Huawei Networking

Saturday, November 2, 2019

NAT on HUAWEI ROUTERS (VRP)

STATIC NAT

Common deployment scenario when you have services (HTTP, SMTP, FTP) hosted in your network and required to be accessed from external (internet) users and you have enough public IPs.

[Edge_Router]interface gig0/0/1 // Outgoing interface on which you have assigned public IP
[Edge_Router-GigabitEthernet0/0/1]nat static global 80.80.80.11 inside 172.16.10.11

Verification
< Edge_Router> display nat static

DYNMIC NAT

[Edge_Router]nat address-group 1 80.80.80.31 80.80.80.40
#
[Edge_Router]acl 2001
[Edge_Router-acl-basic-2001]rule 5 permit source 192.168.1.0 0.0.255
#
[Edge_Router]interface gig0/0/1
[Edge_Router-GigabitEthernet0/0/1]nat outbound 2001 address-group 1 no-pat

Verification
<Edge_Router> display acl 2001
<Huawei>display nat address-group

DYNMIC NAT with PAT

Common deployment scenario is when you want to give your whole company users (which are usually more than four thousand plus) access to the internet.

[Edge_Router] nat address-group 1 80.80.80.11 80.80.80.20
#
[Edge_Router]acl 2001
[Edge_Router-acl-basic-2001]rule 5 permit source 192.168.1.0 0.0.255
#
[Edge_Router]interface gig0/0/1
[Edge_Router-GigabitEthernet0/0/1]nat outbound 2001 address-group 1

Verification
<Edge_Router> display acl 2001
<Edge_Router>display nat address-group

EASY IP

Common deployment scenario is when you want to give your whole company users access to the internet and only one public IP available to you that is also assigned to interface.

[Edge_Router] acl 2001
[Edge_Router-acl-basic-2001]rule 5 permit source 192.168.1.0 0.0.0.255
#
[Edge_Router] interface gig0/0/1
[Edge_Router-GigabitEthernet0/0/1] nat outbound 2001

Verification
<Edge_Router> display acl 2001
<Edge_Router> display nat outbound

NAT INTERNAL SERVER (also known as port forwarding)

Common deployment scenario when you have services (HTTP, SMTP, FTP etc.,) hosted in your network and required to be accessed from external (internet) users and you minimal or singlePublic IP availability.

[Edge_Router] interface gig0/0/1
[Edge_Router-GigabitEthernet0/0/1] nat server protocol tcp global 200.10.10.5 www inside 192.168.1.1 www

Verification

<Edge_Router> display nat server

Sunday, June 26, 2016

Routing Information Protocol (RIP) on Huawei Routers

Routing Information Protocol (RIP) is belong to Distance Vector category of dynamic routing protocol. In today's enterprises network it is mostly replaced by OSPF and EIGRP. But you may encounter this in legacy network where due to some reason its not possible to it. Theory related to RIP is as you have study from any other vendor because it is a Standard routing protocol based on RFC 2453. We will be configuring RIP on the following topology.

Fist we will configure IP addresses as per the Topology:

Router 1
#
<R1>system-view
Enter system view, return user view with Ctrl+Z.
#
[R1]interface GigabitEthernet 0/0/0
[R1-GigabitEthernet0/0/0]description ** R1->R2 **
[R1-GigabitEthernet0/0/0]ip address 10.1.12.1 24
[R1-GigabitEthernet0/0/0]undo shutdown
Info: Interface GigabitEthernet0/0/0 is not shutdown.
#
[R1]interface GigabitEthernet 0/0/1
[R1-GigabitEthernet0/0/1]description ** LAN-A **
[R1-GigabitEthernet0/0/1]ip address 192.168.1.1 24
[R1-GigabitEthernet0/0/1]undo shutdown
Info: Interface GigabitEthernet0/0/1 is not shutdown.
#

VERIFICATION
<R1>display ip interface brief | include up
*down: administratively down
^down: standby
(l): loopback
(s): spoofing
The number of interface that is UP in Physical is 3
The number of interface that is DOWN in Physical is 1
The number of interface that is UP in Protocol is 3
The number of interface that is DOWN in Protocol is 1

Interface IP Address/Mask Physical Protocol
GigabitEthernet0/0/0 10.1.12.1/24 up up
GigabitEthernet0/0/1 192.168.1.1/24 up up
NULL0 unassigned up up(s)
<R1>

Router 2
#
<R2>system-view
Enter system view, return user view with Ctrl+Z.
#
[R2]interface GigabitEthernet 0/0/0
[R2-GigabitEthernet0/0/0]description ** R2->R1 **
[R2-GigabitEthernet0/0/0]ip address 10.1.12.2 24
[R2-GigabitEthernet0/0/0]undo shutdown
Info: Interface GigabitEthernet0/0/0 is not shutdown.

