华为S2700 S3700系列交换机 01-09 路由

11策略路由配置关于本章通过配置策略路由，可以用于提高网络的安全性能和负载分担。

11.1 配置策略路由配置策略路由可以将到达接口的转发报文重定向到指定的下一跳地址。

11.2 配置举例配置示例中包括组网需求和配置思路等。

11.1 配置策略路由配置策略路由可以将到达接口的转发报文重定向到指定的下一跳地址。

背景信息通过配置重定向，设备将符合流分类规则的报文重定向到指定的下一跳地址。

包含重定向动作的流策略只能在全局、接口或VLAN的入方向上应用。

说明对于S2700系列交换机，只有S2700-52P-EI和S2700-52P-PWR-EI交换机支持策略路由。

前置任务在配置策略路由前，需要完成以下任务：●配置相关接口的IP地址和路由协议，保证路由互通。

●如果使用ACL作为策略路由的流分类规则，配置相应的ACL。

操作步骤1.配置流分类a.执行命令system-view，进入系统视图。

b.执行命令traffic classifier classifier-name [ operator { and | or } ]，创建一个流分类并进入流分类视图，或进入已存在的流分类视图。

and表示流分类中各规则之间关系为“逻辑与”，指定该逻辑关系后：▪当流分类中有ACL规则时，报文必须匹配其中一条ACL规则以及所有非ACL规则才属于该类；▪当流分类中没有ACL规则时，则报文必须匹配所有非ACL规则才属于该类。

or表示流分类各规则之间是“逻辑或”，即报文只需匹配流分类中的一个或多个规则即属于该类。

缺省情况下，流分类中各规则之间的关系为“逻辑与”。

c.请根据实际情况定义流分类中的匹配规则。

d.执行命令quit，退出流分类视图。

2.配置流行为a.执行命令traffic behavior behavior-name，创建一个流行为，进入流行为视图。

b.请根据实际需要进行如下配置：▪执行命令redirect ip-nexthop ip-address &<1-4> [ forced ]，将符合流分类的报文重定向到下一跳。

2 VLAN配置关于本章VLAN具有隔离广播域、增强保密性、组网灵活和扩展性良好等特点。

2.1 VLAN概述介绍VLAN的定义、由来和作用。

2.2 设备支持的VLAN特性设备支持的VLAN特性包括VLAN的划分、VLAN间的通信、VLAN聚合、MUX VLAN、管理VLAN。

2.3 缺省配置介绍了VLAN参数的缺省配置。

2.4 划分VLAN创建并划分VLAN，将没有互通需求的用户进行隔离，增强网络的安全性、减少广播流量，同时也减少了广播风暴的产生。

2.5 配置VLANIF接口实现VLAN间的通信VLANIF接口是三层逻辑接口，在设备上创建VLANIF接口后，可实现VLAN间的通信。

2.6 配置VLAN聚合节约IP地址VLAN聚合解决了IP地址资源浪费问题，同时可实现不同VLAN间通信。

2.7 配置MUX VLANMUX VLAN可实现VLAN间通信，也可实现VLAN内的用户相互隔离。

2.8 配置管理VLAN实现网管集中管理设备配置管理VLAN功能，用户通过管理VLAN的VLANIF接口登录到管理交换机，实现网管集中管理设备。

2.9 维护VLAN维护VLAN，包括查看和清除VLAN的统计信息。

2.10 配置举例介绍VLAN的配置举例。

配置示例中包括组网需求、配置思路、操作步骤等。

2.11 常见配置错误介绍VLAN常见配置错误的处理方法。

2.1 VLAN概述介绍VLAN的定义、由来和作用。

VLAN（Virtual Local Area Network）即虚拟局域网，是将一个物理的LAN在逻辑上划分成多个广播域的通信技术。

以太网是一种基于CSMA/CD（Carrier Sense Multiple Access/Collision Detection）的共享通讯介质的数据网络通讯技术。

当主机数目较多时会导致冲突严重、广播泛滥、性能显著下降甚至造成网络不可用等问题。

通过交换机实现LAN（Local AreaNetwork）互连虽然可以解决冲突严重的问题，但仍然不能隔离广播报文和提升网络质量。

10路由策略配置关于本章路由策略是为了改变网络流量所经过的途径而对路由信息采用的方法。

10.1 路由策略概述随着网络的日益扩大，路由表激增导致网络负担越来越重，网络安全问题也越来越多。

为了解决上述问题，可以在路由协议发布、接收和引入路由时配置路由策略，过滤路由和改变路由属性。

10.2 设备支持的路由策略特性路由策略的配置包括配置过滤器、配置路由策略和配置路由策略生效时间。

10.3 配置过滤器路由策略过滤器包括访问控制列表、地址前缀列表、AS路径过滤器、团体属性过滤器、扩展团体属性过滤器和RD属性过滤器。

本章介绍其中的地址前缀列表、AS路径过滤器、团体属性过滤器、扩展团体属性过滤器和RD属性过滤器的配置。

其中访问控制列表的配置请参见《S2700, S3700 系列以太网交换机配置指南-安全》中的“ACL配置”。

10.4 配置路由策略路由策略的每个节点由一组if-match子句和apply子句组成。

10.5 配置路由策略生效时间为了保障网络的稳定性，修改路由策略时需要控制路由策略的生效时间。

10.6 维护路由策略路由策略的维护包括清除地址前缀列表统计数据。

10.7 配置举例路由策略配置举例包括组网需求、组网图、配置思路和配置步骤。

10.1 路由策略概述随着网络的日益扩大，路由表激增导致网络负担越来越重，网络安全问题也越来越多。

为了解决上述问题，可以在路由协议发布、接收和引入路由时配置路由策略，过滤路由和改变路由属性。

路由策略与策略路由的区别策略路由PBR（Policy-Based Routing）与单纯依照IP报文的目的地址查找转发表进行转发不同，是一种依据制定的策略而进行路由选择的机制，可应用于安全、负载分担等目的。

