Quidway S2700 系列交换机 V100R006C00_01 配置一指禅(2011.7)

QuidwayS5700系列交换机V100R006C00-01配置一指禅产品概述QuidwayS5700系列全千兆企业网交换机（以下简称S5700），是华为公司为满足大带宽接入和以太网多业务汇聚而推出的新一代绿色节能的全千兆高性能以太网交换机。

它基于新一代高性能硬件和华为公司统一的VRP（VeratileRoutingPlatform）平台，具备大容量、高密度千兆端口，可提供万兆上行，充分满足客户对高密度千兆和万兆上行设备的需求，同时针对企业网用户的园区网接入、汇聚、IDC千兆接入以及千兆到桌面等多种应用场景，融合了可靠、安全、绿色环保等先进技术，采用简单便利的安装维护手段，帮助客户减轻网络规划、建设和维护的压力，助力企业搭建面向未来的IT网络。

S5700系列以太网交换机为盒式设备，机箱高度为1U，提供标准型（SI）和增强型（EI）两种产品版本。

标准型支持二层和基本的三层功能，增强型支持复杂的路由协议和更为丰富的业务特性。

配置步骤指导配置S5700交换机的典型步骤：选型号-》选配件-》选特殊配件–》选辅料1.选型号：1）根据上下行端口/电源/POE/特性需求选择合适的设备：EIVSSISIEIMAC8K16K单播路由4K12KBGPNY静态路由1K1KRIPYYISISNYPIMNYIGMPNYPBRNYUSBNY3）选择是否需要POE机型：如果企业需要交换机下联IPPhone，蓝牙AP等PD设备，需要使用POE机型，S5700POE机型每端口最高支持30W供电功率。

2.选配件：1）选电源模块：S5700-24TP、S5700-48TP非PWR系列主机中已经包含电源；S5700的其他非POE机型根据需要配置交流（编码02316784，型号：LS5M100PWA00）或者直流（编码：02316783，型号：LS5M100PWD00）电源模块，可支持1+1电源备份；S5700的POE机型根据下挂PD设备的数量和功率进行电源模块。

计算机命令~~~~~~~~~~PCA login: root ；使用root用户password: linux ；口令是linux# shutdown -h now ；关机# init 0 ；关机# logout# login# ifconfig ；显示IP地址# ifconfig eth0 <ip address> netmask <netmask> ；设置IP地址# ifconfig eht0 <ip address> netmask <netmask> down ; 删除IP地址# route add 0.0.0.0 gw <ip># route del 0.0.0.0 gw <ip># route add default gw <ip> ；设置网关# route del default gw <ip> ；删除网关# route ；显示网关# ping <ip># telnet <ip> ；建议telnet之前先ping一下－－－－－－－－－－－－－－－－－－－－－－－－－－－－－－－－－－－－－－－－交换机命令~~~~~~~~~~[Quidway]super password 修改特权用户密码[Quidway]sysname 交换机命名[Quidway]interface ethernet 0/1 进入接口视图[Quidway]interface vlan x 进入接口视图[Quidway-Vlan-interfacex]ip address 10.65.1.1 255.255.0.0[Quidway]ip route-static 0.0.0.0 0.0.0.0 10.65.1.2 静态路由＝网关[Quidway]user-interface vty 0 4[S3026-ui-vty0-4]authentication-mode password[S3026-ui-vty0-4]set authentication-mode password simple 222[S3026-ui-vty0-4]user privilege level 3[Quidway-Ethernet0/1]duplex {half|full|auto} 配置端口双工工作状态[Quidway-Ethernet0/1]speed {10|100|auto} 配置端口工作速率[Quidway-Ethernet0/1]flow-control 配置端口流控[Quidway-Ethernet0/1]mdi {across|auto|normal} 配置端口MDI/MDIX状态平接或扭接[Quidway-Ethernet0/1]port link-type {trunk|access|hybrid} 设置接口工作模式[Quidway-Ethernet0/1]shutdown 关闭/重起接口[Quidway-Ethernet0/2]quit 退出系统视图[Quidway]vlan 3 创建/删除一个VLAN/进入VLAN模式[Quidway-vlan3]port ethernet 0/1 to ethernet 0/4 在当前VLAN增加/删除以太网接口[Quidway-Ethernet0/2]port access vlan 3 将当前接口加入到指定VLAN [Quidway-Ethernet0/2]port trunk permit vlan {ID|All} 设trunk允许的VLAN [Quidway-Ethernet0/2]port trunk pvid vlan 3 设置trunk端口的PVID[Quidway]monitor-port <interface_type interface_num> 指定和清除镜像端口[Quidway]port mirror <interface_type interface_num> 指定和清除被镜像端口[Quidway]port mirror int_list observing-port int_type int_num 指定镜像和被镜像[Quidway]description string 指定VLAN描述字符[Quidway]description 删除VLAN描述字符[Quidway]display vlan [vlan_id] 查看VLAN设置[Quidway]stp {enable|disable} 开启/关闭生成树,默认关闭[Quidway]stp priority 4096 设置交换机的优先级[Quidway]stp root {primary|secondary} 设置交换机为根或根的备份[Quidway-Ethernet0/1]stp cost 200 设置交换机端口的花费[SwitchA-vlanx]isolate-user-vlan enable 设置主vlan[SwitchA]Isolate-user-vlan <x> secondary <list> 设置主vlan包括的子vlan[Quidway-Ethernet0/2]port hybrid pvid vlan <id> 设置vlan的pvid[Quidway-Ethernet0/2]port hybrid pvid 删除vlan的pvid[Quidway-Ethernet0/2]port hybrid vlan vlan_id_list untagged 设置无标识的vlan如果包的vlan id与PVId一致，则去掉vlan信息. 默认PVID=1。

巴州一中核心交换机基本配置操作智能路由交换机7706 查看命令：dis curr 查看所有dis vlan dis interface 查看端口智能交换机S2700 26TP dis save 查看保存dis th 查看当前计算机MAC地址查询方法：进入MS-DOS或者使用运行输入CMD一、创建设备名称（修改设备名称、配置设备名称）：1. 通过Console登录SwitchA，通过Console登录设备方法请参见通过Console口登录Switch2、<Quidway> system-view (在文本界面输入SYS回车就会进入设备视图配置界面)[Quidway] sysname 名称回车[Quidway] save（保存）回车选择Y[Quidway] quit（退出）二、创建（配置）VLAN1、创建VLAN ID序列号<Quidway> system-view（SYS）回车[Quidway] vlan 100（数字）回车2、创建VLAN名称[Quidway] vlan 100（数字）回车[Quidway-Vlan100] description 名称回车3、创建VLAN地址[Quidway] vlan 100（数字）回车[Quidway-Vlan100] ip add 网关地址子网掩码[Quidway-Vlan100] quit（退出）[Quidway] save（保存）回车选择Y删除设备所有保存配置文件<Quidway>reset saved 回车选择Y删除设备一个保存配置文件[Quidway]undo vlan 100 删除vlan 100这个创建好的ID序列号三、配置交换机通道接口的类型为Trunk类型，并将接口以Trunk方式加入管理VLAN。

