HCIA Datacom - Cellbus (Eng - Sadany)

18.
DHCP Protocol Principles 319

01. Introduction to Transmission Media 001 19. FTP Protocol Principles 336
02. Ethernet Framing 018 20. Telnet Protocol Principles 347
03. IP Addressing 034 21. Link Aggregation 367
04. Internet Control Message Protocol 061 22. VLAN Principles 380
05. Address Resolution Protocol 076 23. VLAN Routing 409
06. Transport Layer Protocols 091 24. Principle and Configuration of HDLC and PPP423
07. Data Forwarding Scenario 107 25. Principle and Configuration of PPP oE 451
08. VRP Foundation 124 26. Network Address Translation 468
09. Navigating the CLI 139 27. Access Control Lists 491
10. File System Navigation and Management 157 28. AAA 505
11. VRP Operating System Image Management 176 29. Securing Data with IPSec VPN 517
12. Establishing a Single Switched Network 190 30. Generic Routing Encapsulation 534
13. Spanning Tree Protocol 202 31. Simple Network Management Protocol 550
14. Rapid Spanning Tree Protocol 234 32. Introducing IPv6 Networks 564
15. Basic Knowledge of IP Routing 260 33. IPv6 Routing Technologies 583
16. IP Static Routes 274 34. IPv6 Application Services DHCPv6 597
17. Link State Routing with OSPF 290 35. MPLS Basic Principle 617
Eng. Mohamed Elsadany
Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.

Introduction to Transmission Media

Foreword
⚫ Establishment of an enterprise network requires a fundamental understanding
of general networking concepts. These concepts include knowledge of what
defines a network, as well as the general standards of technology and physical
components that are used to establish enterprise networks. An understanding
of the underlying network communications and the impact that such behavior
has on the network is also paramount to ensuring performance effective
implementation.
Page 2 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
Objectives
⚫ Upon completion of this section, you will be able to:
 Explain what constitutes a network.
 Identify the basic components of a network.
 Describe the primary mechanisms for communication over a network.
Simple Point-to-Point Ethernet Networks
End Station End Station
Physical Medium
⚫ Networks are comprised of at least two end stations, and a medium over
which data can be carried.
Coaxial
Standard Cables Maximum Transmission Distance Connectors

Thin
10Base2 185m BNC
coaxial
Thick
10Base5 500m Type N
coaxial
⚫ Copper coaxial cabling commonly used to support users as part of a shared

network.
Ethernet
Standard Physical Medium Distance
10Base-T Two pairs of Category 3/4/5 twisted pair cables 100m
100Base-TX Two pairs of Category 5 twisted pair cables 100m
1000Base-T Four pairs of Category 5e twisted pair cables 100m
⚫ The primary physical medium used in enterprise networks.

Fiber Optic
Standard Physical Medium Distance

10Base-F Two strand fiber 2000m
100Base-FX Two strand multi-mode fiber 2000m
1000Base-LX Single-mode fiber or multi-mode fiber 316 - 5000m
1000Base-SX Multi-mode fiber 275 - 550m
Serial
Standard Speed
RS-232 Standards define up to 20000bps, but can reach 1Mbit/s
RS-422 100Kbit/s ~ 10Mbit/s+
⚫ Serial represents a legacy form of data transmission.
⚫ Standards continue to evolve as in forms such as USB.

Signal Data Encoding
1 0 1 0 1 0 1 0 1
0000 0001 0010 0011 0100

0 1 2 3 4
⚫ Signal patterns used for interpretation of communication.
⚫ Encoding is used to synchronize transmission.

Collision Domains
⚫ Signals in a shared network are susceptible to collisions.
⚫A collision detection mechanism is used to identify collisions.

Duplex Modes
Half Duplex
Full Duplex
⚫ Duplex modes support simultaneous and non-simultaneous bidirectional

communication.
Summary
 Which forms of cabling can be used to support Gigabit Ethernet transmissions
within an enterprise network?
 What is a collision domain?
 What is the purpose of CSMA/CD?
Thank You
www.huawei.com
Ethernet Framing

Foreword
⚫ Transmission over a physical medium requires rules that define the
communication behavior. The management of the forwarding behavior of
Ethernet based networks is controlled through IEEE 802 standards defined
for Ethernet data link technology. A fundamental knowledge of these
standards is imperative to fully understand how link layer communication is
achieved within Ethernet based networks.
Objectives
 Explain the application of reference models to networks.
 Describe how frames are constructed.
 Explain the function of MAC addressing at the data link layer.
 Describe Ethernet frame forwarding and processing behavior.
Managing Network Communication
TCP/IP OSI Novell IBM
LANs WANs
IEEE 802 Ethernet PPP HDLC
⚫ Networks are primarily managed by upper and lower layer protocols.

Layered Models - TCP/IP
Application
TCP/IP Transport
Network
Ethernet Network Interface
Layered Models - OSI
Provision of communications
7 Application between applications
Data formatting &

6 Presentation layer encryption/decryption
Establish, maintain and

5 Session layer manage sessions
Establish, maintain and

4
Transport layer manage end-to-end connection
3
Network layer Addressing and routing
2 Provision of link medium

Data link layer access & link management
1
Physical layer Bit flow transmission
Encapsulation
7 Application Data
6 Presentation layer Data
5 Session layer Data
4
Transport layer Data
3
Network layer Data
2
Data link layer Data
1
Physical layer
Communication Between Two End Stations
Host A Host B
Frame Header Data Traile

r
⚫ Data link layer frames are used to govern transmission over the
communications medium.
Frame Formats
Host A Host B
Ethernet II D.MAC S.MAC Type Data FCS

for
uppe
IEEE802.3 D.MAC S.MAC r
Length LLC SNAP Data FCS
layer
Field Value >= 1536 (0x0600) Ethernet II
Field Value <= 1500 (0x05DC) IEEE802.3
Ethernet II Frame
6 bytes 6 bytes 2 bytes 46-1500 bytes 4 bytes
D.MAC S.MAC Type Data FCS
0x0800 IP 2048 (0x0800)
0x0806 ARP 2054 (0x0806)
⚫ The Ethernet II frame type is associated with protocols with a type value
greater than 1536 (0x600).
IEEE802.3 Frame
The Subnetwork Access Protocol (SNAP)
D.MAC S.MAC Length LLC SNAP Data FCS
1 byte 1 byte 1 byte 3 bytes 2 bytes
D.SAP S.SAP Control Org Code Type
STP 0x03 3 (0x03)
⚫ The IEEE 802.3 frame type is associated with protocols with a type value
less than 1500 (0x05DC).
Frame Forwarding
Host A Host B
MAC：10-0B-A9-23-38-10 MAC：10-0B-A9-9D-C9-B8
D.MAC
MAC：10-0B-A9-9D-B9-C8
⚫ Media Access Control (MAC) addressing facilitates data link layer communication.
The Ethernet MAC Address
48 bits
24 bits 24 bits
OUI Assigned by each organization
⚫ MAC addresses are comprised of an organizationally unique identifier and

a vendor assigned address value.
Unicast Frame Forwarding
48 bits
7 bits 0
Host A Host B
unicast
Host C Host D
Broadcast Frame Forwarding
48 bits
FF FF FF FF FF FF
Host A Host B
broadcast
Host C Host D
Multicast Frame Forwarding
48 bits
7 bits 1
Host A Host B
multicast
Host C Host D
Carrier Sense
Host A Host B Host C
Carrier Sense (Network Occupied)
Data
Frame Processing
Host A Host B
MAC MAC 0x080 Data FCS IP Data

B A 0
Data
⚫ Data link (frame) instructions are received, processed and discarded.

Summary
 How does Ethernet determine the protocol to which a processed frame should
be delivered?
 How is it determined whether a frame should be processed or discarded upon

being received by an end device?
Thank You
www.huawei.com
IP Addressing

Foreword
⚫ The Internet Protocol (IP) is designed to provide a means for internetwork
communication that is not supported by lower layer protocols such as
Ethernet. The implementation of logical (IP) addressing enables the
Internet Protocol to be employed by other protocols for the forwarding of
data in the form of packets between networks. A strong knowledge of IP
addressing must be attained for effective network design along with clear
familiarity of the protocol behavior, to support a clear understanding of the
implementation of IP as a routed protocol.
Objectives
 Describe the fields and characteristics contained within IP.
 Distinguish between public, private and special IP address ranges.
 Successfully implement VLSM addressing.
 Explain the function of an IP gateway.
Next Header Processing
6 Bytes 6 Bytes 2 Bytes 46-1500 Bytes 4 Bytes
DMAC SMAC Type Data FCS
IP 0x0800
⚫ The next set of instructions for processing are referenced in the type field
of the frame header.
IP Packet Header
20-60 Bytes
IP Data
0 16 31
Header DS Field
Version Total Length
Length (ToS) QoS
Identification Flags Fragment Offset

Fixed
Message Time to Live Protocol Header Checksum 20
Header Bytes
Source IP Address
Destination IP Address
IP Options
IP Addressing
Network Host
192.168.1 .1
11000000.10101000.00000001 .00000001
⚫ The IP address identifies networks, and network hosts.
⚫ Binary is the base numbering system used for IP addressing.

IP Addressing
Network Address
192.168.1 .0
11000000.10101000.00000001 .00000000
Broadcast Address
192.168.1 .255
11000000.10101000.00000001 11111111
⚫ The upper and lower most host address values are reserved.
Decimal, Binary and Hexadecimal
Format Value Range Base Value
Binary 0—1 2
Decimal 0—9 10
Hexadecimal 0—F 16
⚫ Binary and Hexadecimal are common numbering systems used within IP

networks.
Binary vs. Decimal Conversion
Bit Order 1 1 1 1 1 1 1 1
Binary
Power 27 26 25 24 23 22 21 20
Binary 128 64 32 16 8 4 2 1
Decimal Binary Hexadecimal Decimal Binary Hexadecimal
0 00000000 00 9 00001001 09
1 00000001 01 10 00001010 0A
2 00000010 02 11 00001011 0B
3 00000011 03 12 00001100 0C
4 00000100 04 13 00001101 0D
5 00000101 05 14 00001110 0E
6 00000110 06 15 00001111 0F
7 00000111 07 … … …
8 00001000 08 255 11111111 FF
Binary Conversion
Network Host
Binary 11000000 10101000 00000001 00000001
7 6 7 5 3 0 0
2 +2 2 +2 +2 2 2
Decimal 192 168 1 1
IP Address Classes
1.0.0.0~126.255.255.255
Class A 0 Network(8bit) Host Host (24bit)

(24bit)
128.1.0.0~191.254.255.255
Class B 10 Network (16bit) Host (16bit)
192.0.1.0~223.255.254.255
Class C
110 Network (24bit) Host (8bit)
224.0.0.0~239.255.255.255
Class D 1110 Multicast
240.0.0.0~255.255.255.254
Class E 1111 Experimental
IP Address Types
Private Address Ranges

Class A 10.0.0.0~10.255.255.255
Class B 172.16.0.0~172.31.255.255
Class C 192.168.0.0~192.168.255.255
Special Addresses
Diagnostic 127.0.0.0 ~ 127.255.255.255
Any Network 0.0.0.0
Network Broadcast 255.255.255.255
⚫ The IP network address range has been divided, and certain addresses and
ranges assigned special functions in the network.
IP Communication
Host A Host B
192.168.1.1 192.168.2.1
192.168.1.2 192.168.2.2
Host C Host D
Network Host
192 168 1 0
192 168 2 0
Subnet Mask
Network Host
192.168.1 0
11000000.10101000.000000001 00000000
Subnet
255.255.255 0
11111111.11111111.11111111 00000000
⚫ Subnet masks distinguish between the binary values that represent each
(sub)network and those that represent each host.
Default Subnet Mask
Class A 255 0 0 0
Class B 255 255 0 0
Class C 255 255 255 0
⚫ Certain subnet masks are applied to address ranges by default to denote

the fixed range that is used for each network class.
Address Planning
IP Address 192 168 1 7
Subnet Mask 255 255 255 0
11000000 10101000 00000001 00000111

11111111 11111111 11111111 00000000
Network Address
(Binary) 11000000 10101000 00000001 00000000
Network Address 192 168 1 0

n
Host Addresses: 2 256
n
Valid Hosts: 2 - 2 254
Case Scenario
Subnet Mask 255 255 0 0
Network Address ? ? ? ?
n
Host Addresses: 2 ?
n
Valid Hosts: 2 - 2 ?
⚫ Determine the network for the given IP address, and the number of actual,
and valid host addresses in the network.
Addressing Limitations
192.168.2.0/24
192.168.1.0/24 20 Hosts
30 Hosts 192.168.3.0/24
10 Hosts
⚫ Network design using the default subnet mask results in address wastage.
VLSM Calculation
Subnet Mask 255 255 255 128
11000000 10101000 00000001 00000111

11111111 11111111 11111111 10000000
11000000 10101000 00000001 00000000
Network Address 192 168 1 0

n
Host Addresses: 2 128
n
Valid Hosts: 2 - 2 126
VLSM Case Scenario
20 Hosts
30 Hosts
10 Hosts
⚫ Using only the network 192.168.1.0/24, implement VLSM for the given
number of hosts in each network segment.
Classless Inter-Domain Routing
10.24.0.0/24
10.24.1.0/24
Announce route
10.24.0.0/22
10.24.2.0/24
10.24.3.0/24
IP Gateways
Host A L3 Host B
L2 L2
192.168.1.1 192.168.1.253 192.168.2.253 192.168.2.1
Host A Host B
L3 L3
192.168.1.1 L2 192.168.2.1
⚫ Gateways use IP to forward packets between networks.
⚫ Hosts may act as gateways between networks in a LAN.

IP Fragmentation
Host A Host B
L3
L2 L2
Header DS Field Total Length

Version
Length
Time to Live Protocol Header Checksum
Source IP Address
IP Options
Time To Live
Host A Host B
TTL=255 TTL=254 TTL=253

Version
Length
Source IP Address
IP Options
Protocol Field
IP Data
0x06/0x11 TCP/UDP
0x01 ICMP

Version
Length
Source IP Address
IP Options
Summary
 What is the IP subnet mask used for?
 What is the purpose of the TTL field in the IP header?
 How are gateways used in an IP network?
Thank You
www.huawei.com
Internet Control Message Protocol

Foreword
⚫ ICMP is a protocol that works alongside IP as a form of messaging protocol
in order to compensate for the limited reliability of IP. The implementation
of ICMP is required to be understood to familiarize with the behavior of
numerous operations and applications that rely heavily on ICMP, in order
to support underlying messaging, based on which further processes are
often performed.
Objectives
 Describe some of the processes to which ICMP is applied.
 Identify the common type and code values used in ICMP.
 Explain the function of ICMP in the ping and traceroute applications.
ICMP
Message
Return Message
⚫ ICMP messages are used to support multiple operations including routing,

diagnostics and errors.
ICMP (Routing)
Server A
Public Network
20.0.0.1/24
20.0.0.2/24
10.0.0.200/24
③ ① 10.0.0.100/24
② ICMP Redirect
IP: 10.0.0.1/24
Gateway: 10.0.0.100/24
Host A
ICMP (Diagnostics)
ICMP Echo Request ICMP Echo Reply
Host A Server
⚫ Two separate messages are used for the request and reply.
⚫ Commonly associated with the Ping application.

ICMP (Errors)
.2 10.0.0.0/24 .1 .2 20.0.0.0/24 .1
Host A Server
Packet Forwarding
ICMP Destination Unreachable
⚫ Notifies the packet source of problems with packet forwarding.
⚫ Uses the source IP address in the IP header for notification.

ICMP Format
Ethernet_II IP ICMP FCS
0 7 15 31
Type Code Checksum
Variable Parameters – Dependant on ICMP Type Field
Internet Header + 64 bits of Original Data Datagram – Dependant on ICMP Type Field
⚫ ICMP parameters are represented in a type/code format.
⚫ Additional data often carried to identify the undelivered packet.

ICMP Type & Code Fields
Type Code Description

0 0 Echo Reply
3 0 Network Unreachable
3 1 Host Unreachable
3 2 Protocol Unreachable
3 3 Port Unreachable
Redirect Datagram for the
5 0
Network
8 0 Echo Request
⚫ The Type value represents the format of a message.
⚫ The Code value provides a more specific message description.

ICMP Applications - Ping
.1 .2
10.0.0.0/24
RTA RTB
<RTA>ping ?
-a Select source IP address, the default is the IP address of
the output interface
-c Specify the number of echo requests to be sent, the
default is 5
-n Numeric output only. No attempt will be made to lookup
host addresses for symbolic names
-t Timeout in milliseconds to wait for each reply, the
default is 2000ms
STRING<1-255> IP address or hostname of a remote system
……
<RTA>ping 10.0.0.2
Ping Results
<RTA>ping 10.0.0.2
PING 10.0.0.2 : 56 data bytes, press CTRL_C to break
Reply from 10.0.0.2 : bytes=56 Sequence=1 ttl=255 time=340 ms
--- 10.0.0.2 ping statistics ---

5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 10/88/340 ms
ICMP Application – Traceroute
30.0.0.0/24
Host A RTA RTB Host B
10.0.0.0/24 20.0.0.0/24
<RTA>tracert ?
-a Set source IP address, the default is the IP
address of the output interface
-f First time to live, the default is 1
-m Max time to live, the default is 30
-name Display the host name of the router on each hop
-p Destination UDP port number, the default is 33434
STRING<1-255> IP address or hostname of a remote system
……
<RTA>tracert 30.0.0.2
Traceroute Results
<RTA>tracert 30.0.0.2
traceroute to 30.0.0.2(30.0.0.2), max hops:30, packet length:40,

press CTRL_C to break
1 10.0.0.2 130 ms 50 ms 40 ms
2 20.0.0.2 80 ms 60 ms 80 ms
3 30.0.0.2 80 ms 60 ms 70 ms
⚫ Traceroute displays hop-by-hop transmission results.
⚫ TTL value is used to define a hop limit for each set of results.
Summary
 Which two ICMP message types are used as part of a successful Ping?
 In the event that the TTL value in the IP header of a datagram reaches zero,
what action will be taken by the receiving gateway?
Thank You
www.huawei.com
Address Resolution Protocol

Foreword
⚫ In order for data transmission to a network destination to be achieved it is
necessary to build association between the network layer and lower layer
protocols. The means by which the Address Resolution Protocol is used to
build this association and prevent the unnecessary generation of additional
broadcast traffic in the network should be clearly understood.
Objectives
 Explain how the MAC address is resolved using ARP.
 Explain the function of the ARP cache table.
ARP
IP: 10.1.1.1/24 IP : 10.1.1.2/24
MAC: 00-01-02-03-04-AA MAC: 00-01-02-03-04-BB
Host A Host B
ETH_II IP DATA FCS
Dest IP : 10.1.1.2
Source IP : 10.1.1.1
Dest MAC : UNKNOWN

Source MAC : 00-01-02-03-04-AA
⚫ Data link forwarding relies on knowledge of the MAC address of the data
link layer destination.
ARP Format
Ethernet_II ARP FCS
0 15 31
Hardware Type Protocol Type
Hardware Protocol Length Operation Code

Length
Source Hardware Address
Source Protocol Address
Destination Hardware Address
Destination Protocol Address
⚫ The ARP packet operates within the boundaries of the data link layer, as
can be understood by the absence of an IP header.
ARP Process
Host B
10.0.0.2
00-01-02-03-04-BB
Host A Host C
10.0.0.1 10.0.0.3
00-01-02-03-04-AA 00-01-02-03-04-CC
⚫ Host A wishes to forward data to Host C, but must identify whether it is

able to reach the destination at the data link layer.
ARP Cache Lookup
Host B
10.0.0.2
00-01-02-03-04-BB
Host A Host C
10.0.0.1 10.0.0.3
00-01-02-03-04-AA 00-01-02-03-04-CC
Host A>arp -a
Internet Address Physical Address Type
ARP Request Process
Host B
10.0.0.2
00-01-02-03-04-BB
Host A Host C
10.0.0.1 10.0.0.3
00-01-02-03-04-AA 00-01-02-03-04-CC
D.MAC S.MAC ARP

Dest IP: 10.0.0.3
FF-FF-FF-FF-FF-FF Source IP: 10.0.0.1
Dest MAC: 00-00-00-00-00-00
00-01-02-03-04-AA Source MAC: 00-01-02-03-04-AA
Operation Code: Request
ARP Reply Process
Host B
10.0.0.2
00-01-02-03-04-BB
Host A Host C
10.0.0.1 10.0.0.3
00-01-02-03-04-AA 00-01-02-03-04-CC
Host C>arp -a
Internet address Physical address Type
10.0.0.1 00-01-02-03-04-AA Dynamic
ARP Reply Process
Host B
10.0.0.2
00-01-02-03-04-BB
Host A Host C
10.0.0.1 10.0.0.3
00-01-02-03-04-AA 00-01-02-03-04-CC
D.MAC S.MAC ARP

Dest IP : 10.0.0.1
Source IP : 10.0.0.3
00-01-02-03-04-AA Dest MAC : 00-01-02-03-04-AA
00-01-02-03-04-CC Source MAC : 00-01-02-03-04-CC
Operation Code: Reply
Page 85 Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved. Page 85
ARP Cache
Host B
10.0.0.2
00-01-02-03-04-BB
Host A Host C
10.0.0.1 10.0.0.3
00-01-02-03-04-AA 00-01-02-03-04-CC
Host A>arp -a
10.0.0.3 00-01-02-03-04-CC Dynamic
Proxy ARP
Proxy
G0/0/0 G0/0/1
10.1.0.2/16 10.2.0.2/16
Host A Host B
10.1.0.1/8 10.2.0.1/8
① ARP Request to 10.2.0.1
② ARP Request to 10.2.0.1
③ ARP Reply with MAC of Host B
④ ARP Reply with MAC of G0/0/0
⚫ Proxy ARP enables data link discovery between networks.
⚫ Proxy replies with own (G0/0/0) address on behalf of Host B.

Gratuitous ARP
IP: 10.0.0.1/24
MAC: 00-01-02-03-04-AA
Host A
D.MAC S.MAC ARP

Dest IP : 10.0.0.1
Source IP : 0.0.0.0
FF-FF-FF-FF-FF-FF
Dest MAC : 00-00-00-00-00-00
00-01-02-03-04-AA Source MAC : 00-01-02-03-04-AA
⚫ Duplicate IP addresses may be assigned in a single IP network.
⚫ ARP can be used to discover IP address conflicts.

