Huawei Quidway S3500 Series Operation Manual

Hide thumbs Also See for Quidway S3500 Series:

Operation manual (671 pages)

Table of Contents

Quick Links

Summary of Contents for Huawei Quidway S3500 Series

Page 1: Table Of Contents
Operation Manual - Security Quidway S3500 Series Ethernet Switches Table of Contents Table of Contents Chapter 1 802.1x Configuration ....................1-1 1.1 802.1x Overview ........................ 1-1 1.1.1 802.1x Standard Overview..................1-1 1.1.2 802.1x System Architecture ..................1-1 1.1.3 802.1x Authentication Process................1-2 1.1.4 Implementing 802.1x on the Ethernet Switch ............
Page 2 Operation Manual - Security Quidway S3500 Series Ethernet Switches Table of Contents 2.2.5 Layer 3 Portal Authentication Configuration Example .......... 2-10 2.3 Portal Authentication-Free User and Free IP address Configurations ......2-11 2.3.1 Portal Authentication-Free User and Free IP Address Configuration Tasks ..2-11 2.3.2 Portal Authentication-Free User and Free IP Configuration Example ....
Page 3 Operation Manual - Security Quidway S3500 Series Ethernet Switches Table of Contents 3.5 AAA and RADIUS Protocol Configuration Examples ............3-22 3.5.1 Configuring FTP/Telnet User Authentication at Remote RADIUS Server .... 3-22 3.5.2 Configuring FTP/Telnet User Authentication at Local RADIUS Server ....3-23 3.5.3 Configuring Dynamic VLAN with RADIUS Server..........
Page 4: Chapter 1 802.1X Configuration
The LAN access control device needs to provide the Authenticator System of 802.1x. The devices at the user side such as the computers need to be installed with the 802.1x client Supplicant software, for example, the 802.1x client provided by Huawei Technologies Co., Ltd. (or by Microsoft Windows XP). The 802.1x Authentication Server system normally stays in the carrier’s AAA center.
Page 5: 802.1X Authentication Process
Operation Manual - Security Quidway S3500 Series Ethernet Switches Chapter 1 802.1x Configuration LANs) frame defined by IEEE 802.1x. Authentication data are encapsulated in the EAP frame, which is to be encapsulated in the packets of other AAA upper layer protocols (e.g.
Page 6: Implementing 802.1X On The Ethernet Switch
Operation Manual - Security Quidway S3500 Series Ethernet Switches Chapter 1 802.1x Configuration 802.1x provides an implementation solution of user ID authentication. However, 802.1x itself is not enough to implement the scheme. The administrator of the access device should configure the AAA scheme by selecting RADIUS or local authentication so as to assist 802.1x to implement the user ID authentication.
Page 7: Enabling/Disabling 802.1X
Operation Manual - Security Quidway S3500 Series Ethernet Switches Chapter 1 802.1x Configuration Among the above tasks, the first one is compulsory, otherwise 802.1x will not take any effect. The other tasks are optional. You can perform the configurations at requirements.
Page 8: Setting The Port Access Control Method
Operation Manual - Security Quidway S3500 Series Ethernet Switches Chapter 1 802.1x Configuration does not permit the user to access the network resources. If the authentication flow is passed, the port will be switched to the authorized state and permit the user to access the network resources.
Page 9: Setting The Supplicant Number On A Port
Operation Manual - Security Quidway S3500 Series Ethernet Switches Chapter 1 802.1x Configuration 1.2.5 Setting the Supplicant Number on a Port The following commands are used for setting number of users allowed by 802.1x on specified port. When no port is specified, all the ports accept the same number of supplicants.
Page 10: Enabling/Disabling Guest Vlan
Operation Manual - Security Quidway S3500 Series Ethernet Switches Chapter 1 802.1x Configuration information to RADIUS server in the form of EAP packets directly and RADIUS server must support EAP authentication). For EAP authentication, PEAP, EAP-TLS and EAP-MD5 methods are available on the...
Page 11: Setting 802.1X Re-Authentication
Operation Manual - Security Quidway S3500 Series Ethernet Switches Chapter 1 802.1x Configuration ports into Guest VLAN. After that, no 802.1x authentication is performed when the user of the Guest VLAN visits the resources within this Guest VLAN. However, if the user visits the outer resources, authentication is still needed.