1.[Quidway] interface Gigabitethernet 0/0/1（端口号）回车2.[Quidway -GigabitEthernet0/0/1] port link-type trunk 回车（更改端口属性）3.[Quidway -GigabitEthernet0/0/1] port trunk allow-pass vlan ALL 回车允许所有VLAN通过通道4.[Quidway -GigabitEthernet0/0/1] quit 回车四、创建用户和密码1、先创建用户管理帐号和密码<Quidway> system-view 回车[Quidway] aaa 回车[Quidway-aaa] local-user 用户名 password simple 密码回车2、给用户提供用户命令级别为15级[Quidway-aaa] local-user 用户名privilege level 15 回车3、给用户配置服务类型为telnet（文本）或者 WEB[Quidway-aaa] local-user 用户名 service-type telnet WEB 回车 QUIT退出4、开通虚拟终端（配置远程登录用户数）[Quidway] user-interface vty 0 4 回车5、在vty 0到vty 4视图下配置用户采用aaa的认证方式[Quidway -ui-vty0-4] authentication-mode aaa 回车[Quidway -ui-vty0-4] return回车五、配置设备管理IP<Quidway> system-view (在文本界面输入SYS回车就会进入设备视图配置界面) [Quidway] interface vlan 1 回车[Quidway-Vlan1] ip add 管理地址子网掩码[Quidway] quit（退出）六、重启设备<Quidway>reboot七、将华为S2700交换机的24个网口端口划入VLAN1、<Quidway> system-view (在文本界面输入SYS回车就会进入设备视图配置界面) [Quidway] interface Ethernet 0/0/1 回车进入网口号[Quidway -Ethernet0/0/1] port link-type access 更改端口属性[Quidway -Ethernet0/0/1]quit2、将华为2700交换机创建vlan ID号<Quidway> system-view（SYS）回车[Quidway] vlan 100（数字）回车创建VLAN名称[Quidway] vlan 100（数字）回车[Quidway-Vlan100] description 名称回车[Quidway] quit（退出）[Quidway] interface Ethernet 0/0/1 回车进入网口号[Quidway -Ethernet0/0/1] port default vlan 105(数字) 把0/0/1加入vlan 105这个段3、将华为S2700交换机的每个网口端口号配置对应的门牌号<Quidway> system-view（SYS）回车[Quidway] interface Ethernet 0/0/1 回车进入网口号[Quidway-Ethernet0/0/1] description 部门名称+门牌号回车。

Quidway® S2700系列企业网交换机产品概述Quidway®S2700系列企业网交换机（以下简称S2700）是华为公司推出的新一代绿色节能的以太网智能百兆接入交换机。

它基于新一代交换技术和华为VRP®（Versatile Routing Platform）软件平台，针对企业客户的各种应用场景，提供简单便利的安装维护手段，同时融合了灵活的VLAN部署、完备的安全和QoS操纵策略、绿色环保等先进技术，可满足以太网多业务承载和接入需要，助力企业用户搭建面向以后的IT网络。

S2700为盒式产品设备，机箱高度为1U，提供标准型（SI）和增强型（EI）两种产品版本。

包括S2700-9TP-EI、S2700-9TP-SI、S2700-18TP-EI、S2700-18TP-SI、S2700-26TP-EI、S2700-26TP-SI、S2700-52P-EI、S2700-9TP-PWR-EI、S2700-26TP-PWR-EI。

产品型号和外观Quidway® S2700系列包括以下交换机：S2700-9TPS2700-9TP-EI-AC S2700-9TP-SI-AC ●8个10/100Base-TX，1个千兆Combo口（10/100/1000Base-T或100/1000Base-X）●EI分交流供电和直流供电两种机型，SI只有交流机型S2700-9TP-PWR-EI ●8个10/100Base-TX，1个千兆Combo口（10/100/1000Base-T或100/1000Base-X）●交流供电●支持POE+S2700-18TPS2700-18TP-EI-AC S2700-18TP-SI-AC ●16个10/100Base-TX，2个千兆Combo口（10/100/1000Base-T或100/1000Base-X ），●交流供电S2700-26TPS2700-26TP-EI-AC S2700-26TP-SI-AC ●24个10/100Base-TX，2个千兆Combo 口（10/100/1000Base-T或100/1000Base-X）●EI分交流供电和直流供电两种机型，SI只有交流机型S2700-26TP-PWR-EI ●24个10/100Base-TX，2个千兆Combo 口（10/100/1000Base-T或100/1000Base-X）●交流供电●支持POE+S2700-52PS2700-52P-EI-AC ●48个10/100Base-TX，2个100/1000Base-X SFP，2个1000Base-X SFP，●交流供电产品特性和优势●免维护，易部署，易治理S2700支持自动配置，智能式即插即用，大大降低初始安装成本；采纳全新交换ASIC技术，整机无风扇设计，减少机械故障点的同时免除凝露腐蚀和尘土侵害，能有效降低主机53%维护率。

小伙伴们通过Console口登录后还希望远程登录和管理交换机，就可以在交换机上配置Telnet服务功能并使用AAA验证方式登录。

步骤1：从PC1通过交换机Console口登录交换机。

步骤2：配置交换机名称和管理IP地址。

<Quidway>system-view[Quidway] sysname Server[Server] interface ethernet 0/0/0 //框式和盒式的管理口是不一样的哦，框式和盒式的分别是: Ethernet 0/0/0、MEth 0/0/1。

有些盒式设备没有管理口，可使用VLANIF接口配置管理IP地址。

[Server-Ethernet0/0/0] ip address 10.10.10.10 24[Server-Ethernet0/0/0] quit步骤3：配置路由协议，保证PC2和交换机之间路由可达。

步骤4：配置Telnet用户的级别和认证方式。

[Server] telnet server enable[Server] user-interface vty 0 4[Server-ui-vty0-4] user privilege level 15[Server-ui-vty0-4] authentication-mode aaa[Server-ui-vty0-4] quit[Server] aaa[Server-aaa] local-user admin1234 password irreversible-cipher Helloworld@6789[Server-aaa] local-user admin1234 privilege level 15[Server-aaa] local-user admin1234 service-type telnet[Server-aaa] quit步骤5：从PC2以Telnet方式登录交换机。

以进入Windows运行窗口，并执行相关命令，通过Telnet方式登录交换机为例：单击“确定”后，在登录窗口输入用户名和密码，验证通过后，出现用户视图的命令行提示符。

6 IGMP Snooping配置关于本章IGMP Snooping配置在二层组播设备上，通过对上游三层设备和下游用户之间的IGMP报文进行分析，建立和维护二层组播转发表，实现组播数据报文在数据链路层的按需分发。

注意事项端口作为VPLS AC侧的接入端口时，如果该端口同时还作为组播流入接口，会导致对应组播数据无法正常转发。

6.1 IGMP Snooping概述IGMP Snooping (Internet Group Management Protocol Snooping)是一种IPv4二层组播协议，通过侦听三层组播设备和用户主机之间发送的组播协议报文来维护组播报文的出接口信息，从而管理和控制组播数据报文在数据链路层的转发。

6.2 设备支持的IGMP Snooping特性设备支持的IGMP Snooping特性包括：IGMP Snooping基本功能、IGMP SnoopingProxy功能、IGMP Snooping策略、成员关系快速刷新以及IGMP Snooping SSMMapping等。

6.3 缺省配置介绍缺省情况下，IGMP Snooping的配置信息。

6.4 配置IGMP Snooping基本功能配置IGMP Snooping基本功能，设备可以建立并维护二层组播转发表，实现组播数据报文在数据链路层的按需分发。

6.5 配置IGMP Snooping ProxyIGMP Snooping Proxy功能在IGMP Snooping的基础上使交换机代替上游三层设备向下游主机发送IGMP Query报文和代替下游主机向上游设备发送IGMP Report和Leave报文，这样能够有效的节约上游设备和本设备之间的带宽。