Summary
 Prior to generating an ARP request, what action must be taken by an end
station?
 When are gratuitous ARP messages generated and propagated on the local
network?
Thank You
www.huawei.com
Transport Layer Protocols

Foreword
⚫ The transport layer is associated with the end-to-end behavior of transport
layer protocols that are defined once data reaches the intended destination.
TCP and UDP represent the protocols commonly supported within IP
networks. The characteristics of data, such as sensitivity to delay and the
need for reliability often determines the protocols used at the transport
layer. This section focuses on the knowledge of how such characteristics
are supported through the behavior of each protocol.
Objectives
 Describe the common differences between TCP and UDP.
 Describe the forms of data to which TCP and UDP are applied.
 Identify well known TCP and UDP based port numbers.
Transmission Control Protocol
Host A TCP Connection Host B
Request Reply
⚫ A connection is established before data is sent.

TCP Ports
Host A HTTP Server
S:1027 D:80 Data S:80 D:1027 Data
Protocol Port
FTP 20 - 21
HTTP 80
TELNET 23
SMTP 25
⚫ Ports represent individual services such as those listed above.

TCP Header
IP TCP Header Data
0 15 31
Source Port Destination Port
Sequence Number
20bytes Acknowledge Number
Header NC E U A P R S F
Resv. S W C R C S S Y I Window
Length R E G K HT NN
Checksum Urgent Pointer
Options Padding
TCP Connection Establishment
Host A Server A
⚫ A TCP connection is established after a three-way handshake.

TCP Transmission Process
Host A Server A
Send 1,2,3
Acknowledge 4
Send 4,5,6
Acknowledge 4
Send 4,5,6
TCP Flow Control
Host A Server A
TCP Connection Termination
Host A Server A
TIME_WAIT 2x MSL
(MSL = 2 minutes)
. Closed
.
Closed
⚫ Host A will ensure ACK is received by Server A before closing.

User Datagram Protocol
Host A Host B
Request Reply
⚫ UDP based data is sent without establishing a connection.

UDP Datagram Format
IP UDP Data
0 15 16 31
Source port Destination port

8 bytes
Length Checksum
⚫ UDP achieves minimal overhead for each datagram.
⚫ Datagram delivery is not guaranteed with UDP.

UDP Forwarding Behavior
Host A Host B
⚫ UDP susceptible to the possibility of datagram duplication or non-orderly

delivery of datagrams.
UDP Forwarding Behavior
Host A Host B
Voice/Video
Packet Loss
⚫ There are no acknowledgements, therefore lost packets are not retransmitted,

this however is beneficial to delay sensitive data.
Summary
 What is the purpose of the acknowledgement field in the TCP header?
 Which TCP code bits are involved in a TCP three-way handshake?
Thank You
www.huawei.com
Data Forwarding Scenario

Foreword
⚫ The TCP/IP protocol suite operates as a collection of rules in order to
support the end-to-end forwarding of data, together with lower layer
protocols such as those defined in the IEEE 802 standards. The knowledge
of the lifecycle of data forwarding enables a deeper understanding of the
IP network behavior for effective analysis of network operation and
troubleshooting of networking faults. The entire encapsulation and
decapsulation process therefore represents a fundamental part of all
TCP/IP knowledge.
Objectives
 Explain the process steps for data encapsulation and decapsulation.
 Troubleshoot basic data forwarding issues.
Scenario Introduction
Host A Server A
RTA RTB
10.1.1.1/24 Internet 172.16.10.1/24
Host B Server B
10.1.1.2/24 172.16.10.2/24
⚫ Data forwarding may be local or remote, however the general forwarding

process is the same.
Path Discovery
Network/Mask Gateway Interface

0.0.0.0/0 10.1.1.254 10.1.1.1
10.1.1.0/24 - 10.1.1.1
Host A Server A
RTA RTB
10.1.1.1/24 G0/0/0 Internet 172.16.10.1/24
10.1.1.254/24
Host B Server B
10.1.1.2/24 172.16.10.2/24
⚫ Host A must have knowledge of a path to the destination.

ARP
Host A Host A> arp -a
10.1.1.254 00-01-02-03-04-08 Dynamic
10.1.1.2 00-01-02-03-04-06 Dynamic
10.1.1.1/24 RTA
00-01-02-03-04-05
G0/0/0
Host B
10.1.1.254/24 Internet
00-01-02-03-04-08
10.1.1.2/24
00-01-02-03-04-06
⚫ The ARP cache table is used to discover the data link next-hop.
⚫ An unknown next-hop will generate an ARP request.

TCP Encapsulation
Host A
Segment
TCP Data (If Applicable)

Transport
Network
Source Port Destination Port
Sequence Number
Data Link
Acknowledgement Number
Header NC E UA P R S F
Resv. S W C R C S S Y I Window
Length R E GK H T N N Physical
Options Padding
⚫ Encapsulation is performed once path is confirmed.

IP Encapsulation
Host A
Packet (Datagram)
IP TCP Data (If Applicable) Transport
Network
Version Header DS Field Total Length
Length
Identification Flags Fragment Offset Data Link

Physical
Source IP Address
IP Options
Ethernet Framing
Host A
Frame
Transport
Ethernet IP TCP Data FCS

Network
D.MAC S.MAC Type Data Link
D.MAC S.MAC Length LLC SNAP Physical
⚫ Frame type is dependant on the encapsulated protocols.
⚫ IP is the upper layer protocol, so the Ethernet II frame is used.

Frame Forwarding
Host A
D.MAC(48bits) SFD(8 bits) Preamble(56 bits)
1…0100 11010101 010101010101010101…
⚫ Data link layer uses carrier sense to detect for existing traffic.
⚫ Preamble and SFD used to synchronize with forwarded frame.

Frame Processing
Host A
Error Check
FCS Data Ethernet II SFD Preamble
RTA
DESTINATION MAC
G0/0/0
Host B 00-01-02-03-04-08
TYPE
0x0800
⚫ Frame will be received by all in the same collision domain.
⚫ Only the gateway (RTA) will process the frame.

Packet Processing
Ver HL DS Total Length

Identification Flag Offset
TTL Protocol Checksum
Source IP: 10.1.1.1
Dest IP: 172.16.10.1 Destination/Mask Interface
IP Options 172.16.10.0/24 G0/0/1
RTA
Data IP
10.1.1.254/24 G0/0/0 G0/0/1
⚫ Destination IP is checked against the address of the gateway.
⚫ A new frame header is constructed following discovery process.

Frame Decapsulation
Server A
RTB
172.16.10.1/24
08-07-06-05-04-AA
G0/0/1 Server B
172.16.10.2/24
08-07-06-05-04-BB
D.MAC S.MAC Type(0x0800)
⚫ Frame is forwarded with destination MAC address of Server A.
⚫ Server A compares interface MAC to frame destination MAC.

Packet Decapsulation
Server A
Data (If Applicable) IP
RTB 172.16.10.1/24
Header
08-07-06-05-04-AA Ver. DS Field. Total Length
Length

G0/0/1
Server B
TTL Protocol: 0x06 Header Checksum
Source IP: 10.1.1.1

Destination IP: 172.16.10.1
172.16.10.2/24 IP Options
08-07-06-05-04-BB
⚫ Server A compares own IP to destination address of IP header.
⚫ IP header is processed and discarded, data is directed to TCP.

Segment Decapsulation
Server A
Data (If APL) TCP
RTB 172.16.10.1/24
02-03-04-05-06-AA Source Port: 1027 Destination Port: 80
Sequence Number
G0/0/1
Server B Acknowledgement Number
Header NC E U A P R S F
Length Resv. S WC R CS S Y I Window
R E GK HT N N
172.16.10.2/24
02-03-04-05-06-BB Options Padding
⚫ TCP header builds connection with the service at port 80.
⚫ Parameters within the TCP header used to manage connection.

Summary
 What information is required before data can be encapsulated?
 What happens when a frame is forwarded to a destination to which it is not

intended?
 How does the data in the frame ultimately reach the application it is intended for?
 When multiple sessions of the same application are active (e.g. multiple web
browsers), how does the return data reach the correct session?
Thank You
www.huawei.com
VRP Foundation

Foreword
⚫ As more and more end stations in the form of host devices, networkable
printers other similar products are introduced into the local area network,
an increase in the density of devices results in a limitation in terms of port
interfaces, along with problems of collisions within any shared network
topology. Switching has evolved as the means for supporting this growth.
VRP is used within Huawei products as a means to configure and operate
such managed devices for which familiarity and hands-on skills must be
developed.
Objectives
 Explain the role switches play in the Ethernet networks.
 Describe the difference between collision and broadcast domains.
 Explain the general operation of VRP in Huawei products.
Application of Switching Devices
Switch A Switch B
Tx
Rx
Host A Host B Host C Host D
⚫ Switches generate multiple collision domains.

Application of Routing Devices
Switch A Switch B
RTA
⚫ Gateway devices such as routers generate broadcast domains.

Introduction To VRP
Switching
Routing
Security
Unified
Management UTM
WLAN/WWAN
⚫ VRP is the platform on which many Huawei products operate.

VRP Timeline
VRP 8
VRP 5
VRP 3
VRP 2
VRP 1
1998-2001 1999-2001 2000-2004 2000-now 2009-now
⚫ VRP versions 5 and 8 are currently used in Huawei products.

Establishing Connectivity
AR2200
Mini USB Console
S5700
Console
Device Access via Console
Host A
Console Cable RTA
COM Port Console
⚫ A physical connection is established between the serial (COM) port and the
console interface of the router/switch.
Console Access Setup Procedures
Please configure the login password (maximum length 16)

Enter password:huawei
Confirm password:huawei
<Huawei>
Router Access via Mini USB
Host
Router
USB Cable
USB Mini USB
⚫ Connection is made between the USB port of the host and the mini USB
interface of the router.
Mini USB Driver Installation
⚫ Installation of drivers for the USB connection may be required.

Mini USB Access Setup Procedures
Please configure the login password (maximum length 16)

Enter password:huawei
Confirm password:huawei
<Huawei>
Summary
 If an Ethernet broadcast occurs such as in the case of ARP, to which the
destination is local, what will the response of the gateway be?
 Which versions of VRP are currently supported by Huawei products?
Thank You
www.huawei.com
Navigating the CLI

Foreword
⚫ The implementation of Huawei devices in an enterprise network requires a
level of knowledge and capability in the navigation of the VRP command
line interface, and configuration of system settings. The principle command
line architecture is therefore introduced as part of this section along with
navigation, help functions and common system settings that are required
to be understood for the successful configuration of any VRP managed
device.
Objectives
 Navigate the VRP command line interface.
 Configure basic VRP system settings.
 Perform basic VRP interface configuration and management.
Starting A Device
BIOS Creation Date : Jan 5 2013, 18:00:24

DDR DRAM init : OK
Start Memory Test ? ('t' or 'T' is test):skip
Copying Data : Done
Uncompressing : Done
……
Press Ctrl+B to break auto startup ... 1
Now boot from flash:/AR2220E-V200R007C00SPC600.cc,
……
<Huawei>
Warning: Auto-Config is working. Before configuring the device, stop
Auto-Config. If you perform configurations when Auto-Config is
running, the DHCP, routing, DNS, and VTY configurations will be lost.
Do you want to stop Auto-Config? [y/n]:Y
CLI Command Line Views
View the running status

User View and statistics of the device.
System View Set the system parameters

of the device.
Interface View Configure interface

parameters.
Protocol View Configure most routing

protocol parameters.
<Huawei>system-view
Enter system view, return user view with Ctrl+Z.
[Huawei]interface GigabitEthernet 0/0/0
[Huawei-GigabitEthernet0/0/0]
CLI Functions
Command Function
CTRL+A Moves the cursor to the beginning of the current line.
CTRL+C Stops performing current functions.
CTRL+Z Returns to the user view.
CTRL+] Stops incoming connections or redirects the connections.
<Huawei>system-view
[Huawei]^z //Ctrl+Z
<Huawei>
CLI Functions
Command Function
Deletes the character on the left of the cursor, and moves

Backspace
the cursor to the left.
← or Ctrl+B Moves the cursor a single character space to the left.
→ or Ctrl+F Moves the cursor a single character space to the right.
TAB Completes any incomplete keyword that is entered.
[Huawei]inter //TAB
[Huawei]interface
⚫ The tab key will auto-complete an entered character string.

CLI Help Features
<Huawei> d?
Partial Help
<Huawei> display h?
Command Line H elp
<Huawei> ?
Complete Help
<Huawei> display ?
[Huawei]d?
ddns dhcp
dhcpv6 diagnose
display dns
domain dot1x
CLI Basic Device Setup
Command Function
sysname Configures the Device Name.
<Huawei>system-view
[Huawei]sysname RTA
[RTA]
⚫ The system name should be assigned to uniquely identify each device

within an enterprise network.
CLI Clock Settings
Command Function
clock timezone Sets the time zone.
clock datetime Sets the current time and date.
clock daylight-saving-time Sets the daylight saving time.
<Huawei>clock timezone BJ add 08:00:00

<Huawei>clock datetime 10:20:29 2016-04-11
<Huawei>display clock
2016-04-11 10:20:48
Thursday
Time Zone(BJ) : UTC+08:00
CLI Header Messages
Command Function
Sets the header that is displayed on a terminal when a user is

header login
authenticated by a device.
Sets the header that is displayed on a terminal after the user logs into
header shell
the device.
[Huawei]header login information "welcome to huawei certification!"

[Huawei]header shell information "Please don't reboot the device!"
……
welcome to huawei certification!
Login authentication
Password:
Please don't reboot the device!
<Huawei>
CLI Command Levels
User Level Command Level Name

0 0 Visit level
1 0 and 1 Monitoring level
2 0,1 and 2 Configuration level
3-15 0,1,2 and 3 Management level
<Huawei> system-view
[Huawei]command-privilege level 3 view user save
⚫ Privilege levels manage user access to commands.

CLI User Interfaces
User Interface Relative Number
Console 0
VTY 0-4
<Huawei>system-view
[Huawei]user-interface vty 0 4
[Huawei-ui-vty0-4]
⚫ The VTY number can be extended to a range of 0-14 for additional

Telnet/SSH user connections.
CLI Terminal Attributes
Command Function
idle-timeout Sets the timeout duration of the user connection.
Sets the number of lines displayed on each terminal

screen-length
screen after a command is executed.
history-command
Sets the size of the history command buffer.
max-size
# Set the size of the history command buffer to 20.

<Huawei>system-view
[Huawei]user-interface console 0
[Huawei-ui-console0]history-command max-size 20
# Set the timeout duration to 1 minute and 30 seconds.
[Huawei-ui-console0]idle-timeout 1 30
CLI Interface Permissions
Command Function
user privilege Configures the user level.
set authentication password Configures a local authentication password.
# Set the user level on the VTY0 user interface to 2.

<Huawei>system-view
[Huawei]user-interface vty 0
[Huawei-ui-vty0]user privilege level 2
[Huawei-ui-vty0-4]set authentication password cipher
Enter Password(<8-128>):huawei123
CLI Interface Configuration
RTA RTB
10.0.12.1/24
1.1.1.1/32
G0/0/0 G0/0/0
# Configure an IP address of 10.0.12.1/24 on interface G0/0/0

and an IP address of 1.1.1.1/32 on loopback interface 0.
<Huawei>system-view
[Huawei]interface GigabitEthernet 0/0/0
[Huawei-GigabitEthernet0/0/0]ip address 10.0.12.1 255.255.255.0
[Huawei-GigabitEthernet0/0/0]interface loopback 0
[Huawei-LoopBack0]ip address 1.1.1.1 32
Summary
 How many users are able to connect via the console interface at any given time?
 What is the state of the loopback interface 0 when the command loopback
interface 0 is used?
Thank You
www.huawei.com
File System Navigation and Management

Foreword
⚫ The file system represents the underlying platform on which VRP operates,
and where system files are stored within the physical storage devices of the
product. The capability to navigate and manage this file system is
necessary to ensure effective management of the configuration files, VRP
software upgrades and ensure that the physical devices contained within
each product are well maintained.
Objectives
 Successfully navigate the device file system
 Manipulate the file system files and folders.
 Manage Huawei router and switch storage devices.
Viewing the File System
Function Command
Change directory cd
View current directory pwd
View content of directory dir
View file content more
<Quidway>dir
Directory of flash:/
Idx Attr Size(Byte) Date Time FileName
0 drw- - Apr 10 2016 09:30:35 src
1 -rw- 28 Apr 10 2016 09:31:38 private-data.txt
2 -rw- 120 Apr 10 2016 09:32:38 wzbk1.cfg
32,004 KB total (31,995 KB free)
Manipulating the File System
Function Command
Make directory mkdir
Remove directory rmdir
<Quidway>mkdir test
Info: Create directory flash:/test......Done.
<Quidway>dir
0 drw- - Apr 10 2016 09:30:35 src
2 -rw- 120 Apr 10 2016 09:32:38 wzbk1.cfg
3 drw- - Apr 10 2016 09:53:11 test
Function Command
Copy file copy
Move file move
Rename file rename
<Quidway>rename test huawei

Rename flash:/test to flash:/huawei ?[Y/N]:y
Info: Rename file flash:/test to flash:/huawei ......Done.
<Quidway>dir
0 drw- - Apr 10 2016 09:30:35 src
2 -rw- 120 Apr 10 2016 09:32:38 wzbk1.cfg
3 drw- - Apr 10 2016 09:53:11 huawei
Function Command
Delete or permanently delete file delete /unreserved
Recover file undelete
Permanently clear the recycle bin reset recycle-bin
<Quidway>delete /unreserved flash:/wzbk1.cfg

<Quidway>dir
0 drw- - Apr 10 2016 09:30:35 src
2 drw- - Apr 10 2016 09:53:11 huawei
Configuration File Management System
Current- Saved-
Configuration File Save Configuration File
Load
RAM Flash
⚫ Current configuration loaded from saved configuration in system flash

memory at system startup.
Viewing Configuration Files
Command Function
display current-configuration View the current configuration
display saved-configuration View the saved configuration
<Huawei>display current-configuration
#
sysname Huawei
……
#
return
<Huawei>display saved-configuration
#
sysname Huawei
……
#
return
Saving the Configuration File
Command Function
Save Save the current configuration
<Huawei>save
The current configuration will be written to the device.
Are you sure to continue?[Y/N]y
It will take several minutes to save configuration file, please
wait...............
Configuration file had been saved successfully
Note: The configuration file will take effect after being activated
Viewing the Startup Parameters
Command Function
Display startup View the current startup parameters
<Huawei>display startup
MainBoard:
Configured startup system software: flash:/ar2220.cc
Startup system software: flash:/ar2220.cc
Next startup system software: NULL
Startup saved-configuration file: flash:/vrpcfg.zip
Next startup saved-configuration file: flash:/vrpcfg.zip
Startup paf file: NULL
Next startup paf file: NULL
Startup license file: NULL
Next startup license file: NULL
Startup patch package: NULL
Next startup patch package: NULL
Changing the Startup Parameters
Command Function
Specify saved configuration file to load at

startup saved-configuration
startup
<Huawei>startup saved-configuration flash:/huawei.zip

Info: Succeeded in setting the configuration for booting system.
<Huawei>display startup
MainBoard:
Next startup system software: NULL
Startup saved-configuration file: flash:/vrpcfg.zip
Next startup saved-configuration file: flash:/huawei.zip
Startup paf file: NULL
Next startup paf file: NULL
Startup license file: NULL
Next startup license file: NULL
Startup patch package: NULL
Next startup patch package: NULL
Comparing Configuration Files
Command Function
compare configuration Compare configuration files
<Huawei>compare configuration
====== Current configuration line 36 ======
ip address 10.1.1.1 255.255.255.0
#
interface GigabitEthernet0/0/2
#
#
interface NULL0
====== Configuration file line 37 ======
#
#
interface NULL0
Clearing the Configuration File
Command Function
reset saved-configuration Erase saved configuration file
<Huawei>reset saved-configuration
Warning: This will delete the configuration in the flash memory.
The device configurations will be erased to reconfigure. Are you
soure? [Y/N]:y
Info: Clear the configuration in the device successfully.
Storage Device Types
 SDRAM <Huawei>display version

……
 Flash
SDRAM Memory Size : 1024 M bytes
 NVRAM Flash Memory Size : 512 M bytes

NVRAM Memory Size : 512 K bytes
 SD Card ……
 USB
Erasing Storage Devices
<Huawei>format flash:
All data(include configuration and system startup file) on flash:
will be lost, proceed with format? (y/n)[n]:
<Huawei>format sd1:
All data(include configuration and system startup file) on sd1: will
be lost, proceed with format? (y/n)[n]:
⚫ Care should be taken when using the format commands, as data will be lost.
Repairing the Storage Device
<Huawei>fixdisk flash:
Fixdisk flash: will take long time if needed
%Fixdisk flash: completed.
<Huawei>fixdisk sd1:
sd1:/ - disk check in progress.............sd1:/ - Volume is OK
total # of clusters: 481,869
# of free clusters: 455,777
# of bad clusters:
total free space: 1,780 Mb
.............. max contiguous free space: 1,789,952,000 bytes
# of files: 22
......
%Fixdisk sd1: completed.
Summary
 What does the d in the drwx attribute of the file system represent?
 How can a configuration file stored within the file system of a device be
implemented for use by the device?
Thank You
www.huawei.com
VRP Operating System Image
Management
Foreword
⚫ Effective network administration and management within an enterprise
network relies on all devices maintaining backup files in the event of
system failures or other events that may result in loss of important systems
files and data. Remote servers that use the file transfer protocol (FTP)
service are often used to ensure files are maintained for backup and
retrieval purposes as and when needed. The means for establishing
communication with such application services is introduced in this section.
Objectives
 Explain the importance of maintaining up-to-date versions of VRP.
 Establish a client relationship with an FTP server.
 Successfully upgrade a VRP system image.
Upgrading the VRP Image
VRP Version 5.160

Product V200R007C00
VRP Version 5.90

Product V200R001C00
⚫ New version upgrades may sometimes be required to support new

features and updates to the versatile routing platform (VRP).
File Transfer
RTA FTP Server
VRP Upgrade
Log file
Configuration file
⚫ File transfer may be used to retrieve VRP image files, as well as backup log
and configuration files.
File Transfer Methods
RTA FTP Server
TCP Connection
FTP
RTB TFTP Server
TFTP(UDP)
⚫ Common forms of file transfer include FTP and TFTP, that respectively vary
in the transport layer protocols used.
VRP Upgrade Process
RTA FTP Server
FTP
G0/0/1
10.1.1.1/24 10.1.1.2/24
<huawei>system-view
[huawei]sysname RTA
[RTA]interface GigabitEthernet 0/0/1
[RTA-GigabitEthernet0/0/1]ip address 10.1.1.1 24
……
Storage Space Availability
RTA FTP Server
FTP
G0/0/1
10.1.1.1/24 10.1.1.2/24
<RTA>dir
……
<RTA> delete /unreserved flash:/ar2220.cc
……
⚫ Where the storage capacity is inadequate for image transfer, older images
and files can be removed.
Retrieving Files from an FTP Server
RTA FTP Server
FTP
G0/0/1
10.1.1.1/24 10.1.1.2/24
<RTA>ftp 10.1.1.2
Trying 10.1.1.2 ...
Press CTRL+K to abort
Connected to 10.1.1.2.
220 FTP service ready.
User(10.1.1.2:(none)):huawei
331 Password required for huawei.
Enter password:
230 User logged in.
[ftp]get vrp.cc
Retrieving Files from a TFTP Server
RTA TFTP Server
TFTP
G0/0/1
10.1.1.1/24 10.1.1.2/24
<RTA>tftp 10.1.1.2 get AR2220E-V200R007C00SPC600.cc
⚫ A single command including the destination IP address is used to retrieve

files from a TFTP server.
VRP Boot Management Process
RTA FTP Server
G0/0/1
10.1.1.1/24 10.1.1.2/24
<RTA>startup system-software vrp.cc

Info: Succeeded in setting the software for booting system
<RTA>display startup
MainBoard:
Next startup system software: vrp.cc
Startup saved-configuration file: NULL
Next startup saved-configuration file: NULL
……
Applying the Changes
RTA FTP Server
G0/0/1
10.1.1.1/24 10.1.1.2/24
<RTA>reboot
Info: The system is now comparing the configuration, please
wait.
Warning: All the configuration will be saved to the
configuration file for the next startup, Continue?[Y/N]:n
System will reboot! Continue?[Y/N]:y
⚫ The system must be restarted before the new image can take effect.
Summary
 What should be configured on the client in order to establish a connection with
an FTP server?
 How can a user confirm that changes to the startup software have taken effect
after a reboot of the device?
Thank You
www.huawei.com
Establishing a Single Switched Network

Foreword
⚫ The introduction of a switching device as part of the enterprise network
demonstrates how networks are able to expand beyond point-to-point
connections, and shared networks in which collisions may occur. The
behavior of the enterprise switch when introduced to the local area
network is detailed along with an understanding of the handling of unicast
and broadcast type frames, to demonstrate how switches enable networks
to overcome the performance obstacles of shared networks.
Objectives
 Explain the decision making process of a link layer switch.
 Configure parameters for negotiation on a link layer switch.
Building a Single Switched Network
Switch A
G0/0/1 G0/0/3
G0/0/2

IP: 10.1.1.1/24 IP: 10.1.1.2/24 IP: 10.1.1.3/24
MAC:00-01-02-03-04-AA MAC:00-01-02-03-04-BB MAC:00-01-02-03-04-CC
⚫ Switches operate within the scope of the data link layer.

