700-52P-EI-AC or S2700-52P-PWR-EI●S2720-EI: 2 1000Base-X optical multiplexing uplink for stack●S2750-EI: 2 1000Base-X optical multiplexing uplink for stackRPS Not supported by S2700PoE Supported by PWR seriesDC input voltage Rated voltage range ●Not supported by S2700-SI/S2710-SI/S2720-EI/S2750-EI●S2700-EI: -48V DC to -60V DCMaximum voltagerange●Not supported by S2700-SI/S2710-SI/S2720-EI/S2750-EI●S2700-EI: -36V DC to -72V DCAC input voltage Rated voltage range 100V AC to 240V AC; 50/60 Hz Maximum voltagerange90V AC to 264V AC; 47 Hz to 63 HzTemperature Operatingtemperature ●S2700-SI: -5°C to +50°CNOTEThe working temperature is -5°C to +45 °C when SFP optical module matching80km and above the distance.●S2710-52P-SI-AC: -5°C to +50°C●S2700-EI: -5°C to +50°C,NOTES2700-52P-PWR-EI: 0°C to +50°C.In addition to the S2700-26TP-PWR-EI, S2700-52P-EI-AC and S2700-52P-PWR-EI, the working temperature is -5 °C to +45 °C when SFP optical modulematching 80km and above the distance.●S2720-EI: -5°C to +50°C (0 m-1800 m altitude)NOTEWhen the altitude is between 1800 m and 5000 m, the operating temperaturereduces by 1°C every time the altitude increases by 220 m.The working temperature is -5°C to +45 °C when SFP optical module matching80km and above the distance.●S2750-EI: -5°C to +50°C (0 m-1800 m altitude)NOTEWhen the altitude is between 1800 m and 5000 m, the operating temperaturereduces by 1°C every time the altitude increases by 220 m.●S2750-28TP-EI-AC: The working temperature is -5°C to +45 °C when SFPoptical module matching 80km and above the distance.Storage temperature -40°C to +70°CNoise under normal temperature (sound power) ●S2750-20TP-PWR-EI-AC: <52dBA ●S2750-28TP-PWR-EI-AC: <52dBA ●others: No fan, muteOperating altitude ●S2700-SI/S2710-SI/S2720-EI: 0 m to 5000 m●S2700-9TP-EI-AC: 0m to 5000m●S2700-9TP-EI-DC: 0m to 2000m●S2700-9TP-PWR-EI: 0m to 2000m●S2700-18TP-EI-AC: 0m to 5000m●S2700-26TP-EI-AC: 0m to 5000m●S2700-26TP-PWR-EI: 0m to 5000m●S2700-52P-EI-AC: 0m to 2000m●S2700-52P-PWR-EI: 0m to 5000m●S2750-28TP-EI-AC: 0m to 5000m●S2750-20TP-PWR-EI-AC: 0m to 5000m●S2750-28TP-PWR-EI-AC: 0m to 5000mNetworking and Applications100 Mbit/s Access Rate for TerminalsThe S2700 can function as a desktop access device that provides an access rate of 100 Mbit/s for terminals and 1000 Mbit/s uplink interfaces to communicate with uplink devices.Ordering InformationProduct Description1 S2700-9TP-EI-AC Mainframe (8 Ethernet 10/100 ports, 1 dual-purpose 10/100/1000 or SFP, AC 110/220V)2 S2700-9TP-EI-DC Mainframe (8 Ethernet 10/100 ports, 1 dual-purpose 10/100/1000 or SFP, DC -48V)3 S2700-9TP-SI-AC Mainframe (8 Ethernet 10/100 ports, 1 dual-purpose 10/100/1000 or SFP, AC 110/220V)4 S2700-18TP-EI-AC Mainframe (16 Ethernet 10/100 ports, 2 dual-purpose 10/100/1000 or SFP, AC 110/220V)5 S2700-18TP-SI-AC Mainframe (16 Ethernet 10/100 ports, 2 dual-purpose 10/100/1000 or SFP, AC 110/220V)6 S2700-26TP-EI-AC Mainframe (24 Ethernet 10/100 ports, 2 dual-purpose 10/100/1000 or SFP, AC 110/220V)7 S2700-26TP-SI-AC Mainframe (24 Ethernet 10/100 ports, 2 dual-purpose 10/100/1000 or SFP, AC 110/220V)8 S2700-52P-EI-AC Mainframe (48 Ethernet 10/100 ports, 4 Gig SFP, AC 110/220V)9 S2710-52P-SI-AC Mainframe (48 Ethernet 10/100 ports, 4 Gig SFP, AC 110/220V)10 S2700-9TP-PWR-EI Mainframe (8 Ethernet 10/100 ports, PoE+, 1 dual-purpose 10/100/1000 or SFP, AC 110/220V)11 S2700-26TP-PWR-EI Mainframe (24 Ethernet 10/100 ports, 2 dual-purpose 10/100/1000 or SFP, PoE+, withoutpower module)S2700 Series Enterprise Switches 12S2700-52P-PWR-EI Mainframe (48 Ethernet 10/100 ports, 4 Gig SFP, PoE+, Dual Slots of Power, Including Single 500W AC Power) 13S2750-20TP-PWR-EI-AC Mainframe (16 Ethernet 10/100 ports, 2 Gig SFP and 2 dual-purpose 10/100/1000 or SFP,PoE+, AC 110/220V) 14S2750-28TP-EI-AC Mainframe (24 Ethernet 10/100 ports, 2 Gig SFP and 2 dual-purpose 10/100/1000 or SFP, AC 110/220V) 15S2750-28TP-PWR-EI-AC Mainframe (24 Ethernet 10/100 ports, 2 Gig SFP and 2 dual-purpose 10/100/1000 or SFP, PoE+, AC 110/220V) 16S2720-28TP-EI-AC Mainframe (24 Ethernet 10/100 ports, 2 Gig SFP and 2 dual-purpose 10/100/1000 or SFP, AC 110/220V) 17 500W PoE power supply unitMore InformationFor more information about Huawei Campus Switches, visit or contact us in the following ways: ●Global service hotline: /en/service-hotline ●Logging in to the Huawei Enterprise technical support website: /enterprise/ ●Sending an email to the customer service mailbox: ********************Copyright © Huawei Technologies Co., Ltd. 2018. All rights reserved.No part of this document may be reproduced or transmitted in any form or by any means without prior writtenconsent of Huawei Technologies Co., Ltd.Trademarks and Permissionsand other Huawei trademarks are trademarks of Huawei Technologies Co., Ltd.All other trademarks and trade names mentioned in this document are the property of their respective holders.NoticeThe purchased products, services and features are stipulated by the contract made between Huawei and thecustomer. All or part of the products, services and features described in this document may not be within thepurchase scope or the usage scope. Unless otherwise specified in the contract, all statements, information, andrecommendations in this document are provided "AS IS" without warranties, guarantees or representations ofany kind, either express or implied.The information in this document is subject to change without notice. Every effort has been made in thepreparation of this document to ensure accuracy of the contents, but all statements, information, andrecommendations in this document do not constitute a warranty of any kind, express or implied. Huawei Technologies Co., Ltd. Address:Huawei Industrial Base Bantian, Longgang Shenzhen 518129 People's Republic of China Website:。