6.6 配置IGMP Snooping策略通过配置IGMP Snooping策略，可以控制用户对组播节目的点播，提高二层组播网络的可控性和安全性。

6.7 配置成员关系快速刷新配置成员关系快速刷新，使组播组成员加入或者离开组播组时设备能够快速响应成员变化，可以提高组播业务运行效率和用户体验。

9监控口配置关于本章通过配置监控口，可以实现对设备的使用环境进行监控，方便管理员对设备进行维护。

9.1 监控口简介介绍监控口的定义和目的。

9.2 配置注意事项介绍监控口特性的注意事项及设备支持的监控口。

9.3 配置监控口介绍监控口的详细配置过程。

9.4 配置举例介绍监控口配置举例。

配置示例中包括组网需求、配置思路等。

9.1 监控口简介介绍监控口的定义和目的。

定义监控口是位于设备上用于监控机柜门、设备电源、电池电量和空调电源等设备的接口。

目的在某些应用场景中，如交换机部署在接入侧作为楼道交换机实现宽带用户接入，因为楼道应用环境的特殊性，交换机需要安装在定制的机箱内，机箱内配置了备用电源。

由于这些设备与网络管理员所在的中心机房距离较远，当这些设备发生故障时，由于设备无法主动上报故障，导致网络管理员无法及时感知。

为了解决这个问题，交换机提供了环境监控接口，连接机柜门、备用电源等设备，当机箱门、备用电源等设备应用状况异常时，交换机发送Trap至网管站，实现对交换机应用环境的监控。

图9-1监控口应用示意图机柜门备用电源电池电量空调电源9.2 配置注意事项介绍监控口特性的注意事项及设备支持的监控口。

监控口特性的注意事项只有S3700-28TP-EI-MC支持此特性。

设备支持的监控口设备提供两个监控口，一个为监控输入口，另外一个为监控输出口。

●监控输入口：监控输入口为普通的以太网接口，提供4条输入线路，用来监控4种不同的源，例如机柜门、设备电源、电池电量和空调电源等设备（具体监控的设备由用户决定，可以监控但不限于上述设备）。

以直通网线为例，如图9-2所示，线序为：橙白、橙、绿白、蓝、蓝白、绿、褐白、褐。

每两根线为一路输入线路，这样依次橙白、橙为1号输入线路；绿白、绿为2号输入线路；蓝白、蓝为3号输入线路；褐白、褐为4号输入线路。

橙白、绿白、蓝白、褐白线要求连接到被监控设备的一个电平可变的端子上，被监控设备状态变化时，该端子的电平会由高变低或由低变高。

DONGFANG COLLEGE，FUJIAN AGRICULTURE AND FORESTRY UNIVERSITY实验名称：S2700交换机VLAN配置系别：计算机系年级专业：10电信2班学号：1050302103姓名：廖少兵任课教师：林菡成绩：201 年月日知识准备知识准备了解交换机的基本知识，了解交换机的基本原理，了解VLAN的原理。

阅读《Quidway S2700-SI 产品手册》。

实验目的掌握低端系列交换机产品VLAN的配置和使用实验内容VLAN业务的配置实验设备S2700 两台PC机四台直连网线5条串口线(调测线) 一条实验拓扑交换机A和交换机B通过端口1相连，交换机A的端口2与交换机B的端口2是VLAN10 的成员，交换机A的端口3与交换机B的端口3是VLAN20的成员。

配置步骤交换机A的具体配置如下：[s2700] interface Ethernet 0/0/2[s2700-Ethernet0/0/2] port link-type access[s2700-Ethernet0/0/2] interface Ethernet 0/0/3[s2700-Ethernet0/0/3] port link-type access[s2700-Ethernet0/0/3]quit[S2700]vlan 10[S2700-vlan10]port Ethernet 0/0/2[S2700]vlan 20[S2700-vlan20]port Ethernet 0/0/3[S2700]interface Ethernet 0/0/1[S2700-Ethernet0/0/1]port link-type trunk[S2700-Ethernet0/0/1] port trunk allow-pass vlan 10 20[S2700-Ethernet0/0/1]quit交换机B的具体配置如下：[s2700] interface Ethernet 0/0/2[s2700-Ethernet0/0/2] port link-type access[s2700-Ethernet0/0/2] interface Ethernet 0/0/3[s2700-Ethernet0/0/3] port link-type access[s2700-Ethernet0/0/3]quit[S2700]vlan 10[S2700-vlan10]port Ethernet 0/0/2[S2700-vlan10]quit[S2700]vlan 20[S2700-vlan20]port Ethernet 0/0/3[S2700-vlan20]qu[S2700]interface Ethernet 0/0/1[S2700-Ethernet0/0/1]port link-type trunk[S2700-Ethernet0/0/1] port trunk allow-pass vlan 10 20[S2700-Ethernet0/0/1]quit验证方法PC-1和PC-3能互通PC-2和PC-4能互通PC-1和PC-4不能互通，PC-2和PC-3不能互通实验结论同一vlan下的设备可以互通，不同vlan下的设备不能互通；通过端口打TAG可以传递多个vlan信息。