The Initial State of The Switch
Switch A MAC Address Table
MAC Interface
G0/0/1
G0/0/2 G0/0/3

IP: 10.1.1.1/24 IP: 10.1.1.2/24 IP: 10.1.1.3/24
⚫ Each switch uses a MAC table for making forwarding decisions.

MAC Address Learning
Switch A MAC Address Table
MAC Interface
00-01-02-03-04-AA G0/0/1
G0/0/3
G0/0/1 G0/0/2

IP: 10.1.1.1/24 IP: 10.1.1.2/24 IP: 10.1.1.3/24
⚫ The source MAC addresses of received frames are recorded.

Forwarding The First Data
Switch A
G0/0/1
G0/0/2 G0/0/3

IP: 10.1.1.1/24 IP: 10.1.1.2/24 IP: 10.1.1.3/24
⚫ Frames destined for unknown link layer destinations are flooded.

The Destination Reply
Switch A
MAC Interface
G0/0/1
00-01-02-03-04-AA G0/0/1
G0/0/ G0/0/3
00-01-02-03-04-CC G0/0/3
2

IP: 10.1.1.1/24 IP: 10.1.1.2/24 IP: 10.1.1.3/24
⚫ Frames are forwarded to destinations based on the MAC table.

Basic Configuration
Switch A Host A
G0/0/1
<SWA>system-view
[SWA]interface GigabitEthernet 0/0/1
[SWA-GigabitEthernet0/0/1]undo negotiation auto
[SWA-GigabitEthernet0/0/1]duplex full
[SWA-GigabitEthernet0/0/1]speed 100
Basic Configuration Verification
Switch A Host A
G0/0/1
[SWA]display interface GigabitEthernet 0/0/1

GigabitEthernet0/0/1 current state : UP
Line protocol current state : UP
……
Speed : 100, Loopback: NONE
Duplex: FULL, Negotiation: DISABLE
Summary
 If a switch records the source MAC address of a host device on a port interface,
and the physical connection of the host is then changed to another port
interface on the switch, what action would the switch take?
Thank You
www.huawei.com
Spanning Tree Protocol

Foreword
⚫ As the enterprise network expands, multi-switched networks are
introduced to provide link layer communication between a growing
number of end systems. As new interconnections are formed between
multiple enterprise switches, new opportunities for building ever resilient
networks are made possible, however the potential for switching failure as
a result of loops becomes ever more likely. It is necessary that the spanning
tree protocol (STP) therefore be understood in terms of behavior in
preventing switching loops, and how it can be manipulated to suit
enterprise network design and performance.
Objectives
 Describe the issues faced when using a multi-switched network.
 Explain the loop prevention process of the spanning tree protocol.
 Configure parameters for managing the STP network design.
Layer 2 Redundancy
Switch A Switch B
Switch C Switch D Switch E
⚫ Redundancy in a switching network minimizes connection failure but

generates potential switching loops.
Broadcast Storms
Switch B
G0/0/3 Host A
G0/0/2
00-01-02-03-04-AA
Switch A
Host B
Switch C
00-01-02-03-04-BB
⚫ Switching loops allow for broadcast storms to occur and duplication of

frames to be received by end stations.
MAC Instability
Switch B
Host A
G0/0/3
G0/0/2
00-01-02-03-04-AA
Switch A
MAC Interface
00-01-02-03-04-AA G0/0/3
00-01-02-03-04-AA G0/0/2
Host B
Switch C
00-01-02-03-04-BB
⚫ Receiving previously forwarded frames generates false MAC entries, and

instability within the MAC address table.
Resolving Layer 2 Redundancy Issues
Switch B
G0/0/3 Host A
G0/0/2
00-01-02-03-04-AA
Switch A
Host B
Switch C
00-01-02-03-04-BB
⚫ Loops are eliminated by restricting traffic flow over redundant paths.
The Spanning Tree Root Bridge
Root
Non-Root Non-Root
Non-Root Non-Root Non-Root
⚫ An inverted tree architecture is created as a result of STP.
⚫ The root bridge represents the base of the spanning tree.

Bridge ID
4096 00-01-02-03-04-AA
Root
32768 00-01-02-03-04-BB 32768 00-01-02-03-04-CC
32768 00-01-02-03-04-DD 32768 00-01-02-03-04-EE 32768 00-01-02-03-04-FF
⚫ Bridge Identifiers are used to elect the root bridge.
⚫ The bridge priority can be manipulated to force root selection.

Bridge Protocol Data Unit
Root
BPDU BPDU
BPDU Root Bridge Port Message Max Hello Fwd

PID PVI Flags RPC
Type ID ID ID Age Age Time Delay
Configuration TCN
Path Cost
Root
RPC 0 RPC 0
20000 20000
RPC 20000 20000
20000
20000
RPC 20000 RPC 20000 RPC 20000
20000 20000 20000
20000
⚫ Root path cost is carried in the BPDU and used to determine the shortest
path to the root.
Path Cost Standards
Path Cost
Port Speed 802.1D 802.1t
Legacy
10 Mbps 99 1999999 1999
100 Mbps 18 199999 199
1 Gbps 4 20000 20
10 Gbps 2 2000 2
⚫ STP supports various path cost standards.
⚫ The 802.1t is the default standard used by Huawei switches.

Spanning Tree Port Roles
Root
RPC 0 RPC 0
D D
R RPC 20000 R
A D
RPC 20000 RPC 20000 RPC 20000

D D D
R R R
⚫ Spanning tree supports designated, root and alternate port roles.
⚫ The root path cost enables port roles to be determined.

Port ID
4096 00-01-02-03-04-AA 32768 00-01-02-03-04-BB

RPC 0 128.1
D R
Root
D A
D RPC 0 128.2
D 128.3
A 128.2
R
128.1
32768 00-01-02-03-04-CC
⚫ Where the root path cost is equal, a port identifier is used to determine the
active and alternate paths to the root.
Timers
BPDU Interval MSG Age: 0

(2 seconds) MAX Age: 20
MSG Age: 1 MSG Age: 1

MAX Age: 20 MAX Age: 20
MSG Age: 2 MSG Age: 2

MAX Age: 20 MAX Age: 20
⚫ The MAX Age represents the aging timer of a BPDU.
⚫ BPDU are discarded when Message Age exceeds MAX Age.

Root Election Process
Switch A
32768 00-e0-fc-16-ee-43
BPDU BPDU
BPDU BPDU
BPDU
Switch B Switch C
32768 00-e0-fc-41-42-59
BPDU 32768 00-e0-fc-41-43-69
⚫ All STP switches advertise BDPU to peers with self as root.

Port Role Establishment Process
Switch A
32768 00-e0-fc-16-ee-43
Root
G0/0/1 G0/0/2
D D
RPC 0 RPC 0
Root Port Root Port

G0/0/1 RPC 20000 G0/0/1
D A
Switch B Switch C
G0/0/2 G0/0/2
32768 00-e0-fc-41-42-59 RPC 20000 32768 00-e0-fc-41-43-69
⚫ The Bridge ID and Root Path Cost are used to elect port roles.
Port State Transition
Disabled
① ⑤
⑤
③
Forwarding Blocking
⑤ ③
③
④ ⑤
Learning Listening
④
Root Failure
Switch A
Root
SWD SWE
MAX Age MAX Age

BPDU
Switch B Switch C
BPDU
⚫ Non root bridges wait for MAX Age before assuming loss of root.
⚫ Re-convergence is then initiated, beginning with root election.

Indirect Link Failure
Switch A
Root
BPDU
Switch B Switch C
A
BPDU
⚫ Switch B begins root election, but BPDU is ignored by Switch C.
⚫ Root BDPU is propagated to switch B after MAX Age expires.

Direct Link Failure
4096 00-01-02-03-04-AA 32768 00-01-02-03-04-BB

RPC 0 128.1
Switch A D R Switch B
Root
D A
D RPC 0 128.2
D
A
R Switch C
32768 00-01-02-03-04-CC
⚫ Switch B detects failure and switches alternate port to root port.
⚫ STP converges after 2x forward delay (30 seconds by default).

Topology Change MAC Instability
Switch B
G0/0/3 Host A
G0/0/2
A 00-01-02-03-04-AA
Switch A
MAC Interface
00-01-02-03-04-AA G0/0/3
00-01-02-03-04-BB G0/0/2
R
Host B
Switch C
00-01-02-03-04-BB
⚫ Changes in the STP topology may invalidate MAC table entries.
⚫ MAC table entries expire only after 300 seconds by default.

Topology Change Process
Root
BPDU BPDU
TCN BPDU
BPDU BPDU BPDU
TCN BPDU
TCN BPDU BPDU
⚫ Topology Change Notification informs root of topology change.
⚫ Root flushes MAC entries using BPDU with TC bit set.

Topology Change MAC Refresh
Host A
Switch B
G0/0/3
G0/0/2 00-01-02-03-04-AA
Switch A G0/0/1 D
MAC Interface
00-01-02-03-04-AA G0/0/3
00-01-02-03-04-BB G0/0/2
Root G0/0/1
R 00-01-02-03-04-BB G0/0/1
Switch C Host B
00-01-02-03-04-BB
STP Modes
Switch A
Switch B Switch C
[SWA]stp mode ?
mstp Multiple Spanning Tree Protocol (MSTP) mode
rstp Rapid Spanning Tree Protocol (RSTP) mode
stp Spanning Tree Protocol (STP) mode
[SWA]stp mode stp
Assigning The Root
Switch A 4096 00-01-02-03-04-AA
Switch B Switch C
32768 00-01-02-03-04-BB 32768 00-01-02-03-04-CC
[SWA]stp priority 4096

Apr 15 2016 16:15:33-08:00 SWA DS/4/DATASYNC_CFGCHANGE:OID
1.3.6.1.4.1.2011.5.25.191.3.1 configurations have been
changed. The current change number is 4, the change loop
count is 0, and the maximum number of records is 4095.
⚫ Root can be set manually or by defining the switch as primary.

Assigning Path Cost
Switch A 4096 00-01-02-03-04-AA
Switch B Switch C
32768 00-01-02-03-04-BB 32768 00-01-02-03-04-CC
[SWC]stp pathcost-standard ?
dot1d-1998 IEEE 802.1D-1998
dot1t IEEE 802.1T
legacy Legacy
[SWC]interface GigabitEthernet 0/0/1
[SWC-GigabitEthernet0/0/1]stp cost 2000
Root Protection
Switch A 4096 00-01-02-03-04-AA
Switch B Switch C
32768 00-01-02-03-04-BB 32768 00-01-02-03-04-CC

[SWA-GigabitEthernet0/0/1]stp root-protection
⚫ Root protection prevents changes to the topology as a result of root

bridge transition, caused by receiving higher priority BPDU.
Configuration Validation
[SWA]display stp
-------[CIST Global Info][Mode STP]-------
CIST Bridge :4096 .00-01-02-03-04-BB
Bridge Times :Hello 2s MaxAge 20s FwDly 15s MaxHop 20
CIST Root/ERPC :4096 .00-01-02-03-04-BB / 0
CIST RegRoot/IRPC :4096 .00-01-02-03-04-BB / 0
CIST RootPortId :0.0
BPDU-Protection :Disabled
TC or TCN received :37
TC count per hello :0
STP Converge Mode :Normal
Share region-configuration :Enabled
Time since last TC :0 days 0h:1m:29s
……
[SWA]display stp
……
----[Port1(GigabitEthernet0/0/1)][FORWARDING]----
Port Protocol :Enabled
Port Role :Designated Port
Port Priority :128
Port Cost(Dot1T ) :Config=2000 / Active=2000
Designated Bridge/Port :4096.00-01-02-03-04-BB / 128.1
Port Edged :Config=default / Active=disabled
Point-to-point :Config=auto / Active=true
Transit Limit :147 packets/hello-time
Protection Type :Root
……
Summary
 In the event that a root bridge (switch) temporarily fails in the STP network, the
next viable switch will take over as the root bridge. What will occur once the
failed root bridge once again becomes active in the network?
 What is the difference between Path Cost and Root Path Cost?
Thank You
www.huawei.com
Rapid Spanning Tree Protocol

Foreword
⚫ The original STP standard was defined in 1998 for which a number of
limitations were discovered, particularly in the time needed for
convergence to occur. In light of this, Rapid Spanning Tree Protocol (RSTP)
was introduced. The fundamental characteristics of RSTP are understood to
follow the basis of STP, therefore the characteristic differences found
within RSTP are emphasized within this section.
Objectives
 Describe the characteristics associated with RSTP.
 Configure RSTP parameters.
STP Weakness
STP RSTP
Convergence Timers Proposal & Agreement

(30-50 seconds) Immediate Negotiation
RSTP Port Roles
D R
Root
D A
D D
A
R D
Roles Description
A backup path to downstream nodes, where redundant links
Backup
exist on the same LAN segment as the designated port.
An alternate path to the root bridge that differs from the path
Alternate
provided by the root port of the switch.
RSTP Edge Ports
D R
Root
D A
D D
A
R
Edge Port
⚫ Systems that do not participate in RSTP connect to edge ports.
⚫ Edge ports do not receive BDPU and can instantly forward data.
Port States of RSTP
STP RSTP Port Role
Disabled Discarding Disabled
Blocking Discarding Alternate or Backup
Listening Discarding Root or Designated
Learning Learning Root or Designated
Forwarding Forwarding Root or Designated
RST BPDU
BPDU Root Bridge Port Message Max Hello Fwd

PID PVI Flags RPC
Type ID ID ID Age Age Time Delay
Bit7 Bit6 Bit5 Bit4 Bit3 Bit2 Bit1 Bit0

TCA Agreement Forwarding Learning Port Role Proposal TC
Port Role = 00 Unknown

01 Alternate/Backup Port
10 Root Port
11 Designated Port
⚫ Unused fields of the STP BPDU are active within RSTP.
⚫ New capabilities are introduced as part of RSTP.

RST BPDU
Switch A
RST BPDU RST BPDU
Switch B Switch C
RST BPDU
⚫ Designated switches generate their own BDPU at Hello time, regardless of

whether an RST BPDU has been received.
RSTP Convergence
Switch A
32768 00-e0-fc-16-ee-43
D D
D D
D D
Switch B Switch C
32768 00-e0-fc-41-42-59 32768 00-e0-fc-41-43-69
⚫ All RSTP enabled switches begin as root and send RST BPDU.
⚫ Ports are set to a designated role and a discarding state.

RST BPDU Proposal
Switch A
32768 00-e0-fc-16-ee-43
D D
RST BPDU
RST BPDU
D D
D D
Switch B Switch C
32768 00-e0-fc-41-42-59 32768 00-e0-fc-41-43-69
⚫ Proposals are sent in RST BPDU during root election.
⚫ A switch will ignore a proposal if it has a better bridge ID.

RSTP Synchronization Process
Switch A
32768 00-e0-fc-16-ee-43
D D
RST BPDU
D D
D
Switch B Switch C
32768 00-e0-fc-41-42-59 32768 00-e0-fc-41-43-69
⚫ Upon receiving a superior BPDU, Switch B will cease to send RST BDPU
containing proposals and begin to synchronize.
RST BPDU Agreement
Switch A
32768 00-e0-fc-16-ee-43
D D
RST BPDU
R D
D
Switch B Switch C
32768 00-e0-fc-41-42-59 32768 00-e0-fc-41-43-69
⚫ Once all downstream non-edge designated ports have been blocked,

Switch B will send an agreement with the RST BPDU.
RSTP Converged Link
Switch A
32768 00-e0-fc-16-ee-43
D D
RST BPDU
R RST BPDU D
D D
Switch B Switch C
RST BPDU
32768 00-e0-fc-41-42-59 32768 00-e0-fc-41-43-69
⚫ The downstream port is again unblocked and a new round of synchronization

occurs between Switch B and Switch C.
Link/Root Failure
Switch A
32768 00-e0-fc-16-ee-43
RST BPDU
D D
Switch B Switch C
RST BPDU
32768 00-e0-fc-41-42-59 32768 00-e0-fc-41-43-69
⚫ Loss of upstream RST BPDU signals link/device failure.
⚫ Proposal and agreement based convergence will ensue.

Topology Change Process
Switch A
32768 00-e0-fc-16-ee-43
RST BPDU
RST BPDU
D R
Switch B Switch C
32768 00-e0-fc-41-42-59 32768 00-e0-fc-41-43-69
⚫ During the sending of an agreement, addresses are flushed for all ports
except the port on which the RST BPDU was received.
STP Inter-Operation
Switch A
32768 00-e0-fc-16-ee-43
D D
RST BPDU BPDU
R R
STP Enabled
D A
Switch B Switch C
BPDU
32768 00-e0-fc-41-42-59 32768 00-e0-fc-41-43-69
⚫ RSTP switch ports will revert to STP when connected to a LAN segment
containing an STP enabled device.
Setting the Mode
Switch A Switch B
Root
[SWA]stp mode rstp
Switch C
⚫ The stp mode rstp command allows all ports of the switch to generate RST BPDU.
[SWA]display stp
-------[CIST Global Info][Mode RSTP]-------
CIST Bridge :32768.00-e0-fc-16-ee-43
Bridge Times :Hello 2s MaxAge 20s FwDly 15s MaxHop 20
CIST Root/ERPC :32768.00-e0-fc-16-ee-43 / 0
CIST RegRoot/IRPC :32768.00-e0-fc-16-ee-43 / 0
CIST RootPortId :0.0
BPDU-Protection :Disabled
TC or TCN received :37
TC count per hello :0
STP Converge Mode :Normal
Share region-configuration :Enabled
Time since last TC :0 days 0h:14m:43s
Setting the Edge Port
Switch A Switch B
Root
G0/0/3
Edge Port
Switch C
[SWC-GigabitEthernet0/0/3]stp edged-port enable
⚫ Allows for transition of the edge port to forwarding without delay.
⚫ Interfaces on the S5700 are non-edge ports by default.

Setting the Edge Port
Switch A Switch B
Root
G0/0/3
Edge Port
Switch C
[SWC]stp edged-port default
⚫ All ports on the switch will be configured as edge ports.
⚫ Care should be taken with this command to avoid STP loops.

BPDU Protection
Switch A Switch B
Root
BPDU
Switch C
[SWC]stp bpdu-protection
⚫ BPDU protection prevents the malicious injection of BPDU into RSTP.