S2700交换机基本命令文本和图形详解一、从用户视图进入系统视图命令：system-view使用指南：用户初次登录，即进入用户视图。

在用户视图下执行该命令，可以进入系统视图。

使用实例：二、设置交换机主机名命令：sysname使用指南：修改交换机的主机名将影响命令行接口的提示符，如交换机的主机名为Quidway，用户视图的提示符为<Quidway>。

使用实例：三、用来设置切换低级别用户到高级别用户的密码命令：super password命令格式：参数说明：使用指南：不论配置的是明文密码还是密文密码，验证时必须输入明文形式的密码。

如果使用simple选项，密码将以明文形式保存在配置文件中，以低级别登录的用户可以通过查看配置文件的方式获取切换密码，造成安全问题。

因此，一般情况下，应使用cipher 选项，将密码加密保存。

同时，使用cipher选项设置了密码后，无法从系统取回。

请妥善保管，以免遗忘或者遗失。

使用实例：比如我登陆公司109交换机，如下图显示：如果我一开始就输入sys命令想进入系统视图是进不去的，图中红色圈标明了必须输入su命令，再输入密码qyeee后才能进入系统视图。

从图中我们可以知道super passwd这个命令在交换机里的作用与功能。

四、进入console 0视图命令：User-interface console 0使用实例：现在用我练习操作过的截图来说明相关命令的功能，如下图所示：User-interface console 0 进入console 0视图界面authentication-mode password设置进入console 0视图界面用密码来验证set aut password cipher qyeee设置进入console 0视图界面的密码为qyeeeidle-timeout 15 设置用户界面断连的超时时间为15分钟，即用户没有输入命令的时间。