DataSheetIntroductionThe S2700 utilizes cutting-edge switching technologies and Huawei Versatile Routing Platform (VRP) software to meet the demand for multi-service provisioning and access on Ethernet networks. It is easy to install and maintain. With its flexiblenetwork deployment, comprehensive security and quality of service (QoS) policies, and energy-saving technologies, the S2700 helps enterprise customers build next-generation IT networks.The S2700 is a box device that is 1 U (44.45 mm or 1.75 in.) high. It is available in a standard version (SI) or an enhanced version (EI).Product OverviewModels and AppearancesAppearanceDescriptionS2700-9TP-SI-ACS2700-9TP-EI-ACS2700-9TP-EI-DC● 8 Ethernet 10/100 ports, 1 dual-purpose 10/100/1000 or SFP●AC and DC power supply for the EI version; AC power supply for the SI version ● Forwarding performance: 2.7 Mpps ●Switching Capacity: 32GbpsS2700-9TP-PWR-EI● 8 Ethernet 10/100 ports, 1 dual-purpose 10/100/1000 or SFP ● AC power supply ●PoE+● Forwarding performance: 2.7 Mpps ● Switching Capacity: 32GbpsS2700-18TP-SI-AC● 16 Ethernet 10/100 ports, 2 dual-purpose 10/100/1000 or SFP ●AC power supply● Forwarding performance: 5.4 Mpps ●Switching Capacity: 32GbpsS2700-18TP-EI-ACS2700-26TP-SI-ACS2700-26TP-EI-AC● 24 Ethernet 10/100 ports, 2 dual-purpose 10/100/1000 or SFP●AC power supply for the EI version; AC power supply for the SI version ● Forwarding performance: 6.6 Mpps ●Switching Capacity: 32GbpsS2700-26TP-PWR-EI● 24 Ethernet 10/100 ports, 2 dual-purpose 10/100/1000 or SFP ● AC power supply ●PoE+● Forwarding performance: 6.6 Mpps ● Switching Capacity: 32GbpsS2710-52P-SI-AC●48 Ethernet 10/100 ports, 4 Gig SFP ● AC power supply● Forwarding performance: 13.2 Mpps ● Switching Capacity: 32GbpsS2700-52P-EI-AC● 48 Ethernet 10/100 ports, 4 Gig SFP ●AC and DC power supply● Forwarding performance: 13.2 Mpps ● Switching Capacity: 32GbpsS2700-52P-PWR-EI● 48 Ethernet 10/100 ports, 4 Gig SFP ●AC power supply ● PoE+● Forwarding performance: 13.2 Mpps ● Switching Capacity: 32GbpsS2750-20TP-PWR-EI-AC● 16 Ethernet 10/100 ports, 2 Gig SFP and 2 dual-purpose 10/100/1000 or SFP ●AC power supply ● PoE+● Forwarding performance: 8.4 Mpps ● Switching Capacity: 64GbpsS2750-28TP-EI-AC●24 Ethernet 10/100 ports, 2 Gig SFP and 2 dual-purpose 10/100/1000 or SFP ● AC power supply● Forwarding performance: 9.6 Mpps ● Switching Capacity: 64GbpsS2750-28TP-PWR-EI-AC● 24 Ethernet 10/100 ports, 2 Gig SFP and 2 dual-purpose 10/100/1000 or SFP ●AC power supply ● PoE+● Forwarding performance: 9.6 Mpps ● Switching Capacity: 64GbpsS2720-28TP-EI-AC●24 Ethernet 10/100 ports,2 Gig SFP and 2 dual-purpose ● 10/100/1000 or SFP ● AC power supply● Forwarding performance: 9.6 Mpps ●Switching Capacity: 12.8GbpsFan TrayS2700 uses a new generation of high integrated chip and energy-saving circuit design, balanced heat, low power consumption, no fan of mute design.Power SupplyS2700 non-PoE model do not support pluggable power supplies.PoE/PoE+PWR in the model name indicates a PoE-capable switch, which supports IEEE 802.3af-compliant PoE and 802.3at-compliant PoE+. Each port delivers 15.4 W PoE or 30 W PoE+ power capacity.PoE power is divided into two types: 500W and 250W power supplies.S2700-9TP-PWR-EI Built-in single powersupply - 124 W PoE (15.4W): 8PoE+ (30W): 4S2700-26TP-PWR-EI W0PSA2500 - 123.2 W PoE (15.4W): 8PoE+ (30W): 4W0PSA5000 - 369.6W PoE (15.4W): 24PoE+ (30W): 12W0PSA2500 W0PSA2500 246.4W PoE (15.4W): 16PoE+ (30W): 8W0PSA5000 W0PSA5000 739.2W PoE (15.4W): 24PoE+ (30W): 24 S2700-52P-PWR-EI W0PSA2500 - 123.2 W PoE (15.4W): 8PoE+ (30W): 4W0PSA5000 - 369.6W PoE (15.4W): 24PoE+ (30W): 12W0PSA2500 W0PSA2500 246.4W PoE (15.4W): 16PoE+ (30W): 8W0PSA5000 W0PSA5000 739.2W PoE (15.4W): 48PoE+ (30W): 24S2750-20TP-PWR-EI-AC Built-in single powersupply - 370W PoE (15.4W): 16PoE+ (30W): 12S2750-28TP-PWR-EI-AC Built-in single powersupply - 370W PoE (15.4W): 24PoE+ (30W): 12When a switch has two power supplies installed, the two power supplies work in redundancy mode to provide power for the switch itself and in load balancing mode to provide power for powered devices (PDs).Product Features and HighlightsEasy Operation●The S2700 supports Huawei Easy Operation function. Thanks to this function, the S2700 implements easy installation, configuration, monitoring, and troubleshooting, greatly reduces initial installation and configuration costs, improves upgrade efficiency and lowers engineering costs. It provides a Web network management system (NMS) with a user-friendly graphical user interface (GUI) to implement alarm management and visual configuration, facilitating operation and maintenance. In addition, it supports faulty device replacement without configuration.●The S2700 offers a new application-specific integrated circuit (ASIC) switching technique and a fan-free design. This design reduces mechanical faults and protects the device against damages caused by condensed water and dust. Flexible service control●The S2700-EI supports various ACLs. ACL rules can be applied to VLANs to flexibly control ports and schedule VLAN resources.●The S2700 supports port-based VLAN assignment, MAC address-based VLAN assignment, protocol-based VLAN assignment, and network segment-based VLAN assignment. These secure and flexible VLAN assignment modes are used in networks where users move frequently.●The S2700 supports GARP VLAN Registration Protocol (GVRP), which dynamically distributes, registers, and propagates VLAN attributes to ensure correct VLAN configuration and reduce network administrator workloads. In addition, the S2700 supports SSH v2, HWTACACS, RMON, and port-based traffic statistics. The network quality analyzing (NQA) function assists users with network planning and upgrades.Excellent security features●The S2700 supports DHCP snooping, which generates user binding entries based on users' access interfaces, MAC addresses, IP addresses, IP address leases, VLAN IDs. The DHCP snooping function protects enterprises from common attacks such as bogus IP packet attacks, man-in-the-middle attacks, and bogus DHCP server attacks.●The S2700 can limit the number of MAC addresses that can be learned on an interface to prevent attackers from exhausting MAC address entries by using bogus source MAC addresses. This function minimizes packet flooding, which occurs when users' MAC addresses cannot be found in the MAC address table. The S2700 can also limit the number of ARP entries to prevent ARP spoofing attacks. In addition, it provides an IP source check function to prevent malicious users from using spoofed IP addresses to initiate DoS attacks.●The S2700 supports centralized MAC address authentication and 802.1x authentication. It authenticates users based on statically or dynamically bound user information such as IP address, MAC address, VLAN ID, access interface. VLANs, QoS policies, and ACLs can be dynamically applied to users.PoE function●The S2700 PWR series support improved Power over Ethernet (PoE) solutions and you can determine whether a PoE port provides power and the time a PoE port provides power. The S2700 PWR can use PoE power supplies with different power levels to provide the PoE function. Powered devices (PDs) such as IP Phones, WLAN APs, and Bluetooth APs can be connected to the S2700 PWR through network cables. The S2700 PWR provides -48V DC power for the PDs.●In its role as power sourcing equipment (PSE), the S2700 PWR complies with IEEE 802.3af and 802.3at (PoE+), and can work with PDs that are incompatible with 802.3af or 802.3at (PoE+). Each port provides a maximum of 30 W of power, complying with IEEE 802.3at. The PoE+ function increases the maximum power available on each port and implements intelligent power management for high-power consumption applications. This process facilitates the ease of PD use. PoE ports are still able to work while in power-saving mode.High scalability●The S2700 uses Intelligent Stack (iStack) to virtualize multiple switches into a single logical device to ease user management and configuration and expand the system switching capacity. iStack improves switching capacity, reliability, and scalability. Additionally, after the stack is established, all the member switches in a stack use the same IP address. You can use a single IP address to manage and maintain the switches uniformly. This greatly reduces system operation and maintenance (O&M) costs.