路由策略与策略路由是两种不同的机制，主要区别如表10-1。

表10-1路由策略与策略路由的区别10.2 设备支持的路由策略特性路由策略的配置包括配置过滤器、配置路由策略和配置路由策略生效时间。

1以太网链路聚合配置关于本章链路聚合是将多条以太网链路捆绑在一起成为一条逻辑链路。

通过配置链路聚合，可以实现增加带宽、提高可靠性、负载分担的目的。

1.1 链路聚合概述介绍链路聚合的定义、由来和作用。

1.2 设备支持的链路聚合特性设备支持手工负载分担和LACP（Link Aggregation Control Protocol）两种链路聚合模式。

1.3 缺省配置介绍了链路聚合参数的缺省配置。

1.4 配置手工负载分担模式链路聚合通过配置链路聚合，可以达到负载分担、增加带宽、提高可靠性的目的。

1.5 配置LACP模式链路聚合通过配置链路聚合，可以达到负载分担、增加带宽、提高可靠性的目的。

1.6 维护链路聚合维护链路聚合，包括监控链路聚合运行情况和清除LACP统计信息。

1.7 配置举例介绍链路聚合的配置举例。

配置示例中包括组网需求、配置思路、操作步骤等。

1.8 常见配置错误介绍链路聚合常见配置错误的处理方法。

1.1 链路聚合概述介绍链路聚合的定义、由来和作用。

链路聚合（Link Aggregation）是将—组物理接口捆绑在一起作为一个逻辑接口来增加带宽和可靠性的一种方法。

链路聚合组LAG（Link Aggregation Group）是指将若干条以太链路捆绑在一起所形成的逻辑链路，简写为Eth-Trunk。

随着网络规模不断扩大，用户对链路的带宽和可靠性提出越来越高的要求。

在传统技术中，常用更换高速率的接口板或更换支持高速率接口板的设备的方式来增加带宽，但这种方案需要付出高额的费用，而且不够灵活。

采用链路聚合技术可以在不进行硬件升级的条件下，通过将多个物理接口捆绑为一个逻辑接口，实现增加链路带宽的目的。

链路聚合的备份机制能有效提高可靠性，同时，还可以实现流量在不同物理链路上的负载分担。

如图1-1所示，DeviceA与DeviceB之间通过三条以太网物理链路相连，将这三条链路捆绑在一起，就成为了一条Eth-Trunk逻辑链路，这条逻辑链路的带宽等于原先三条以太网物理链路的带宽总和，从而达到了增加链路带宽的目的；同时，这三条以太网物理链路相互备份，有效地提高了链路的可靠性。

6 IGMP Snooping配置关于本章IGMP Snooping配置在二层组播设备上，通过对上游三层设备和下游用户之间的IGMP报文进行分析，建立和维护二层组播转发表，实现组播数据报文在数据链路层的按需分发。

注意事项端口作为VPLS AC侧的接入端口时，如果该端口同时还作为组播流入接口，会导致对应组播数据无法正常转发。

6.1 IGMP Snooping概述IGMP Snooping (Internet Group Management Protocol Snooping)是一种IPv4二层组播协议，通过侦听三层组播设备和用户主机之间发送的组播协议报文来维护组播报文的出接口信息，从而管理和控制组播数据报文在数据链路层的转发。

6.2 设备支持的IGMP Snooping特性设备支持的IGMP Snooping特性包括：IGMP Snooping基本功能、IGMP SnoopingProxy功能、IGMP Snooping策略、成员关系快速刷新以及IGMP Snooping SSMMapping等。

6.3 缺省配置介绍缺省情况下，IGMP Snooping的配置信息。

6.4 配置IGMP Snooping基本功能配置IGMP Snooping基本功能，设备可以建立并维护二层组播转发表，实现组播数据报文在数据链路层的按需分发。

6.5 配置IGMP Snooping ProxyIGMP Snooping Proxy功能在IGMP Snooping的基础上使交换机代替上游三层设备向下游主机发送IGMP Query报文和代替下游主机向上游设备发送IGMP Report和Leave报文，这样能够有效的节约上游设备和本设备之间的带宽。

6.6 配置IGMP Snooping策略通过配置IGMP Snooping策略，可以控制用户对组播节目的点播，提高二层组播网络的可控性和安全性。

6.7 配置成员关系快速刷新配置成员关系快速刷新，使组播组成员加入或者离开组播组时设备能够快速响应成员变化，可以提高组播业务运行效率和用户体验。

10安全关于本章本章主要介绍安全管理的相关概念和相关配置，主要包括：端口隔离、用户静态绑定、AAA配置、802.1X和MAC认证。

10.1 端口隔离提供配置和查询隔离模式、双向隔离、单向隔离的功能。

S2700SI系列交换机不支持此功能。

10.2 用户静态绑定用户静态绑定信息由用户手工配置，支持的绑定方式包括IP+PORT、MAC+PORT、IP+MAC+PORT、IP+PORT+VLAN、MAC+PORT+VLAN、IP+MAC+PORT+VLAN。