下面这个是我用com线连接交换机刚登陆界面的截图，因为之前我在交换机上进入console 0视图界面设置了登陆要密码验证，并且设置的密码是qyeee，所以我用com线连接交换机，按回车键提示要输入密码，如果不输入是进不去的。

华为交换机2700密钥设置教程以下是华为交换机S2700系列密钥设置教程：1. 连接到交换机:使用串口或网口连接电脑和交换机。

2. 进入交换机配置界面:打开终端仿真器,连通串口后,在终端仿真器中输入用户名和密码,进入系统视图。

3. 生成RSA密钥：在系统视图下,输入以下命令来生成RSA密钥：system-viewcrypto rsa key-pair create rsa4. 设置SSH协议：在系统视图下,输入以下命令开启SSH服务并配置版本和加密方式：ssh server enablessh version 2ssh cipher aes256-cbc5. 设置Telnet协议：在系统视图下,输入以下命令开启Telnet服务：telnet server enable6. 开启VTY用户接口：在系统视图下,输入以下命令开启VTY用户接口并设置登录认证方式（参考下面的说明）：user-interface vty 0 4authentication-mode aaaprotocol inbound sshprotocol inbound telnet7. 配置AAA认证/授权/账号管理:在系统视图下,输入以下命令开启AAA认证服务:aaalocal-user huawei password irreversible-cipher *password*local-user huawei service-type ssh telnet其中,*password*为自己设置的密码。

配置后,可以使用以上命令配置的用户名和密码进行SSH或Telnet登陆。

说明：3、SSH协议的版本和加密方式可以根据需要进行调整,例如要使用3DES-CBC进行加密时,使用“ssh cipher 3des-cbc”命令进行配置；4、Telnet协议默认不开启,使用“telnet server enable ”命令进行配置；6、VTY用户接口为Huawei S2700交换机中的虚拟用户,使用“user-interface vty 0 4”命令开启,其中0 4表示开启0-4个用户,可以根据需要调整；7、AAA认证服务需要进行认证/授权/账号管理三个方面的配置,本例中设置了Local账号管理,可以根据需要配置Radius服务或Tacacs+服务。

10安全关于本章本章主要介绍安全管理的相关概念和相关配置，主要包括：端口隔离、用户静态绑定、AAA配置、802.1X和MAC认证。

10.1 端口隔离提供配置和查询隔离模式、双向隔离、单向隔离的功能。

S2700SI系列交换机不支持此功能。

10.2 用户静态绑定用户静态绑定信息由用户手工配置，支持的绑定方式包括IP+PORT、MAC+PORT、IP+MAC+PORT、IP+PORT+VLAN、MAC+PORT+VLAN、IP+MAC+PORT+VLAN。

S2700SI系列交换机不支持此功能。

10.3 AAA配置AAA是Authentication，Authorization，Accounting（认证、授权和计费）的简称，它提供了一个对认证、授权和计费这三种安全功能进行配置的一致性框架，实际上是对网络安全的一种管理。

在S2700系列交换机中仅是支持用户管理功能。

10.4 802.1X介绍802.1X的基本配置包括全局和接口802.1X参数配置。

10.5 MAC认证介绍MAC地址认证的基本配置包括全局配置和接口配置，使用MAC地址认证的特性。

10.1 端口隔离提供配置和查询隔离模式、双向隔离、单向隔离的功能。

S2700SI系列交换机不支持此功能。

端口隔离模式可以配置为二层三层都隔离或者二层隔离三层互通，最常用的就是同一个小组成员两两之间不能二层互通，却可以通过访问公共资源。

如打印机、服务器等。

10.1.1 双向隔离提供配置隔离模式和双向隔离的新建、查询、修改、删除的功能。

背景信息●同一端口隔离组的接口之间互相隔离，不同端口隔离组的接口之间不隔离。

●交换机支持64个隔离组，编号为1～64。

操作步骤●配置隔离模式说明●缺省情况下，端口隔离模式为L2(二层隔离三层互通)。

●隔离模式选择应用后，会把双向隔离和单向隔离的配置都应用于该模式。

●切换下方的双向隔离和单向隔离标签不影响隔离模式的配置功能。

●S2700（除S2700-52P-PWR-EI）系列交换机不支持此功能。

Quidway® S2700系列企业网交换机产品概述：Quidway® S2700系列企业网交换机（以下简称S2700）是华为公司推出的新一代绿色节能的以太网智能百兆接入交换机。

