104 Common network devices

www.huawei.com
Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved.
Common Network Devices

Foreword
 Network devices are the basic components of a network. When planning
and constructing a network, you need to deploy and configure the network
devices to meet network connection or network security requirements.

Objectives
 Upon completion of this course, you will be able to:
 Describe Huawei common network devices.
 Describe the functions of network devices.
 Log in to network devices and perform basic configurations.

Contents
1. Basic Network Devices
2. Initial Device Login

Campus Network Security Deployment Scenario
Remote employees
Branch/Partner Virus
DMZ
Office Office
Data
center
NIP vNGFW
Anti-DDoS
ATIC

Switch
 A switch works at the data link layer and forwards data frames.
SWA
Host A Host C
Host B
IP address: 10.1.1.1/24
MAC address: 00-01-02-03-04-AA
IP address: 10.1.1.2/24
MAC address: 00-01-02-03-04-BB
IP address: 10.1.1.3/24
MAC address: 00-01-02-03-04-CC
G0/0/1
G0/0/2
G0/0/3

Forwarding on Switches
Flooding
Forwarding
Discarding

Initial State of Switches
 In the initial state, the MAC address table of a switch is empty.
MAC address table
MAC Address Interface
SWA
Host A Host C
Host B
IP address: 10.1.1.1/24
IP address: 10.1.1.2/24
IP address: 10.1.1.3/24
G0/0/1
G0/0/2
G0/0/3

Learning MAC Addresses
 The switch records the source MAC address and corresponding interface of
the received data frame in the MAC address table.
00-01-02-03-04-AA G0/0/1
MAC address table
SWA
Host A Host C
Host B
IP address: 10.1.1.1/24
IP address: 10.1.1.2/24
IP address: 10.1.1.3/24
G0/0/1 G0/0/2
G0/0/3

00-01-02-03-04-AA G0/0/1
Forwarding Data Frames
 When the destination MAC address of a data frame is not in the MAC address table or it is
a broadcast address, the switch floods the frame.
MAC address table
SWA
Host A Host C
Host B
IP address: 10.1.1.1/24
IP address: 10.1.1.2/24
IP address: 10.1.1.3/24
G0/0/1
G0/0/2
G0/0/3
Des.MAC
00-01-02-03-04-AA
FF-FF-FF-FF-FF-FF
Src.MAC

Response from the Target Host
 The switch unicasts the reply from Host C to Host A based on the MAC address table.
00-01-02-03-04-AA G0/0/1
00-01-02-03-04-CC G0/0/3
MAC address table
SWA
Host A
Host C
Host B
IP address: 10.1.1.1/24
IP address: 10.1.1.2/24
IP address: 10.1.1.3/24
G0/0/1
G0/0/2 G0/0/3

Router
 Function: forwards data packets between different networks
Network layer
Data link layer
Physical layer
Network layer
Data link layer
Physical layer
Network layer
Data link layer
Physical layer
Router A Router B Router C
Application layer
Transmission
layer
Network layer
Data link layer
Physical layer
Host A Host B
Application layer
Transmission
layer
Network layer
Data Link layer
Physical layer
Router C
Router B
Router A

Route Selection
 A router selects an optimal path for data packets and forwards the packets.
RTA
RTB
RTC
RTD

Firewall
 A firewall is mainly used to protect one network area against network attacks and intrusions
from another network area.

Comparing Firewalls with Switches and Routers
 The primary function of routers and switches is forwarding, whereas that of
firewalls is controlling.
Switch
Aggregating and building a LAN
Layer 2/Layer 3 fast forwarding of packets
Firewall
Controlling packet
forwarding
Anti Trojan horses and
viruses
Router
Addressing and forwarding
Ensuring network interconnection
×

Firewall Development History
1989 1994 1995 2004 2005 2009
Access control
Packet
filtering
Application
agent
Status check
UTM NGFW
Dedicated device
Session mechanism Multi-function overlay
DPI technology
Proxy technology
Control based on user + application +
content

Firewall Security Zone
 Security zone (or zone):
 A local logical security zone
 A network connected to one or more interfaces
DMZ
Trust zone
Untrust zone

Relationship Between Firewall Security Zones
and Interfaces
 Does the firewall have two security zones with the same security level?
 Does the firewall allow the same physical interface to belong to two different security zones?
 Can different interfaces on a firewall belong to the same security zone?
G0/0/2 --> DMZ G0/0/2 --> Untrust zone
GE1/0/0 --> Trust zone G0/0/1 --> Trust zone

Contents
2. Device Initial Login
 Basic Service Configurations
 Basic System Settings

VRP Overview
 Versatile Routing Platform (VRP)
 Network operating system
 Software platform that supports multiple types of devices
 Provides TCP/IP routing services

Introduction to Command Line
 The CLI is divided into command views. All commands must be executed in
command views. You can run a command only after you enter its
command view.
<NGFW> User view
<NGFW>system-view
[NGFW] System view
[NGFW]interface GigabitEthernet 0/0/1
[NGFW–GigabitEthernet0/0/1]quit Interface view
[NGFW]ospf 1
[NGFW-ospf-1] Protocol view

Command Line Help: Full Help
 Full help displays all the keywords or parameters after you enter a question mark (?) in the command
line.
 In any command view, enter ? to obtain all commands and a brief description of each in the command view.
 You can also enter a command (if it is a keyword) followed by a space and ? to obtain all keywords and a brief
description of each.
<NGFW>?
User view commands:
anti-ddos Defend against DDoS attacks
arp Specify ARP configuration information
<NGFW>display firewall ?
blacklist Indicate the blacklist command group
dataplane Indicate dataplane to manageplane
defend Indicate attack defense