●The iStack stacking architecture is designed for rapid failover capability with n-1 master redundancy, distributed Layer 2 and Layer 3 switching, link aggregation across the stack, and within 200 millisecond failover for path failure and hitlessmaster/backup failover.●Besides traditional STP, RSTP, and MSTP, the S2700 supports enhanced Ethernet technologies such as Smart Link and RRPP, implements millisecond-level protection switchover for links, and ensures the network quality.●The S2700 supports Smart Ethernet Protection (SEP) protocol, a ring network protocol applied to the link layer of an Ethernet network. SEP provides millisecond-level service switchovers and ensures nonstop forwarding of services. In addition, SEP features simplicity, high reliability, high switchover performance, convenient maintenance, and flexible topology and enables users to manage and plan networks conveniently.●The S2700 supports G.8032 Ethernet Ring Protection Switching (ERPS). The ERPS is based on traditional Ethernet MAC and bridging functions. It uses the mature Ethernet OAM and Ring Automatic Protection Switching (Ring APS or R-APS) technologies to implement millisecond-level protection switching on Ethernet. ERPS supports various services and flexible networking and lowers operating expense (OPEX) and capital expenditure (CAPEX) of users.Comprehensive QoS policies●The S2700 supports complex traffic classification based on packets' TCP/UDP port numbers, VLAN IDs, source MAC/IP addresses, destination MAC/IP addresses, IP protocols, or priorities. By limiting the traffic rate based on traffic classification results, the S2700 implements line-speed forwarding on each port to ensure high-quality voice, video, and data services. Each port supports a maximum of eight queues and multiple queue scheduling algorithms, such as WRR, SP, and WRR+SP. Powerful surge protection capability●The S2700 uses the Huawei patented surge protection technique that supports 7 kV surge protection capability on service ports. This effectively protects switches against over lightning induced overvoltage. The Huawei patented surge protection technique greatly reduces the possibility of equipment being damaged by lightning, even in extreme situations or in scenarios where grounding is not feasible.Quiet operation, energy conservation, and low radiationThe S2700 uses an energy-saving integrated circuit design to ensure even heat dissipation. Idle ports can enter a sleep mode to further reduce power consumption. The S2700 generates no sound because it does not contain any fans. Radiation produced by the S2700 is within the standard range for electric appliances and causes no harm to the human body. Product SpecificationsDownlink ports S2700-9TP-SI**/S2700-9TP-EI/S2700-9TP-PWR-EI: 8 10/100Base-TX Ethernet portsS2700-18TP-SI/S2700-18TP-EI/S2750-20TP-PWR-EI-AC: 16 10/100Base-TX Ethernet portsS2700-26TP-SI/S2700-26TP-EI/S2700-26TP-PWR-EI/S2750-28TP-EI-AC/S2750-28TP-PWR-EI-AC: 2410/100Base-TX Ethernet portsS2710-52P-SI/S2700-52P-EI: 48 10/100Base-TX Ethernet portsUplink ports S2700-9TP-SI/S2700-9TP-EI/S2700-9TP-PWR-EI: 1 dual-purpose 10/100/1000 or SFPS2700-18TP-EI/S2700-18TP-SI/S2700-26TP-EI/S2700-26TP-EI/S2700-26TP-PWR-EI/S2700-26TP-SI:2 dual-purpose 10/100/1000 or SFPS2710-52P-SI/S2700-52P-EI: 4 gigabit SFPS2750-20TP-PWR-EI/S2750-28TP-EI-AC/S2750-28TP-PWR-EI: 2 Gig SFP and 2 dual-purpose10/100/1000 or SFPMAC address 8K MAC address entriesManual deletion of dynamicMAC address entriesAging time of MAC addressconfigurableBlackhole MAC addressentries 8K MAC address entriesManual deletion of dynamic MACaddress entriesAging time of MAC addressconfigurableBlackhole MAC address entriesMAC address learning controlwhich based on ports16K MAC address entriesManual deletion of dynamic MACaddress entriesAging time of MAC addressconfigurableMAC address learning controlwhich based on portsBlackhole MAC address entriesVLAN feature 4K active VLANs, complyingwith IEEE 802.1QPort-based VLAN assignment 4K active VLANs, complying with IEEE 802.1Q Port-based VLAN assignmentVLANIF interface number: 8N/A MAC address-based assignmentPort-based QinQQoS Outbound-Port-based ratelimiting and flow-based ratelimiting4 or 8 queues of differentpriorities on each portMapping between 802.1ppriorities and queuesSP, WRR, and SP+WRRalgorithms Port-based rate limiting and flow-based rate limiting4 or 8 queues of different prioritieson each portMapping between 802.1p prioritiesand queuesSP, WRR, and SP+WRRalgorithmsPort-based rate limiting and flow-based rate limiting8 queues of different priorities oneach portMapping between 802.1ppriorities and queuesSP, WRR, and SP+WRRalgorithmsN/A packet-based priority remark andpacket redirectionIPv4 routing Static routingRIP v1/v2（S2750-EI）IPv6 feature IPv6 protocol IPv6 protocolStatic IPv6 routes Static IPv6 routesSupports MLD v1/v2 snooping.Multicast IGMP v1/v2/v3 snoopingPort-based rate limiting formulticast packets MVLANControllable multicastIGMP v1/v2/v3 snoopingPort-based rate limiting for multicast packetsReliability S2700-SI: STP (IEEE802.1d), RSTP (IEEE802.1w)S2710-SI: STP (IEEE802.1d), RSTP (IEEE802.1w), MSTP (IEEE802.1s) STP (IEEE 802.1d), RSTP (IEEE802.1w), MSTP (IEEE 802.1s),and RRPP topology and RRPPmulti-instanceSTP (IEEE 802.1d), RSTP (IEEE802.1w), MSTP (IEEE 802.1s),and RRPP topology and RRPPmulti-instanceSEP and ERPS (G.8032)Smart Link tree topology andSmart Link multi-instance,implementing millisecond-levelprotective switchoverTraffic sampling N/A sFlowSecurity & access features S2700-SI: Storm suppressionS2710-SI: Stormsuppression , IP SourceGuard802.1x authentication and limit on the number of users on an interfaceStorm suppressionIP Source GuardS2700-SI: Multipleauthentication methodsincluding AAA, RADIUS, andTACACS+Port isolationSuppression of multicast,broadcast, and unknownunicast packetsCPU defenseS2710-SI: Multipleauthentication methodsincluding AAA, RADIUS, andTACACS+Port isolationSuppression of multicast,broadcast, and unknownunicast packetsCPU defenseDHCP snoopingMultiple authentication methods including AAA authentication, RADIUSauthentication, and TACACS+ authentication802.1x authentication, MAC address authentication, MAC bypassauthenticationDHCP snoopingPort isolation and sticky MACPacket filtering based on MAC addressesSuppression of multicast, broadcast, and unknown unicast packetsLimit on the number of learned MAC addressesCPU defenseS2750-EI: DHCP relaySurge protection Surge protection capability of service ports: 7kV Surge protection capability ofservice ports: 7 kVManagement Stack (S2710-52P-SI-AC, S2700-52P-EI-AC, S2700-52P-PWR-EI) Auto-ConfigCLI-based configurationRemote configuration using TelnetSNMP V1/V2C/V3Remote network monitoring StackEasy OperationCLI-based configuration Remote configuration using TelnetSNMP V1/V2C/V3SSHv2Web-based device managementRemote network monitoringSSHv2Web-based device management Interoperability N/A Supports VBST (Compatible withPVST/PVST+/RPVST)Supports LNP (Similar to DTP)Supports VCMP (Similar to VTP) OperatingenvironmentLong-term operating temperature: –5°C to + 50°CRelative humidity: 10% to 90% (non-condensing)Power AC:●Rated voltage range: 100 V to 240 V AC, 50/60 Hz●Maximum voltage: 90 to 264 V AC, 50/60 HzDC:●Rated voltage range: –48 V to –60 V DC●Maximum voltage range: –36 V to –72 V, DCNOTEPoE models do not use DC power supplies.Dimensions (W xD x H)●S2700-9TP-EI/SI: 250×180×43.6●S2700-9TP-PWR-EI: 320×220×43.6●S2700-18TP-EI/SI/S2700-26TP-EI/SI/S2750-28TP-EI-AC/S2720-28TP-EI-AC: 442×220×43.6●S2700-26TP-PWR-EI: 442×420×43.6●S2710-52P-SI/S2700-52P-EI: 442×220×43.6●S2750-20TP-PWR-EI-AC/S2750-28TP-PWR-EI-AC: 442×310×43.6Weight ●S2700-9TP-SI<1.4 kg●S2700-18TP-SI<2.4 kg●S2700-26TP-SI<2.4 kg●S2710-52P-SI<3 kg●S2700-9TP-EI<1.4 kg●S2700-9TP-PWR-EI<2.5 kg●S2700-18TP-EI<2.4 kg●S2700-26TP-EI<2.4 kg●S2700-52P-EI<3 kg●S2700-26TP-PWR-EI<4 kg(without power supply)●S2750-20TP-PWR-EI<4.5kg●S2750-28TP-EI<3 kg●S2750-28TP-PWR-EI<4.5kgPowerconsumption●S2700-9TP-SI<12.8 W●S2700-18TP-SI<14.5 W●S2700-26TP-SI<15.5 W●S2710-52P-SI<38 W●S2700-9TP-EI<12.8 W●S2700-9TP-PWR-EI<154 W(PoE: 124 W)●S2700-18TP-EI<14.5 W●S2700-26TP-EI<15.5 W●S2700-52P-EI<38 W●S2700-26TP-PWR-EI<808W(PoE: 740 W)●S2750-20TP-PWR-EI<435W(PoE: 370W)●S2750-28TP-EI<15.7 W●S2750-28TP-PWR-EI<445W(PoE: 370W)*: The S2700 is provided in the standard version (SI) and enhanced version (EI). The S2700 switches of the EI series are collectively called S2700-EI, and the S2700 switches of the SI series are collectively called S2700-SI. S2710-SI is a sub-series switch of S2700-SI. S2750-EI is the sub-series switches of S2700-EI.