S2700SI系列交换机不支持此功能。

10.3 AAA配置AAA是Authentication，Authorization，Accounting（认证、授权和计费）的简称，它提供了一个对认证、授权和计费这三种安全功能进行配置的一致性框架，实际上是对网络安全的一种管理。

在S2700系列交换机中仅是支持用户管理功能。

10.4 802.1X介绍802.1X的基本配置包括全局和接口802.1X参数配置。

10.5 MAC认证介绍MAC地址认证的基本配置包括全局配置和接口配置，使用MAC地址认证的特性。

10.1 端口隔离提供配置和查询隔离模式、双向隔离、单向隔离的功能。

S2700SI系列交换机不支持此功能。

端口隔离模式可以配置为二层三层都隔离或者二层隔离三层互通，最常用的就是同一个小组成员两两之间不能二层互通，却可以通过访问公共资源。

如打印机、服务器等。

10.1.1 双向隔离提供配置隔离模式和双向隔离的新建、查询、修改、删除的功能。

背景信息●同一端口隔离组的接口之间互相隔离，不同端口隔离组的接口之间不隔离。

●交换机支持64个隔离组，编号为1～64。

操作步骤●配置隔离模式说明●缺省情况下，端口隔离模式为L2(二层隔离三层互通)。

●隔离模式选择应用后，会把双向隔离和单向隔离的配置都应用于该模式。

●切换下方的双向隔离和单向隔离标签不影响隔离模式的配置功能。

●S2700（除S2700-52P-PWR-EI）系列交换机不支持此功能。

BrochureProduct OverviewThe S2700 utilizes cutting-edge switching technologies and Huawei Versatile Routing Platform (VRP) software to meet the demand for multi-service provisioning and access on Ethernet networks. It is easy to install and maintain. With its flexiblenetwork deployment, comprehensive security and quality of service (QoS) policies, and energy-saving technologies, the S2700 helps enterprise customers build next-generation IT networks.The S2700 is a box device that is 1 U (44.45 mm or 1.75 in.) high. It is available in a standard version (SI) or an enhanced version (EI).Models and AppearancesModels and AppearancesDescriptionS2700-9TP-SI-ACS2700-9TP-EI-ACS2700-9TP-EI-DC● 8 Ethernet 10/100 ports, 1 dual-purpose 10/100/1000 or SFP●AC and DC power supply for the EI version; AC power supply for the SI version ● Forwarding performance: 2.7 Mpps ●Switching Capacity: 32GbpsS2700-9TP-PWR-EI● 8 Ethernet 10/100 ports, 1 dual-purpose 10/100/1000 or SFP ●AC power supply ● PoE+● Forwarding performance: 2.7 Mpps ●Switching Capacity: 32GbpsS2700-18TP-SI-ACS2700-18TP-EI-AC●16 Ethernet 10/100 ports, 2 dual-purpose 10/100/1000 or SFP ● AC power supply● Forwarding performance: 5.4 Mpps ●Switching Capacity: 32GbpsS2700-26TP-SI-ACS2700-26TP-EI-AC●24 Ethernet 10/100 ports, 2 dual-purpose 10/100/1000 or SFP ● AC power supply for the EI version; AC power supply for the SI version ● Forwarding performance: 6.6 Mpps ●Switching Capacity: 32GbpsS2700-26TP-PWR-EI● 24 Ethernet 10/100 ports, 2 dual-purpose 10/100/1000 or SFP ●AC power supply ● PoE+● Forwarding performance: 6.6 Mpps ● Switching Capacity: 32GbpsS2710-52P-SI-AC●48 Ethernet 10/100 ports, 4 Gig SFP ● AC power supply● Forwarding performance: 13.2 Mpps ● Switching Capacity: 32GbpsS2700-52P-EI-AC●48 Ethernet 10/100 ports, 4 Gig SFP ● AC and DC power supply● Forwarding performance: 13.2 Mpps ● Switching Capacity: 32GbpsS2700-52P-PWR-EI● 48 Ethernet 10/100 ports, 4 Gig SFP ●AC power supply ● PoE+● Forwarding performance: 13.2 Mpps ● Switching Capacity: 32GbpsS2750-20TP-PWR-EI-AC●16 Ethernet 10/100 ports, 2 Gig SFP and 2 dual-purpose 10/100/1000 or SFP ● AC power supply ● PoE+● Forwarding performance: 8.4 Mpps ● Switching Capacity: 64GbpsS2750-28TP-EI-AC●24 Ethernet 10/100 ports, 2 Gig SFP and 2 dual-purpose 10/100/1000 or SFP ● AC power supply● Forwarding performance: 9.6 Mpps ● Switching Capacity: 64Gbps●24 Ethernet 10/100 ports, 2 Gig SFP and 2 dual-purpose 10/100/1000 or SFP ●AC power supplyS2750-28TP-PWR-EI-AC● PoE+● Forwarding performance: 9.6 Mpps ● Switching Capacity: 64GbpsS2720-28TP-EI-AC●24 Ethernet 10/100 ports,2 Gig SFP and 2 dual-purpose ● 10/100/1000 or SFP ● AC power supply● Forwarding performance: 9.6 Mpps ●Switching Capacity: 12.8GbpsFeatures and HighlightsEasy Operation● The S2700 supports Huawei Easy Operation function. Thanks to this function, the S2700 implements easy installation, configuration, monitoring, and troubleshooting, greatly reduces initial installation and configuration costs, improves upgrade efficiency and lowers engineering costs. It provides a Web network management system (NMS) with a user-friendly graphical user interface (GUI) to implement alarm management and visual configuration, facilitating operation and maintenance. In addition, it supports faulty device replacement without configuration.● The S2700 offers a new application-specific integrated circuit (ASIC) switching technique and a fan-free design. This design reduces mechanical faults and protects the device against damages caused by condensed water and dust.Flexible Service Control● The S2700-EI supports various ACLs. ACL rules can be applied to VLANs to flexibly control ports and schedule VLAN resources.● The S2700 supports port-based VLAN assignment, MAC address-based VLAN assignment, protocol-based VLANassignment, and network segment-based VLAN assignment. These secure and flexible VLAN assignment modes are used in networks where users move frequently.● The S2700 supports GARP VLAN Registration Protocol (GVRP), which dynamically distributes, registers, and propagates VLAN attributes to ensure correct VLAN configuration and reduce network administrator workloads. In addition, the S2700 supports SSH v2, HWTACACS, RMON, and port-based traffic statistics. The network quality analyzing (NQA) function assists users with network planning and upgrades.Excellent Security Features● The S2700 supports DHCP snooping, which generates user binding entries based on users' access interfaces, MAC addresses, IP addresses, IP address leases, VLAN IDs. The DHCP snooping function protects enterprises from common attacks such as bogus IP packet attacks, man-in-the-middle attacks, and bogus DHCP server attacks.