#
[R2]interface GigabitEthernet 0/0/1
[R2-GigabitEthernet0/0/1]description ** R2->R1 **
[R2-GigabitEthernet0/0/1]ip address 10.1.23.2 24
[R2-GigabitEthernet0/0/1]undo shutdown
Info: Interface GigabitEthernet0/0/1 is not shutdown.
#
[R2]interface GigabitEthernet 0/0/2
[R2-GigabitEthernet0/0/2]description ** LAN-B **
[R2-GigabitEthernet0/0/2]ip address 192.168.2.1 24
[R2-GigabitEthernet0/0/2]undo shutdown
Info: Interface GigabitEthernet0/0/1 is not shutdown.

VERIFICATION

<R2>display ip interface brief | include up

*down: administratively down

^down: standby

(l): loopback

(s): spoofing

The number of interface that is UP in Physical is 4

The number of interface that is DOWN in Physical is 0

The number of interface that is UP in Protocol is 4

The number of interface that is DOWN in Protocol is 0

Interface IP Address/Mask Physical Protocol GigabitEthernet0/0/0 10.1.12.2/24 up up

GigabitEthernet0/0/1 10.1.23.2/24 up up

GigabitEthernet0/0/2 192.168.2.1/24 up up

NULL0 unassigned up up(s)

ROUTER 3

#
<R3>system-view
Enter system view, return user view with Ctrl+Z.
#
[R3]interface GigabitEthernet 0/0/1
[R3-GigabitEthernet0/0/1]description ** R3->R2 **
[R3-GigabitEthernet0/0/1]ip address 10.1.23.3 24
[R3-GigabitEthernet0/0/1]undo shutdown
Info: Interface GigabitEthernet0/0/1 is not shutdown.
#
[R3]interface GigabitEthernet 0/0/0
[R3-GigabitEthernet0/0/0]description ** LAN-C **
[R3-GigabitEthernet0/0/0]ip address 192.168.3.1 24
[R3-GigabitEthernet0/0/0]undo shutdown

Info: Interface GigabitEthernet0/0/0 is not shutdown.
#

VERIFICATION
<R3>display ip interface brief | include up
*down: administratively down
^down: standby
(l): loopback
(s): spoofing
The number of interface that is UP in Physical is 3
The number of interface that is DOWN in Physical is 1
The number of interface that is UP in Protocol is 3
The number of interface that is DOWN in Protocol is 1

Interface IP Address/Mask Physical Protocol GigabitEthernet0/0/0 192.168.3.1/24 up up
GigabitEthernet0/0/1 10.1.23.3/24 up up
NULL0 unassigned up up(s)

<R3>

As IP addresses are configured, lets start enabling RIP from R1.

ROUTER 1

<R1>system-view
Enter system view, return user view with Ctrl+Z.

#
[R1]rip 1
[R1-rip-1]network 10.0.0.0
[R1-rip-1]network 192.168.1.0

[R1-rip-1]
#

VERIFICATION
[R1]display rip
Public VPN-instance
RIP process : 1
RIP version : 2
Preference : 100
Checkzero : Enabled
Default-cost : 0
Summary : Enabled
Host-route : Enabled
Maximum number of balanced paths : 8
Update time : 30 sec Age time : 180 sec
Garbage-collect time : 120 sec
Graceful restart : Disabled
BFD : Disabled
Silent-interfaces : None
Default-route : Disabled
Verify-source : Enabled
Networks :
192.168.1.0 10.0.0.0
Configured peers : None
Number of routes in database : 3
Number of interfaces enabled : 2
Triggered updates sent : 0
Number of route changes : 0
Number of replies to queries : 0
Number of routes in ADV DB : 2

Total count for 1 process :
Number of routes in database : 3
Number of interfaces enabled : 2
Number of routes sendable in a periodic update : 6

Number of routes sent in last periodic update : 4

ROUTER 2

<R2>system-view
Enter system view, return user view with Ctrl+Z.
[R2]rip 1
[R2-rip-1]version 2
[R2-rip-1]network 10.0.0.0
[R2-rip-1]network 192.168.2.0

[R2-rip-1]

VERIFICATION

[R2]display rip

Public VPN-instance

RIP process : 1

RIP version : 2

Preference : 100

Checkzero : Enabled

Default-cost : 0

Summary : Enabled

Host-route : Enabled

Maximum number of balanced paths : 8

Update time : 30 sec Age time : 180 sec

Garbage-collect time : 120 sec

Graceful restart : Disabled

BFD : Disabled

Silent-interfaces : None

Default-route : Disabled

Verify-source : Enabled

Networks :

