0% found this document useful (0 votes)
83 views46 pages

104 Common Network Devices

Uploaded by

Rachid Abdel
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
0% found this document useful (0 votes)
83 views46 pages

104 Common Network Devices

Uploaded by

Rachid Abdel
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 46

Common Network Devices

www.huawei.com

Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved.


Foreword
 Network devices are the basic components of a network. When planning a
nd constructing a network, you need to deploy and configure the network
devices to meet network connection or network security requirements.

Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Page 3
Objectives
 Upon completion of this course, you will be able to:
 Describe Huawei common network devices.
 Describe the functions of network devices.
 Log in to network devices and perform basic configurations.

Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Page 4
Contents
1. Basic Network Devices
2. Initial Device Login

Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Page 5
Campus Network Security Deployment Scenario
Branch/Partner Virus Remote employees

Anti-DDoS

ATIC
DMZ

Data Office Office


center

NIP vNGFW

Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Page 6
Switch
 A switch works at the data link layer and forwards data frames.
SWA

G0/0/1 G0/0/3
G0/0/2

Host A Host B Host C

IP address: 10.1.1.1/24 IP address: 10.1.1.2/24 IP address: 10.1.1.3/24


MAC address: 00-01-02-03-04-AA MAC address: 00-01-02-03-04-BB MAC address: 00-01-02-03-04-CC

Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Page 7
Forwarding on Switches

Flooding

Forwarding

Discarding

Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Page 8
Initial State of Switches
 In the initial state, the MAC address table of a switch is empty.
SWA
MAC address table

MAC Address Interface

G0/0/1 G0/0/3

G0/0/2

Host A Host B Host C

IP address: 10.1.1.1/24 IP address: 10.1.1.2/24 IP address: 10.1.1.3/24


MAC address: 00-01-02-03-04-AA MAC address: 00-01-02-03-04-BB MAC address: 00-01-02-03-04-CC

Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Page 10
Learning MAC Addresses
 The switch records the source MAC address and corresponding interface of
the received data frame in the MAC address table.
SWA
MAC address table

MAC Address Interface


G0/0/3
P
00-01-02-03-04-AA G0/0/1
AR
A G0/0/1 G0/0/2
r c.M
S C
AC
s.M
De

Host A Host B Host C

IP address: 10.1.1.1/24 IP address: 10.1.1.2/24 IP address: 10.1.1.3/24


MAC address: 00-01-02-03-04-AA MAC address: 00-01-02-03-04-BB MAC address: 00-01-02-03-04-CC

Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Page 11
Forwarding Data Frames
 When the destination MAC address of a data frame is not in the MAC address table or it is a
broadcast address, the switch floods the frame.
SWA MAC address table

MAC Address Interface


G0/0/1
G0/0/3 00-01-02-03-04-AA G0/0/1
G0/0/2

FF-FF-FF-FF-FF-FF 00-01-02-03-04-AA
Des.MAC Src.MAC ARP

Host B Host C
Host A
IP address: 10.1.1.1/24 IP address: 10.1.1.2/24 IP address: 10.1.1.3/24
MAC address: 00-01-02-03-04-AA MAC address: 00-01-02-03-04-BB MAC address: 00-01-02-03-04-CC

Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Page 12
Response from the Target Host
 The switch unicasts the reply from Host C to Host A based on the MAC address table.
SWA

MAC address table

00
MAC Address Interface G0/0/1 -0
1-
02
De -0
00-01-02-03-04-AA G0/0/1 s 3-
.M 04
G0/0/2 G0/0/3 ac -A
A
00-01-02-03-04-CC G0/0/3 Sr 00
c.M -0
ac 1-
02
AR -0
3-
P 04
-C
C

Host B Host C
Host A

IP address: 10.1.1.1/24 IP address: 10.1.1.2/24 IP address: 10.1.1.3/24


MAC address: 00-01-02-03-04-AA MAC address: 00-01-02-03-04-BB MAC address: 00-01-02-03-04-CC

Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Page 13
Router
 Function: forwards data packets between different networks
Host A Router A Router B Router C Host B

Application layer Application layer

Transmission Router A Router B Router C Transmission


layer layer

Network layer Network layer Network layer Network layer Network layer

Data Link layer Data link layer Data link layer Data link layer Data link layer

Physical layer Physical layer Physical layer Physical layer Physical layer

Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Page 14
Route Selection
 A router selects an optimal path for data packets and forwards the packets.
RTB

RTA RTD

RTC

Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Page 15
Firewall
 A firewall is mainly used to protect one network area against network attacks and intrusions
from another network area.

Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Page 16
Comparing Firewalls with Switches and Routers
 The primary function of routers and switches is forwarding, whereas that of firewall
s is controlling.
Firewall
Router
Controlling packet
Addressing and forwarding
forwarding
Ensuring network interconnection
Anti Trojan horses and
viruses

Switch
Aggregating and building a LAN
Layer 2/Layer 3 fast forwarding of packets

Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Page 17
Firewall Development History

Packet Application Status check


filtering agent UTM NGFW

1989 1994 1995 2004 2005 2009

Access control Session mechanism Multi-function overlay Control based on user + application +
content
Proxy technology Dedicated device DPI technology

Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Page 18
Firewall Security Zone
 Security zone (or zone):
 A local logical security zone
 A network connected to one or more interfaces
DMZ

Untrust zone
Trust zone

Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Page 20
Relationship Between Firewall Security Zones an
d Interfaces
 Does the firewall have two security zones with the same security level?
 Does the firewall allow the same physical interface to belong to two different security zones?
 Can different interfaces on a firewall belong to the same security zone?

G0/0/2 --> DMZ G0/0/2 --> Untrust zone

GE1/0/0 --> Trust zone G0/0/1 --> Trust zone

Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Page 21
Contents
1. Basic Network Devices
2. Device Initial Login
 Basic Service Configurations
 Basic System Settings

Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Page 22
VRP Overview
 Versatile Routing Platform (VRP)
 Network operating system
 Software platform that supports multiple types of devices
 Provides TCP/IP routing services

Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Page 23
Introduction to Command Line
 The CLI is divided into command views. All commands must be executed in
command views. You can run a command only after you enter its command
view.
<NGFW> User view
<NGFW>system-view
[NGFW] System view
[NGFW]interface GigabitEthernet 0/0/1
[NGFW–GigabitEthernet0/0/1]quit Interface view
[NGFW]ospf 1
[NGFW-ospf-1] Protocol view

Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Page 24
Command Line Help: Full Help
 Full help displays all the keywords or parameters after you enter a question mark (?) in the command lin
e.
 In any command view, enter ? to obtain all commands and a brief description of each in the command view.

<NGFW>?
User view commands:
anti-ddos Defend against DDoS attacks
arp Specify ARP configuration information

 You can also enter a command (if it is a keyword) followed by a space and ? to obtain all keywords and a brief de
scription of each.
<NGFW>display firewall ?
blacklist Indicate the blacklist command group
dataplane Indicate dataplane to manageplane
defend Indicate attack defense

Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Page 25
Command Line Help: Partial Help
 Partial help displays all the keywords or parameters that start with the character string entered in the co
mmand line.
 Type a character string followed by ? to obtain all keywords that begin with the character string.

<NGFW>d?
debugging delete
dir display
download

 You can also enter a command followed by a character string and ? to obtain all keywords starting with the chara
<NGFW>display
cter string.
b?
backup-configuration bfd
bgp bridge
buffer bulk-stat

Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Page 26
Command Line Help: Tab Key
 If there is only one match for an incomplete keyword:

[NGFW]info-
[NGFW]info-center

 If there are multiple matches for a keyword:

[NGFW]info-center l
[NGFW]info-center lo
[NGFW]info-center loghost
[NGFW]info-center local
[NGFW]info-center logbuffer
[NGFW]info-center logfile

Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Page 27
Configuring Interfaces
 Choose Network > Interface, and select the interface to be modified.
 Configure an IP address for the interface and switch the interface mode.

Add to the security


zone.

Switch the interface mode.


The available modes are Routing
(Layer 3), Switching (Layer 2), and
Hybrid (Layer 2 and 3).

Configure the IP address


and subnet mask.

Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Page 28
Configuring Routes
 Choose Network > Route > Static Route, and click Add.

Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Page 29
Overview of Device Login Management
 Device login management
 Console
 Telnet
 SSH
 Web

Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Page 30
Login to the Device Through the Console Port (1)
 Check the parameters of the local port.

Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Page 31
Log in to the Device Through the Console Port
(2)
 Configure the connection interface and communications parameters:

Parameter Value
Speed (baud) 9600

Data bits 8

Parity None

Stop bits 1

Flow control None

Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Page 32
Web Login: Function Overview
 By default, you can log in to the device through GigabitEthernet0/0/0.
 Set the IP address obtaining mode for network connection to obtain an IP address automatically on the administrator’s PC.
 Directly connect the PC Ethernet interface to the default management interface on the device, or connect them through a switch.
 Enter https://192.168.0.1 in the browser to access the web login page.
 The default user name is admin, and its password is Admin@123.

Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Page 33
Web Login: Configuration Management (1)
 If you need to log in to the device through the service interface in web mode, configure the
web login function on the device.
 Enable the web management function, enable HTTP or HTTPS management according to requireme
nts, and set the port number.

Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Page 34
Web Login: Configuration Management (2)
 Configure a web administrator.
1

3
2

Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Page 35
Web Login: Configuration Management (3)
1
2

 Configure the login interface.

Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Page 36
Telnet Login: Configuration Management (1)
 By default, Telnet login is disabled on the NGFW. To use Telnet, log in to the NGFW in another mode an
d enable the Telnet service.
 Enable the Telnet service.

Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Page 37
Telnet Login: Configuration Management (2)
 Configure a Telnet administrator.
1

3
2

Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Page 38
Telnet Login: Configuration Management (3)
 Configure the login interface.

Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Page 39
SSH Login: Configuration Management (1)
 SSH provides greater security and powerful authentication functions for users to log in to the device. Configure SSH d
evice management on the USG interface. The administrator can enable SSH device management as required.
 Configuration commands:
 Enable the STelnet service.

[NGFW]stelnet server enable

 Configure SSH management on the USG interface.


[NGFW-GigabitEthernet1/0/1]service-manage enable
[NGFW-GigabitEthernet1/0/1]service-manage ssh permit

 <NGFW>system-view
Configure a local RSA key pair.
[NGFW]rsa local-key-pair create

[USG]user-interface vty 0 4
[USG-ui-vty0-4]protocol inbound all
[USG-ui-vty0-4]authentication-mode aaa
 Configure VTY user interfaces.

Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Page 40
SSH Login: Configuration Management (2)
 Create an SSH administrator account and set the authentication mode to Password and service mode t
o STelnet.
[NGFW]aaa
[NGFW-aaa]manager-user sshadmin
[NGFW-aaa-manager-user-sshadmin]service-type ssh
[NGFW-aaa-manager-user-sshadmin]level 3
[NGFW-aaa-manager-user-sshadmin]password cipher huawei

 Create an SSH user.


[NGFW]ssh user sshadmin
[NGFW]ssh user sshadmin authentication-type password
[NGFW]ssh user sshadmin service-type stelnet

 After the preceding configurations are completed, run the SSH client software to establish an SSH conn
ection.
[NGFW]ssh client first-time enable
 If a Huawei device functions as an SSH client, enable the SSH login function on the client.

Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Page 41
Contents
1. Basic Network Devices
2. Device Initial Login
 Basic Service Configurations
 Basic System Settings

Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Page 42
Overview of Device File Management
 Device File Management
 Configuration file management
 System file management (software upgrade)
 License management

Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Page 43
Configuration File Management
 Configuration file types:
 Saved-configuration: the configuration file used for the next startup of the USG. It is stor
ed in the flash memory or CF card of the USG and persists across restarts.
 Current-configuration: the configuration currently in use on the USG. It is modified by co
mmand lines and web operations. It is stored in the memory of the USG and persists acr
oss restarts. Common operations for the configuration file
 Save the configuration file.
 Erase the configuration file (restore to factory settings).
 Configure the system software and configuration file for the next startup.
 Restart devices.

Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Page 44
Version Upgrade
 One-click upgrade
1

3
2

Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Page 46
License Configuration
 A license is provided by a vendor to authorize the usage scope and validity period
of product features. It dynamically controls whether certain features of a product a
re available.
 Activate a license.

Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Page 48
Quiz
1. What is the default login IP address used in web login mode?
A. 192.168.0.1/24
B. 192.168.1.1/24
C. 172.16.0.1/16
D. 172.21.1.1/16

Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Page 49
Summary
 Functions and models of common network devices
 Device login methods
 Basic configuration of security devices

Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Page 50
Thank You
www.huawei.com

Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Page 51

You might also like