Loop Protection
Switch A Switch B
Root
BPDU
A
R
G0/0/1
Switch C
[SWC-GigabitEthernet0/0/1]stp loop-protection
⚫ If BDPU fail to be received by the downstream switch, the root port is

blocked to prevent switching loops from occurring.
[SWC]display stp interface GigabitEthernet 0/0/1

----[CIST][Port1(GigabitEthernet0/0/1)][FORWARDING]----
Port Protocol :Enabled
Port Role :Root Port
Port Priority :128
Port Cost(Dot1T ) :Config=auto / Active=20000
Designated Bridge/Port :32768.00-e0-fc-16-ee-43 / 128.1
Port Edged :Config=default / Active=disabled
Point-to-point :Config=auto / Active=true
Transit Limit :147 packets/hello-time
Protection Type :Loop
Port STP Mode :RSTP
Port Protocol Type :Config=auto / Active=dot1s
BPDU Encapsulation :Config=stp / Active=stp
……
Summary
 What is the purpose of the sync that occurs during the RSTP proposal and
agreement process?
Thank You
www.huawei.com
Basic Knowledge of IP Routing

Foreword
⚫ The forwarding of frames and switching has introduced the data link layer
operations, and in particular the role of IEEE 802 based standards as the
supporting underlying communication mechanism, over which upper layer
protocol suites generally operate. With the introduction of routing, the
physics that define upper layer protocols and internetwork communication
are established. An enterprise network domain generally consists of
multiple networks for which routing decisions are needed to ensure
optimal routes are used, in order to forward IP packets (or datagrams) to
intended network destinations. This section introduces the foundations on
which such IP routing is based.
Objectives
 Explain the principles that govern IP routing decisions.
 Explain the basic requirements for packet forwarding.
Autonomous Systems
⚫ An IP network, or networks, controlled by one or more operators with a

clear policy that governs how routing decisions are made.
Local Area Network and Broadcast Domains
LAN 3
LAN 1 LAN 2
Broadcast Domain Broadcast Domain
Routing Decisions
?
Destination
⚫ Routers are responsible for the decision making process that determines
the path via which packets are forwarded.
IP Routing Table
[Huawei]display ip routing-table
Route Flags: R - relay, D - download to fib
-------------------------------------------------------------
Routing Tables: Public
Destinations : 2 Routes : 2
Destination/Mask Proto Pre Cost Flags NextHop Interface
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
⚫ The IP routing table lists the networks that are reachable via the router.
Packets that have no route are subsequently discarded.
Routing Decisions – Preference
OSPF OSPF
RTA 20.1.1.0/30 OSPF RTB
10.1.1.0/30
RIP RIP
30.1.1.0/30
[RTA]display ip routing-table
10.1.1.0/30 OSPF 10 60 RD 20.1.1.2 Ethernet0/0/0
……
Route Direct OSPF Static RIP

Preference 0 10 60 100
Routing Decisions – Metric
Metric = 100
20.1.1.0/30
RTA OSPF OSPF RTB
10.1.1.0/30
Ethernet0/0/1
OSPF OSPF
30.1.1.0/30
Metric = 50
10.1.1.0/30 OSPF 10 50 RD 30.1.1.2 Ethernet0/0/1
Establish IP Routing-table
10.1.1.0
RTA
G0/0/0
192.168.2.0
G0/0/1
192.168.1.0
路由来源目标网络出接口

Direct 10.1.1.0 G0/0/1
Static 192.168.1.0 G0/0/0
OSPF 192.168.2.0 G0/0/0
Routing Decisions – Longest Match
RTA RTB RTC
.1 20.1.1.0/30 .2 .2 10.1.1.0/30 .1
Ethernet0/0/0
10.1.1.0/24 Static 60 0 RD 20.1.1.2 Ethernet0/0/0
10.1.1.0/30 Static 60 0 RD 20.1.1.2 Ethernet0/0/0
⚫ Routes to the same network destination will be initially compared and

chosen based on a longest match.
Routing Table Forwarding Requirements
Interface Next Hop Destination
RTA RTB RTC
20.1.1.1/30 20.1.1.2/30
10.1.1.0/30
E0/0/0 E0/0/0
IP Packet
⚫ The forwarding of packets requires that the destination be known as well

as the forwarding interface and next-hop.
Summary
 What is the order in which routing decisions are made?
 What does the preference represent?
Thank You
www.huawei.com
IP Static Routes

Foreword
⚫ The implementation of routes within the IP routing table of a router can be
defined manually using static routes or through the use of dynamic routing
protocols. The manual configuration of routes enables direct control over
the routing table, however may result in route failure should a router’s
next-hop fail. The configuration of static routes however is often used to
compliment dynamic routing protocols to provide alternative routes in the
event dynamically discovered routes fail to provide a valid next-hop.
Knowledge of the various applications of static routes and configuration is
necessary for effective network administration.
Objectives
 Explain the different applications for static routes.
 Successfully configure static routes in the IP routing table.
Application for Static Route
Static Route
Gateway
⚫ Static routes define a means of path selection to other networks.
Static Route Behavior
RTA RTB
192.168.1.0/24 192.168.2.0/24
.1 .2
10.0.12.0/24
RTA RTB
192.168.1.0/24 192.168.2.0/24
.1 .2
10.0.12.0/24
⚫ The forwarding of packets based on a serial interface requires that the

outbound interface be defined.
Static Route Behavior
RTA
192.168.1.0/24
.1
.2 10.0.123.0/24 .3
192.168.2.0/24 192.168.3.0/24
RTB RTC
⚫ The forwarding of packets over broadcast networks such as Ethernet,

requires that the next-hop be defined.
Configuring a Static Route
RTA RTB
S1/0/0 S1/0/0
192.168.1.0/24 192.168.2.0/24
.1 .2
10.0.12.0/24
[RTB]ip route-static 192.168.1.0 255.255.255.0 10.0.12.1

[RTB]ip route-static 192.168.1.0 255.255.255.0 Serial 1/0/0
[RTB]ip route-static 192.168.1.0 24 Serial 1/0/0
⚫ A static route can be configured based on one of three variations.

Static Route Load Balancing
RTA RTB
G0/0/0 10.0.12.0/24 G0/0/0

192.168.1.0/24 192.168.2.0/24
.1 .2
G0/0/1 20.0.12.0/24 G0/0/1

⚫ Static routes support load balancing to the same destination where the
cost of routes are equal.
Verifying Static Route Load Balancing
[RTB]display ip routing-table
--------------------------------------------------------------
Routing Tables: Public Destinations : 13 Routes : 14
……
192.168.1.0/24 Static 60 0 RD 10.0.12.1 GigabitEthernet 0/0/0
Static 60 0 RD 20.0.12.1 GigabitEthernet 0/0/1
Floating Static Routes
RTA RTB
G0/0/0 10.0.12.0/24 G0/0/0

192.168.1.0/24 192.168.2.0/24
.1 .2
G0/0/1 20.0.12.0/24 G0/0/1

preference 100
⚫ Floating static routes provide an alternative route in the event that the
primary static route fails.
Floating Static Route Check
--------------------------------------------------------------
……
192.168.1.0/24 Static 60 0 RD 10.0.12.1 GigabitEthernet0/0/0
⚫ Prior to the failure of the primary route, only the primary static route will
be present within the routing table.
Floating Static Route Check
[RTB]interface GigabitEthernet 0/0/0

[RTB-GigabitEthernet 0/0/0]shutdown
--------------------------------------------------------------
……
192.168.1.0/24 Static 100 0 RD 20.0.12.1 GigabitEthernet 0/0/1
⚫ In disabling the primary route, the floating static route is then added to the
routing table.
Default Static Routes
RTA RTB
192.168.1.0/24
G0/0/0 G0/0/0
.1 .2 192.168.2.0/24
10.0.12.0/24 192.168.3.0/24
[RTA]ip route-static 0.0.0.0 0.0.0.0 10.0.12.2
⚫ Default routes provide a form of last resort route in the event that no other
longest match is found within the routing table.
Default Static Route Check
--------------------------------------------------------------
……
0.0.0.0/0 Static 60 0 RD 10.0.12.2 GigabitEthernet0/0/0
Summary
 What should be altered to enable a static route to become a floating static
route?
 Which network address should be defined to allow a default static route to be

implemented in the routing table?
Thank You
www.huawei.com
Link State Routing with OSPF

Foreword
⚫ OSPF is an interior gateway protocol (IGP) designed for IP networks, that is
founded on the principles of link state routing. The link state behavior
provides many alternative advantages for medium and even large
enterprise networks. Its application as an IGP is introduced along with
information relevant to the understanding of OSPF convergence and
implementation, for supporting OSPF in enterprise networks.
Objectives
 Explain the OSPF convergence process.
 Describe the different network types supported by OSPF.
 Successfully configure single area OSPF networks.
Open Shortest Path First（OSPF）
RTA
RTB Site B
OSPF
Site A
RTC
OSPF
⚫ Minimal Routing Traffic

Site C
⚫ Rapid Convergence
⚫ Scalable
⚫ Accurate Route Metrics
OSPF Convergence Behavior
RTB RTA
LSDB
OSPF LSA Flooding
LSA of RTA
Site A LSA of RTB
RTC LSA of RTC
destination next hop cost

SPF Algorithm
..... ..... ...
..... ..... ... Route Calculation
..... ..... ...
..... ..... ...
..... ..... ...
IP Routing Table Shortest Path Tree
Router ID
2.2.2.2 1.1.1.1
RTB RTA
RTC
3.3.3.3
⚫ A router ID is a 32-bit value used to identify each router running the OSPF protocol.
OSPF Supported Network Types
2.2.2.2 1.1.1.1
RTB RTA
Broadcast
3.3.3.3 4.4.4.4
RTC RTD
⚫ Ethernet based networks adopt the broadcast network type by default.

2.2.2.2 1.1.1.1
RTB RTA
Broadcast
2.2.2.2 1.1.1.1
RTB RTA
Point-to-Point
⚫ Serial technologies such as PPP and HDLC will default to the Point-to-Point
network type.
DR
ATM/FR ATM/FR
Non-Broadcast Multi-Access (NBMA) Point to Multi-Point
⚫ ATM & Frame Relay default to Non-Broadcast Multi-Access.

Designated Router & Backup Designated Router
1.1.1.1 2.2.2.2
RTA RTB
BDR DR
RTC RTD
3.3.3.3 4.4.4.4
⚫ Designated Routers limit the number of adjacencies necessary in broadcast

(Ethernet) networks.
Neighbor States
1.1.1.1 2.2.2.2
RTA RTB
Neighbor
Adjacent Adjacent
BDR DR
RTC RTD
3.3.3.3 4.4.4.4
⚫ Defines form of relationship between neighbors.
⚫ Two neighbor states are possible, neighbor and adjacent.

Link State Establishment
Down
Attempt
Init
2-Way Neighbor
ExStart
Exchange
Loading Full Adjacent
⚫ State changes allow for neighbor relationships to be achieved.

Neighbor Discovery
RTA RTB
Hello
Hello
Hello Interval Options Router Priority
Router Dead Interval
Designated Router
Backup Designated Router
Neighbor
⚫ The Hello protocol is responsible for neighbor discovery and maintenance

for two way communication between neighbors.
Designated Router Election
RTA RTB
Priority=0 (Priority=1)
Broadcast
DR (Priority=255)
Broadcast
RTC
RTD
DR (Priority=255)
[RTD]interface GigabitEthernet0/0/0
[RTD-GigabitEthernet0/0/0]ospf network-type p2p
⚫ A Designated Router is elected based on the priority value.

Backup Designated Router Election
RTA RTB
Priority=0 BDR (Priority=1)
Broadcast
DR (Priority=255)
Point-to-Point
RTC
RTD
⚫ The Backup Designated Router (BDR) forms adjacencies with all other
routers and will become the DR if the existing DR fails.
Database Synchronization
RTA (Router ID: 1.1.1.1) RTB (Router ID: 2.2.2.2)
DD, (Master)(Sequence=X)
DD, (Master)(Sequence=Y)
DD, (Slave)(Sequence=Y)
DD, (Master)(Sequence=Y+1)
DD, (Master)(Sequence=Y+1)
⚫ Neighboring routers form a master/slave relationship.
⚫ Database Description packets contain LSA header information.

Establishing Full Adjacency
Loading
Link State Request
Link State Update
Link State Request
Link State Update

Full
⚫ Missing or newer instances of LSA are requested using LSR.
⚫ The entire requested LSA is sent as an update.

OSPF Metric
G0/0/0

[RTA-GigabitEthernet0/0/0]ospf cost 20
[RTB]ospf
[RTB-ospf-1]bandwidth-reference 10000
⚫ The cost metric is based on the formula 108/bandwidth.
⚫ The bandwidth reference command improves metric accuracy.

Shortest Path Tree
RTB RTE
20.0.0.0/8 10.0.0.0/8
RTA RTD
RTC
192.168.2.0/24 192.168.1.0/24
[RTC]display ip routing-table
……
10.0.0.0/8 OSPF 10 20 D 192.168.1.4 G0/0/0
20.0.0.0/8 OSPF 10 20 D 192.168.1.4 G0/0/0
OSPF 10 20 D 192.168.2.1 G0/0/1
⚫ Each router calculates the shortest path to all other networks.

OSPF Areas – Single Area
RTA
Area 0 RTB
RTD RTF
RTC
RTE
⚫ A single link state database for the administrative domain.
⚫ Any area number can be assigned but area 0 is recommended.

OSPF Areas – Multi Area
RTA
Area 0 RTB
Area 1 Area 3
RTD RTF
RTC
RTE
Area 2
⚫ Areas build separate LS databases, minimize impact of change.

OSPF Network Advertisement
Area 0
RTA RTB
G0/0/0 G0/0/0
.1 192.168.1.0/24 .2
Router ID: 1.1.1.1 Router ID: 2.2.2.2
[RTA]ospf 1 router-id 1.1.1.1

[RTA-ospf-1]area 0
[RTA-ospf-1-area-0.0.0.0]network 192.168.1.0 0.0.0.255
⚫ The network command defines the network to be advertised.
⚫ Route advertisements are forwarded based on areas.

[RTA]display ospf peer
OSPF Process 1 with Router ID 1.1.1.1

Neighbors
Area 0.0.0.0 interface 192.168.1.1(GigabitEthernet0/0/0)'s neighbors

Router ID: 2.2.2.2 Address: 192.168.1.2
State: Full Mode:Nbr is Master Priority: 1
DR: 192.168.1.2 BDR: 192.168.1.1 MTU: 0
Dead timer due in 40 sec
Retrans timer interval: 5
Neighbor is up for 00:00:31
Authentication Sequence: [ 0 ]
OSPF Authentication
RTA RTB
G0/0/0 G0/0/0
Password:huawei
[RTA]interface GigabitEthernet0/0/0
[RTA-GigabitEthernet0/0/0]ospf authentication-mode md5 1 huawei
⚫ OSPF supports two forms of authentication, simple password or cryptographic

authentication.
<RTA>terminal debugging
<RTA>debugging ospf packet
Aug 19 2013 08:10:06.850.2+00:00 RTA RM/6/RMDEBUG: Source Address:
192.168.1.1
Aug 19 2013 08:10:06.850.3+00:00 RTA RM/6/RMDEBUG: Destination
Address: 224.0.0.5
……
Aug 19 2013 08:10:06.850.6+00:00 RTA RM/6/RMDEBUG: Area: 0.0.0.0,
Chksum: 0
Aug 19 2013 08:10:06.850.7+00:00 RTA RM/6/RMDEBUG: AuType: 02
Aug 19 2013 08:10:06.850.8+00:00 RTA RM/6/RMDEBUG: Key(ascii): * *
* * * * * *
OSPF Silent Interface
RTA RTB
G0/0/0 G0/0/0
192.168.1.0/24
[RTA]ospf
[RTA-ospf-1]silent-interface GigabitEthernet0/0/0
⚫ The silent-interface command prevents an interface from forming neighbor

relationships with peers.
[RTA]display ospf 1 interface GigabitEthernet0/0/0
OSPF Process 1 with Router ID 1.1.1.1

Interfaces
Interface: 192.168.1.1 (GigabitEthernet0/0/0)

Cost: 1 State: DR Type: Broadcast MTU: 1500
Priority: 1
Designated Router: 192.168.1.1
Backup Designated Router: 0.0.0.0
Timers: Hello 10 , Dead 40 , Poll 120 , Retransmit 5 , Transmit
Delay 1
Silent interface, No hellos
Summary
 What is the purpose of the dead interval in the OSPF header?
 In a broadcast network, what is the multicast address that is used by the

Designated Router (DR) and Backup Designated Router (BDR) for listening for
link state update information?
Thank You
www.huawei.com
DHCP Protocol Principles

Foreword
⚫ An enterprise network may often consist of a substantial number of host devices,
each requiring network parameters in the form of IP addressing and additional
network configuration information. Manual allocation is often a tedious and
inaccurate business which can lead to many end stations facing address
duplication or failure to reach services necessary for smooth network operation.
DHCP is an application layer protocol that is designed to automate the process of
providing such configuration information to clients within a TCP/IP network. DHCP
therefore aids in ensuring correct addressing is allocated, and reduces the burden
on administration for all enterprise networks. This section introduces the
application of DHCP within the enterprise network.
Objectives
 Describe the function of DHCP in the enterprise network.
 Explain the leasing process of DHCP.
 Configure DHCP pools for address leasing.
DHCP Application In The Enterprise Network
Request IP Address
Host A Switch
Assign IP Address
DHCP Server
Request IP Address
Host B
⚫ Networks comprising of a large number of users requires a central management

system for IP address allocation.
Address Allocation Mechanisms
DHCP Server
Server Management Users

Manual:192.168.1.1/24 Auto:192.168.1.8/24 Dynamic:192.168.1.10/24 -
192.168.1.252/24
⚫ DHCP supports three mechanisms for IP address allocation.

DHCP Messages
Message Types Function

DHCP DISCOVER Client broadcast used to locate available DHCP servers.
Server responds to DHCPDISCOVER with an offer of
DHCP OFFER
configuration parameters.
Client message to servers, either (a) requesting offered
parameters from one server and implicitly declining
offers from all others, (b) confirming the correctness of
DHCP REQUEST
previously allocated address after, e.g., system reboot,
or (c) extending the lease on a particular network
address.
Server confirmation sent to the client with
DHCP ACK configuration parameters, including committed
network address.
Server indicates to the client that client's requested
DHCP NAK
network address cannot be assigned.
Client relinquishes the network address to the server
DHCP RELEASE
and cancels the remaining lease.
Address Pools
Host B
Host A DHCP Server

10.1.1.254/24
G0/0/0
Pool2(global)
10.2.2.0/24
Pool Interface GigabitEthernet0/0/0

10.1.1.0/24
⚫ Address pools can be either global or interface based.

DHCP Address Acquisition
Host A DHCP Server
DHCP Discover (Broadcast) ①
DHCP Offer (Unicast) ②
DHCP Request (Broadcast) ③
DHCP ACK (Unicast) ④
DHCP Lease Renewal
Host A DHCP Server
DHCP Request (Unicast) ①

50% of lease
period remains
DHCP ACK ②
⚫ DHCP initiates an IP lease renewal process when a lease period of 50% remains.
DHCP Rebinding Expiry
Host A DHCP Server
DHCP Request (Unicast) ①

50% of lease
period remains
12.5% of lease DHCP Request (Broadcast) ②

period remains
DHCP ACK/NAK ③
⚫ Rebinding will occur if the lease is not renewed in time.

IP Address Release
Host A DHCP Server
DHCP Release
⚫ DHCP will result in the release of an IP address if the client fails to renew
the IP address before the lease expiry.
DHCP Interface Pool Configuration
G0/0/0
10.1.1.1/24
Host A DHCP Server
[Huawei]dhcp enable
[Huawei]interface GigabitEthernet0/0/0
[Huawei-GigabitEthernet0/0/0]dhcp select interface
[Huawei-GigabitEthernet0/0/0]dhcp server dns-list 10.1.1.2
[Huawei-GigabitEthernet0/0/0]dhcp server excluded-ip-address
10.1.1.2
[Huawei-GigabitEthernet0/0/0]dhcp server lease day 3
DHCP Configuration Validation
[Huawei]display ip pool interface GigabitEthernet0/0/0
Pool-name : GigabitEthernet0/0/0
Pool-No : 0
Lease : 3 Days 0 Hours 0 Minutes
Domain-name : huawei.com
DNS-Server0 : 10.1.1.2
NBNS-Server0 : -
Netbios-type : -
Position : Interface Status : Unlocked
Gateway-0 : 10.1.1.1
Mask : 255.255.255.0
VPN instance : --
----------------------------------------------------------------
Start End Total Used Idle(Expired) Conflict Disable
----------------------------------------------------------------
10.1.1.1 10.1.1.254 253 1 251(0) 0 1
DHCP Global Pool Configuration
G0/0/1
10.2.2.1/24
Host B DHCP Server
[Huawei]dhcp enable
[Huawei]ip pool pool2
Info: It's successful to create an IP address pool.
[Huawei-ip-pool-pool2]network 10.2.2.0 mask 24
[Huawei-ip-pool-pool2]gateway-list 10.2.2.1
[Huawei-ip-pool-pool2]lease day 1
[Huawei-ip-pool-pool2]quit
[Huawei]interface GigabitEthernet0/0/1
[Huawei-GigabitEthernet0/0/1]dhcp select global
⚫ Establishment of an address pool and associated parameters is implemented

on the DHCP server.
DHCP Configuration Validation
[Huawei]display ip pool
-------------------------------------------------------------
Pool-name : pool2
Pool-No : 0
Position : Local Status : Unlocked
Gateway-0 : 10.2.2.1
Mask : 255.255.255.0
VPN instance : --
IP address Statistic
Total :253
Used :1 Idle :252
Expired :0 Conflict :0 Disable :0
Summary
 Which IP addresses should generally be excluded from the address pool?
 What is the default IP address lease period?
Thank You
www.huawei.com
FTP Protocol Principles

Foreword
⚫ Early development of standards introduced the foundations of a file transfer
protocol, with the aim of promoting the sharing of files between remote locations
that were not impacted by variations in file storage systems among hosts. The
resulting FTP application was eventually adopted as part of the TCP/IP protocol
suite. The FTP service remains an integral part of networking as an application for
ensuring the reliable and efficient transfer of data, commonly implemented for
effective backup and retrieval of files and logs, thereby improving overall
management of the enterprise network. This section therefore introduces the
means for engineers and administrators to implement FTP services within Huawei
products.
Objectives
 Explain the file transfer process of FTP.
 Configure the FTP service on supporting Huawei devices.
FTP Application In the Enterprise Network
FTP Client FTP Server

VRP
Configuration File

Log File
⚫ FTP provides an effective means for backup and retrieval of important files.
FTP File Transfer Process
User User Interface
Control
Connection
User Protocol Server Protocol
Interpreter Interpreter
Data
User Data Connection Server Data
File System Transfer Transfer File System
Process Process
Client Server
⚫ FTP relies on two TCP connections for file transfer.