**: S2700-9TP-SI is short for S2700-9TP-SI-AC. As product versions are irrelevant to the power supply mode, the product names mentioned in product specifications do not contain AC or DC. This rule also applies to other product models.Hardware SpecificationsThe following table lists the S2700 hardware specifications.Memory (RAM) S2700: 64 MB (S2700-52P-EI/S2710: 128 MB); S2720/S2750: 256 MB Flash memory S2700/S2710: 16 MB; S2720/S2750: 200 MBMean Time Between Failures (MTBF), years ●S2700-9TP-SI-AC: 44.1●S2700-18TP-SI-AC: 39.2●S2700-26TP-SI-AC: 37.3●S2710-52P-SI-AC: 26.8●S2700-9TP-EI-AC: 44.1●S2700-9TP-EI-DC: 44.1●S2700-9TP-PWR-EI: 35.5●S2700-18TP-EI-AC: 39.2●S2700-26TP-EI-AC: 37.3●S2700-26TP-PWR-EI: 34.8●S2700-52P-EI-AC: 26.8●S2700-52P-PWR-EI: 35.4●S2720-EI: 44.3●S2750-28TP-EI-AC: 44.3●S2750-20TP-PWR-EI-AC: 78.68 ●S2750-28TP-PWR-EI-AC: 78.29Mean Time To Repair (MTTR), hours 2Availability > 0.99999Stack port ●Not supported by S2700-SI●S2710-SI: 2 1000Base-X optical ports●S2700-EI: 2 1000Base-X optical ports in S2700-52P-EI-AC or S2700-52P-PWR-EI●S2720-EI: 2 1000Base-X optical multiplexing uplink for stack●S2750-EI: 2 1000Base-X optical multiplexing uplink for stackRPS Not supported by S2700PoE Supported by PWR seriesDC input voltage Rated voltage range ●Not supported by S2700-SI/S2710-SI/S2720-EI/S2750-EI●S2700-EI: -48V DC to -60V DCMaximum voltagerange●Not supported by S2700-SI/S2710-SI/S2720-EI/S2750-EI●S2700-EI: -36V DC to -72V DCAC input voltage Rated voltage range 100V AC to 240V AC; 50/60 Hz Maximum voltagerange90V AC to 264V AC; 47 Hz to 63 HzTemperature Operatingtemperature ●S2700-SI: -5°C to +50°CNOTEThe working temperature is -5°C to +45 °C when SFP optical module matching80km and above the distance.●S2710-52P-SI-AC: -5°C to +50°C●S2700-EI: -5°C to +50°C,NOTES2700-52P-PWR-EI: 0°C to +50°C.In addition to the S2700-26TP-PWR-EI, S2700-52P-EI-AC and S2700-52P-PWR-EI, the working temperature is -5 °C to +45 °C when SFP optical modulematching 80km and above the distance.●S2720-EI: -5°C to +50°C (0 m-1800 m altitude)NOTEWhen the altitude is between 1800 m and 5000 m, the operating temperaturereduces by 1°C every time the altitude increases by 220 m.The working temperature is -5°C to +45 °C when SFP optical module matching80km and above the distance.●S2750-EI: -5°C to +50°C (0 m-1800 m altitude)NOTEWhen the altitude is between 1800 m and 5000 m, the operating temperaturereduces by 1°C every time the altitude increases by 220 m.●S2750-28TP-EI-AC: The working temperature is -5°C to +45 °C when SFPoptical module matching 80km and above the distance.Storage temperature -40°C to +70°CNoise under normal temperature (sound power) ●S2750-20TP-PWR-EI-AC: <52dBA ●S2750-28TP-PWR-EI-AC: <52dBA ●others: No fan, muteOperating altitude ●S2700-SI/S2710-SI/S2720-EI: 0 m to 5000 m●S2700-9TP-EI-AC: 0m to 5000m●S2700-9TP-EI-DC: 0m to 2000m●S2700-9TP-PWR-EI: 0m to 2000m●S2700-18TP-EI-AC: 0m to 5000m●S2700-26TP-EI-AC: 0m to 5000m●S2700-26TP-PWR-EI: 0m to 5000m●S2700-52P-EI-AC: 0m to 2000m●S2700-52P-PWR-EI: 0m to 5000m●S2750-28TP-EI-AC: 0m to 5000m●S2750-20TP-PWR-EI-AC: 0m to 5000m●S2750-28TP-PWR-EI-AC: 0m to 5000mNetworking and Applications100 Mbit/s Access Rate for TerminalsThe S2700 can function as a desktop access device that provides an access rate of 100 Mbit/s for terminals and 1000 Mbit/s uplink interfaces to communicate with uplink devices.Ordering InformationProduct Description1 S2700-9TP-EI-AC Mainframe (8 Ethernet 10/100 ports, 1 dual-purpose 10/100/1000 or SFP, AC 110/220V)2 S2700-9TP-EI-DC Mainframe (8 Ethernet 10/100 ports, 1 dual-purpose 10/100/1000 or SFP, DC -48V)3 S2700-9TP-SI-AC Mainframe (8 Ethernet 10/100 ports, 1 dual-purpose 10/100/1000 or SFP, AC 110/220V)4 S2700-18TP-EI-AC Mainframe (16 Ethernet 10/100 ports, 2 dual-purpose 10/100/1000 or SFP, AC 110/220V)5 S2700-18TP-SI-AC Mainframe (16 Ethernet 10/100 ports, 2 dual-purpose 10/100/1000 or SFP, AC 110/220V)6 S2700-26TP-EI-AC Mainframe (24 Ethernet 10/100 ports, 2 dual-purpose 10/100/1000 or SFP, AC 110/220V)7 S2700-26TP-SI-AC Mainframe (24 Ethernet 10/100 ports, 2 dual-purpose 10/100/1000 or SFP, AC 110/220V)8 S2700-52P-EI-AC Mainframe (48 Ethernet 10/100 ports, 4 Gig SFP, AC 110/220V)9 S2710-52P-SI-AC Mainframe (48 Ethernet 10/100 ports, 4 Gig SFP, AC 110/220V)10 S2700-9TP-PWR-EI Mainframe (8 Ethernet 10/100 ports, PoE+, 1 dual-purpose 10/100/1000 or SFP, AC 110/220V)11 S2700-26TP-PWR-EI Mainframe (24 Ethernet 10/100 ports, 2 dual-purpose 10/100/1000 or SFP, PoE+, withoutpower module)S2700 Series Enterprise Switches 12S2700-52P-PWR-EI Mainframe (48 Ethernet 10/100 ports, 4 Gig SFP, PoE+, Dual Slots of Power, Including Single 500W AC Power) 13S2750-20TP-PWR-EI-AC Mainframe (16 Ethernet 10/100 ports, 2 Gig SFP and 2 dual-purpose 10/100/1000 or SFP,PoE+, AC 110/220V) 14S2750-28TP-EI-AC Mainframe (24 Ethernet 10/100 ports, 2 Gig SFP and 2 dual-purpose 10/100/1000 or SFP, AC 110/220V) 15S2750-28TP-PWR-EI-AC Mainframe (24 Ethernet 10/100 ports, 2 Gig SFP and 2 dual-purpose 10/100/1000 or SFP, PoE+, AC 110/220V) 16S2720-28TP-EI-AC Mainframe (24 Ethernet 10/100 ports, 2 Gig SFP and 2 dual-purpose 10/100/1000 or SFP, AC 110/220V) 17 500W PoE power supply unitMore InformationFor more information about Huawei Campus Switches, visit or contact us in the following ways: ●Global service hotline: /en/service-hotline ●Logging in to the Huawei Enterprise technical support website: /enterprise/ ●Sending an email to the customer service mailbox: ********************Copyright © Huawei Technologies Co., Ltd. 2018. All rights reserved.No part of this document may be reproduced or transmitted in any form or by any means without prior writtenconsent of Huawei Technologies Co., Ltd.Trademarks and Permissionsand other Huawei trademarks are trademarks of Huawei Technologies Co., Ltd.All other trademarks and trade names mentioned in this document are the property of their respective holders.NoticeThe purchased products, services and features are stipulated by the contract made between Huawei and thecustomer. All or part of the products, services and features described in this document may not be within thepurchase scope or the usage scope. Unless otherwise specified in the contract, all statements, information, andrecommendations in this document are provided "AS IS" without warranties, guarantees or representations ofany kind, either express or implied.The information in this document is subject to change without notice. Every effort has been made in thepreparation of this document to ensure accuracy of the contents, but all statements, information, andrecommendations in this document do not constitute a warranty of any kind, express or implied. Huawei Technologies Co., Ltd. Address:Huawei Industrial Base Bantian, Longgang Shenzhen 518129 People's Republic of China Website:。