Page 12 Operation Manual - Security Quidway S3500 Series Ethernet Switches Chapter 1 802.1x Configuration I. Enabling 802.1x re-authentication Before enabling the 802.1x re-authentication, you must enable the 802.1x feature both on the port and globally. Perform the following in system view or Ethernet port view.
Page 13: Setting 802.1X Client Version Authentication
Operation Manual - Security Quidway S3500 Series Ethernet Switches Chapter 1 802.1x Configuration 1.2.10 Setting 802.1x Client Version Authentication Note: Among S3500 series ethernet switches, S3552G, S3552P, S3528G, S3528P, S3526E, S3526E FM, S3526E FS and S3526C support this function, and S3526, S3526 FM and S3526 FS don’t.
Page 14: Setting The Maximum Times Of Authentication Request Message Retransmission
Operation Manual - Security Quidway S3500 Series Ethernet Switches Chapter 1 802.1x Configuration Table 1-12 Configuring the maximum retry times for the switch to send version request frame to the client Operation Command Configure the maximum retry times for the...
Page 15: Configuring Timers
Operation Manual - Security Quidway S3500 Series Ethernet Switches Chapter 1 802.1x Configuration 1.2.12 Configuring Timers The following commands are used for configuring the 802.1x timers. Perform the following configurations in system view. Table 1-15 Configuring timers Operation Command dot1x timer { handshake-period handshake-period-value |...
Page 16: Enabling/Disabling A Quiet-Period Timer
Operation Manual - Security Quidway S3500 Series Ethernet Switches Chapter 1 802.1x Configuration supp-timeout-value: Specify how long the duration of an authentication timeout timer of a Supplicant is. The value ranges from 10 to 120 in units of second and defaults to 30.
Page 17: 802.1X Configuration Example
Operation Manual - Security Quidway S3500 Series Ethernet Switches Chapter 1 802.1x Configuration reset command in user view to reset 802.1x statistics. Execute debugging command in user view to debug 802.1x. Table 1-17 Displaying and debugging 802.1x Operation Command Display the configuration, running...
Page 18 Operation Manual - Security Quidway S3500 Series Ethernet Switches Chapter 1 802.1x Configuration The user name of the local 802.1x access user is localuser and the password is localpass (input in plain text). The idle cut function is enabled. II. Networking diagram...
Page 19 Operation Manual - Security Quidway S3500 Series Ethernet Switches Chapter 1 802.1x Configuration [Quidway-radius-radius1] quit # Set the encryption key when the system exchanges packets with the authentication RADIUS server. [Quidway] local-server nas-ip 127.0.0.1 key name [Quidway] radius scheme radius1...
Page 20: Chapter 2 Portal Configuration
Quidway S3500 Series Ethernet Switches Chapter 2 Portal Configuration Chapter 2 Portal Configuration Note: Among Quidway S3500 series Ethernet switches, S3552G, S3552P, S3528G and S3528P support Portal. 2.1 Portal Overview 2.1.1 Introduction to Portal Portal is also called Portal website. Portal authentication is also called web authentication.
Page 21: Procedures For Portal Authentication
Operation Manual - Security Quidway S3500 Series Ethernet Switches Chapter 2 Portal Configuration Authentication client: A web-based browser using HTTP/HTTPS (hypertext transfer protocol/secure HTTP). Before users pass the authentication, all HTTP requests are sent to the Portal server. Access device: Sends by force the HTTP request from the authentication client to the Portal server unconditionally before users pass the authentication.
Page 22: Portal Operating Modes
Operation Manual - Security Quidway S3500 Series Ethernet Switches Chapter 2 Portal Configuration Caution: Portal authentication and 802.1x protocol cannot be enabled simultaneously on the same switch. 2.1.4 Portal Operating Modes On the Quidway series switches, Portal implementations operate in three methods (also called operating modes): direct authentication, re-DHCP authentication and Layer 3 Portal authentication.
Page 23: Arp Packet Handshaking Between Switch And User's Pc
Operation Manual - Security Quidway S3500 Series Ethernet Switches Chapter 2 Portal Configuration Authentication-free user information contains the IP address, MAC address, connected switch port and VLAN. Only the user whose information fully matches the authentication-free user information can be allowed to access the Internet without authentication.
Page 24: Portal Configuration Tasks
The Portal servers are installed and configured. For the installation and configuration, refer to Comprehensive Access Management Server Portal User Manual. Note: For DHCP configurations, refer to Quidway S3500 Series Ethernet Switches Operation Manual. For the AAA and RADIUS configurations, refer to the following chapter.