FTP Basic Concepts
ASCII Mode
Transmission Mode
Binary Mode
⚫ Transmission modes define the format of data before it is carried between

the sender and receiver.
FTP Service Establishment
172.16.1.2/24 172.16.1.1/24
[Huawei]ftp server enable

[Huawei]set default ftp-directory flash:/
⚫ The FTP service must be enabled and a default FTP directory specified for
file handling.
FTP Service User Establishment
172.16.1.2/24 172.16.1.1/24
[Huawei]aaa
[Huawei-aaa]local-user huawei password cipher huawei123
[Huawei-aaa]local-user huawei service-type ftp
[Huawei-aaa]local-user huawei ftp-directory flash:/
[Huawei-aaa]local-user huawei access-limit 200
[Huawei-aaa]local-user huawei idle-timeout 0 0
[Huawei-aaa]local-user huawei privilege level 3
⚫ User accounts can be implemented to identify users and as well as apply

specific permissions for each user individually.
FTP User Configuration
172.16.1.2/24 172.16.1.1/24
<Huawei>ftp 172.16.1.1
Trying 172.16.1.1 ...
Connected to 172.16.1.1.
220 FTP service ready.
User(172.16.1.1:(none)):huawei
331 Password required for huawei.
Enter password:
230 User logged in.
[ftp]binary
200 Type set to I.
[ftp]get vrp.cc
Summary
 Which ports are required to be open in order to allow the FTP service to
operate?
 A user is considered to have no authority to access any working directory. What

steps are required to resolve this?
Thank You
www.huawei.com
Telnet Protocol Principles

Foreword
⚫ As the enterprise network expands, supported devices may exist over a
larger geographical distance due to the presence of branch offices that are
considered part of the enterprise domain, and that require remote
administration. Additionally the administration of the network is often
managed from a central management location from which all devices are
monitored and administered. In order to facilitate this administration, the
telnet protocol, one of the earliest protocols to be developed, is applied to
manage devices. The principles surrounding the protocol and its
implementation are introduced in this section.
Objectives
 Explain the application and principles surrounding telnet.
 Establish the telnet service on supporting Huawei devices.
Telnet Application
Telnet Client Telnet Server

Local Configuration environment
Remote Configuration environment
⚫ Telnet represents a bidirectional text based terminal emulation program

for use over local and remote networks.
Telnet Client/Server Model
Telnet Server Telnet Client
TCP
Pseudo Connection
TCP/IP TCP/IP Terminal driver
Terminal driver
Kernel Kernel
User at
Login Shell
Terminal
⚫ The Telnet architecture demonstrates how user keystrokes are interpreted

by terminal drivers before delivery over TCP ensues.
Authentication Mode
Authentication Mode Description
None Login without authentication
AAA AAA authentication
Authentication through the password

Password
of a user terminal interface
Telnet Configuration
Ethernet 0/0/0
10.1.1.2/24 10.1.1.1/24
[Huawei]interface Ethernet 0/0/0

[Huawei-Ethernet0/0/0]ip address 10.1.1.1 24
[Huawei-ui-vty0-4]authentication-mode password
Enter Password(<8-128>): huawei12
⚫ Telnet requires authentication be applied to the virtual teletype interface

before a connection can be established.
Ethernet 0/0/0
10.1.1.2/24 10.1.1.1/24
<Host>telnet 10.1.1.1
Trying 10.1.1.1 ...
Connected to 10.1.1.1 ...
Password:
Info: The max number of VTY users is 5, and the number
of current VTY users on line is 1.
The current login time is 2013-04-19 16:32:00.
<Huawei>
Summary
 If the telnet service has been enabled, but a user is unable to establish a telnet
connection, what are the possible reasons for this?
Thank You
www.huawei.com
Telnet Protocol Principles

Foreword
⚫ As the enterprise network expands, supported devices may exist over a
larger geographical distance due to the presence of branch offices that are
considered part of the enterprise domain, and that require remote
administration. Additionally the administration of the network is often
managed from a central management location from which all devices are
monitored and administered. In order to facilitate this administration, the
telnet protocol, one of the earliest protocols to be developed, is applied to
manage devices. The principles surrounding the protocol and its
implementation are introduced in this section.
Objectives
 Explain the application and principles surrounding telnet.
 Establish the telnet service on supporting Huawei devices.
Telnet Application

Local Configuration environment
Remote Configuration environment
⚫ Telnet represents a bidirectional text based terminal emulation program

for use over local and remote networks.
Telnet Client/Server Model
Telnet Server Telnet Client
TCP
Pseudo Connection
TCP/IP TCP/IP Terminal driver
Terminal driver
Kernel Kernel
User at
Login Shell
Terminal
⚫ The Telnet architecture demonstrates how user keystrokes are interpreted

by terminal drivers before delivery over TCP ensues.
Authentication Mode
Authentication Mode Description
None Login without authentication
AAA AAA authentication
Authentication through the password

Password
of a user terminal interface
Ethernet 0/0/0
10.1.1.2/24 10.1.1.1/24
[Huawei]interface Ethernet 0/0/0

[Huawei-Ethernet0/0/0]ip address 10.1.1.1 24
[Huawei-ui-vty0-4]authentication-mode password
Enter Password(<8-128>): huawei12
⚫ Telnet requires authentication be applied to the virtual teletype interface

before a connection can be established.
Ethernet 0/0/0
10.1.1.2/24 10.1.1.1/24
<Host>telnet 10.1.1.1
Trying 10.1.1.1 ...
Connected to 10.1.1.1 ...
Password:
Info: The max number of VTY users is 5, and the number
of current VTY users on line is 1.
The current login time is 2013-04-19 16:32:00.
<Huawei>
Summary
 If the telnet service has been enabled, but a user is unable to establish a telnet
connection, what are the possible reasons for this?
Thank You
www.huawei.com
Link Aggregation

Foreword
⚫ As a means of optimizing the throughput of data, link aggregation enables
the binding of multiple physical interfaces into a single logical pipe. This
effectively introduces solutions for providing higher utilization of available
links, as well as extended resilience in the event that failure of individual
links were to occur. Engineers are required to have a clear understanding
of the conditions that define the behavior of link aggregation and the skills
and knowledge for its application, to ensure effective link aggregation
solutions can be applied to enterprise networks.
Objectives
 Explain the use of link aggregation in the enterprise network.
 Describe the various forms of link aggregation supported.
 Configure link aggregation solutions.
Link Aggregation
Eth-Trunk
SWA SWB
⚫ Link Aggregation provides for increased bandwidth, enhanced reliability

and support of load balancing.
Application in the Enterprise Network
RTA RTB
SWA SWB
Core/Aggregation
SWC SWD
Access Switch
⚫ Application is made at critical points to enhance throughput.

Link Aggregation Modes
Manual Mode
LACP Mode
Active Backup
⚫ In manual mode all links load balance and are forwarding.
⚫ LACP mode supports backup links for redundancy.

Data Flow Control
SWA SWB
Eth-Trunk
Duplex Mode: Full Duplex Mode: Full

Speed: 1000 Speed: 1000
⚫ Data flow sequence must be maintained over member links.
⚫ Consistency of physical member interfaces must be maintained.

L2 Link Aggregation Configuration
SWA SWB
G0/0/1 G0/0/1
G0/0/2 G0/0/2
[SWA]interface Eth-Trunk 1
[SWA-Eth-Trunk1]interface GigabitEthernet0/0/1
[SWA-GigabitEthernet0/0/1]eth-trunk 1
[SWA-GigabitEthernet0/0/1]interface GigabitEthernet0/0/2
[SWA-GigabitEthernet0/0/2]eth-trunk 1
⚫ Link Aggregation requires the binding of the physical member interfaces to

the Eth-trunk.
L3 Link Aggregation Configuration
RTA RTB
G0/0/1 G0/0/1
G0/0/2 G0/0/2
[RTA]interface eth-trunk 1
[RTA-Eth-Trunk1]undo portswitch
[RTA-Eth-Trunk1]ip address 100.1.1.1 24
[RTA-Eth-Trunk1]quit
[RTA-GigabitEthernet0/0/1]eth-trunk 1
[RTA-GigabitEthernet0/0/1] quit
[RTA-GigabitEthernet0/0/2]eth-trunk 1
[RTA-GigabitEthernet0/0/2] quit
Displaying Aggregation
[RTA]display interface eth-trunk 1
Eth-Trunk1 current state : UP
……
-----------------------------------------------------
PortName Status Weight
-----------------------------------------------------
GigabitEthernet0/0/1 UP 1
GigabitEthernet0/0/2 UP 1
-----------------------------------------------------
The Number of Ports in Trunk : 2
The Number of UP Ports in Trunk : 2
⚫ Two member link ports have been assigned to Eth-trunk 1.

Summary
 If an administrator attempts to add a Gigabit Ethernet and Fast Ethernet
interface to the same Eth-trunk interface, what will occur?
 In order to establish backup member links, which mode of link aggregation

should be used?
Thank You
www.huawei.com
VLAN Principles

Foreword
⚫ A Virtual Local Area Network (VLAN) represents a form of administrative
network that defines a logical grouping of hosts or end system devices that
are not limited to a physical location, and may be defined based on a wide
range of parameters that allow for a greater flexibility in the way that
logical groups are defined. The application of VLAN technology has
expanded to support many aspects of enterprise networking as a means of
logical data flow management and isolation.
Objectives
 Explain the application of VLAN tagging.
 Describe the different port link types and characteristics.
 Successfully establish port based VLANs.
LAN Limitations
⚫ No broadcast domain to manage expanding local networks.

VLAN Technology
Group 2
Group 1
⚫ A VLAN enables logical isolation of traffic at the data link layer.

VLAN Frame Format
DMAC SMAC Type Data FCS Untagged frame
DMAC SMAC Tag Type Data FCS Tagged frame
0x8100 PCP DEI VLAN ID（12b）

TPID TCI
2 bytes 2 bytes
⚫ A VLAN tag is inserted to distinguish frames for each VLAN.

Link Types
Trunk
Access
VLAN2 VLAN3
⚫ A trunk represents a backbone for the transmission of VLAN traffic between switches.
Port VLAN ID
PVID1 PVID1
PVID2 PVID3 PVID2 PVID3
⚫ PVID represents the default VLAN for each interface.
⚫ The PVID is set to VLAN 1 for all ports by default.

Port Types – Access
10 Frame
PVID10 PVID10
PVID2
⚫ Access ports remove VLAN tags before forwarding frames.

Port Types – Trunk
SWA Untagged SWB

PVID10 PVID10

20 Frame
⚫ Frames carried over a trunk link may be tagged or untagged.
⚫ All VLANs must be permitted before being carried over a trunk.

Port Types – Hybrid
Hybrid Untagged
SWA 10 Frame SWB
Hybrid Tagged
PVID10 PVID10

20 Frame
⚫ Hybrid ports are defined as either tagged or untagged.
⚫ VLAN communication can be managed on a port by port basis.

VLAN Assignment Methods
SWA
Assignment
VLAN 5 VLAN 10
Method
Port based G0/0/1, G0/0/7 G0/0/2 G0/0/9
00-01-02-03-04-AA 00-01-02-03-04-BB
MAC based
00-01-02-03-04-CC 00-01-02-03-04-DD
IP Subnet
10.0.1.* 10.0.2.*
based
Protocol
IP IPX
based
10.0.1.* + G0/0/1+ 10.0.2.* + G0/0/2 +
Policy based
00-01-02-03-04-AA 00-01-02-03-04-BB

10.0.1.1 10.0.2.1 10.0.1.2 10.0.2.2
⚫ Five methods of VLAN assignment are possible.
⚫ Port based VLAN assignment is the default assignment method.

Creating VLANs
SWA SWB
[SWA]vlan 10
[SWA-vlan10]quit
[SWA]vlan batch 2 to 3
Info: This operation may take a few seconds. Please wait for a
moment...done.
Creating VLANs
[SWA]display vlan
The total number of vlans is : 4
------------------------------------------------------------
U:Up; D:Down; TG:Tagged; UT:Untagged; MP:Vlan-mapping;
ST:Vlan-stacking; #: ProtocolTransparent-vlan; *:Management-
vlan;
--------------------------------------------------------------
VID Type Ports
--------------------------------------------------------------
1 common UT:GE0/0/1(U) ……
2 common
3 common
10 common
……
Setting the Port Link Type
SWA SWB
G0/0/1
G0/0/5 G0/0/7

[SWA-GigabitEthernet0/0/1]port link-type trunk
[SWA-GigabitEthernet0/0/1]quit
[SWA-GigabitEthernet0/0/5]port link-type access
Assigning Ports to VLANs
SWA SWB
G0/0/1
G0/0/5 G0/0/7
[SWA]vlan 2
[SWA-vlan2]port GigabitEthernet 0/0/7
[SWA-vlan2]quit
[SWA-GigabitEthernet0/0/5]port default vlan 3
Verifying VLAN Assignment
[SWA]display vlan
------------------------------------------------------------
vlan;
--------------------------------------------------------------
VID Type Ports
--------------------------------------------------------------
2 common UT:GE0/0/7(D)
3 common UT:GE0/0/5(U)
10 common
……
Forwarding Over the Trunk
SWA SWB
G0/0/1 G0/0/1

[SWA-GigabitEthernet0/0/1]port trunk pvid vlan 10
[SWA-GigabitEthernet0/0/1]port trunk allow-pass vlan 2 3
Forwarding Over the Trunk
[SWA]display vlan
------------------------------------------------------------
vlan;
--------------------------------------------------------------
VID Type Ports
--------------------------------------------------------------
2 common UT:GE0/0/7(D) TG:GE0/0/1(U)
3 common UT:GE0/0/5(U) TG:GE0/0/1(U)
10 common
……
Configuring Hybrid Ports
SWA SWB
G0/0/1 G0/0/1
G0/0/5 G0/0/7
[SWA-GigabitEthernet0/0/5]port link-type hybrid

[SWA-GigabitEthernet0/0/5]port hybrid pvid vlan 3
[SWA-GigabitEthernet0/0/5]port hybrid untagged vlan 3

[SWA-GigabitEthernet0/0/7]port hybrid pvid vlan 2
[SWA-GigabitEthernet0/0/7]port hybrid untagged vlan 2
SWA SWB
G0/0/1 G0/0/1
G0/0/5 G0/0/7

[SWA-GigabitEthernet0/0/1]port hybrid tagged vlan 2 to 3
⚫ Trunk links using the hybrid port link-type must enable tagging of VLAN
frames before forwarding.
[SWA]display vlan
------------------------------------------------------------
U:Up; D:Down; TG:Tagged; UT:Untagged; MP:Vlan-mapping; ST:Vlan-
stacking; #: ProtocolTransparent-vlan; *:Management-vlan;
--------------------------------------------------------------
VID Type Ports
--------------------------------------------------------------
2 common UT:GE0/0/7(D)
TG:GE0/0/1(U)
TG:GE0/0/1(U)
10 common
……
SWA SWB
G0/0/1 G0/0/1
G0/0/5 G0/0/7 G0/0/4
[SWB-GigabitEthernet0/0/4]port link-type hybrid

[SWB-GigabitEthernet0/0/4]port hybrid pvid vlan 3
[SWB-GigabitEthernet0/0/4]port hybrid untagged vlan 2 to 3
⚫ Hybrid ports can be configured to receive VLAN traffic from multiple VLANs
by simply removing the tag at the port interface.
[SWB]display vlan
------------------------------------------------------------
U:Up; D:Down; TG:Tagged; UT:Untagged; MP:Vlan-mapping; ST:Vlan-
stacking; #: ProtocolTransparent-vlan; *:Management-vlan;
--------------------------------------------------------------
VID Type Ports
--------------------------------------------------------------
4 ……
Voice VLAN Application
SWA SWB
G0/0/1
Host A VoIP IPTV

MAC: 0011-2200-0001 MAC: 0011-2200-0002
⚫ Voice VLANs are used to distinguish, isolate and prioritize voice traffic over
service traffic as a means of quality assurance.
Voice VLAN Configuration
SWA SWB
G0/0/1
Host A VoIP IPTV

MAC: 0011-2200-0001 MAC: 0012-2400-0002
[SWB]vlan 2
[SWB-vlan2]interface GigabitEthernet 0/0/1
[SWB-GigabitEthernet0/0/1]voice-vlan 2 enable
[SWB-GigabitEthernet0/0/1]voice-vlan mode auto
[SWB-GigabitEthernet0/0/1]quit
[SWB]voice-vlan mac-address 0011-2200-0000 mask ffff-ff00-0000
[SWB]display voice-vlan status

Voice VLAN Configurations:
-----------------------------------------------------------
Voice VLAN ID : 2
Voice VLAN status : Enable
Voice VLAN aging time : 1440(minutes)
Voice VLAN 8021p remark : 6
Voice VLAN dscp remark : 46
-----------------------------------------------------------
Port Information:
-----------------------------------------------------------
Port Add-Mode Security-Mode Legacy
-----------------------------------------------------------
GigabitEthernet0/0/1 Auto Security Disable
Summary
 If a trunk link has a PVID of 5 and the command port trunk allow-pass vlan 2 3
is used, which VLAN traffic will be carried over the trunk?
 What action will be taken by an access port with a PVID of 2 when receiving an
untagged frame?
Thank You
www.huawei.com
VLAN Routing

Foreword
⚫ The implementation of VLAN technology within an enterprise network effectively
establishes broadcast domains that control the scope of traffic. One of the
limitations of broadcast domains is that communication at the link layer is
hindered between hosts that are not part of the same VLAN. Traditional link layer
switches supporting VLANs are not capable of forwarding traffic between these
broadcast domains, and therefore routing must be introduced to facilitate
communication. The application of VLAN routing when using link layer switches,
together with a device capable of routing VLAN traffic is introduced, along with
details of how layer three switches capable of network layer operations can enable
communication over VLAN defined broadcast domains.
Objectives
 Explain the purpose of VLAN routing.
 Explain how VLAN routing is achieved for layer 2 & layer 3 switches.
 Configure VLAN routing.
VLAN Disadvantages
SWA
VLAN 100 VLAN 200
⚫ Attempts to limit broadcast domain size through VLAN implementation

isolates users.
VLAN Routing
RTA
SWA
Host A Host B
VLAN 2 VLAN 3
⚫ VLAN frames are routed over a trunk link for port conservation.
VLAN Routing Features
RTA
G0/0/1.1 G0/0/1.2
192.168.2.254 192.168.3.254
VLAN Trunk
SWA
Host A Host B
GW:192.168.2.254 GW:192.168.3.254
VLAN 2 VLAN 3
⚫ A single trunk supports VLAN routes by using sub-interfaces.

VLAN Routing Configuration
Host A SWA RTA
VLAN 2 G0/0/3
G0/0/1
192.168.2.1/24 VLAN 3 G0/0/2
Host B
192.168.3.1/24
[SWA]vlan batch 2 3
[SWA-GigabitEthernet0/0/3]port trunk allow-pass vlan all
Host A SWA RTA
G0/0/1.1
VLAN 2 G0/0/3 192.168.2.254/24
G0/0/1 G0/0/1.2
192.168.3.254/24
192.168.2.1/24 VLAN 3 G0/0/2
Host B
192.168.3.1/24
[RTA]interface GigabitEthernet0/0/1.1
[RTA-GigabitEthernet0/0/1.1]dot1q termination vid 2
[RTA-GigabitEthernet0/0/1.1]ip address 192.168.2.254 24
[RTA-GigabitEthernet0/0/1.1]arp broadcast enable
[RTA]interface GigabitEthernet0/0/1.2
[RTA-GigabitEthernet0/0/1.2]dot1q termination vid 3
[RTA-GigabitEthernet0/0/1.2]ip address 192.168.3.254 24
[RTA-GigabitEthernet0/0/1.2]arp broadcast enable
HostA>ping 192.168.3.1
Ping 192.168.3.1: 32 data bytes, Press Ctrl_C to break

From 192.168.3.1: bytes=32 seq=1 ttl=127 time=15 ms
--- 192.168.3.1 ping statistics ---

5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 15/21/32 ms
L3 Switch based VLAN Routing
SWA
VLANIF 2: 192.168.2.254/24
VLANIF 3: 192.168.3.254/24

GW:192.168.2.254 GW:192.168.2.254 GW:192.168.3.254 GW:192.168.3.254
VLAN 2 VLAN 3
⚫ VLANIF are used by each VLAN as a route gateway.

L3 Switch Configuration
SWA
VLANIF 2: 192.168.2.254/24
VLANIF 3: 192.168.3.254/24
G0/0/1 G0/0/2
VLAN 2 VLAN 3
Host A Host B
192.168.2.2/24 192.168.3.2/24
[SWA]vlan batch 2 3
L3 Switch Configuration
SWA
VLANIF 2: 192.168.2.254/24
VLANIF 3: 192.168.3.254/24
G0/0/1 G0/0/2
VLAN 2 VLAN 3
Host A Host B
192.168.2.2/24 192.168.3.2/24
[SWA]interface vlanif 2
[SWA-Vlanif2]ip address 192.168.2.254 24
[SWA-Vlanif2]quit
[SWA]interface vlanif 3
[SWA-Vlanif3]ip address 192.168.3.254 24
[SWA-Vlanif3]quit
Summary
 What is the purpose of the dot1q termination vid <vlan-id> command?
 What is required to be configured on the switch to allow VLAN traffic to be

forwarded to the configured sub-interfaces?
Thank You
www.huawei.com
Principle and Configuration of HDLC
and PPP
Foreword
⚫ Serial has in recent years been slowly phased out in many parts of all
networks in favor of Ethernet technology, however still remains active as a
legacy technology in a great number of enterprise networks alongside
Ethernet. Serial has traditionally provided solutions for communication
over long distances and therefore remains a prominent technology for
Wide Area Network (WAN) communication, for which many protocols and
legacy WAN technologies remain in operation at the enterprise edge. A
thorough knowledge of these technologies is required to support many
aspects of WAN operation.
Objectives
 Explain how data is carried over a serial based medium.
 Configure link layer protocols for serial links.
Serial Signaling
Asynchronous
Host A Router
……
Stop Data Start Stop Data Start
1 byte
Synchronous
DCE DTE
Synchronize based on DCE clock
Flag Data Flag
The HDLC Protocol
Flag Address Control Information FCS Flag
0 1 2 3 4 5 6 7
0 N(S) P/F N(R) I
1 0 S S P/F P/F S
1 1 M M P/F M M M U
⚫ Only the information frame (I) format is used on AR2200 series.