192.168.2.0 10.0.0.0

Configured peers : None

Number of routes in database : 5

Number of interfaces enabled : 3

Triggered updates sent : 1

Number of route changes : 1

Number of replies to queries : 0

Number of routes in ADV DB : 4

Total count for 1 process :

Number of routes in database : 5

Number of interfaces enabled : 3

Number of routes sendable in a periodic update : 15

Number of routes sent in last periodic update : 11

ROUTER 3

<R3>system-view
Enter system view, return user view with Ctrl+Z.
[R3]rip 1
[R3-rip-1]version 2
[R3-rip-1]network 10.0.0.0
[R3-rip-1]network 192.168.3.0

[R3-rip-1]

VERIFICATION
[R3]display rip
Public VPN-instance
RIP process : 1
RIP version : 2
Preference : 100
Checkzero : Enabled
Default-cost : 0
Summary : Enabled
Host-route : Enabled
Maximum number of balanced paths : 8
Update time : 30 sec Age time : 180 sec
Garbage-collect time : 120 sec
Graceful restart : Disabled
BFD : Disabled
Silent-interfaces : None
Default-route : Disabled
Verify-source : Enabled
Networks :
192.168.3.0 10.0.0.0
Configured peers : None
Number of routes in database : 6
Number of interfaces enabled : 2
Triggered updates sent : 0
Number of route changes : 3
Number of replies to queries : 0
Number of routes in ADV DB : 5

Total count for 1 process :
Number of routes in database : 6
Number of interfaces enabled : 2
Number of routes sendable in a periodic update : 12

Number of routes sent in last periodic update : 7

As RIP is configured on all three routers now we can confirm by looking at their routing table.

ROUTING TABLE VERIFICATION

R1
<R1>display ip routing-table
Route Flags: R - relay, D - download to fib
--------------------------------------------------------------------
Routing Tables: Public
Destinations : 13 Routes : 13

Destination/Mask Proto Pre Cost Flags NextHop Interface

10.1.12.0/24 Direct 0 0 D 10.1.12.1 GigabitEthernet0/0/0
10.1.12.1/32 Direct 0 0 D 127.0.0.1 GigabitEthernet0/0/0
10.1.12.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet0/0/0
10.1.23.0/24 RIP 100 1 D 10.1.12.2 GigabitEthernet0/0/0
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
127.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
192.168.1.0/24 Direct 0 0 D 192.168.1.1 GigabitEthernet0/0/1
192.168.1.1/32 Direct 0 0 D 127.0.0.1 GigabitEthernet0/0/1
192.168.1.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet0/0/1
192.168.2.0/24 RIP 100 1 D 10.1.12.2 GigabitEthernet0/0/0
192.168.3.0/24 RIP 100 2 D 10.1.12.2 GigabitEthernet0/0/0
255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0

R2
[R2]display ip routing-table
Route Flags: R - relay, D - download to fib
--------------------------------------------------------------------
Routing Tables: Public
Destinations : 15 Routes : 15

Destination/Mask Proto Pre Cost Flags NextHop Interface

10.1.12.0/24 Direct 0 0 D 10.1.12.2 GigabitEthernet0/0/0
10.1.12.2/32 Direct 0 0 D 127.0.0.1 GigabitEthernet0/0/0
10.1.12.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet0/0/0
10.1.23.0/24 Direct 0 0 D 10.1.23.2 GigabitEthernet0/0/1
10.1.23.2/32 Direct 0 0 D 127.0.0.1 GigabitEthernet0/0/1
10.1.23.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet0/0/1
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
127.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
192.168.1.0/24 RIP 100 1 D 10.1.12.1 GigabitEthernet0/0/0
192.168.2.0/24 Direct 0 0 D 192.168.2.1 GigabitEthernet0/0/2
192.168.2.1/32 Direct 0 0 D 127.0.0.1 GigabitEthernet0/0/2
192.168.2.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet0/0/2
192.168.3.0/24 RIP 100 1 D 10.1.23.3 GigabitEthernet0/0/1
255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0

R3
[R3]display ip routing-table
Route Flags: R - relay, D - download to fib
--------------------------------------------------------------------
Routing Tables: Public
Destinations : 13 Routes : 13

Destination/Mask Proto Pre Cost Flags NextHop Interface

10.1.12.0/24 RIP 100 1 D 10.1.23.2 GigabitEthernet0/0/1
10.1.23.0/24 Direct 0 0 D 10.1.23.3 GigabitEthernet0/0/1
10.1.23.3/32 Direct 0 0 D 127.0.0.1 GigabitEthernet0/0/1
10.1.23.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet0/0/1
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
127.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
192.168.1.0/24 RIP 100 2 D 10.1.23.2 GigabitEthernet0/0/1
192.168.2.0/24 RIP 100 1 D 10.1.23.2 GigabitEthernet0/0/1
192.168.3.0/24 Direct 0 0 D 192.168.3.1 GigabitEthernet0/0/0
192.168.3.1/32 Direct 0 0 D 127.0.0.1 GigabitEthernet0/0/0
192.168.3.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet0/0/0

255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0

There is some variation related to RIP metric which we can manipulate only if we have multiple links. Which we will discuss in later tutorial.