Page 25: Portal Direct Authentication Configuration Example
Operation Manual - Security Quidway S3500 Series Ethernet Switches Chapter 2 Portal Configuration Steps Command Description Enable Portal authentication on VLAN Required portal server-name interface display portal [ acm statistics auth-network [ auth-vlan-id ] | server Display Portal server-name configuration information —...
Page 26 Operation Manual - Security Quidway S3500 Series Ethernet Switches Chapter 2 Portal Configuration After passing the Portal authentication, the user PC can access the Internet. II. Network diagram Internet Internet v lan-interf ace 2 v lan-interf ace 2 192.168.1.160/16 192.168.1.160/16...
Page 27: Re-Dhcp Authentication Configuration Example
Configure Portal authentication # Configure the Portal server: The name is newp, the IP address is 192.168.1.200, the key is huawei, the port is 50100, and the uniform resource locator (URL) is http://192.168.1.200/port. [Quidway] portal server newp ip 192.168.1.200 key huawei port 50100 url http://192.168.1.200/port...
Page 28 Operation Manual - Security Quidway S3500 Series Ethernet Switches Chapter 2 Portal Configuration Before passing the Portal authentication, the user PC is allocated a private address. After passing the Portal authentication, the user PC need to apply for a public address before accessing the Internet.
Page 29: Layer 3 Portal Authentication Configuration Example
Operation Manual - Security Quidway S3500 Series Ethernet Switches Chapter 2 Portal Configuration # Configure DHCP Relay. [Quidway-Vlan-interface3] dhcp select relay [Quidway-Vlan-interface3] ip relay address 192.168.1.100 # Enable Portal authentication on VLAN interface 3. The Portal server name is newp, and you can refer to section 2.2.3 “Portal Direct Authentication Configuration...
Page 30: Portal Authentication-Free User And Free Ip Address Configurations
Operation Manual - Security Quidway S3500 Series Ethernet Switches Chapter 2 Portal Configuration # Configure authentication network segments. [Quidway] portal auth-network 162.31.0.0 255.255.0.0 vlan 100 # Configure Portal operating mode as Layer 3 Portal authentication. [Quidway] portal method layer3 # Configure VLAN 100.
Page 31: Portal Authentication-Free User And Free Ip Configuration Example
Operation Manual - Security Quidway S3500 Series Ethernet Switches Chapter 2 Portal Configuration Steps Command Description portal free-user mac-address ip ip-address Configure You can configure up to vlan vlan_id interface authentication-free authentication-free interface_type users users. interface_num interface_name } Display the information...
Page 32 Operation Manual - Security Quidway S3500 Series Ethernet Switches Chapter 2 Portal Configuration II. Network diagram Vlan -interface 2 Vlan -interface 2 Vlan -interface 2 Vlan -interface 2 Vlan -interface 2 Portal server Portal server Portal server Portal server Portal server...
Page 33: Portal Rate Limitation Configurations
Operation Manual - Security Quidway S3500 Series Ethernet Switches Chapter 2 Portal Configuration [Quidway-vlan2] port ethernet 0/5 [Quidway-vlan2] quit # Configure Server1 as free IP. [Quidway] portal free-ip 192.168.1.300 2.4 Portal Rate limitation Configurations 2.4.1 Portal Rate limitation Configuration Tasks The following table describes the Portal rate limitation configuration tasks.
Page 34: Portal User Deletion Configuration Example
Operation Manual - Security Quidway S3500 Series Ethernet Switches Chapter 2 Portal Configuration Table 2-4 Delete Portal users Steps Command Description Enter the system view <Quidway> system-view — Delete the Portal user with [Quidway] portal delete-user — the specified IP address ip-address 2.5.2 Portal User Deletion Configuration Example...
Page 35: Chapter 3 Aaa And Radius Protocol Configuration
Operation Manual - Security Quidway S3500 Series Ethernet Switches Chapter 3 AAA and RADIUS Protocol Configuration Chapter 3 AAA and RADIUS Protocol Configuration 3.1 AAA and RADIUS Protocol Overview 3.1.1 AAA Overview Authentication, Authorization and Accounting (AAA) provide a uniform framework used for configuring these three security functions to implement the network security management.
Page 36: Implementing Aaa/Radius On Ethernet Switch