Basic Configuration of HDLC
RTA RTB
S1/0/0 S1/0/0
10.0.1.1/30
[RTA]interface Serial 1/0/0

[RTA-Serial1/0/0]link-protocol hdlc
Warning: The encapsulation protocol of the link will be changed.
Continue? [Y/N]:y
[RTA-Serial1/0/0]ip address 10.0.1.1 30
Assigning Unnumbered Addresses in HDLC
RTA RTB
Loopback 0 S1/0/0 S1/0/0
10.1.1.1/32 10.1.1.1/32 10.1.1.2/24

[RTA-Serial1/0/0]link-protocol hdlc
Continue? [Y/N]:y
[RTA-Serial1/0/0]ip address unnumbered interface loopBack 0
⚫ IP addresses can be borrowed from another interface in order to establish

connectivity over the serial link.
[RTA]display ip interface brief

*down: administratively down ^down: standby (l): loopback
(s): spoofing
……
Interface IP Address/Mask Physical Protocol
LoopBack0 10.1.1.1/32 up up(s)
Serial1/0/0 10.1.1.1/32 up up
Serial1/0/1 unassigned up down
⚫ The IP address is shown to have been borrowed from the loopback

interface and assigned to interface serial 1/0/0.
PPP Protocol Application
RTA RTB
S1/0/0 S1/0/0
PPP
⚫ A multiprotocol standard used as with HDLC to define the link layer

operation over a serial medium.
Components of PPP
Name Function
Defines the format to be used when

PPP Encapsulation Method supporting encapsulation of upper layer
protocols such as IP, IPX etc.
Defines the method of establishing,

Link Control Protocol configuring, and testing the data-link
connection.
Defines a set of protocols for establishing a

Network Control Protocol connection and negotiating parameters for
different network-layer protocols.
PPP Link Establishment Process
UP OPENED
Dead Establish Authenticat
e
SUCCESS/NONE
FAIL FAIL
DOWN CLOSING
Terminate Network
PPP Frame
Flag Address Control Protocol Information FCS Flag
LCP Packet Format Code Identifier Length Data…
LCP Configuration
Type Length Data… Type Length Data… ……
Option Format
Packet Types Used in LCP Negotiation
Packet Type Function
Include the parameters for link establishment and

Configure-Request
link configuration.
Confirmation sent once all Configure-Request
Configure-Ack
parameters have been validated.
The parameters included in Configure-Request are
Configure-Nak
recognized but not all accepted.
The parameters included in Configure-Request
Configure-Reject
from the peer are not all recognized.
Common Link Parameters of LCP Negotiation
Parameter Function Default
Maximum The total length of the Information and

1500
Receive Unit Padding field for the PPP frame.
Authentication No
Authentication protocol used by the peer.
protocol Authentication
Magic-Number is generated randomly,
Magic-Number Enable
used for link loop detection.
LCP Link Parameters Negotiation
RTA RTB
S1/0/0 PPP S1/0/0

10.1.1.1/30 10.1.1.2/30
Configure-Request
Configure-Ack
⚫ Successful PPP negotiations result in a Configure-Ack reply to a Configure-

Request packet.
RTA RTB
S1/0/0 PPP
S1/0/0
10.1.1.1/30 10.1.1.2/30
Configure-Request
Configure-Nak
Configure-Request (Modified
Parameters)
⚫ Configure-Nak packets are generated where parameters are recognized

but not all are accepted.
RTA RTB
S1/0/0 PPP
S1/0/0
10.1.1.1/30 10.1.1.2/30
Configure-Request
Configure-Reject
Configure-Request (Removed Unrecognized

Parameters)
⚫ Configure-Reject packets are generated where not all parameters are

recognized by the peer.
PPP Basic Configuration
RTA RTB
S1/0/0 PPP S1/0/0

10.1.1.1/30 10.1.1.2/30

[RTA-Serial1/0/0]link-protocol ppp
Continue? [Y/N]:y
PPP Authentication Mode - PAP
RTA RTB
S1/0/0 PPP S1/0/0

Authenticator Authenticated
10.1.1.1/30 10.1.1.2/30
Authenticate-Request
Send user name and password in plain text
Authenticate-Ack/Authenticate-Nak
Authenticate successfully/ unsuccessfully
⚫ The Password Authentication Protocol relies on the transmission of a

password over the link for peer authentication.
PPP Authentication Mode - CHAP
RTA RTB
S1/0/0 PPP S1/0/0

Authenticator Authenticated
10.1.1.1/30 10.1.1.2/30
Challenge
Response
Sucess/Failure
⚫ The Challenge Handshake Authentication Protocol relies on a challenge

and challenge response for peer authentication.
IPCP Static Address Negotiation
RTA RTB
S1/0/0 PPP
S1/0/0
10.1.1.1/30 10.1.1.2/30
Configure-Request（10.1.1.1）
Configure-Ack
Configure-Ack
⚫ The Internet Protocol Control Protocol (IPCP) is the Network Control

Protocol (NCP) used for establishing and configuring IP.
IPCP Dynamic Address Negotiation
RTA RTB
S1/0/0 PPP S1/0/0
10.1.1.2/30
Configure-Nak（10.1.1.1）
Configure-Ack
Configure-Ack
Configuring PAP Authentication
RTA RTB
PPP
Authenticator S1/0/0 S1/0/0
Authenticated
10.1.1.1/30 10.1.1.2/30
[RTA]aaa
[RTA-aaa]local-user huawei password cipher huawei123
[RTA-aaa]local-user huawei service-type ppp
[RTA-Serial1/0/0]ppp authentication-mode pap
[RTB]interface Serial 1/0/0

[RTB-Serial1/0/0]link-protocol ppp
[RTB-Serial1/0/0]ppp pap local-user huawei password cipher huawei123
[RTB-Serial1/0/0]ip address 10.1.1.2 30
PAP Configuration Validation
<RTB>debugging ppp pap all

Aug 20 2013 04:50:24.280.4+00:00 RTB PPP/7/debug2:
PPP State Change:
Serial1/0/0 PAP : Initial --> SendRequest
Aug 20 2013 04:50:24.290.3+00:00 RTB PPP/7/debug2:
PPP State Change:
Serial1/0/0 PAP : SendRequest --> ClientSuccess
……
Configuring CHAP Authentication
RTA RTB
PPP
Authenticator S1/0/0 S1/0/0
Authenticated
10.1.1.1/30 10.1.1.2/30
[RTA]aaa
[RTA-aaa]local-user huawei password cipher huawei123
[RTA-aaa]local-user huawei service-type ppp
[RTA-Serial1/0/0]ppp authentication-mode chap
[RTB]interface Serial 1/0/0

[RTB-Serial1/0/0]link-protocol ppp
[RTB-Serial1/0/0]ppp chap user huawei
[RTB-Serial1/0/0]ppp chap password cipher huawei123
CHAP Configuration Validation
<RTB>debugging ppp chap all

Aug 20 2013 05:15:54.230.1+00:00 RTB PPP/7/debug2:
PPP State Change:
Serial1/0/0 CHAP : Initial --> ListenChallenge
Aug 20 2013 05:15:54.230.7+00:00 RTB PPP/7/debug2:
PPP State Change:
Serial1/0/0 CHAP : ListenChallenge --> SendResponse
Aug 20 2013 05:15:54.250.3+00:00 RTB PPP/7/debug2:
PPP State Change:
Serial1/0/0 CHAP : SendResponse --> ClientSuccess
……
Summary
 Following a Configure-Request, what packet type is expected to be received
before the PPP link layer can be successfully established?
 Which protocol is used to perform the negotiation of IP addresses, and during

which phase is this negotiated?
Thank You
www.huawei.com
Principle and Configuration of PPP oE

Foreword
⚫ The application of DSL technology relies strongly on the existing telephone
infrastructure that is found in almost every household and office globally.
With the continued development of newer DSL standards allowing rates of
up to 100Mbps, the application of DSL as a WAN technology for home and
enterprise remains firmly valid. Traditional DSL connections were
established over legacy ATM networks, however Ethernet has continued to
emerge as the underlying technology on which many service providers
establish their networks, and therefore knowledge of PPPoE technologies
remains valued for establishing DSL connectivity at the enterprise edge.
Objectives
 Describe the PPPoE connection establishment process.
 Configure a PPPoE session.
Digital Subscriber Lines
DSLAM
BRAS
ISP
ATM/Ethernet
Residential
Local loop
/SOHO
⚫ Successive broadband technology following dial-up.
⚫ Data signals carried over copper telephone lines, or “local loop”.

PPPoE Application in DSL
DSLAM PPPoE Server
ISP
Host A
RTA DSL Modem
Host B Enterprise
PPPoE Protocol Packets
Type Description
PADI PPPoE Active Discovery Initiation (PADI) packet
PADO PPPoE Active Discovery Offer (PADO) packet
PADR PPPoE Active Directory Request (PADR) packet
PPPoE Active Discovery Session-Confirmation (PADS)

PADS
packet
PADT PPPoE Active Discovery Terminate (PADT) packet
⚫ Five packet types establish and terminate PPPoE sessions.

PPPoE Session Establishment Process
Server A
Discovery Stage
RTA SWA Server B
PADI PADI
Server C
⚫ An initiation packet is broadcast to discover access servers.

Server A
Discovery Stage
RTA SWA Server B

PADO-A PADO-B
PADO-B
Server C
⚫ Offers are returned to the sender by all servers that can service the
received PADI packet.
Server A
Discovery Stage
RTA SWA Server B

PADR
Server C
⚫ A client responds to a chosen server based on the name or services that

are provided by that server.
Server A
Discovery Stage
RTA SWA Server B

PADS
Server C
⚫ The chosen server generates a unique PPPoE session ID in preparation for

the negotiation of the PPP session.
RTA Server A
PADI
PADO
PPPOE PADR
Negotiation
PADS
LCP Negotiation
PPP Challenge
Negotiation
Response
Success/Failure
NCP Negotiation
Packet Size Negotiation
14 bytes 2 bytes 6 bytes 1492 bytes 4 bytes
Etherne PPP PPPoE IP TCP Data FCS

t
⚫ An additional six bytes PPPoE header is carried in the frame.
⚫ The MTU/MRU must support a lower value to prevent frame loss.

PPPoE Session Termination
Server A
RTA SWA Server B

PADT
Server C
⚫ Used to notify of the termination of a PPPoE session.

Configuring a PPP Dialer Interface
Host A RTA RTB
PPPoE Client PPPoE Server
[RTA]dialer-rule
[RTA-dialer-rule]dialer-rule 1 ip permit
[RTA-dialer-rule]quit
[RTA]interface dialer 1
[RTA-Dialer1]dialer user enterprise
[RTA-Dialer1]dialer-group 1
[RTA-Dialer1]dialer bundle 1
[RTA-Dialer1] ppp chap user enterprise@huawei
[RTA-Dialer1] ppp chap password cipher huawei123
[RTA-Dialer1]ip address ppp-negotiate
PPPoE Session Binding
Host A RTA RTB
G0/0/1
PPPoE Client PPPoE Server

[RTA-GigabitEthernet0/0/1]pppoe-client dial-bundle-number 1 on-demand
[RTA-GigabitEthernet0/0/1]quit
[RTA]ip route-static 0.0.0.0 0 dialer 1
⚫ A binding is performed of the PPPoE session with the dialer bundle, and
associated with the PPPoE WAN interface.
Dialer Interface Configuration Validation
<Huawei>display interface Dialer 1
Dialer1 current state: UP
Line protocol current state: UP (spoofing)
Description: HUAWEI, AR Series, Dialer1 Interface
Route Port, The Maximum Transmit Unit is 1500, Hold timer is 10(sec)
Internet Address is negotiated, 192.168.10.254/32
Link layer protocol is PPP
LCP initial
Physical is Dialer
Bound to Dialer1:0:
Dialer1:0 current state : UP
Link layer protocol is PPP

LCP opened, IPCP opened
PPPoE Session Validation
[RTA] display pppoe-client session summary

PPPoE Client Session:
ID Bundle Dialer Intf Client-MAC Server-MAC State
0 1 1 GE0/0/1 54899876830c 000000000000 IDLE
[RTA] display pppoe-client session summary

PPPoE Client Session:
ID Bundle Dialer Intf Client-MAC Server-MAC State
1 1 1 GE0/0/1 00e0fc0308f6 00e0fc036781 UP
⚫ The PPPoE client session status can be determined as either IDLE, in the
discovery stage (PADI/PADR), or UP.
PPPoE Application in Enterprise Networks
RTA RTB
Host A
PPPoE PPPoE
Client Server
Host B
Private Network Domain Public Network Domain
⚫ Privately addressed hosts cannot exist in the public domain.
⚫ Address translation along with PPPoE necessary.

Summary
 Why is it necessary to reduce the MTU/MRU size of PPPoE packets?
 What is the purpose of the dialer bundle command when establishing the
PPPoE connection?
Thank You
www.huawei.com
Network Address Translation

Foreword
⚫ The continued growth of IP networks in general has resulted in an ever increasing
pressure on the IPv4 address space, and the need for a way to prolong the
depletion until long term solutions are founded. Network Address Translation has
become well established as the existing solution and widely implemented within
enterprise networks. Many variations of NAT have been developed thus
conserving the public address space whilst enabling continued public network
communication. This section introduces the concept of NAT along with examples
of common NAT methods applied, for maintaining internetworking between the
enterprise network and the public network domain.
Objectives
 List some of the different forms of Network Address Translation.
 Explain the general behavior of NAT.
 Configure NAT to suit application requirements.
Private & Public Networks
192.168.1.1/24
Private Public
SWA 200.10.10.0/30
SWA
192.168.1.2/24
⚫ A measure taken against rapid depletion of IP addresses.
⚫ Gateway operates as a private/public address boundary.

NAT Behavior
Inside Global
192.168.1.1/24
SWA
SWA
192.168.1.2/24
⚫ NAT boundaries are represented as either inside or global.
⚫ Translation of addresses is performed between boundaries.

Static NAT
S:192.168.1.1 D:1.1.1.1 S:200.10.10.5 D:1.1.1.1

.1
Host A SWA 1.1.1.1/24

RTA
(200.10.10.5)
200.10.10.1/24
192.168.1.0/24 SWA
.2
D:192.168.1.1 S:1.1.1.1 D:200.10.10.5 S:1.1.1.1

Host B
⚫ One-to-one mapping of private to public addresses.
⚫ Limits the need for address management with session flows.

Dynamic NAT
S:192.168.1.1 D:1.1.1.1 S:200.10.10.11 D:1.1.1.1
.1 S:192.168.1.2 D:1.1.1.1 S:200.10.10.12 D:1.1.1.1
Host A SWA 1.1.1.1/24

RTA
200.10.10.1/24
192.168.1.0/24 SWA
.2
Address Group
200.10.10.11
200.10.10.12
Host B
192.168.1.0/24 200.10.10.0/24
192.168.1.1 200.10.10.11
192.168.1.2 200.10.10.12
⚫ Private address mapping based on an address resource pool.
⚫ Allows users to utilize public addresses based on need.

Network Address Port Translation
S:192.168.1.1:1025 S:200.10.10.11:2843
.1 S:192.168.1.2:1028 S:200.10.10.11:2844
Host A 1.1.1.1/24
SWA RTA
200.10.10.1/24
192.168.1.0/24 SWA
G0/0/1
.2
Address Group
200.10.10.11
200.10.10.12
Host B
192.168.1.0/24 200.10.10.0/24
192.168.1.1:1025 200.10.10.11:2843
192.168.1.2:1028 200.10.10.11:2844
…… ……
⚫ Port numbers distinguish mapping of the same public address.

Easy IP
S:192.168.1.1:1025 S:200.10.10.1:2843
.1 S:192.168.1.2:1028 S:200.10.10.1:2844
Host A SWA 1.1.1.1/24

RTA
200.10.10.1/30
192.168.1.0/24 SWA
G0/0/1 S1/0/0
.2
192.168.1.0/24 200.10.10.1/30
Host B
192.168.1.1:1025 200.10.10.1:2843
192.168.1.2:1028 200.10.10.1:2844
…… ……
⚫ The WAN interface address used as a single public address for all internal
users, with port numbers used to distinguish sessions.
NAT Internal Server
D:192.168.1.1:8080 D:200.10.10.5:80
Server 1.1.1.1/24
RTA
192.168.1.1/24 200.10.10.1/30
S1/0/0
⚫ External sources can reach internal addresses.
⚫ Mapping of both the IP address and port number is performed.

Static NAT Configuration
.1 S:192.168.1.1 D:1.1.1.1 S:200.10.10.5 D:1.1.1.1
Host A 1.1.1.1/24
SWA RTA
192.168.1.0/24
G0/0/1 S1/0/0
.2
Host B
[RTA]interface Serial1/0/0
[RTA]nat static global 200.10.10.5 inside 192.168.1.1
Static NAT Configuration Validation
[RTA]display nat static

Static Nat Information:
Interface : Serial1/0/0
Global IP/Port : 200.10.10.5/----
Inside IP/Port : 192.168.1.1/----
Protocol : ----
VPN instance-name : ----
Acl number : ----
Netmask : 255.255.255.255
Description : ----
Total : 1
⚫ Static inside and global address translation can be verified.

Dynamic NAT Configuration
192.168.1.1 200.10.10.11
192.168.1.2 200.10.10.12
.1 …… ……
Host A 1.1.1.1/24
SWA RTA
192.168.1.0/24
G0/0/1 S1/0/0
.2
Host B
[RTA]nat address-group 1 200.10.10.11 200.10.10.16

[RTA]acl 2000
[RTA-acl-basic-2000]rule 5 permit source 192.168.1.0 0.0.0.255
[RTA-acl-basic-2000]quit
[RTA]interface serial1/0/0
[RTA-Serial1/0/0]nat outbound 2000 address-group 1 no-pat
Dynamic NAT Configuration Validation
[RTA]display nat address-group 1
NAT Address-Group Information:
--------------------------------------
Index Start-address End-address
1 200.10.10.11 200.10.10.16
[RTA]display nat outbound
NAT Outbound Information:
----------------------------------------------------------------
Interface Acl Address-group/IP/Interface Type
----------------------------------------------------------------
Serial1/0/0 2000 1 no-pat
----------------------------------------------------------------
Total : 1
⚫ Enables group binding parameter configuration to be verified.

Easy IP Configuration
S:192.168.1.1:1025 S:200.10.10.1:2843
.1
S:192.168.1.2:1028 S:200.10.10.1:2844
Host A 1.1.1.1/24
SWA RTA
192.168.1.0/24 RTA 200.10.10.1

SWA
G0/0/1 S1/0/0
.2
Host B
[RTA]acl 2000
[RTA-acl-basic-2000]rule 5 permit source 192.168.1.0 0.0.0.255
[RTA-acl-basic-2000]quit
[RTA]interface serial1/0/0
[RTA-Serial1/0/0]nat outbound 2000
Easy IP Configuration Validation
[RTA] display nat outbound

NAT Outbound Information:
---------------------------------------------------------------------
Interface Acl Address-group/IP/Interface Type
---------------------------------------------------------------------
Serial1/0/0 2000 200.10.10.1 easyip
---------------------------------------------------------------------
Total : 1
⚫ Associated outbound interface parameters are displayed.
⚫ The type field verifies the successful configuration of Easy IP.

NAT Internal Server Configuration
D:192.168.1.1:8080 D:200.10.10.5:80
Server
RTA
200.10.10.1
192.168.1.1/24 G0/0/1 S1/0/0
[RTA]interface Serial1/0/0
[RTA]nat server protocol tcp global 200.10.10.5 www inside
192.168.1.1 8080
NAT Internal Server Configuration Validation
[RTA]display nat server

Nat Server Information:
Interface : Serial1/0/0
Global IP/Port : 200.10.10.5/80(www)
Inside IP/Port : 192.168.1.1/8080
Protocol : 6(tcp)
VPN instance-name : ----
Acl number : ----
Description : ----
Total : 1
⚫ Successful translation of the IP address and port is achieved.

Summary
 Which form of translation will allow a server in a DMZ to be accessed from both
an external and an internal network?
 What is the function of the PAT feature?
Thank You
www.huawei.com
Access Control Lists

Foreword
⚫ Many technologies and protocols depend on Access Control Lists (ACL) for
greater management and filtering of traffic as part of security measures or
application requirements. The implementation of ACL in support of other
technologies, and as a form of security are required to be understood, and
as such common forms of ACL solutions are introduced.
Objectives
 Describe the applications for ACL in the enterprise network.
 Explain the decision making behavior of Access Control Lists.
 Successfully implement Basic and Advanced Access Control Lists.
Filtering Restricted Traffic
.1 192.168.1.0/24 .2
G0/0/0
G0/0/1 Server A
.1 192.168.2.0/24 .2
⚫ Packets are filtered based on addresses and parameters.
⚫ Rules allow packets to be either permitted or denied.

Filtering Interesting Traffic
.1 192.168.1.0/24 .2
Data Data
No Match
G0/0/0
Match
.1 192.168.2.0/24 .2 Data Encrypted Data
⚫ Packets can be filtered to manipulate behavior and actions.
⚫ Parameters and forwarding behavior can be altered as a result.

ACL Types
Types Value Ranges Parameters

Basic 2000-2999 Source IP
Source & Destination IP, Protocol, Source &
Advanced 3000-3999
Destination Port
Layer 2 ACL 4000-4999 MAC Address
⚫ Three forms of ACL can be applied to AR2200 series routers.
⚫ Parameters for packet filtering vary for each ACL type.

ACL Rule Management
acl 2000
rule 5 deny source 192.168.1.0 0.0.0.255
If no match
rule 10 deny source 192.168.2.0 0.0.0.255

If no match
rule 15 deny source 172.16.0.0 0.0.0.255

172.16.0.0/24
RTA If no match
rule 20 permit source any
172.16.1.0/24
⚫ Rules are used to manage the decision process for each ACL.
Basic ACL
Host A
200.10.10.1/24
RTA
192.168.1.1/24
G0/0/0
Host B
192.168.2.1/24
[RTA]acl 2000
[RTA-acl-basic-2000]rule deny source 192.168.1.0 0.0.0.255
[RTA-acl-basic-2000]rule permit source 192.168.2.0 0.0.0.255
[RTA-GigabitEthernet0/0/0]traffic-filter outbound acl 2000
Host A> ping 200.10.10.1

Ping 200.10.10.1: 32 data bytes, Press Ctrl_C to break
Request timeout!
Request timeout!
Request timeout!
...
[RTA]display acl 2000

Basic ACL 2000, 2 rules
Acl's step is 5
rule 5 deny source 192.168.1.0 0.0.0.255 (5 matches)
rule 10 permit source 192.168.2.0 0.0.0.255
⚫ The rules and matching order can be verified for each ACL.
⚫ Basic ACL rules are matched based on each source IP address.