● The S2700 can limit the number of MAC addresses that can be learned on an interface to prevent attackers fromexhausting MAC address entries by using bogus source MAC addresses. This function minimizes packet flooding, which occurs when users' MAC addresses cannot be found in the MAC address table. The S2700 can also limit the number of ARP entries to prevent ARP spoofing attacks. In addition, it provides an IP source check function to prevent malicious users from using spoofed IP addresses to initiate DoS attacks.● The S2700 supports centralized MAC address authentication and 802.1x authentication. It authenticates users based on statically or dynamically bound user information such as IP address, MAC address, VLAN ID, access interface. VLANs, QoS policies, and ACLs can be dynamically applied to users.PoE Function● The S2700 PWR series support improved Power over Ethernet (PoE) solutions and you can determine whether a PoE port provides power and the time a PoE port provides power. The S2700 PWR can use PoE power supplies with different power levels to provide the PoE function. Powered devices (PDs) such as IP Phones, WLAN APs, and Bluetooth APs can be connected to the S2700 PWR through network cables. The S2700 PWR provides -48V DC power for the PDs.●In its role as power sourcing equipment (PSE), the S2700 PWR complies with IEEE 802.3af and 802.3at (PoE+), and can work with PDs that are incompatible with 802.3af or 802.3at (PoE+). Each port provides a maximum of 30 W of power, complying with IEEE 802.3at. The PoE+ function increases the maximum power available on each port and implements intelligent power management for high-power consumption applications. This process facilitates the ease of PD use. PoE ports are still able to work while in power-saving mode.High Scalability●The S2700 uses Intelligent Stack (iStack) to virtualize multiple switches into a single logical device to ease user management and configuration and expand the system switching capacity. iStack improves switching capacity, reliability, and scalability. Additionally, after the stack is established, all the member switches in a stack use the same IP address. You can use a single IP address to manage and maintain the switches uniformly. This greatly reduces system operation and maintenance (O&M) costs.●The iStack stacking architecture is designed for rapid failover capability with n-1 master redundancy, distributed Layer 2 and Layer 3 switching, link aggregation across the stack, and within 200 millisecond failover for path failure and hitless master/backup failover.●Besides traditional STP, RSTP, and MSTP, the S2700 supports enhanced Ethernet technologies such as Smart Link and RRPP, implements millisecond-level protection switchover for links, and ensures the network quality.●The S2700 supports Smart Ethernet Protection (SEP) protocol, a ring network protocol applied to the link layer of an Ethernet network. SEP provides millisecond-level service switchovers and ensures nonstop forwarding of services. In addition, SEP features simplicity, high reliability, high switchover performance, convenient maintenance, and flexible topology and enables users to manage and plan networks conveniently.●The S2700 supports G.8032 Ethernet Ring Protection Switching (ERPS). The ERPS is based on traditional Ethernet MAC and bridging functions. It uses the mature Ethernet OAM and Ring Automatic Protection Switching (Ring APS or R-APS) technologies to implement millisecond-level protection switching on Ethernet. ERPS supports various services and flexible networking and lowers operating expense (OPEX) and capital expenditure (CAPEX) of users.Comprehensive QoS Policies●The S2700 supports complex traffic classification based on packets' TCP/UDP port numbers, VLAN IDs, source MAC/IP addresses, destination MAC/IP addresses, IP protocols, or priorities. By limiting the traffic rate based on traffic classification results, the S2700 implements line-speed forwarding on each port to ensure high-quality voice, video, and data services. Each port supports a maximum of eight queues and multiple queue scheduling algorithms, such as WRR, SP, and WRR+SP. Powerful Surge Protection Capability●The S2700 uses the Huawei patented surge protection technique that supports 7 kV surge protection capability on service ports. This effectively protects switches against over lightning induced overvoltage. The Huawei patented surge protection technique greatly reduces the possibility of equipment being damaged by lightning, even in extreme situations or in scenarios where grounding is not feasible.Quiet Operation, Energy Conservation, and Low Radiation●The S2700 uses an energy-saving integrated circuit design to ensure even heat dissipation. Idle ports can enter a sleep mode to further reduce power consumption. The S2700 generates no sound because it does not contain any fans. Radiation produced by the S2700 is within the standard range for electric appliances and causes no harm to the human body. Product SpecificationsDownlink ports ●S2700-9TP-SI: 810/100Base-TX Ethernetports●S2700-18TP-SI: 1610/100Base-TX Ethernetports●S2700-26TP-SI: 24 ●S2700-9TP-EI/S2700-9TP-PWR-EI: 8 10/100Base-TXEthernet ports●S2700-18TP-EI: 1610/100Base-TX Ethernetports●S2700-26TP-EI/S2700-●S2750-20TP-PWR-EI-AC: 1610/100Base-TX Ethernetports●S2750-28TP-EI-AC/S2750-28TP-PWR-EI-AC/ S2720-28TP-EI-AC: 24 10/100Base-TX Ethernet ports10/100Base-TX