Operation Manual - Security Quidway S3500 Series Ethernet Switches Chapter 3 AAA and RADIUS Protocol Configuration in PSTN environment or Ethernet switch with access function in Ethernet environment), NAS, namely RADIUS client end, will transmit user AAA request to the RADIUS server.
Page 37: Aaa Configuration
Operation Manual - Security Quidway S3500 Series Ethernet Switches Chapter 3 AAA and RADIUS Protocol Configuration Authentication Authentication PC user1 PC user1 Serv er Serv er PC user2 PC user2 Accounting Accounting Serv er1 Serv er1 S3500 seri e s...
Page 38: Configuring Relevant Attributes Of Isp Domain
Operation Manual - Security Quidway S3500 Series Ethernet Switches Chapter 3 AAA and RADIUS Protocol Configuration Quidway Series Switches ISP domain view, you can configure a complete set of exclusive ISP domain attributes on a per-ISP domain basis, which includes AAA policy ( RADIUS scheme applied etc.)
Page 39: Creating A Local User
Operation Manual - Security Quidway S3500 Series Ethernet Switches Chapter 3 AAA and RADIUS Protocol Configuration Table 3-2 Configuring relevant attributes of ISP domain Operation Command Specify the adopted RADIUS scheme radius-scheme radius-scheme-name Restore the adopted RADIUS scheme to undo radius-scheme...
Page 40 Operation Manual - Security Quidway S3500 Series Ethernet Switches Chapter 3 AAA and RADIUS Protocol Configuration I. Setting the password display mode Perform the following configurations in system view. Table 3-4 Setting the method that a local user uses to display password...
Page 41: Disconnecting A User By Force
Operation Manual - Security Quidway S3500 Series Ethernet Switches Chapter 3 AAA and RADIUS Protocol Configuration Operation Command Cancel the service type of specified user (For undo service-type { ftp [ ftp-directory ] | S3526, S3526 lan-access | telnet [ level level ] }...
Page 42: Configuring Radius Protocol
Operation Manual - Security Quidway S3500 Series Ethernet Switches Chapter 3 AAA and RADIUS Protocol Configuration VLAN. When the port is in MAC address-based mode, each port can only connect a single user. Currently the ethernet switches support RADIUS server delivers the integer type and string type VLAN ID.
Page 43: Creating/Deleting A Radius Scheme
Operation Manual - Security Quidway S3500 Series Ethernet Switches Chapter 3 AAA and RADIUS Protocol Configuration configuration but two different IP addresses. Accordingly, attributes of every RADIUS scheme include IP addresses of primary and second servers, shared key and RADIUS server type etc.
Page 44: Setting Ip Address And Port Number Of Radius Server
Operation Manual - Security Quidway S3500 Series Ethernet Switches Chapter 3 AAA and RADIUS Protocol Configuration Table 3-9 Creating/Deleting a RADIUS scheme Operation Command Create a RADIUS scheme and enter its radius scheme radius-scheme-name view undo radius scheme Delete a RADIUS scheme radius-scheme-name Several ISP domains can use a RADIUS scheme at the same time.
Page 45: Setting Radius Packet Encryption Key
Operation Manual - Security Quidway S3500 Series Ethernet Switches Chapter 3 AAA and RADIUS Protocol Configuration Operation Command Set IP address and port number of second secondary accounting RADIUS accounting server. ip-address [ port-number ] Restore IP address and port number of...
Page 46: Setting Response Timeout Timer Of Radius Server
Operation Manual - Security Quidway S3500 Series Ethernet Switches Chapter 3 AAA and RADIUS Protocol Configuration Table 3-11 Setting RADIUS packet encryption key Operation Command Set RADIUS authentication/authorization packet key authentication string encryption key Restore default RADIUS undo key authentication authentication/authorization packet encryption key.
Page 47: Enabling The Selection Of Radius Accounting Option
Operation Manual - Security Quidway S3500 Series Ethernet Switches Chapter 3 AAA and RADIUS Protocol Configuration Table 3-13 Setting retransmission times of RADIUS request packet Operation Command Set retransmission times of RADIUS request packet retry retry-times Restore the default value of retransmission times undo retry By default, RADIUS request packet will be retransmitted up to three times.
Page 48: Setting Maximum Times Of Real-Time Accounting Request Failing To Be Responded
Operation Manual - Security Quidway S3500 Series Ethernet Switches Chapter 3 AAA and RADIUS Protocol Configuration The parameter minutes specifies the real-time accounting interval in minutes. The value shall be a multiple of 3. The value of minutes is related to the performance of NAS and RADIUS server. The smaller the value is, the higher the performances of NAS and RADIUS are required.
