In addition to Weibo, there is also WeChat
Please pay attention
WeChat public account
Shulou
2025-04-06 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Network Security >
Share
Shulou(Shulou.com)06/01 Report--
Q: how do I clear the user configuration information for the current profile of the device?
A: use the reset saved-configuration command in the user view to delete the user information in the current configuration file of the switch.
When the contents of the configuration file are erased, an empty configuration file with the same name is created and the HGMP initial configuration file is loaded. Save the configuration information, and when Switch restarts, the default enable configuration of HGMP is loaded.
Reset saved-configuration is generally used in the following situations: when an already configured switch is used in a new application environment, and when the original configuration file cannot meet the needs of the new environment, the switch needs to be reconfigured. Using reset saved-configuration, you can reconfigure the switch after clearing the user configuration information in the configuration file.
Note: after configuring the reset saved-configuration command, please choose not to save the current configuration file when restarting the device.
Cleanup and reconfiguration information can only take effect after the device is rebooted, and the current configuration remains the same.
Q: what is the default bootrom password for the switch?
A: when the switch system starts bootrom, press "CTRL+B" within 2 seconds. You need to enter the password here to enter the BOOTROM menu. The default password is huawei.
Q: how do I empty the configuration of S2300?
A: restart the device using the reset save-configuration command on the S2300 switch, and the configuration is not empty after booting. For example, there will be bpdu enable and so on under the port.
To completely empty the configuration of the S2300, you must delete the vrpcfg.cfg file in flash and restart it. In the running state, the vrpcfg.cfg file cannot be deleted with the command. The file is regarded as a system file and cannot be deleted. If you want to delete it forcefully, you need to do so under the bootroom menu. The specific steps are as follows:
Restart the switch, press ctrl+b to enter the bootroom menu, and enter the default password huawei.
Press ctrl+z to enter the implied menu and select 2 to delete the file in flash.
Restart the device after deleting the vrpcfg.cfg file, and the operation is complete.
How does Q:S2300/S3300/S5300 configure to limit the number of MAC addresses that an interface learns?
A: when configuring to limit the number of MAC addresses that an interface can learn, please note the following:
In previous versions of V100R005, before configuring the limit interface to learn the number of MAC addresses, you must configure the MAC address learning limit feature of the mac-address restrict command-enabled device in the system view, which is not required in the V100R005 version.
The V100R005 version interface security feature conflicts with interface-based MAC address learning restrictions. After you configure the interface security feature, you cannot configure MAC address learning restrictions under that interface.
In previous versions of V100R005, the following configuration must be completed before configuring the interface security feature:
Use the mac-address restrict command to enable the MAC address learning limit function of the device in the system view.
Use the mac-table limit command configuration to limit the number of MAC addresses that an interface learns in the interface view.
The following steps and examples are illustrated by the implementation of the V100R005 version.
Operation steps
Execute the command system-view to enter the system view.
Execute the command interface interface-type interface-number to enter the interface view.
Execute the command mac-limit maximum max-num to limit the number of MAC address learning on the interface.
By default, there is no limit to the number of MAC address learning. When the number of learned MAC addresses reaches the interface limit, the interface will discard messages with source addresses outside the MAC table and issue trap alarms.
If you need to change the processing action of the interface when the number of learned MAC addresses reaches the limit of the interface, you can execute the port-security enable command to enable the security protection function of the interface, and then execute the port-security protect-action {protect | restrict | shutdown} command to set the security action taken by the interface when the number of MAC addresses reaches the limit. The protection actions of the interface security feature are as follows:
Protect
When the number of learned MAC addresses reaches the interface limit, the interface will discard messages whose source addresses are outside the MAC table.
Restrict
When the number of learned MAC addresses reaches the interface limit, the interface will discard messages with source addresses outside the MAC table and issue trap alarms.
Shutdown
When the number of learned MAC addresses reaches the interface limit, the interface will perform a shutdown operation.
For example: the configuration interface can only learn one MAC address. After the interface learns more than one MAC address, it uses the protect action to process the messages whose source address is outside the MAC table.
System-view
[Quidway] interface ethernet0/0/1
[Quidway-Ethernet0/0/1] port-security enable
[Quidway-Ethernet0/0/1] port-security protect-action protect
Q: how does the switch set the traffic statistics interval for the interface?
A: by setting the traffic statistics interval of the interface using the set flow-stat interval command, users can count and analyze the messages they are interested in. At the same time, by checking the traffic statistics of the interface in advance and taking measures of flow control in time, network congestion and business interruption can be avoided.
When users find that there is increased congestion on the network, the traffic statistics interval of the interface is set to less than 300 seconds (in case of emergency, it is set to 30 seconds), and the traffic distribution of the interface in a short time is observed. For the data packets that cause congestion, flow control measures are taken.
When the network bandwidth is abundant and the business is running normally, you can set the traffic statistics interval of the interface to more than 300 seconds. Once abnormal traffic parameters are found, modify the time interval of traffic statistics in time to facilitate more real-time observation of the trend of the traffic parameters.
Description:
The interface traffic statistics interval configured under the system view takes effect for all interfaces with a default interval under the interface.
The interface traffic statistics interval configured under the interface view only takes effect on this interface and does not affect other interfaces.
The time interval configured under the interface view takes precedence over the time interval configured under the system view.
Q: if the message statistics of the port are cleared, why does it affect the result of traffic billing?
A: traffic billing is based on the message statistics of each port. Using reset counters interface to clear the message statistics of the port will affect the result of traffic billing. Therefore, in the normal application environment, please do not clear port message statistics at will.
Q: why is the ACL used for complex flow classification matching not counted using the display acl command?
A: for a streaming strategy, you can count the packets that match the ACL by adding a count action to its popularity. The matched in display acl shows the statistics of the messages matched by the master cpu, not the statistical count of the flow policy. So when a large number of messages matching the ACL are passed, the count using the command display acl is always 0.
Q: what is the relationship between cir and cbs when configuring a switch speed limit?
A: when configuring the switch speed limit, the relationship between cir and cbs is as follows:
The cbs is larger than the maximum length of the message.
There is no special requirement for cbs in the case of continuous flow, and the average rate is guaranteed to be the rate of cir.
In the case of burst traffic that needs to be guaranteed, if cbs is converted to kbit less than cir, then cbs cannot guarantee burst traffic. Otherwise, the cbs can be configured larger.
When carrying out speed limit on FTP service, because FTP belongs to TCP service, TCP protocol has its special transmission mechanism so that the traffic cannot reach the speed limit rate that should be achieved. It is recommended to configure:
CBS = 200 * CIR
PBS = 2 * CBS
Description:
Do not configure PIR, only CIR, CBS, PBS.
The CIR unit is Kbps,CBS and the PBS unit is Byte.
For example, if you configure the CIR bandwidth to 2M=2048Kbps, then:
CBS = 200 * CIR = 200 * 2048 = 409600
PBS = 2 * CBS = 2 * 409600 = 819200
The configuration is as follows:
[Quidway-behavior-b1] car cir 2048 pir 2048 cbs 409600 pbs 8192000 green pass remark-8021p 5 yellow pass red discard
Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.
Views: 0
*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.
Continue with the installation of the previous hadoop.First, install zookooper1. Decompress zookoope
"Every 5-10 years, there's a rare product, a really special, very unusual product that's the most un
© 2024 shulou.com SLNews company. All rights reserved.