10安全关于本章本章主要介绍安全管理的相关概念和相关配置，主要包括：端口隔离、用户静态绑定、AAA配置、802.1X和MAC认证。

10.1 端口隔离提供配置和查询隔离模式、双向隔离、单向隔离的功能。

S2700SI系列交换机不支持此功能。

10.2 用户静态绑定用户静态绑定信息由用户手工配置，支持的绑定方式包括IP+PORT、MAC+PORT、IP+MAC+PORT、IP+PORT+VLAN、MAC+PORT+VLAN、IP+MAC+PORT+VLAN。

S2700SI系列交换机不支持此功能。

10.3 AAA配置AAA是Authentication，Authorization，Accounting（认证、授权和计费）的简称，它提供了一个对认证、授权和计费这三种安全功能进行配置的一致性框架，实际上是对网络安全的一种管理。

在S2700系列交换机中仅是支持用户管理功能。

10.4 802.1X介绍802.1X的基本配置包括全局和接口802.1X参数配置。

10.5 MAC认证介绍MAC地址认证的基本配置包括全局配置和接口配置，使用MAC地址认证的特性。

10.1 端口隔离提供配置和查询隔离模式、双向隔离、单向隔离的功能。

S2700SI系列交换机不支持此功能。

端口隔离模式可以配置为二层三层都隔离或者二层隔离三层互通，最常用的就是同一个小组成员两两之间不能二层互通，却可以通过访问公共资源。

如打印机、服务器等。

10.1.1 双向隔离提供配置隔离模式和双向隔离的新建、查询、修改、删除的功能。

背景信息●同一端口隔离组的接口之间互相隔离，不同端口隔离组的接口之间不隔离。

●交换机支持64个隔离组，编号为1～64。

操作步骤●配置隔离模式说明●缺省情况下，端口隔离模式为L2(二层隔离三层互通)。

●隔离模式选择应用后，会把双向隔离和单向隔离的配置都应用于该模式。

●切换下方的双向隔离和单向隔离标签不影响隔离模式的配置功能。

●S2700（除S2700-52P-PWR-EI）系列交换机不支持此功能。

华为交换机快速入门（V100R006C01_01）Quidway S2300&S3300&S5300&S6300 系列以太网交换机V100R006C01快速入门文档版本01发布日期2011-10-26版权所有 ? 华为技术有限公司 2011。

保留一切权利。

非经本公司书面许可，任何单位和个人不得擅自摘抄、复制本文档内容的部分或全部，并不得以任何形式传播。

商标声明和其他华为商标均为华为技术有限公司的商标。

本文档提及的其他所有商标或注册商标，由各自的所有人拥有。

注意您购买的产品、服务或特性等应受华为公司商业合同和条款的约束，本文档中描述的全部或部分产品、服务或特性可能不在您的购买或使用范围之内。

除非合同另有约定，华为公司对本文档内容不做任何明示或默示的声明或保证。

由于产品版本升级或其他原因，本文档内容会不定期进行更新。

除非另有约定，本文档仅作为使用指导，本文档中的所有陈述、信息和建议不构成任何明示或暗示的担保。

华为技术有限公司地址：深圳市龙岗区坂田华为总部办公楼邮编：518129网址：客户服务邮箱：******************客户服务电话：4008302118前言读者对象本手册针对S2300、S2352、S3300、S5300和S6300设备开局，从管理维护的角度，对设备功能进行基本的验证，确保设备稳定、可靠地投入网上运行。

本文档主要适用于以下工程师：l数据配置工程师l调测工程师l网络监控工程师l系统维护工程师符号约定在本文中可能出现下列标志，它们所代表的含义如下。

命令行格式约定修订记录修改记录累积了每次文档更新的说明。

最新版本的文档包含以前所有文档版本的更新内容。

文档版本 01 (2011-10-26)第一次正式发布。

快速入门目录目录前言 (ii)1 概述 (1)2 产品硬件简介 (2)2.1 S2300以太网交换机简介 (3)2.2 S3300以太网交换机简介 (4)2.3 S5300以太网交换机简介 (7)2.4 S6300以太网交换机简介 (11)2.5 S2300系列以太网交换机指示灯介绍 (12)2.6 S3300系列以太网交换机指示灯介绍 (15)2.7 S5300系列以太网交换机指示灯介绍 (21)2.8 S6300系列以太网交换机指示灯介绍 (29)3 设备安装 (33)4 设备上电 (34)4.1 上电前检查 (35)4.2 设备上电 (38)4.3 上电后检查 (38)5 登录设备 (40)5.1 通过Console口登录Switch (41)5.2 通过Telnet登录设备 (44)5.3 登录Web网管客户端 (46)6 业务部署 (48)7 文档获取 (49)1概述介绍快速入门包括的内容。

Quidway® S2700系列企业网交换机产品概述Quidway® S2700系列企业网交换机（以下简称S2700）是华为公司推出的新一代绿色节能的以太网智能百兆接入交换机。

它基于新一代交换技术和华为VRP®（Versatile Routing Platform）软件平台，针对企业客户的各种应用场景，提供简单便利的安装维护手段，同时融合了灵活的VLAN部署、完备的安全和QoS控制策略、绿色环保等先进技术，可满足以太网多业务承载和接入需要，助力企业用户搭建面向未来的IT网络。