Page 49: Enabling/Disabling Stopping Accounting Request Buffer
Operation Manual - Security Quidway S3500 Series Ethernet Switches Chapter 3 AAA and RADIUS Protocol Configuration How to calculate the value of retry-times? Suppose that RADIUS server connection will timeout in T and the real-time accounting interval of NAS is t, then the integer part of the result from dividing T by t is the value of count.
Page 50: Configuring The User Re-Authentication At Reboot
Operation Manual - Security Quidway S3500 Series Ethernet Switches Chapter 3 AAA and RADIUS Protocol Configuration Table 3-19 Setting the maximum retransmitting times of stopping accounting request Operation Command Set the maximum retransmitting times of stopping retry stop-accounting accounting request...
Page 51: Setting The Supported Type Of Radius Server
Table 3-21 Setting the supported type of RADIUS server Operation Command Setting Supported Type server-type { huawei | iphotel | portal | RADIUS Server standard } Restore the Supported Type of undo server-type RADIUS Server to the default setting Huawei Technologies Proprietary...
Page 52: Setting Radius Server State
Operation Manual - Security Quidway S3500 Series Ethernet Switches Chapter 3 AAA and RADIUS Protocol Configuration By default, the newly created RADIUS scheme supports the server of standard type, while the "system" RADIUS scheme created by the system supports the server of huawei type.
Page 53: Setting Username Format Transmitted To Radius Server
Operation Manual - Security Quidway S3500 Series Ethernet Switches Chapter 3 AAA and RADIUS Protocol Configuration If the switch affirms that the primary server does not respond, it then sends RADIUS packets to the secondary RADIUS server. After each quiet time interval, the switch sets the status of the primary RADIUS server to active, and sends RADIUS packets to it next time.
Page 54: Setting The Unit Of Data Flow That Transmitted To Radius Server
Operation Manual - Security Quidway S3500 Series Ethernet Switches Chapter 3 AAA and RADIUS Protocol Configuration 3.3.16 Setting the Unit of Data Flow that Transmitted to RADIUS Server The following command defines the unit of the data flow sent to RADIUS server.
Page 55: Displaying And Debugging Aaa And Radius Protocol
Operation Manual - Security Quidway S3500 Series Ethernet Switches Chapter 3 AAA and RADIUS Protocol Configuration 3.4 Displaying and Debugging AAA and RADIUS Protocol After the above configuration, execute display command in any view to display the running of the AAA and RADIUS configuration, and to verify the effect of the configuration.
Page 56: Aaa And Radius Protocol Configuration Examples
Operation Manual - Security Quidway S3500 Series Ethernet Switches Chapter 3 AAA and RADIUS Protocol Configuration Operation Command Disable debugging of local undo debugging local-server { all | error | RADIUS authentication server event packet } 3.5 AAA and RADIUS Protocol Configuration Examples For the hybrid configuration example of AAA/RADIUS protocol and 802.1x protocol,...
Page 57: Configuring Ftp/Telnet User Authentication At Local Radius Server
3.5.2 Configuring FTP/Telnet User Authentication at Local RADIUS Server Local RADIUS authentication of Telnet/FTP users is similar to remote RADIUS authentication. But you should modify the server IP address to 127.0.0.1, authentication password to Huawei, the UDP port number of the authentication server to 1645. Note: For details about local RADIUS authentication of Telnet/FTP users, refer to “3.3.17...
Page 58: Configuring Dynamic Vlan With Radius Server
Operation Manual - Security Quidway S3500 Series Ethernet Switches Chapter 3 AAA and RADIUS Protocol Configuration 3.5.3 Configuring Dynamic VLAN with RADIUS Server I. Networking Requirements The RADIUS server (taking Windows IAS as example) delivers sting VLAN ID “test”, which corresponds to the name of VLAN 100 on the switch. The switch can add the port to VLAN 100 when the server delivers "test".
Page 59: Aaa And Radius Protocol Fault Diagnosis And Troubleshooting
Operation Manual - Security Quidway S3500 Series Ethernet Switches Chapter 3 AAA and RADIUS Protocol Configuration 3.6 AAA and RADIUS Protocol Fault Diagnosis and Troubleshooting RADIUS protocol of TCP/IP protocol suite is located on the application layer. It mainly specifies how to exchange user information between NAS and RADIUS server of ISP.