Advanced ACL
Host A
FTP Server
172.16.10.1/24
RTA
192.168.1.1/24
G0/0/1
Host B Private Server
172.16.10.2/24
192.168.2.1/24
[RTA]acl 3000
[RTA-acl-adv-3000]rule deny tcp source 192.168.1.0 0.0.0.255
destination 172.16.10.1 0.0.0.0 destination-port eq 21
[RTA-acl-adv-3000] rule deny ip source 192.168.2.0 0.0.0.255
destination 172.16.10.2 0.0.0.0
[RTA-GigabitEthernet0/0/1]traffic-filter inbound acl 3000
[RTA]display acl 3000

Advanced ACL 3000, 2 rules
Acl's step is 5
rule 5 deny tcp source 192.168.1.0 0.0.0.255 destination 172.16.10.1 0
destination-port eq ftp
rule 10 deny ip source 192.168.2.0 0.0.0.255 destination 172.16.10.2 0
⚫ Advanced ACL rules defined in the range of 3000-3999 add complexity due
to the number of parameters used for filtering.
ACL Application - NAT
Host A
Private IP Match ACL Public IP

NAT
RTA
192.168.1.1/24
G0/0/0
Host B
[RTA] nat address-group 1 202.110.10.8 202.110.10.15
192.168.2.1/24 [RTA] nat address-group 2 202.115.60.1 202.115.60.30

[RTA] acl 2000
[RTA-acl-basic-2000] rule permit source 192.168.1.0 0.0.0.255
[RTA] acl 2001
[RTA-acl-basic-2001] rule permit source 192.168.2.0 0.0.0.255
[RTA] interface GigabitEthernet 0/0/0
[RTA-GigabitEthernet0/0/0] nat outbound 2000 address-group 1
[RTA-GigabitEthernet0/0/0] nat outbound 2001 address-group 2
Summary
 The advanced access control list is capable of filtering traffic based on which
attributes?
 Once an ACL rule is matched to a condition, what action is taken?
Thank You
www.huawei.com
AAA

Foreword
⚫ AAA defines a security architecture that is comprised of three functions
referred to as Authentication, Authorization and Accounting. Each of these
functions represents a modular component which can be applied as
components of the security framework implemented by an enterprise, and
often managed through the use of client/server based protocols such as
RADIUS and HWTACACS. Implementation of the AAA architecture as a
solution for enhanced functionality is introduced to reinforce the overall
security framework of the enterprise network.
Objectives
 Describe the schemes of the AAA security architecture.
 Successfully configure Authentication and Authorization schemes.
AAA Application
Huawei
domain NAS
Destination
Network
AAA Server
⚫ AAA enables the authentication, authorization and accounting of users

attempting to access destination network resources.
Authentication
Server A
Destination RTA
Server A
Identify NAS
Host A
Server B
Username Password
Host A Huawei123
Host X Pass123
… …
⚫ User access is managed based on an authentication scheme.

Authorization
Server A
Device Group:Private
RTA
NAS
Host A
Group:Staff
Server B
Device Group:Public
Radius / HWTACACS
Device Group User Group Time Privilege

Private Admin 09:00-12:00 15
Public Admin 09:00-18:00 15
Public Staff 09:00-18:00 2
Accounting
Server A
RTA
NAS
Host A
Server B
Radius / HWTACACS
Login Time Username Uptime Bandwidth Up/Down

May/01/2013
Host A 01:22:15 496.2KB / 21MB
03:20:55
Apr/16/2013
Host X 00:30:12 123KB / 1MB
12:40:51
AAA Domains
Server A
@partner
Authenticator
Destination
Network
@huawei
Server B
⚫ Different schemes can be applied to users in different domains.

AAA Local Configuration
RTA
Host A Server A
[RTA]aaa
[RTA-aaa]local-user huawei password cipher hello123
[RTA-aaa]authentication-scheme auth1
[RTA-aaa-authen-auth1]authentication-mode local
[RTA-aaa-authen-auth1]quit
[RTA-aaa] authorization-scheme auth2
[RTA-aaa-author-auth2]authorization-mode local
[RTA-aaa-author-auth2]quit
[RTA-aaa]domain huawei
[RTA-aaa-domain-huawei]authentication-scheme auth1
[RTA-aaa-domain-huawei]authorization-scheme auth2
⚫ Authentication and authorization can be applied on the AR2200E.

AAA Local Configuration Verification
[Huawei]display domain name huawei

Domain-name : huawei
Domain-state : Active
Authentication-scheme-name : auth1
Accounting-scheme-name : default
Authorization-scheme-name : auth2
Service-scheme-name : -
RADIUS-server-template : -
HWTACACS-server-template : -
User-group : -
⚫ Local AAA schemes are associated with individual domains.

Summary
 Which two AAA schemes are supported when configuring VRP to support the
local mode?
 If no domain is defined for users, what action is taken?
Thank You
www.huawei.com
Securing Data with IPSec VPN

Foreword
⚫ Early TCP/IP protocol development did very little for ensuring the security
of communications between peering devices. As networks evolved so did
the need for greater protection of the data transmitted. Solutions for data
protection were developed, from which IPSec emerged as a security
architecture for the implementation of confidentiality, integrity and data
origin authentication, primarily through the support of underlying
protocols. IPSec remains a key framework in the protection of data, which
has seen an integration of IPSec components adopted into the next
generation of TCP/IP standards.
Objectives
 Explain the basic principles of the IPSec security architecture.
 Configure IPSec peering between two devices.
IPSec VPN Application
Branch
HQ
IPSec Tunnel
⚫ Facilitates the establishment of private network communication over a

public network infrastructure.
IPSec VPN Architecture
Authentication
MD5
AH
SHA-1
SHA-2
ESP
Encryption
DES
3DES
AES
⚫ Confidentiality and integrity of services are supported through authentication

and encryption based protocols.
Security Association
RTA RTB
IPSec Tunnel
Local Address Local Address

Remote Address Remote Address
SPI inbound SPI inbound
SPI outbound SPI outbound
Key Key
Transform (Proposal) Transform (Proposal)
⚫ Specifies parameters for connection establishment.
⚫ A Security Association defines parameters in only one direction.

IPSec Transport Mode
IP AH TCP Data
AH
Authentication
IP ESP TCP Data ESP Trailer ESP Auth

ESP Encryption
Authentication
IP AH ESP TCP Data ESP Trailer ESP Auth

AH-ESP
Encryption
ESP Authentication
AH Authentication
⚫ Encapsulation modes are defined in Security Associations.
⚫ Transport mode secures only the payload of the packet.

IPSec Tunnel Mode
IP AH IP TCP Data
AH
Authenticati
on
IP ESP IP TCP Data ESP Trailer ESP Auth

ESP Encryption
Authentication
IP AH ESP IP TCP Data ESP Trailer ESP Auth

AH-ESP
Encryption
ESP Authentication
AH Authentication
⚫ Tunnel mode encapsulates packets in a second IP header.
⚫ Security is extended to the inner IP header and packet payload.

IPSec VPN Establishment
Ensure Reachability
Identify Interesting Traffic
Establish IPSec Proposal
Create IPSec Policy
Apply Policy To Interface
IPSec VPN Configuration
RTA RTB
20.1.1.1/24 20.1.1.2/24
G0/0/1 G0/0/1
IPSec Tunnel
10.1.1.1/24 10.1.2.1/24
[RTA]ip route-static 10.1.2.0 24 20.1.1.2

[RTA]acl number 3001
[RTA-acl-adv-3001]rule 5 permit ip source 10.1.1.0
0.0.0.255 destination 10.1.2.0 0.0.0.255
[RTA]ipsec proposal tran1
[RTA-ipsec-proposal-tran1]esp authentication-algorithm
sha1
IPSec VPN Proposal Verification
[RTA]display ipsec proposal

Number of proposals : 1
IPSec proposal name : tran1
Encapsulation mode : Tunnel
Transform : esp-new
ESP protocol : Authentication SHA1-HMAC-96
Encryption DES
⚫ Displays the parameters of an IPSec proposal.
⚫ Proposal parameters must match for both peering interfaces.

IPSec Policy Creation
[RTA]ipsec policy P1 10 manual

[RTA-ipsec-policy-manual-P1-10]security acl 3001
[RTA-ipsec-policy-manual-P1-10]proposal tran1
[RTA-ipsec-policy-manual-P1-10]tunnel remote 20.1.1.2
[RTA-ipsec-policy-manual-P1-10]tunnel local 20.1.1.1
[RTA-ipsec-policy-manual-P1-10]sa spi outbound esp 54321
[RTA-ipsec-policy-manual-P1-10]sa spi inbound esp 12345
[RTA-ipsec-policy-manual-P1-10]sa string-key outbound esp simple huawei
[RTA-ipsec-policy-manual-P1-10]sa string-key inbound esp simple huawei
⚫ IPSec policy defines parameters for establishing an IPSec SA.
⚫ An IPSec policy binds the proposal parameters and traffic filters.

Applying Policies to Interfaces
RTA RTB
20.1.1.1/24 20.1.1.2/24
G0/0/1 G0/0/1
IPSec Tunnel
10.1.1.1/24 10.1.2.1/24

[RTA-GigabitEthernet0/0/1]ipsec policy P1
[RTA-GigabitEthernet0/0/1]quit
⚫ The IPSec policy is bound to the physical interface via which the IPSec peer
is reachable.
IPSec Policy Verification
[RTA]display ipsec policy

===========================================
IPSec policy group: “P1"
Using interface: GigabitEthernet0/0/1
===========================================
Sequence number: 10
Security data flow: 3001
Tunnel local address: 20.1.1.1
Tunnel remote address: 20.1.1.2
Qos pre-classify: Disable
Proposal name:tran1
...
⚫ Policy must associate with the policy of the peering interface.

IPSec Policy Verification
...
Inbound ESP setting:
ESP SPI: 12345 (0x3039)
ESP string-key: huawei
ESP encryption hex key:
ESP authentication hex key:
Outbound ESP setting:
ESP SPI: 54321 (0xd431)
ESP string-key: huawei
ESP encryption hex key:
ESP authentication hex key:
...
⚫ Policy Key strings must match for communication to establish.

Summary
 What is meant by a Security Association (SA)?
 What are the three possible actions that may be applied to IPSec filtered traffic?
Thank You
www.huawei.com
Generic Routing Encapsulation

Foreword
⚫ Limitations within IPSec VPN restrict the ability for routes to be carried
between disparate site-to-site based networks, and allowing only for static
route solutions. GRE provides a mechanism for the encapsulation of
packets of one protocol into packets of another protocol. The application
of GRE is as such implemented as a primary solution to the IPSec VPN
limitations, for which knowledge of GRE is necessary to complement the
existing knowledge of IPSec VPN.
Objectives
 Explain how GRE can be applied to provide various solutions.
 Describe the principle behavior of GRE.
 Configure GRE over IPSec.
GRE Application
Branch
HQ
GRE Tunnel
⚫ Supports encapsulation of protocols over other protocols.
⚫ Enables routing between remote and disparate networks.

GRE Scaling Solution for IGP
GRE Tunnel
⚫ Application allows for increased scalability of IGP networks.
⚫ Capable of building a tunnel to resolve hop count limitations.

IPSec VPN support for GRE
Branch HQ
IPSec Tunnel
GRE Tunnel
⚫ GRE contains no means for confidentiality of GRE payloads.
⚫ IPSec can be employed to provide confidentiality to GRE.

GRE Packet Encapsulation & Decapsulation
Branch HQ
GRE Tunnel
Data-link IP GRE IP/IPX Payload
⚫ A GRE header is inserted into the packet to build a tunnel.
⚫ A virtual network is built over the physical network.

GRE Key Authentication
Branch HQ
GRE Tunnel
Protocol
C 0 K 0 0 Recursion Flags Version
Type
Checksum (Optional) 0
Key (Optional)
⚫ Key field in GRE provides a means of optional authentication.

GRE Keepalive
Branch HQ
GRE Tunnel
Keepalive Message
Keepalive Reply
⚫ Allows the status of a GRE tunnel to be monitored for changes.
⚫ Keepalives that are not replied result in GRE tunnel tear down.
GRE Configuration
RTA RTB
20.1.1.1/24 20.1.1.2/24
G0/0/1 G0/0/1
GRE Tunnel
10.1.1.1/24 10.1.2.1/24
[RTA]interface Tunnel 0/0/1

[RTA-Tunnel0/0/1]ip address 40.1.1.1 24
[RTA-Tunnel0/0/1]tunnel-protocol gre
[RTA-Tunnel0/0/1]source 20.1.1.1
[RTA-Tunnel0/0/1]destination 20.1.1.2
[RTA-Tunnel0/0/1]quit
[RTA]ip route-static 10.1.2.0 24 Tunnel 0/0/1
[RTA]display interface Tunnel 0/0/1
Tunnel0/0/1 current state : UP
Last line protocol up time : 2016-03-21 13:37:38
Description:HUAWEI, AR Series, Tunnel0/0/1 Interface
Route Port, The Maximum Transmit Unit is 1476
Internet Address is 40.1.1.1/24
Encapsulation is TUNNEL, loopback not set
Tunnel source 20.1.1.1 (GigabitEthernet0/0/1), destination 20.1.1.2
Tunnel protocol/transport GRE/IP, key disabled
keepalive disabled
Checksumming of packets disabled
……
⚫ Enables confirmation of tunnel status and parameters.

GRE Routing Table Validation
--------------------------------------------------------------
……
10.1.2.0/24 Static 60 0 RD 40.1.1.2 Tunnel 0/0/1
……
⚫ An entry in the routing table verifies the tunnel establishment.
⚫ Routes for GRE can be static or dynamic.

Enabling the Keepalive Function
RTA RTB
20.1.1.1/24 20.1.1.2/24
G0/0/1 G0/0/1
GRE Tunnel
10.1.1.1/24 10.1.2.1/24
[RTA]interface Tunnel 0/0/1

[RTA-Tunnel0/0/1]keepalive period 3
[RTA-Tunnel0/0/1]quit
⚫ Keepalives can define message interval and number of retries.
⚫ Function only required to be configured on one tunnel interface.

[RTA]display interface Tunnel 0/0/1

Tunnel0/0/1 current state : UP
Line protocol current state : DOWN
Description:HUAWEI, AR Series, Tunnel0/0/1 Interface
Route Port, The Maximum Transmit Unit is 1476
Internet Address is 40.1.1.1/24
Encapsulation is TUNNEL, loopback not set
Tunnel source 20.1.1.1 (GigabitEthernet0/0/1), destination 20.1.1.2
Tunnel protocol/transport GRE/IP, key disabled
keepalive enable period 3 retry-times 3
Checksumming of packets disabled
……
⚫ Keepalive enablement can be verified from the tunnel interface.

Summary
 What is the primary application for using GRE?
 What is the difference between the Internet Address and the Tunnel source in
the display interface tunnel command?
Thank You
www.huawei.com
Simple Network Management Protocol

Foreword
⚫ Management framework solutions for TCP/IP networks were introduced as
hardware and software increased, in order to support rapid network
growth. SNMP was originally adapted from a simpler SGMP protocol for
use as the basis for common network management throughout the system.
SNMP has since experienced version revisions, however remains the
standard protocol for network management. The SNMP framework, as well
as the supporting Management Information Base act as the foundation for
network management, and are introduced in support of a well-rounded
understanding of the network management framework for TCP/IP.
Objectives
 Describe the SNMP architecture and messaging behavior.
 Describe the function of the Management Information Base (MIB).
 Configure general SNMP parameters and traps.
SNMP Application
Network Management Station
SNMP
⚫ SNMP is used to communicate management information between network

management stations and network elements.
SNMP Architecture
Network Element
Execute
SNMP
MIB
Agent Notify Object
NMS
⚫ Agents exist within network elements through which NMS interact to

retrieve or alter parameter variables in the MIB.
MIB Objects
root
ccitt(1) ISO(1) Joint-iso-ccitt(1)
Standard(0) registration authority(1) Member body(2) Identified organization(3)
dod(6)
internet(1)
directory(1) mgmt(2) experimental(3) private(4) ……
mib-2(1) enterprise(1)
system(1) interface(2) at(3) ip(4) icmp(5) ……
…… …… …… …… ……
⚫ The MIB acts as a virtual store for the management of objects.

SNMP Operation
SNMP Management Process SNMP Agent Process
get-request
UDP 161
NMS get-response
get-next request
UDP 161
get-response
set-request
UDP 161
get-response
trap
UDP 162
⚫ Requests are received by an SNMP agent on UDP port 161.

SNMPv2c
mib-2(1)
system(1) interface(2) at(3) ip(4) icmp(5)
ifOutOctets OBJECT-TYPE
sysUpTime OBJECT-TYPE ifSpeed OBJECT-TYPE
SYNTAX Counter
SYNTAX TimeTicks SYNTAX Gauge
ACCESS read-only
ACCESS read-only ACCESS read-only
STATUS mandatory
STATUS mandatory STATUS mandatory
DESCRIPTION "The total
th
DESCRIPTION "The time (in 1/100 of DESCRIPTION "An estimate of
number of octets
a second) since the network the interface's current
transmitted out of the
management portion of the system bandwidth in bits per
interface, including
was last re-initialized.“ second."
framing characters."
::= { system 3 } ::= { ifEntry 5 }
::= { ifEntry 16 }
⚫ New Get-bulk request PDU and inform request included.
⚫ 64 bit counters introduced to prevent counter wrap.

SNMPv3
Get
Get Response
⚫ SNMPv3 security mechanisms support data integrity, data origin

authentication, confidentiality and timely message delivery.
SNMP Configuration
G0/0/1
10.1.1.1/24 20.1.1.1/24
NMS RTA
[RTA]snmp-agent
[RTA]snmp-agent sys-info version v2c
[RTA]snmp-agent trap enable
Info: All switches of SNMP trap/notification will be open. Continue?
[Y/N]:Y
[RTA]snmp-agent trap source GigabitEthernet 0/0/1
[RTA]display snmp-agent sys-info

The contact person for this managed node:
R&D Shenzhen, Huawei Technologies Co., Ltd.
The physical location of this node:

Shenzhen China
SNMP version running in the system:

SNMPv2c
Summary
 Which version(s) of SNMP is/are enabled by default?
 What is the destination port number that is used by an agent to forward traps
to a Network Management Station?
Thank You
www.huawei.com

Introducing IPv6 Networks

Foreword
⚫ With the gradual exhaustion of the IPv4 address space, new solutions for continued address
space were needed. Temporary measures in the form of NAT were applied, however long
term solutions were required. The IPv6 addressing architecture is a developing solution for
IP to provide for the next generation of networks and beyond. The transition to an all IPv6
architecture, while progressive, requires a major overhaul of many protocols and
applications as well as standards. The IPv6 network however aims to resolve many
limitations within the current TCP/IP suite, most notably addressing the need for integrated
security measures and the streamlining of protocols to minimize overhead. A deep
knowledge of the IPv6 architecture is required by engineers as IPv6 continues to evolve as
an integral part of the enterprise network.
Objectives
 Explain the characteristics of IPv6.
 Explain the IPv6 address format and addressing types.
 Describe the process for IPv6 stateless address auto-configuration.
IPv6 Addressing
Version Address size Total Number of Addresses
IPv4 32 bit 4,294,967,296
IPv6 128 bit 340,282,366,920,938,463,463,374,607,431,768,211,456
⚫ Exhaustion of the limited IPv4 address space.
⚫ IPv6 addressing implemented to resolve address shortages.

IPv6 Header Format
IPv6 TCP Data
0 4 12 31
Version Traffic Class Flow Label
Payload Length Next Header Hop limit
Source Address (128bits)
Destination Address (128bits)
⚫ IPv6 header has been streamlined to reduce overhead.

IPv6 Extension Header
IPv6 Fragment TCP Data
0x06(TCP) Reserved Fragment Offset Resv. M
Identification
⚫ Extension headers are used to support parameters that are not required in
every IP packet, such as fragmentation and IPSec.
IPv6 Address Architecture
2001:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx
0010 0000 0000 0001
128bits
2001:0DB8:0000:0000:0000:0000:0346:8D58
IPv6 Prefix Interface ID
⚫ IPv6 address consists of a prefix and an interface identifier.
⚫ Addresses are commonly displayed in hexadecimal format.

IPv6 Address Condensing
2001:0DB8:0000:0000:0000:0000:0346:8D58
2001:DB8:0:0:0:0:346:8D58
2001:DB8::346:8D58
⚫ Addresses can be condensed by removing the leading zeroes.
⚫ The :: operator will further condense strings of zero values.

IPv6 Address Reservations
Address Range Description
2000::/3 Current Global Unicast Range
2001:0DB8::/32 Reserved for Documentation
FE80::/10 Link Local Unicast Address Range
FF00::/8 Multicast Address Range
::/128 Unspecified Address
::1/128 Loopback Address
⚫ Address ranges have been allocated in IPv6 for unicast and multicast, along
with special addresses for operational support.
IPv6 Addressing – Unicast
48 bits 16 bits 64bits
Global Routing Prefix Subnet ID Interface ID
2001:0:130F::9C0:876A:130B
10bits 54bits 64bits
1111111010 0 Interface ID
FE80::387F:10FE:BE28
⚫ Global unicast address prefixes are used for public networks.
⚫ Prefix ranges are reserved for various IP transmission methods.

IPv6 Addressing – Multicast
8bits 4bits 4bits 112bits
11111111 Flags Scope Group ID
Address Range Description
FF02::1—224.0.0.1 All Nodes Addresses (Link Local)
FF02::2—224.0.0.2 All Routers Addresses (Link Local)
⚫ Multicast addresses are distinguished by an FF00::/8 prefix.
⚫ Select multicast address groups are reserved for protocol use.

IPv6 Addressing – Anycast
aa00::\8
HTTP
fa00::\8
Zone X
2001:0DB8::84C2
HTTP
2001:0DB8::84C2
Zone Y
⚫ Anycast allows multiple instances of a service to be associated with a single

address, enabling a variety of service applications.
IPv6 Stateless Address Auto-configuration
ICMP TYPE = 134
Source = Router-Link-Local Address
Destination = FF02::1 (All-Nodes)
Data = Lifetime, Current Hop
Limit, AutoConfig Flag.
Options(Prefix, MTU)…
Router Advertisement(RA)
Router Solicitation (RS)
ICMP TYPE = 133

Destination = FF02::2 (All-Routers)
⚫ Hosts are capable of generating IPv6 addresses independently.
⚫ Router Advertisements deliver network parameter information.