Thursday, June 16, 2016

How to configure DHCP on Huawei Router

Dynamic Host Control Protocol (DHCP) is service which you can enable on any router or server. Basic idea is automate the process of assigning IP addresses to the end devices. On Huawei routers or L3 switch also you can configure this service. Huawei VRP let us configure in two forms one Global Pool and other is interface level. In this tutorial we do it with global pool. We gone use below topology to configure DHCP.

In above topology AR1 Gig0/0/0 interface is already configured with IP address which going to act as gateway for the end device. So we can start directly with DHCP configuration:

STEP 1: Enable the DHCP in System View Mode

[AR1]dhcp enable

STEP 2: Configuring DHCP Pool Globally
[AR1]ip pool LAN-A
Info: It's successful to create an IP address pool.
[AR1-ip-pool-LAN-A]network 192.168.1.0 mask 24
[AR1-ip-pool-LAN-A]gateway-list 192.168.1.1
[AR1-ip-pool-LAN-A]dns-list 192.168.1.101 192.168.1.102

You can also verify your configuration use following command:

[AR1]display current-configuration
#
ip pool LAN
gateway-list 192.168.1.1
network 192.168.1.0 mask 255.255.255.0
dns-list 192.168.1.101 192.168.1.102

#

STEP 3: Enabling DHCP On LAN facing Interface

[AR1]interface GigabitEthernet 0/0/0
[AR1-GigabitEthernet0/0/0]dhcp select global

In above step we informed LAN facing interface about where to look for the pool once its receive DHCP request from clients.

Now you can you can go to your PCs command prompt and execute following command

ipconfig /release
ipconfig /renew

To check you PC has received IP

ipconfig

Finally, to confirm how many IP been released so for to the end devices you can use following command on the AR1.

In above diagram you can see what IPs been release so far.

Tuesday, June 14, 2016

How to configure static routes

To reach between two different networks you need routing, And one of the simplest way of accomplishing this, by use of static route. With Huawei routers and layer 3 switches you can also run static route. We going to configure static routing on following topology:

First of lets assign host name and IP address to the routers:

AR1

Assigning Host name:
<Huawei>system-view
[Huawei]sysname AR1

Assign IP Addresses to the Interfaces
#
[AR1]interface GigabitEthernet 0/0/0
[AR1-GigabitEthernet0/0/0]ip address 10.1.12.1 24
[AR1-GigabitEthernet0/0/0]undo shutdown

[AR1]interface GigabitEthernet 0/0/2

[AR1-GigabitEthernet0/0/2]ip address 192.168.1.1 24

[AR1-GigabitEthernet0/0/2]undo shutdown

AR2

Assigning Host name:
<Huawei>system-view
[Huawei]sysname AR2

Assign IP Addresses to the Interfaces
#
[AR2]interface GigabitEthernet 0/0/0
[AR2-GigabitEthernet0/0/0]ip address 10.1.12.2 24
[AR2-GigabitEthernet0/0/0]undo shutdown

[AR2]interface GigabitEthernet 0/0/1

[AR2-GigabitEthernet0/0/2]ip address 192.168.2.1 24

[AR2-GigabitEthernet0/0/2]undo shutdown

Verification

AR1

AR2

PC1 connected to AR1 can ping to its gateway IP but cannot ping to remote PC2.

And same true for the PC2 can ping its gateway IP but cannot reach to PC1.

\
This is common behavior of all routers from different vendors. Because by default routers only know connected networks.

So lets move to next step and add static routes.

AR1

<AR1>system-view

[AR1]ip route-static 192.168.2.0 255.255.255.0 10.1.12.2

AR2

<AR2>system-view

[AR2]ip route-static 192.168.1.0 255.255.255.0 10.1.12.1

Verification

AR1

AR2

Now LAN side of both routers can ping each other successfully.

PC1

PC2

Monday, June 13, 2016

Route Preference (same as Administrative Distance in Cisco)

What if you are learning about one network from two routing protocol, which routing protocol information you will trust or which routing protocol information will end up in routing table. If you are coming from Cisco world you know it is decided by the Administrative Distance (AD) well guys in Huawei we have Route Preference. And I am comparing both of their defaults in the following table:

Routing Protocol	Route Preference	Administrative Distance
Directly Connected	0	0
Static	60	1
RIP	100	120
EIGRP	N/A	90
OSPF	10	110
ISIS	15	115
BGP	255	170

I will be putting up more such differences related to other technologies also.