Page 60: Chapter 4 Ead Configuration
Operation Manual - Security Quidway S3500 Series Ethernet Switches Chapter 4 EAD Configuration Chapter 4 EAD Configuration Note: For the S3500 series, EAD feature is supported on the S3552G, S3552P, S3528G and S3528P. 4.1 EAD Overview Endpoint admission defense (EAD) solution monitors data accessed at endpoints, to enhance active defense capacity of user clients and control spread of viruses and worms inside the network.
Page 61: Ead Configuration Tasks
Operation Manual - Security Quidway S3500 Series Ethernet Switches Chapter 4 EAD Configuration Authentication server Virus patch server Security policy server Client Figure 4-1 EAD network application After a user client passes the authentication, the security client (software installed on the client PC) checks the security condition of the user client and interacts with the security policy server.
Page 62: Ead Configuration Example
Operation Manual - Security Quidway S3500 Series Ethernet Switches Chapter 4 EAD Configuration 4.4 EAD Configuration Example Note: For Telnet and FTP users, their remote server authentication can be configured in similar ways. The following description uses the authentication configuration for Telnet uses as example.
Page 63 Operation Manual - Security Quidway S3500 Series Ethernet Switches Chapter 4 EAD Configuration III. Configuration procedure # Add a Telnet user. Omitted. Note: For the configuration of FTP and Telnet users, refer to the “Getting Started” part of this manual.
Page 64: Chapter 5 Habp Configuration
For those ports where 802.1x authentication is skipped, packets will be filtered by 802.1x attribute, so the management over them is also impossible. HABP(Huawei Authentication Bypass Protocol) attribute can be used to solve this problem. HABP packets contain the MAC address and other information of the member switches.
Page 65: Configuring Habp Client
Operation Manual - Security Quidway S3500 Series Ethernet Switches Chapter 5 HABP Configuration Table 5-1 Configuring HABP server Operation Command Enable HABP attribute habp enable Restore HABP attribute to the default value undo habp enable Configure the switch as HABP Server...
Page 66 Operation Manual - Security Quidway S3500 Series Ethernet Switches Chapter 5 HABP Configuration Operation Command Enable HABP debugging debugging habp Disable HABP debugging undo debugging habp Huawei Technologies Proprietary...
Page 67: Chapter 6 System-Guard Configuration
Operation Manual - Security Quidway S3500 Series Ethernet Switches Chapter 6 System-guard Configuration Chapter 6 System-guard Configuration Note: Among S3500 series ethernet switches, S3526, S3526 FM, S3526 FS, S3526E, S3526E FM, S3526E FS and S3526C support system-guard function. 6.1 System-guard Overview...
Page 68: Setting The Max Detection Count Of The Affected Hosts
Operation Manual - Security Quidway S3500 Series Ethernet Switches Chapter 6 System-guard Configuration Table 6-1 Enabling system-guard function Operation Command Enable system-guard function system-guard enable Disable system-guard function undo system-guard enable By default, system-guard function is disabled. Caution: For S3526E, S3526E FM S3526E FS and S3526C: Before enabling system-guard function, be sure the port priority is default value 0 and the Ethernet switch doesn’t...
Page 69: Enabling The Switch Not To Learn The Destination Ip Address
Operation Manual - Security Quidway S3500 Series Ethernet Switches Chapter 6 System-guard Configuration ( record-times-threshold) and isolate time ( isolate-time ) of system-guard function. For example, set the IP-record-threshold, record-times-threshold, isolate-time of system-guard function to 50, 3, 5. In this case, the system will consider to be attacked...
Page 70: Displaying And Debugging System-Guard
Operation Manual - Security Quidway S3500 Series Ethernet Switches Chapter 6 System-guard Configuration Table 6-4 Enabling the switch not to learn the destination address Operation Command Enable the switch not to learn the system-guard no-learn-dip enable destination address in the packets...

Huawei Quidway S3500 Series Operation Manual

Chapter 1 802.1X Configuration

Chapter 2 Portal Configuration

Chapter 3 AAA and RADIUS Protocol Configuration

Chapter 4 EAD Configuration

Chapter 5 HABP Configuration

Chapter 6 System-Guard Configuration

Quick Links

Table of Contents

Related Manuals for Huawei Quidway S3500 Series

Summary of Contents for Huawei Quidway S3500 Series

Table of Contents