Ethernetports●S2710-52P-SI: 4810/100Base-TX Ethernetports26TP-PWR-EI: 2410/100Base-TX Ethernetports●S2700-52P-EI: 4810/100Base-TX EthernetportsUplink ports ●S2700-9TP-SI: 1 dual-purpose 10/100/1000 or SFP●S2700-18TP-SI/S2700-26TP-SI: 2 dual-purpose10/100/1000 or SFP●S2710-52P-SI: 4 Gig SFP ●S2700-9TP-EI/S2700-9TP-PWR-EI: 1 dual-purpose10/100/1000 or SFP●S2700-18TP-EI/S2700-26TP-EI/S2700-26TP-PWR-EI: 2 dual-purpose10/100/1000 or SFP●S2700-52P-EI: 4 Gig SFP●S2750-20TP-PWR-EI/S2750-28TP-EI-AC/S2750-28TP-PWR-EI: 2 Gig SFP and 2dual-purpose 10/100/1000 orSFP●S2720-28TP-EI-AC: 2 GigSFP and 2 dual-purpose10/100/1000 or SFPMAC address 8K MAC address entriesManual deletion of dynamicMAC address entriesAging time of MAC addressconfigurableBlackhole MAC address entries 8K MAC address entriesManual deletion of dynamic MACaddress entriesAging time of MAC addressconfigurableBlackhole MAC address entriesMAC address learning controlwhich based on ports16K MAC address entriesManual deletion of dynamic MACaddress entriesAging time of MAC addressconfigurableMAC address learning controlwhich based on portsBlackhole MAC address entriesVLAN feature 4K active VLANs, complyingwith IEEE 802.1QPort-based VLAN assignment 4K active VLANs, complying withIEEE 802.1QPort-based VLAN assignmentMAC address-based assignmentPort-based QinQ4K active VLANs, complying withIEEE 802.1QPort-based VLAN assignmentMAC address-based assignmentPort-based QinQQoS Outbound-Port-based ratelimiting and flow-based ratelimiting4 or 8 queues of differentpriorities on each portMapping between 802.1ppriorities and queuesSP, WRR, and SP+WRRalgorithms Port-based rate limiting and flow-based rate limiting4 or 8 queues of differentpriorities on each portMapping between 802.1ppriorities and queuesSP, WRR, and SP+WRRalgorithmsPort-based rate limiting and flow-based rate limiting8 queues of different priorities oneach portMapping between 802.1ppriorities and queuesSP, WRR, and SP+WRRalgorithmsPacket-based priority remarkand packet redirectionIPv4 routing Static routing Static routing Static routingRIP v1/v2（S2750-EI）IPv6 feature IPv6 protocolStatic IPv6 routes IPv6 protocolStatic IPv6 routesSupports MLD v1/v2 snooping.IPv6 protocolStatic IPv6 routesSupports MLD v1/v2 snooping.Multicast IGMP v1/v2/v3 snoopingPort-based rate limiting formulticast packets MVLANControllable multicastIGMP v1/v2/v3 snoopingPort-based rate limiting formulticast packetsMVLANControllable multicastIGMP v1/v2/v3 snoopingPort-based rate limiting formulticast packetsReliability S2700-SI: STP (IEEE 802.1d),RSTP (IEEE 802.1w)S2710-SI: STP (IEEE 802.1d),RSTP (IEEE 802.1w), MSTP(IEEE 802.1s) STP (IEEE 802.1d), RSTP (IEEE802.1w), MSTP (IEEE 802.1s),and RRPP topology and RRPPmulti-instanceSTP (IEEE 802.1d), RSTP (IEEE802.1w), MSTP (IEEE 802.1s),and RRPP topology and RRPPmulti-instanceSEP and ERPS (G.8032)Smart Link tree topology andSmart Link multi-instance,implementing millisecond-levelprotective switchoverTraffic sampling N/A N/A sFlowSecurity & Access features S2700-SI: Storm suppressionS2710-SI: Storm suppression, IPSource Guard802.1x authentication and limiton the number of users on aninterfaceStorm suppressionIP Source Guard802.1x authentication and limiton the number of users on aninterfaceStorm suppressionIP Source GuardS2700-SI: Multipleauthentication methods includingAAA, RADIUS, and TACACS+Port isolationSuppression of multicast,broadcast, and unknown unicastpacketsCPU defenseS2710-SI: Multipleauthentication methods includingAAA, RADIUS, and TACACS+Port isolationSuppression of multicast,broadcast, and unknown unicastpacketsCPU defenseDHCP snoopingMultiple authentication methodsincluding AAA authentication,RADIUS authentication, andTACACS+ authentication802.1x authentication, MACaddress authentication, MACbypass authenticationDHCP snoopingPort isolation and sticky MACPacket filtering based on MACaddressesSuppression of multicast,broadcast, and unknown unicastpacketsLimit on the number of learnedMAC addressesCPU defenseS2750-EI/S2720-EI: DHCP relayMultiple authentication methodsincluding AAA authentication,RADIUS authentication, andTACACS+ authentication802.1x authentication, MACaddress authentication, MACbypass authenticationDHCP snoopingPort isolation and sticky MACPacket filtering based on MACaddressesSuppression of multicast,broadcast, and unknown unicastpacketsLimit on the number of learnedMAC addressesCPU defenseS2750-EI/S2720-EI: DHCP relaySurge protection Surge protection capability ofservice ports: 7kV Surge protection capability ofservice ports: 7kVSurge protection capability ofservice ports: 7 kVManagement Stack (S2710-52P-SI-AC)Auto-ConfigCLI-based configurationRemote configuration usingTelnetSNMP V1/V2C/V3Remote network monitoringSSHv2Web-based device management Stack (S2700-52P-EI-AC,S2700-52P-PWR-EI)Auto-ConfigCLI-based configurationRemote configuration usingTelnetSNMP V1/V2C/V3Remote network monitoringSSHv2Web-based device managementStackEasy OperationCLI-based configurationRemote configuration usingTelnetSNMP V1/V2C/V3Remote network monitoringSSHv2Web-based device managementInteroperability NA NA Supports VBST (Compatible withPVST/PVST+/RPVST)Supports LNP (Similar to DTP)Supports VCMP (Similar to VTP)Operating environment ●Long-term operatingtemperature: –5°C to +50°C↵●Relative humidity: 10% to90% (non-condensing)●Long-term operatingtemperature: –5°C to +50°C↵●Relative humidity: 