它基于新一代交换技术和华为VRP®（Versatile Routing Platform）软件平台，针对企业客户的各种应用场景，提供简单便利的安装维护手段，同时融合了灵活的VLAN部署、完备的安全和QoS控制策略、绿色环保等先进技术，可满足以太网多业务承载和接入需要，助力企业用户搭建面向未来的IT网络。

S2700为盒式产品设备，机箱高度为1U，提供标准型（SI）和增强型（EI）两种产品版本。

产品特性：免维护，易部署，易管理S2700•支持自动配置，智能式即插即用，大大降低初始安装成本；采用全新交换ASIC技术，整机无风扇设计，减少机械故障点的同时免除凝露腐蚀和尘土侵害，能有效降低主机53%维护率。

S2700支持自动批量远程升级，易于使用和部署；友好的Web网管，拓扑自动发现、告警管理、可视化配置，友好的人机界面，简化运维。

此外，还支持HGMPv2、SSHv2、HWTACACS+、RMON、基于端口的流量统计；支持NQA网络质量分析，有利于网络规划和升级。

S2700支持GVRP，实现VLAN动态分发、注册和传播VLAN属性，减少网络管理员的手工配置量、保证VLAN配置正确性，减少因为配置不一致而导致的网络互通问题。

业务控制灵活S2700-EI支持丰富的ACL策略控制，特别支持基于VLAN下发ACL规则，实现VLAN内多端口的灵活控制和统一资源调度。

S2700支持多种VLAN划分方式：支持基于端口划分VLAN，基于MAC地址划分VLAN，可以满足对安全和移动办公需求较高的网络应用场景。

卓越安全，接入舒心S2700支持完备的DHCP Snooping功能，通过侦听接入用户的MAC/IP 地址、租期、VLAN-ID、接口等字段信息，防止IP报文伪造、中间人攻击、DHCP服务器私接等常见企业安全威胁，保障网络接入安全。

华为S2700配置图解壹.进入操作界面1.<Quidway>system-view贰.还原出厂配置1.<Quidway>reset saved-configuration重启2<Quidway>reboot3输入密码huawei4.选择5 输入文件菜单5.选择3 从闪存删除文件6.手动输入vrpcfg.Zip7.选择6 返回主菜单8.选择7 重启叁.查看配置1.[Quidway]display current-configuration默认具有admin用户telnet和http服务端口具有ntdp和ndp项Snmp部分功能默认开启肆.修改sysname密码1.[Quidway]sysname N266伍.配置sys进入密码为S27001 .[N266]user-interface console 02.[N266-ui-console0]authentication-mode password3.[N266-ui-console0]set authentication password cipher S27004.[N266-ui-console0]quit陆.进入端口1设置固定ip1. [N266]interface Vlanif 12. [N266-Vlanif1]ip address 192.168.13.69 255.255.255.03. [N266-Vlanif1]quit4. [N266]display current-configuration5.添加路由表[N266]ip route-static 192.168.0.0 255.255.0.0 192.168.13.253 6. [N266]display current-configuration柒．启用http服务1.加载http server --web.zip[N266]http server load flash:/S2700-V100R005C01SPC100.web.zip2.开启http server[N266]http server enable扒.设置telnet的密码和权限的两种办法1. [N266]user-interface vty 0 42. [N266-ui-vty0-4]authentication-mode password3. [N266-ui-vty0-4]set authentication password cipher S27004. [N266-ui-vty0-4]quit玖.启用super1. [N266]super password cipher S2700升级默认telnet等级为3-15级别1. [N266-ui-vty0-4]user privilege level 152. C:\Documents and Settings\dnyj04>telnet 192.168.13.69仕.telnet和http都可正常运行，现在测试dhcp自动获取功能1．进入vlan1.[N266]interface Vlanif 12.删除ip 静态地址[N266-Vlanif1]undo ip address3.查看所有信息[N266-Vlanif1]display current-configuration4. [N266-Vlanif1]quit5.[N266]dhcp enable6. [N266]display current-configuration46.7. [N266]display ip interface brief仕1.开启snmp 脚本1.[N266]snmp-agent community read public2.自动关闭回路[N266]stp enable3.查看stp端口情况[N266]display stp brief4.查看所有的端口情况[N266]display inter brief。