Command Line Help: Partial Help
 Partial help displays all the keywords or parameters that start with the character string entered in the
command line.
 Type a character string followed by ? to obtain all keywords that begin with the character string.
 You can also enter a command followed by a character string and ? to obtain all keywords starting with the
character string.
<NGFW>d?
debugging delete
dir display
download
<NGFW>display b?
backup-configuration bfd
bgp bridge
buffer bulk-stat

Command Line Help: Tab Key
 If there is only one match for an incomplete keyword:
 If there are multiple matches for a keyword:
[NGFW]info-
[NGFW]info-center
[NGFW]info-center l
[NGFW]info-center lo
[NGFW]info-center loghost
[NGFW]info-center local
[NGFW]info-center logbuffer
[NGFW]info-center logfile

Configuring Interfaces
 Choose Network > Interface, and select the interface to be modified.
 Configure an IP address for the interface and switch the interface mode.
Switch the interface mode.
The available modes are Routing
(Layer 3), Switching (Layer 2), and
Hybrid (Layer 2 and 3).
Configure the IP address
and subnet mask.
Add to the security
zone.

Configuring Routes
 Choose Network > Route > Static Route, and click Add.
1
2

Overview of Device Login Management
 Device login management
 Console
 Telnet
 SSH
 Web

Login to the Device Through the Console Port (1)
 Check the parameters of the local port.

Log in to the Device Through the Console Port (2)
 Configure the connection interface and communications parameters:
Parameter Value
Speed (baud) 9600
Data bits 8
Parity None
Stop bits 1
Flow control None

Web Login: Function Overview
 By default, you can log in to the device through GigabitEthernet0/0/0.
 Set the IP address obtaining mode for network connection to obtain an IP address automatically on the administrator’s PC.
 Directly connect the PC Ethernet interface to the default management interface on the device, or connect them through a switch.
 Enter https://192.168.0.1 in the browser to access the web login page.
 The default user name is admin, and its password is Admin@123.

Web Login: Configuration Management (1)
 If you need to log in to the device through the service interface in web mode, configure the
web login function on the device.
 Enable the web management function, enable HTTP or HTTPS management according to
requirements, and set the port number.
1
2

 Configure a web administrator.
1
2
3

 Configure the login interface.
1
2
3

Telnet Login: Configuration Management (1)
 By default, Telnet login is disabled on the NGFW. To use Telnet, log in to the NGFW in another mode
and enable the Telnet service.
 Enable the Telnet service.
1
2

 Configure a Telnet administrator.
1
2
3

 Configure the login interface.

SSH Login: Configuration Management (1)
 SSH provides greater security and powerful authentication functions for users to log in to the device. Configure SSH
device management on the USG interface. The administrator can enable SSH device management as required.
 Configuration commands:
 Enable the STelnet service.
 Configure SSH management on the USG interface.
 Configure a local RSA key pair.
 Configure VTY user interfaces.
[NGFW]stelnet server enable
[NGFW-GigabitEthernet1/0/1]service-manage enable
[NGFW-GigabitEthernet1/0/1]service-manage ssh permit
<NGFW>system-view
[NGFW]rsa local-key-pair create
[USG]user-interface vty 0 4
[USG-ui-vty0-4]protocol inbound all
[USG-ui-vty0-4]authentication-mode aaa

SSH Login: Configuration Management (2)
 Create an SSH administrator account and set the authentication mode to Password and service mode
to STelnet.
 Create an SSH user.
 After the preceding configurations are completed, run the SSH client software to establish an SSH
connection.
 If a Huawei device functions as an SSH client, enable the SSH login function on the client.
[NGFW]aaa
[NGFW-aaa]manager-user sshadmin
[NGFW-aaa-manager-user-sshadmin]service-type ssh
[NGFW-aaa-manager-user-sshadmin]level 3
[NGFW-aaa-manager-user-sshadmin]password cipher huawei
[NGFW]ssh user sshadmin
[NGFW]ssh user sshadmin authentication-type password
[NGFW]ssh user sshadmin service-type stelnet
[NGFW]ssh client first-time enable

Contents
2. Device Initial Login
 Basic Service Configurations
 Basic System Settings

Overview of Device File Management
 Device File Management
 Configuration file management
 System file management (software upgrade)
 License management

Configuration File Management
 Configuration file types:
 Saved-configuration: the configuration file used for the next startup of the USG. It is
stored in the flash memory or CF card of the USG and persists across restarts.
 Current-configuration: the configuration currently in use on the USG. It is modified by
command lines and web operations. It is stored in the memory of the USG and persists
across restarts. Common operations for the configuration file
 Save the configuration file.
 Erase the configuration file (restore to factory settings).
 Configure the system software and configuration file for the next startup.
 Restart devices.

Version Upgrade
 One-click upgrade
1
2
3

License Configuration
 A license is provided by a vendor to authorize the usage scope and validity period
of product features. It dynamically controls whether certain features of a product
are available.
 Activate a license.
1
2

Quiz
1. What is the default login IP address used in web login mode?
A. 192.168.0.1/24
B. 192.168.1.1/24
C. 172.16.0.1/16
D. 172.21.1.1/16

Summary
 Functions and models of common network devices
 Device login methods
 Basic configuration of security devices

Thank You
www.huawei.com

104 Common network devices

More Related Content

What's hot

Similar to 104 Common network devices

More from SsendiSamuel

Recently uploaded

104 Common network devices