10% to90% (non-condensing)●Long-term operatingtemperature: –5°C to +50°C↵●Relative humidity: 10% to90% (non-condensing)Power AC:●Rated voltage range: 100 Vto 240 V AC, 50/60 Hz●Maximum voltage: 90 to 264V AC, 50/60 HzDC:●Rated voltage range: –48 Vto –60 V DC●Maximum voltage range: –36V to –72 V, DC AC:●Rated voltage range: 100 Vto 240 V AC, 50/60 Hz●Maximum voltage: 90 to 264V AC, 50/60 HzDC:●Rated voltage range: –48 Vto –60 V DC●Maximum voltage range: –36V to –72 V, DCAC:●Rated voltage range: 100 Vto 240 V AC, 50/60 Hz●Maximum voltage: 90 to 264V AC, 50/60 HzDC:●Rated voltage range: –48 Vto –60 V DC●Maximum voltage range: –36V to –72 V, DCDimensions (WxDxH) ●S2700-9TP-SI:250×180×43.6●S2700-18TP-SI/S2700-26TP-SI: 442×220×43.6●S2710-52P-SI:442×220×43.6●S2700-9TP-EI:250×180×43.6●S2700-9TP-PWR-EI:320×220×43.6●S2700-18TP-EI/S2700-26TP-EI: 442×220×43.6●S2700-26TP-PWR-EI:442×420×43.6●S2700-52P-EI:442×220×43.6●S2750-28TP-EI-AC/S2720-28TP-EI-AC: 442×220×43.6●S2750-20TP-PWR-EI-AC/S2750-28TP-PWR-EI-AC: 442×310×43.6Weight ●S2700-9TP-SI: <1.4 kg●S2700-18TP-SI: <2.4 kg●S2700-26TP-SI: <2.4 kg●S2710-52P-SI: <3 kg ●S2700-9TP-EI: <1.4 kg●S2700-9TP-PWR-EI: <2.5 kg●S2700-18TP-EI: <2.4 kg●S2700-26TP-EI: <2.4 kg●S2700-52P-EI: <3 kg●S2700-26TP-PWR-EI: <4 kg(without power supply)●S2750-20TP-PWR-EI: <4.5kg●S2750-28TP-EI: <3 kg●S2750-28TP-PWR-EI: <4.5kg●S2720-28TP-EI-AC: <3 kgPower consumption ●S2700-9TP-SI: <12.8 W●S2700-18TP-SI: <14.5 W●S2700-26TP-SI: <15.5 W●S2710-52P-SI: <38 W●S2700-9TP-EI: <12.8 W●S2700-9TP-PWR-EI: <154 W(PoE: 124 W)●S2700-18TP-EI: <14.5 W●S2700-26TP-EI: <15.5 W●S2700-52P-EI: <38 W●S2700-26TP-PWR-EI:<808W (PoE: 740 W)●S2750-20TP-PWR-EI: <435W (PoE: 370W)●S2750-28TP-EI: <15.7 W●S2750-28TP-PWR-EI: <445W (PoE: 370W)●S2720-28TP-EI-AC: <15.7WNetworking and Applications100 Mbit/s Access Rate for TerminalsThe S2700 can function as a desktop access device that provides an access rate of 100 Mbit/s for terminals and 1000 Mbit/s uplink interfaces to communicate with uplink devices.Ordering InformationItem Product Description1 S2700-9TP-EI-AC Mainframe (8 Ethernet 10/100 ports, 1 dual-purpose 10/100/1000 or SFP, AC 110/220V)2 S2700-9TP-EI-DC Mainframe (8 Ethernet 10/100 ports, 1 dual-purpose 10/100/1000 or SFP, DC -48V)3 S2700-9TP-SI-AC Mainframe (8 Ethernet 10/100 ports, 1 dual-purpose 10/100/1000 or SFP, AC 110/220V)4 S2700-18TP-EI-AC Mainframe (16 Ethernet 10/100 ports, 2 dual-purpose 10/100/1000 or SFP, AC 110/220V)5 S2700-18TP-SI-AC Mainframe (16 Ethernet 10/100 ports, 2 dual-purpose 10/100/1000 or SFP, AC 110/220V)6 S2700-26TP-EI-AC Mainframe (24 Ethernet 10/100 ports, 2 dual-purpose 10/100/1000 or SFP, AC 110/220V)7 S2700-26TP-SI-AC Mainframe (24 Ethernet 10/100 ports, 2 dual-purpose 10/100/1000 or SFP, AC 110/220V)8 S2700-52P-EI-AC Mainframe (48 Ethernet 10/100 ports, 4 Gig SFP, AC 110/220V)9 S2710-52P-SI-AC Mainframe (48 Ethernet 10/100 ports, 4 Gig SFP, AC 110/220V)10 S2700-9TP-PWR-EI Mainframe (8 Ethernet 10/100 ports, PoE+, 1 dual-purpose 10/100/1000 or SFP, AC110/220V)11 S2700-26TP-PWR-EI Mainframe (24 Ethernet 10/100 ports, 2 dual-purpose 10/100/1000 or SFP, PoE+, withoutpower module)12 S2700-52P-PWR-EI Mainframe (48 Ethernet 10/100 ports, 4 Gig SFP, PoE+, Dual Slots of Power, Including Single500W AC Power)13 S2750-20TP-PWR-EI-AC Mainframe (16 Ethernet 10/100 ports, 2 Gig SFP and 2 dual-purpose 10/100/1000 orSFP, PoE+, AC 110/220V)14S2750-28TP-EI-AC Mainframe (24 Ethernet 10/100 ports, 2 Gig SFP and 2 dual-purpose 10/100/1000 or SFP, AC 110/220V)15 S2750-28TP-PWR-EI-AC Mainframe (24 Ethernet 10/100 ports, 2 Gig SFP and 2 dual-purpose 10/100/1000 orSFP, PoE+, AC 110/220V)16 S2720-28TP-EI-AC Mainframe (24 Ethernet 10/100 ports, 2 Gig SFP and 2 dual-purpose 10/100/1000 or SFP, AC110/220V)17 500W PoE power supply unitMore InformationFor more information about Huawei Campus Switches, visit or contact us in the following ways:●Global service hotline: /en/service-hotline●Logging in to the Huawei Enterprise technical support website: /enterprise/●Sending an email to the customer service mailbox: ********************Copyright © Huawei Technologies Co., Ltd. 2018. All rights reserved.No part of this document may be reproduced or transmitted in any form or by any means without prior writtenconsent of Huawei Technologies Co., Ltd.Trademarks and Permissionsand other Huawei trademarks are trademarks of Huawei Technologies Co., Ltd.All other trademarks and trade names mentioned in this document are the property of their respective holders.NoticeThe purchased products, services and features are stipulated by the contract made between Huawei and thecustomer. All or part of the products, services and features described in this document may not be within thepurchase scope or the usage scope. Unless otherwise specified in the contract, all statements, information, and recommendations in this document are provided "AS IS" without warranties, guarantees or representations of any kind, either express or implied.The information in this document is subject to change without notice. Every effort has been made in the preparation of this document to ensure accuracy of the contents, but all statements, information, and recommendations in this document do not constitute a warranty of any kind, express or implied. Huawei Technologies Co., Ltd. Address:Huawei Industrial Base Bantian, Longgang Shenzhen 518129 People's Republic of ChinaWebsite:。