S2700为盒式产品设备，机箱高度为1U，提供标准型（SI）和增强型（EI）两种产品版本。

包括S2700-9TP-EI、S2700-9TP-SI、S2700-18TP-EI、S2700-18TP-SI、S2700-26TP-EI、S2700-26TP-SI、S2700-52P-EI、S2700-9TP-PWR-EI、S2700-26TP-PWR-EI。

产品型号和外观Quidway® S2700系列包括以下交换机：S2700-9TPS2700-9TP-EI-AC S2700-9TP-SI-AC ●8个10/100Base-TX，1个千兆Combo口（10/100/1000Base-T或100/1000Base-X）●EI分交流供电和直流供电两种机型，SI只有交流机型S2700-9TP-PWR-EI ●8个10/100Base-TX，1个千兆Combo口（10/100/1000Base-T或100/1000Base-X）●交流供电●支持POE+S2700-18TPS2700-18TP-EI-AC S2700-18TP-SI-AC ●16个10/100Base-TX，2个千兆Combo口（10/100/1000Base-T或100/1000Base-X ），●交流供电S2700-26TPS2700-26TP-EI-AC S2700-26TP-SI-AC ●24个10/100Base-TX，2个千兆Combo 口（10/100/1000Base-T或100/1000Base-X）●EI分交流供电和直流供电两种机型，SI只有交流机型S2700-26TP-PWR-EI ●24个10/100Base-TX，2个千兆Combo 口（10/100/1000Base-T或100/1000Base-X）●交流供电●支持POE+S2700-52PS2700-52P-EI-AC ●48个10/100Base-TX，2个100/1000Base-XSFP，2个1000Base-X SFP，●交流供电产品特性和优势●免维护，易部署，易管理S2700支持自动配置，智能式即插即用，大大降低初始安装成本；采用全新交换ASIC技术，整机无风扇设计，减少机械故障点的同时免除凝露腐蚀和尘土侵害，能有效降低主机53%维护率。

华为S2700配置图解壹.进入操作界面1.<Quidway>system-view贰.还原出厂配置1.<Quidway>reset saved-configuration重启2<Quidway>reboot3输入密码huawei4.选择5 输入文件菜单5.选择3 从闪存删除文件6.手动输入vrpcfg.Zip7.选择6 返回主菜单8.选择7 重启叁.查看配置1.[Quidway]display current-configuration默认具有admin用户telnet和http服务端口具有ntdp和ndp项Snmp部分功能默认开启肆.修改sysname密码1.[Quidway]sysname N266伍.配置sys进入密码为S27001 .[N266]user-interface console 02.[N266-ui-console0]authentication-mode password3.[N266-ui-console0]set authentication password cipher S27004.[N266-ui-console0]quit陆.进入端口1设置固定ip1. [N266]interface Vlanif 12. [N266-Vlanif1]ip address 192.168.13.69 255.255.255.03. [N266-Vlanif1]quit4. [N266]display current-configuration5.添加路由表[N266]ip route-static 192.168.0.0 255.255.0.0 192.168.13.253 6. [N266]display current-configuration柒．启用http服务1.加载http server --web.zip[N266]http server load flash:/S2700-V100R005C01SPC100.web.zip2.开启http server[N266]http server enable扒.设置telnet的密码和权限的两种办法1. [N266]user-interface vty 0 42. [N266-ui-vty0-4]authentication-mode password3. [N266-ui-vty0-4]set authentication password cipher S27004. [N266-ui-vty0-4]quit玖.启用super1. [N266]super password cipher S2700升级默认telnet等级为3-15级别1. [N266-ui-vty0-4]user privilege level 152. C:\Documents and Settings\dnyj04>telnet 192.168.13.69仕.telnet和http都可正常运行，现在测试dhcp自动获取功能1．进入vlan1.[N266]interface Vlanif 12.删除ip 静态地址[N266-Vlanif1]undo ip address3.查看所有信息[N266-Vlanif1]display current-configuration4. [N266-Vlanif1]quit5.[N266]dhcp enable6. [N266]display current-configuration46.7. [N266]display ip interface brief仕1.开启snmp 脚本1.[N266]snmp-agent community read public2.自动关闭回路[N266]stp enable3.查看stp端口情况[N266]display stp brief4.查看所有的端口情况[N266]display inter brief。

华为 S2700系列交换机产品彩页2华为企业Sx700系列交换机S2700系列企业交换机产品型号和外观1华为企业Sx700系列交换机• 转发性能：17.7Mpps • 交换容量：32Gbps 2华为企业Sx700系列交换机简易运维Easy Operation• S2700支持华为Easy Operation 简易运维功能。

借助Easy Operation 简易运维功能可以实现简易安装、简易配置、简易监控和简易故障处理，大幅降低初始安装和配置成本；提高升级效率并降低工程成本；具备友好的人机界面和Web 网管，支持告警管理和可视化配置；支持故障设备更换免配置功能。

• S2700采用全新ASIC 交换芯片，支持无风扇设计，在减少机械故障点的同时免除凝露腐蚀和尘土侵害，能有效降低故障率。

灵活的业务控制能力• S2700-EI 支持丰富的ACL 策略控制，特别是支持基于VLAN 下发ACL 规则，实现VLAN 内多端口的灵活控制和统一资源调度。

• S2700支持多种VLAN 划分方式：支持基于端口、基于MAC 地址、基于协议、基于网段划分VLAN ，部署安全灵活，尤其适合有移动办公需求的网络场景。

• S2700支持GVRP ，可实现VLAN 的动态分发、注册和传播VLAN 属性，减少手工配置量、保证VLAN 配置正确性，减少因为配置不一致而导致的网络互通问题。

此外，还支持SSHv2、HWTACACS 、RMON 、基于端口的流量统计；支持NQA 网络质量分析，有利于网络规划和优化。

丰富的安全接入机制• S2700支持完备的DHCP Snooping 功能，通过侦听接入用户的MAC/IP 地址、租期、VLAN ID 、接口等信息，防止IP 报文伪造、中间人攻击、DHCP 服务器私接等常见网络安全威胁，保障网络接入安全。

产品特性和优势3华为企业Sx700系列交换机• S2700支持基于端口的源MAC地址学习限制功能，有效防止攻击者变换源MAC地址发动攻击而产生的泛洪。

华为交换机的配置——S2700<Quidway〉system—view //进入配置模式[Quidway］sysname B1 //给交换机命名为B1[B1]http server load flash：/S2700？。

... zip //加载WEB管理程序[B1]http server enable //开启WEB管理功能[B1]user-interface console 0 //进入console 0端口的配置［B1—ui—con0］authentication-mode password //启用密码认证［B1-ui-con0］set authentication password cipher qqgroup //设置密文密码［B1-ui-con0］user privilege level 3 //安全级别为3［B1—ui-con0］quit //退出［B1]user—interface vty 0 4 //进入VTY配置[B1—ui-vty0—4]authentication—mode password［B1-ui-vty0-4］set authentication password cipher qq［B1-ui—vty0—4］user privilege level 3［B1—ui—vty0-4]quit[B1］vlan 10 //创建VLAN 10［B1—vlan10］interface Ethernet 0/0/1 //进入交换机的端口[B1—ethernet 0/0/1]port link-type access //设置端口模式为接入模式［B1-ethernet 0/0/1]port default vlan 10 //把该端口加入VLAN10[B1—ethernet 0/0/1]interface Ethernet 0/0/24[B1-ethernet 0/0/24］port link—type trunk //设置端口模式为TRUNK ［B1-ethernet 0/0/24]port trunk permit vlan 10 //设置TRUNK允许通过的VLAN ［B1—ethernet 0/0/24］quit［B1］interface vlan 10 //进入VLAN接口［B1］ip add 192。