EUI-64 for IP Stateless Address Auto-configuration
48-bit MAC address

24bits 24bits
cccccc0gcccccccc cccccccc eeeeeeee eeeeeeeeeeeeeeee
EUI-64 generated interface ID

24bits 16bits 24bits
cccccc1gcccccccc cccccccc 11111111 11111110 eeeeeeee eeeeeeeeeeeeeeee
⚫ A host MAC address is injected with 16 bit ‘FF’ ’FE’ values, as well as the 7th
bit is negated, to generate a 64-bit interface identifier for the IPv6 address.
IPv6 Stateless Address Auto-configuration DAD
ICMP TYPE = 135

Source = ::
Destination = FF02::1:FF00:1
Data = 2000::1
Query = Is this address in use?
2000::1
Neighbor Solicitation (NS) Neighbor Advertisement(NA)
2000::1
ICMP TYPE = 136
(tentative)
Source = 2000::1
Destination = FF02::1
Data = 2000::1
Reply = I am using this address.
⚫ Duplicate Address Detection (DAD) is used in IPv6 to verify that an address

is unique before it is applied to the host interface.
Summary
 What is the smallest condensed IPv6 value possible for the address
2001:0DB8:0000:0000:0000:0000:032A:2D70
 How is it possible for an end station to independently generate an IPv6 address?
Thank You
www.huawei.com


IPv6 Routing Technologies

Foreword
⚫ The changes to the address architecture have introduced the need for
routing protocols that are capable of supporting IPv6. IPv6 Routing
protocols include OSPFv3.
⚫ The characteristics and operation of each of OSPFv3 generally reflects

those used in OSPFv2, however contain some distinct differences that are
required to be understood to support the implementation of IPv6 based
routing protocols within an IPv6 founded network.
Objectives
 Describe the characteristics and operation of OSPFv3.
 Configure OSPFv3 routing protocols for IPv6.
OSPFv3
2001:1::A/64 (loopback 0) 2001:3::C/64 (loopback 0)
RTA RID: 1.1.1.1 RTC RID: 3.3.3.3
fe80::fe03:77a9/64 fe80::fe03:5499/64
FF02::5
fe80::fe03:ce78/64 fe80::fe03:28f5/64
RTB RID: 2.2.2.2 RTD RID: 4.4.4.4
2001:2::B/64 (loopback 0) 2001:4::D/64 (loopback 0)
⚫ OSPFv3 updates are sent to the All-SPF-Routers address ,that is FF02::5.
⚫ Link-local addressing used by default to define the next-hop.

OSPFv3 Router ID
RID: 1.1.1.1 RID: 3.3.3.3
RTA RTC Priority 0
FF02::6 FF02::6
BDR DR
RTB RTD
RID: 2.2.2.2 RID: 4.4.4.4
⚫ Not based on any IP address, must be manually defined.
⚫ Router ID continues to be used to support DR and BDR election.

OSPFv3 Per Link Behavior
RTA RID: 1.1.1.1 RTC RID: 3.3.3.3
Interface ID:0x03 Interface ID:0x03 (G0/0/0)

(fe80::fe03:77a9/10) (fe80::fe03:5499/10)
Interface ID:0x03 (G0/0/0) Interface ID:0x04 (G0/0/1)

(fe80::fe03:ce78/10) (fe80::fe03:28f5/10)
RTB RID: 2.2.2.2 RTD RID: 4.4.4.4
⚫ OSPFv3 operates on the principle of per-link as opposed to the per-

network or per-subnet concept used in IPv4.
OSPFv3 Authentication
RTA RTC
IP AH ESP OSPFv3
RTB RTD
⚫ OSPF authentication removed in OSPFv3, instead relying on the AH & ESP

extension headers of IP for security.
Enabling OSPFv3
fe80::1 G0/0/0 fe80::2 G0/0/0
RTA RID: 1.1.1.1 RTB RID: 2.2.2.2
2001:1::1/64 (loopback 0) 2001:2::1/64 (loopback 0)
[RTA]ipv6
[RTA]ospfv3
[RTA-ospfv3-1]router-id 1.1.1.1
[RTA-GigabitEthernet0/0/0]ipv6 enable
[RTA-GigabitEthernet0/0/0]ipv6 address fe80::1 link-local
[RTA-GigabitEthernet0/0/0]ospfv3 1 area 0.0.0.0
[RTA-LoopBack0]ipv6 enable
[RTA-LoopBack0]ipv6 address 2001:1::1/64
[RTA-LoopBack0]ospfv3 1 area 0.0.0.0
[RTA]display ospfv3
Routing Process "OSPFv3 (1)" with ID 1.1.1.1
Route Tag: 0
Multi-VPN-Instance is not enabled
SPF Intelligent Timer[millisecs] Max: 10000, Start: 500, Hold: 2000
LSA Intelligent Timer[millisecs] Max: 5000, Start: 500, Hold: 1000
LSA Arrival interval 1000 millisecs
Default ASE parameters: Metric: 1 Tag: 1 Type: 2
Number of AS-External LSA 0. AS-External LSA's Checksum Sum 0x0000
Number of AS-Scoped Unknown LSA 0. AS-Scoped Unknown LSA's Checksum
Sum 0x0000
Number of FULL neighbors 1
Number of Exchange and Loading neighbors 0
……
Summary
 What is used to uniquely identify each neighboring node running OSPFv3?
Thank You
www.huawei.com



IPv6 Application Services DHCPv6

Foreword
⚫ The IPv6 architecture has led to the redesign of many aspects of network
operation. One such design change involves Neighbor Discovery, which in
itself now defines a means for Stateless Address Auto-configuration
(SLAAC). DHCP for IPv6 (DHCPv6) includes a number of design changes
that includes support for both SLAAC and stateful IPv6 addressing. DHCPv6
remains a client/server based application layer protocol, however includes
a significant number of changes to align with the design aspects of IPv6. As
such, DHCPv6 stateful and stateless implementations and characteristics
are explained.
Objectives
 Describe the features of DHCPv6.
 Explain the stateful and stateless behavior of DHCPv6.
 Successfully configure DHCPv6 services.
DHCPv6
IPv6 Client
DHCPv6 Server
SWA UDP
Port 547
IPv6 Client
Port 546
⚫ Represents a stateful address auto-configuration protocol.
⚫ UDP based communication between client and server.

Stateful Addressing
RTA
Router Advertisement (RA)
M=1
O=1 DHCPv6 Server
IPv6 Client
⚫ RA contains managed (M) and other (O) configuration flags.
⚫ Stateful addressing (DHCPv6) used where flags are set to ‘1’.

Enabling DHCPv6 Communication
DHCPv6 Server
IPv6 Client
FF02::1:2
fe80::20ac:3e96:eaf4/64
All DHCP Relay Agents & Servers
⚫ Link-local addresses are used as source address by clients, and DHCP

servers reached via the multicast address FF02::1:2.
Assigning IPv6 Addressing
Client Server
Port 546 Port 547
Solicit
Advertise
Request
Reply
⚫ Discovery of servers and assignment of IPv6 addresses & configuration

parameter relies on a set of four messages.
Stateless Configuration Information
Client Server
Information-request
Reply
⚫ Information-request used when IPv6 addressing not required.
⚫ Reply used to deliver configuration parameters.

DHCP Unique Identifier (DUID
DUID: 00:01:00:06:51:81:03:c0:f0:de:f1:b8:e1:4d
IAID: 343516489 DUID: 00:03:00:01:00:e0:fc:03:14:f1
FF02::1:2
All DHCP Relay
Agents & Servers
IAID: 321334513
DUID: 00:01:00:06:50:e2:97:80:f8:1d:4f:a6:21:7f
⚫ Unique identifier of clients & servers in the DHCP community.
⚫ Parameters bound to each DUID using Identity Associations (IA).

Setting the DHCP DUID
RTA
[RTA]dhcpv6 duid ll
Warning: The DHCP unique identifier should be globally-unique and
stable. Are you sure to change it? [Y/N]y
⚫ Enables assignment of either the DUID-LL or DUID-LLT format.
⚫ The DUID-LL format is assigned by default.

IPv6 Address Pool
RTA
[RTA]dhcpv6 pool pool1

[RTA-dhcpv6-pool-pool1]address prefix 3000::/64
[RTA-dhcpv6-pool-pool1]excluded-address 3000::1
[RTA-dhcpv6-pool-pool1]dns-server 3001::1
[RTA-dhcpv6-pool-pool1]dns-domain-name huawei.com
⚫ DHCPv6 parameters are assigned for each address pool.

Enable DHCPv6 Server
RTA
G0/0/0
[RTA]ipv6
[RTA]dhcp enable
[RTA-GigabitEthernet0/0/0]ipv6 enable
[RTA-GigabitEthernet0/0/0]ipv6 address 3000::1/64
[RTA-GigabitEthernet0/0/0]dhcpv6 server pool1
⚫ Address pool is associated with the DHCPv6 server interface.

Displaying DHCPv6 Information
<RTA>display dhcpv6 pool

DHCPv6 pool: pool1
Address prefix: 3000::/64
Lifetime valid 172800 seconds, preferred 86400 seconds
2 in use, 0 conflicts
Excluded-address 3000::1
Information refresh time: 86400
DNS server address: 3001::1
Domain name: huawei.com
Conflict-address expire-time: 172800
Active normal clients: 2
⚫ Configured pools, pool based parameters, and client activity are referenced
under the display dhcp pool command.
Summary
 Which DUID formats are currently supported within VRP?
 If the M and O bits of a Router Advertisement (RA) are set to 1, what action is
taken by the client?
Thank You
www.huawei.com



IPv6 Application Services DHCPv6

MPLS Basic Principle

Foreword
⚫ The course introduces the MPLS architecture that contains two planes,
MPLS encapsulation mode and label format. The process of MPLS data
forwarding is the key point of the course.
Objectives
⚫ Upon completion of this course, you will be able to:
 Describe the background and typical applications of MPLS.
 Describe the basic concepts and working principles of MPLS.
 Describe the process of MPLS data forwarding.
Contents
1. MPLS Overview
2. MPLS Basic Principle
Traditional IP forwarding
Network Nexthop Network Nexthop Network Nexthop Network Nexthop
10.1.0.0/24 10.1.0.2 10.1.0.0/24 10.1.1.1 10.1.0.0/24 10.1.1.5 10.1.0.0/24 10.1.1.9
10.1.0.1/32 10.1.0.1 10.1.1.0/30 10.1.1.2 10.1.1.0/30 10.1.1.5 10.1.1.0/30 10.1.1.9
10.1.1.0/30 10.1.1.1 10.1.1.1/32 10.1.1.1 10.1.1.4/30 10.1.1.6 10.1.1.4/30 10.1.1.9
10.1.1.2/32 10.1.1.2 10.1.1.4/30 10.1.1.5 10.1.1.5/32 10.1.1.5 10.1.1.8/30 10.1.1.10
10.1.1.4/30 10.1.1.2 10.1.1.6/32 10.1.1.6 10.1.1.8/30 10.1.1.9 10.1.1.9/32 10.1.1.9
10.1.1.8/30 10.1.1.2 10.1.1.8/30 10.1.1.6 10.1.1.10/32 10.1.1.10 10.2.0.0/24 10.2.0.2
10.2.0.0/24 10.1.1.2 10.2.0.0/24 10.1.1.6 10.2.0.0/24 10.1.1.10 10.2.0.1/32 10.2.0.1
RTA RTB RTC RTD

s0 s0 s3 s2 s3 s3
10.2.0.1 Data
.1 10.1.1.0/30 .2 .5 10.1.1.4/30 .6 .9 10.1.1.8/30 .10
.2
10.2.0.0/30
10.1.0.0/30
.2 .1
.1
10.1.0.0/24 10.2.0.0/24
ATM cell forwarding
8/62
ATM
Port1
Networking
Port3 6/59
Port2
ATM switch
table
In Out
port VPI/VCI port VPI/VCI
1 4/55 3 8/62
2 5/58 3 6/59
3 8/62 1 4/55
3 6/59 2 5/58
MPLS label forwarding
IP IP IP
1024 Data 1029 Data 1039 Data
Header Header Header
1.1.1.1/32
RTA RTB RTC RTD
s0 s0 s3 s2 s3 s3
.1 10.1.1.0/30 .2 .5 10.1.1.4/30 .6 .9 10.1.1.8/30 .10
Header
Header
IP
IP
MPLS Domain
Data
Data
10.1.0.0/24 10.2.0.0/24
MPLS Header Data IP

Header
MPLS VPN Application
VPNA VPNA
CE CE
PE P P PE
VPNB VPNB
CE CE
CE PE P P PE
CE
VPNA VPNA
CE MPLS Domain CE
VPNB VPNB
MPLS TE Application
Network A
RTC
70% Traffic
RTA
30% Traffic GE GE
RTB RTD RTE
RTF
FE FE
70% Traffic
30% Traffic FE Network C

RTG RTH
Network B
Contents
1. MPLS Overview

2.1 MPLS control plane and forwarding plane
2.2 MPLS Label Format
2.3 MPLS Forwarding Process
MPLS network model
RTF RTG
IP IP IP
1024 Data 1029 Data 1039 Data
RTA RTB RTC RTD
LSP
LER
LER
Header
Header
LSR
IP
IP
RTE
Data
Data
MPLS Domain
LER Label Edge Router

IP Network IP Network
LSR Label Switch Router
LSP Label Switch Path
MPLS control plane and forwarding plane
Routing Protocol
Control plane
IP Routing Table
Label Distribution
Protocol
Data plane
Incoming IP Forwarding Table Outgoing

IP packets IP packets
Incoming Label Forwarding Table Outgoing

labeled packets labeled packets
Contents
1. MPLS Overview

Frame mode MPLS
⚫ MPLS has two encapsulation modes: Frame mode and cell mode (ATM uses
the MPLS cell encapsulation mode, which is not involved in this course). In
frame encapsulation mode, an MPLS label header is added between the
Layer 2 header and Layer 3 header of a packet. Ethernet and PPP use this
encapsulation mode.
Frame
IP Header Payload
Header
Layer 2 frame format
Frame MPLS
IP Header Payload
Header Header
MPLS frame mode encapsulation
MPLS Header
LABEL EXP S TTL
0 19 20 22 23 24 31
⚫ The total length of MPLS header is 4bytes (32bits)
⚫ The length of Label field is 20bits
⚫ The length of EXP（Experimental Use）field is 3bits
⚫ The length of S（Bottom of Stack）field is1bit
⚫ The length of TTL field is 8bits
MPLS Label Nesting
Frame
Label 1 Label 2 Label 3 IP Header Payload
Header
PID=MPLS-IP
S=1
S=0 S=0
⚫ PID indicates the types of packet follows Frame Header

 Ethernet: 0x8100=IPv4, 0x8847=Unicast MPLS packet, 0x8848=Multicast MPLS packet
 PPP: 0x8021=IPv4, 0x8281=Unicast MPLS packet, 0x8283=Multicast MPLS packet
⚫ S indicates whether it is the last label
⚫ Applications of label nesting

 MPLS VPN
 MPLS TE
Contents
1. MPLS Overview

FEC and NHLFE
⚫ FEC (Forwarding Equivalence Class) is a set of data flows with certain
common characteristics. These data flows are processed by the LSR in the
same way during the forwarding process.
⚫ FEC can be classified based on the address, service type, and QoS. For
example, in the traditional IP forwarding that uses the longest matching
algorithm, all packets to the same route are an FEC.
⚫ NHLFE（Next Hop Label Forwarding Entry）：The NHLFE is used for label forwarding. It
contains the following basic information:
 Next hop of the packet
 How to perform a tag operation (including pushing a new tag, popping a tag, and swapping the original tag with
a new tag).
 The NHLFE may also contain other information, such as the link layer encapsulation used for sending packets.
Example of FEC and NHLFE
⚫ FEC：Forwarding Equivalence Classes
⚫ NHLFE：Next Hop Label Forwarding Entry
<RTA>display mpls lsp include 10.2.0.0 24 verbose

---------------------------------------------------
LSP Information: LDP LSP
---------------------------------------------------
No : 1
VrfIndex :
Fec : 10.2.0.0/24
Nexthop : 10.1.1.2
In-Label : NULL
Out-Label : 1030
In-Interface : ----------
Out-Interface : Serial0
LspIndex : 10249
Token : 0x22005
LsrType : Ingress
Outgoing token : 0x0
Label Operation : PUSH
Mpls-Mtu : 1500
TimeStamp : 822sec
MPLS Forwarding－Ingress LER（RTA）
IP
1030 Data
Header
1.1.1.1/32
RTA RTB RTC RTD
s0 s0 s3 s2 s3 s3
.1 10.1.1.0/30 .2 .5 10.1.1.4/30 .6 .9 10.1.1.8/30 .10
10.2.0.1 Data
.2
10.2.0.0/30
.2
10.1.0.0/30
MPLS Domain
.1
.1
10.1.0.0/24 10.2.0.0/24
NHLFE
FEC
NextHop Out Interface Label Operation Others
10.2.0.0 10.1.1.2 Serial0 Push ……
MPLS Forwarding－LSR（RTB）
⚫ On the transit node, the ILM(Incoming Label Map) table and NHLFE table
are queried to guide MPLS packet forwarding.
IP IP
1030 Data 1030 Data
Header Header
1.1.1.1/32 RTA RTB RTC RTD

s0 s0 s3 s2 s3 s3
.1 10.1.1.0/30 .2 .5 10.1.1.4/30 .6 .9 10.1.1.8/30 .10
10.2.0.1 Data
.2
10.2.0.0/30
.2
10.1.0.0/30
MPLS Domain
.1
.1
10.1.0.0/24 10.2.0.0/24
NHLFE
InLabel
1030 10.1.1.6 Serial3 SWAP ……
MPLS Forwarding－LSR（RTC）
⚫ On the transit node, the ILM(Incoming Label Map) table and NHLFE table
are queried to guide MPLS packet forwarding.
IP IP IP
1030 Data 1030 Data 1032
1030 Data
1.1.1.1/32 RTA RTB RTC RTD

s0 s0 s3 s2 s3 s3
.1 10.1.1.0/30 .2 .5 10.1.1.4/30 .6 .9 10.1.1.8/30 .10
10.2.0.1 Data
.2
10.2.0.0/30
.2
10.1.0.0/30
MPLS Domain
.1
.1
10.1.0.0/24 10.2.0.0/24
NHLFE
InLabel
1030 10.1.1.10 Serial3 SWAP ……
MPLS Forwarding－ Egress LER （RTD）
⚫ On the egress node, the ILM table is queried to guide MPLS packet
forwarding.
1030 10.2.0.1 Data 1030 10.2.0.1 Data 1032
1030 10.2.0.1 Data 1032 10.2.0.1 Data
RTA RTB RTC RTD

1.1.1.1/32
s0 s0 s3 s2 s3 s3
.1 10.1.1.0/30 .2 .5 10.1.1.4/30 .6 .9 10.1.1.8/30 .10
10.2.0.1 Data
10.2.0.1 Data
.2
10.2.0.0/30
.2
10.1.0.0/30
MPLS Domain
.1
.1
10.1.0.0/24 10.2.0.0/24
NHLFE
InLabel
1032 10.2.0.2 -------- POP ……
Quiz
1. Which field in the MPLS header is used to identify the stack bottom label ? ( )
A. Label
B. EXP
C. S
D. TTL
2. Which of the following actions can be performed when packets are forwarded
based on MPLS labels? ( )
A. Push
B. Pop
C. Swap
D. Switch
Summary
⚫ Background of MPLS
⚫ Basic Concepts of MPLS
⚫ MPLS packet format
⚫ MPLS Forwarding Principle
Thank You
www.huawei.com
01. Introduction to Transmission Media

02. Ethernet Framing

03. IP Addressing

04. Internet Control Message Protocol

05. Address Resolution Protocol

06. Transport Layer Protocols

07. Data Forwarding Scenario

08. VRP Foundation

09. Navigating the CLI

10. File System Navigation and Management

VRP Operating System Image Management
12. Establishing a Single Switched Network

13. Spanning Tree Protocol

14. Rapid Spanning Tree Protocol

15. Basic Knowledge of IP Routing

16. IP Static Routes

17. Link State Routing with OSPF

18. DHCP Protocol Principles

19. FTP Protocol Principles

20. Telnet Protocol Principles

21. Link Aggregation

22. VLAN Principles

23. VLAN Routing

Principle and Configuration of HDLC and PPP
25. Principle and Configuration of PPPoE

26. Network Address Translation

27. Access Control Lists

28. AAA

29. Securing Data with IPSec VPN

30. Generic Routing Encapsulation

31. Simple Network Management Protocol

32. Introducing IPv6 Networks

33. IPv6 Routing Technologies

34. IPv6 Application Services DHCPv6


HCIA Datacom - Cellbus (Eng - Sadany)

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

HCIA Datacom - Cellbus (Eng - Sadany)

Uploaded by

Copyright:

Available Formats

18.

DHCP Protocol Principles 319

Eng. Mohamed Elsadany

Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.

Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.

 Identify the basic components of a network.

 Describe the primary mechanisms for communication over a network.

End Station End Station

Standard Cables Maximum Transmission Distance Connectors

⚫ Copper coaxial cabling commonly used to support users as part of a shared

Standard Physical Medium Distance

10Base-T Two pairs of Category 3/4/5 twisted pair cables 100m

100Base-TX Two pairs of Category 5 twisted pair cables 100m

1000Base-T Four pairs of Category 5e twisted pair cables 100m

⚫ The primary physical medium used in enterprise networks.

Standard Physical Medium Distance

100Base-FX Two strand multi-mode fiber 2000m

1000Base-LX Single-mode fiber or multi-mode fiber 316 - 5000m

1000Base-SX Multi-mode fiber 275 - 550m

RS-422 100Kbit/s ~ 10Mbit/s+

⚫ Serial represents a legacy form of data transmission.

⚫ Standards continue to evolve as in forms such as USB.

0000 0001 0010 0011 0100

⚫ Signal patterns used for interpretation of communication.

⚫ Encoding is used to synchronize transmission.

⚫ Signals in a shared network are susceptible to collisions.

⚫A collision detection mechanism is used to identify collisions.

⚫ Duplex modes support simultaneous and non-simultaneous bidirectional

 What is a collision domain?

 What is the purpose of CSMA/CD?

Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.

 Describe how frames are constructed.

 Explain the function of MAC addressing at the data link layer.

 Describe Ethernet frame forwarding and processing behavior.

TCP/IP OSI Novell IBM

⚫ Networks are primarily managed by upper and lower layer protocols.

Ethernet Network Interface

Data formatting &

Establish, maintain and

Establish, maintain and

2 Provision of link medium

6 Presentation layer Data

5 Session layer Data

Frame Header Data Traile

Ethernet II D.MAC S.MAC Type Data FCS

6 bytes 6 bytes 2 bytes 46-1500 bytes 4 bytes

D.MAC S.MAC Type Data FCS

0x0800 IP 2048 (0x0800)

0x0806 ARP 2054 (0x0806)

6 bytes 6 bytes 2 bytes 38-1492 bytes 4 bytes

D.MAC S.MAC Length LLC SNAP Data FCS

1 byte 1 byte 1 byte 3 bytes 2 bytes

D.SAP S.SAP Control Org Code Type

STP 0x03 3 (0x03)

OUI Assigned by each organization

⚫ MAC addresses are comprised of an organizationally unique identifier and

Carrier Sense (Network Occupied)

Host A Host B Host C

MAC MAC 0x080 Data FCS IP Data

⚫ Data link (frame) instructions are received, processed and discarded.

 How is it determined whether a frame should be processed or discarded upon

Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.

 Distinguish between public, private and special IP address ranges.