2 IP路由基础配置关于本章通过配置IP路由基础，可以了解IP路由的基本参数。

2.1 路由表的显示和维护通过查看路由表，有助于了解网络拓扑结构和定位路由问题。

2.2 路由管理模块的显示通过查看路由管理模块的显示信息，有助于定位路由问题。

2.1 路由表的显示和维护通过查看路由表，有助于了解网络拓扑结构和定位路由问题。

背景信息查看路由表的信息是定位路由问题的基本手段，下面列举了通用的路由表信息显示及维护命令。

display命令可以在所有视图下使用。

reset命令在用户视图下使用。

交换机引入较多的路由会占用较多的系统资源，在系统业务繁忙时，这就有可能影响设备的正常运行。

为提高系统的安全性和可靠性，可以配置公网路由前缀限制，这样当路由前缀数超过预先设定的值时，系统会输出告警信息，从而提醒用户检查公网路由前缀的有效性。

操作步骤●使用display ip routing-table命令查看IPv4路由表中当前激活路由的摘要信息。

●使用display ip routing-table verbose命令查看IPv4路由表详细信息。

●使用display ip routing-table ip-address [ mask | mask-length ] [ longer-match ] [ verbose ]命令查看指定目的IPv4地址的路由信息。

●使用display ip routing-table ip-address1 { mask1 | mask-length1 } ip-address2 { mask2 | mask-length2 } [ verbose ]命令查看指定目的IPv4地址范围内的路由信息。

●使用display ip routing-table acl { acl-number | acl-name } [ verbose ]命令查看通过指定基本访问控制列表过滤的IPv4路由信息。

●使用display ip routing-table ip-prefix ip-prefix-name [ verbose ]命令查看通过指定前缀列表过滤的IPv4路由信息。

Quidway® S2700系列企业网交换机产品概述Quidway® S2700系列企业网交换机（以下简称S2700）是华为公司推出的新一代绿色节能的以太网智能百兆接入交换机。

它基于新一代交换技术和华为VRP®（Versatile Routing Platform）软件平台，针对企业客户的各种应用场景，提供简单便利的安装维护手段，同时融合了灵活的VLAN部署、完备的安全和QoS控制策略、绿色环保等先进技术，可满足以太网多业务承载和接入需要，助力企业用户搭建面向未来的IT网络。

S2700为盒式产品设备，机箱高度为1U，提供标准型（SI）和增强型（EI）两种产品版本。

包括S2700-9TP-EI、S2700-9TP-SI、S2700-18TP-EI、S2700-18TP-SI、S2700-26TP-EI、S2700-26TP-SI、S2700-52P-EI、S2700-9TP-PWR-EI、S2700-26TP-PWR-EI。

产品型号和外观Quidway® S2700系列包括以下交换机：S2700-9TPS2700-9TP-EI-AC S2700-9TP-SI-AC ●8个10/100Base-TX，1个千兆Combo口（10/100/1000Base-T或100/1000Base-X）●EI分交流供电和直流供电两种机型，SI只有交流机型S2700-9TP-PWR-EI ●8个10/100Base-TX，1个千兆Combo口（10/100/1000Base-T或100/1000Base-X）●交流供电●支持POE+S2700-18TPS2700-18TP-EI-AC S2700-18TP-SI-AC ●16个10/100Base-TX，2个千兆Combo口（10/100/1000Base-T或100/1000Base-X ），●交流供电S2700-26TPS2700-26TP-EI-AC S2700-26TP-SI-AC ●24个10/100Base-TX，2个千兆Combo 口（10/100/1000Base-T或100/1000Base-X）●EI分交流供电和直流供电两种机型，SI只有交流机型S2700-26TP-PWR-EI ●24个10/100Base-TX，2个千兆Combo 口（10/100/1000Base-T或100/1000Base-X）●交流供电●支持POE+S2700-52PS2700-52P-EI-AC ●48个10/100Base-TX，2个100/1000Base-XSFP，2个1000Base-X SFP，●交流供电产品特性和优势●免维护，易部署，易管理S2700支持自动配置，智能式即插即用，大大降低初始安装成本；采用全新交换ASIC技术，整机无风扇设计，减少机械故障点的同时免除凝露腐蚀和尘土侵害，能有效降低主机53%维护率。

华为交换机命名规则LG GROUP system office room 【LGA16H-LGYY-LGUA8Q8-LGA162】华为交换机命名规则在华为S系列园区交换机中，每个系列中都有许多种不同机型，特别是像S1700、S2700、S3700、S5700这样应用范围比较广、机型比较多的中低端产品系列，每个系列中的每款机型的硬件配置或多或少有所不同，所以在正式介绍这些交换机系列前先介绍它们的命名规则，以便能快速地进行华为S系列交换机选型。

但因为不同系列的主要应用环境和所包括的机各不相同，所以它们在命名规则上也存在许多不同。

下面分别予以介绍。

1．S1700系列机型的命名规则S1700系列比较特殊，它是专门为个人和小型企业用户量身打造的SOHO级交换机。

由于应用、功能比较简单，一般不需要配置或者通过简单的Web配置即可使用。

目前S1700系列中，网管型和非网管型交换机各有5款机型，具体将在本章后面介绍。

下面以S1700-8-AC、S1700-28GFR-4P-AC和S1700-52FR-2T2P-AC 3款机型为例介绍S1700系列交换机的命名规则，如图1-2所示。

各部分含义说明如表1-1所示。

表1-1 S1700系列命名规则中各部分的含义2．S2700系列机型的命名规则为了满足不同用户的需求，S2700系列提供了多款机型。

下面以S2700-26TP-PWR-EI、S2710-52P-SI-AC、S2700-52P-EI-AC和S2700-9TP-SI为例介绍S2700系列交换机的命名规则，如图1-3所示。

各部分的具体含义如表1-2所示。

表1-2 S2700系列交换机命名规则中各部分的含义3．S3700系列交换机的命名规则同样，为了满足不同用户的需求，S3700系列提供了多款机型，用户可以根据不同的网络需求进行灵活的选择。

下面以S3700-28TP-PWR-EI、S3700-52P-EI-24S-DC、S3700-28TP-EI-MC-AC和S3700-28TP-SI-AC为例介绍S3700系列交换机的命名规则，如图1-4所示。

华为 S2700系列交换机产品彩页2华为企业Sx700系列交换机S2700系列企业交换机产品型号和外观1华为企业Sx700系列交换机• 转发性能：17.7Mpps • 交换容量：32Gbps 2华为企业Sx700系列交换机简易运维Easy Operation• S2700支持华为Easy Operation 简易运维功能。

借助Easy Operation 简易运维功能可以实现简易安装、简易配置、简易监控和简易故障处理，大幅降低初始安装和配置成本；提高升级效率并降低工程成本；具备友好的人机界面和Web 网管，支持告警管理和可视化配置；支持故障设备更换免配置功能。

• S2700采用全新ASIC 交换芯片，支持无风扇设计，在减少机械故障点的同时免除凝露腐蚀和尘土侵害，能有效降低故障率。

灵活的业务控制能力• S2700-EI 支持丰富的ACL 策略控制，特别是支持基于VLAN 下发ACL 规则，实现VLAN 内多端口的灵活控制和统一资源调度。

• S2700支持多种VLAN 划分方式：支持基于端口、基于MAC 地址、基于协议、基于网段划分VLAN ，部署安全灵活，尤其适合有移动办公需求的网络场景。

• S2700支持GVRP ，可实现VLAN 的动态分发、注册和传播VLAN 属性，减少手工配置量、保证VLAN 配置正确性，减少因为配置不一致而导致的网络互通问题。

此外，还支持SSHv2、HWTACACS 、RMON 、基于端口的流量统计；支持NQA 网络质量分析，有利于网络规划和优化。

丰富的安全接入机制• S2700支持完备的DHCP Snooping 功能，通过侦听接入用户的MAC/IP 地址、租期、VLAN ID 、接口等信息，防止IP 报文伪造、中间人攻击、DHCP 服务器私接等常见网络安全威胁，保障网络接入安全。

产品特性和优势3华为企业Sx700系列交换机• S2700支持基于端口的源MAC地址学习限制功能，有效防止攻击者变换源MAC地址发动攻击而产生的泛洪。