Example for Configuring SVF (S6720S-EI as the Parent)

Precautions

The Super Virtual Fabric (SVF) function on a parent is license controlled. The license only enables the SVF function but does not control SVF service specifications and only needs to be loaded on the parent.
The SVF function is mutually exclusive with the web initial login mode, EasyDeploy, USB-based deployment, and NETCONF functions.
When the parent version is earlier than V200R011C10, the AS version must be the same as the parent version. Otherwise, this AS cannot go online. For example, if the parent version is V200R010C00, the AS version must also be V200R010C00.
When the parent version is V200R011C10 or later, the parent version and AS version can be different, but the parent version must be higher than or the same as the AS version and the AS version must also be V200R011C10 or later.
When GE optical interfaces are connected to XGE optical interfaces to connect level-1 ASs to the parent or connect level-2 ASs to level-1 ASs, these interfaces must use GE instead of XGE optical modules.
If an AS is a stack set up using service ports, the AS must join an SVF system after having the stacking function configured. This limitation does not apply to an AS that is a stack set up using stack cards.
When a cluster switch system (CSS) functioning as the parent is faulty:
- If one member switch in the CSS is faulty, the SVF function is not affected.
- If the CSS splits but two member switches are working normally, the SVF function becomes unavailable because ASs do not know which switch is the parent. In this situation, you are advised to configure the dual-active detection (DAD) function.

Networking Requirements

A new campus network has a large number of wired access devices. The widely distributed access devices complicate management and configuration of the access layer. Unified management and configuration of wired access devices is required to reduce the management cost.

In this example, complete the following operations on access devices:

Configure the administrator user name and password for access devices.
Assign VLANs to ports of access devices.
Set the user access authentication mode to 802.1X authentication.

As shown in Figure 1, two aggregation switches (SwitchA and SwitchB) set up a stack to improve reliability and function as the parent to connect to multiple ASs. Multiple active detection (MAD) in direct mode must be configured on the parent to avoid conflicts when the stack splits.

In this example, the parent is S6720S-26Q-EI-24S, and ASs are S5700S-28P-LI.

Figure 1 SVF networking

Data plan

Item	Data	Description
Parent	A stack established by SwitchA and SwitchB (twoS6720S-26Q-EI-24S switches)	The service port connection mode is used to set up the stack, and the two 40GE ports on each member switch are used as physical member ports of the logical stack port.
Directly connected MAD ports on the parent	XGE0/0/4 and XGE1/0/4	–
MAC addresses of the parent, ASs 1 to 3	Parent: 0400-0000-1100 AS1: 0200-0000-0011 AS2: 0200-0000-0022 AS3: 0200-0000-0033	–
SVF management VLAN	VLAN 11	–
IP address of the management VLANIF interface	192.168.11.1	–
Ports that connect the parent to AS1	XGE0/0/1 and XGE1/0/1	Add the two ports to Eth-Trunk1 and bind them to Fabric-port 1.
Ports that connect the parent to AS2	XGE0/0/2 and XGE1/0/2	Add the two ports to Eth-Trunk2 and bind them to Fabric-port 2.
Ports that connect the parent to AS3	XGE0/0/3 and XGE1/0/3	Add the two ports to Eth-Trunk3 and bind them to Fabric-port 3.
AS authentication mode	Whitelist authentication	–
Service configuration for the AS administrator profile	Administrator profile: admin_profile, in which you can configure the administrator user name and password AS group: admin_group, which includes all the ASs	Bind admin_profile to admin_group.
Service configuration for the AS network basic profile	Network basic profile: basic_profile, in which you can configure default VLAN 10 Port group: port_group, which includes all AS1 ports, all AS2 ports, and all AS3 ports	Bind basic_profile to port_group.
Service configuration for the AS user access profile	User access profile: access_profile, in which you can set the user access authentication mode to 802.1X authentication.	Bind access_profile to port_group and port_group.

Configuration Roadmap

Set up a stack between the parent switches using the service port connection mode. Then set the stack working mode to parent and configure MAD in direct mode to ensure high reliability of the SVF system.
Enable the SVF function on the parent.
Configure AS access parameters, including AS names (optional), authentication mode, and fabric ports that connect the parent to ASs.
Connect ASs to the parent using cables.
Configure service profiles and bind them to ASs.
Log in to ASs to check the service configurations of the ASs.

Procedure

Set up a stack between the two switches used as the parent. Set the stack working mode to parent and configure MAD in direct mode.

# Configure service ports 40GE0/0/1 and 40GE0/0/2 of SwitchA as physical member ports and add them to the logical stack ports.

<HUAWEI> system-view
[HUAWEI] sysname SwitchA
[SwitchA] interface stack-port 0/1
[SwitchA-stack-port0/1] port interface 40ge 0/0/1 enable
[SwitchA-stack-port0/1] quit
[SwitchA] interface stack-port 0/2
[SwitchA-stack-port0/2] port interface 40ge 0/0/2 enable
[SwitchA-stack-port0/2] quit

# Configure service ports 40GE0/0/1 and 40GE0/0/2 of SwitchB as physical member ports and add them to the logical stack ports.

<HUAWEI> system-view
[HUAWEI] sysname SwitchB
[SwitchB] interface stack-port 0/1
[SwitchB-stack-port0/1] port interface 40ge 0/0/1 enable
[SwitchB-stack-port0/1] quit
[SwitchB] interface stack-port 0/2
[SwitchB-stack-port0/2] port interface 40ge 0/0/2 enable
[SwitchB-stack-port0/2] quit

# Set the stack priority of SwitchA to 200.

[SwitchA] stack slot 0 priority 200

# Set the stack ID of SwitchB to 1.

[SwitchB] stack slot 0 renumber 1

# Power off SwitchA and SwitchB, connect the physical member ports with QSFP+ copper ports, and then power on the switches. Connect the member port of logical stack port 1 on one switch to the member port of logical stack port 2 on the other switch.

# Log in to the stack and configure it to work in parent mode.

If the S5732-H24UM2CC, S5732-H48UM2CC, S6730-S, S6730S-S, S6720-SI, S6720S-SI, S6720-EI, and S6720S-EI function as the parent, change the working mode of the switch to the parent mode first. By default, a switch works in AS mode. The configured working mode takes effect after the switch restarts.

<SwitchA> system-view
[SwitchA] as-mode disable
Warning: Switching the AS mode will clear current configuration and reboot the system. Continue? [Y/N]:y

# Log in to the stack and configure MAD in direct mode.

<HUAWEI> system-view
[HUAWEI] sysname SwitchA
[SwitchA] interface xgigabitethernet 0/0/4
[SwitchA-XGigabitEthernet0/0/4] mad detect mode direct
[SwitchA-XGigabitEthernet0/0/4] quit
[SwitchA] interface xgigabitethernet 1/0/4
[SwitchA-XGigabitEthernet1/0/4] mad detect mode direct
[SwitchA-XGigabitEthernet1/0/4] quit

Configure the management VLAN in the SVF system and enable the SVF function on the parent.

[SwitchA] vlan batch 11
[SwitchA] dhcp enable
[SwitchA] interface vlanif 11
[SwitchA-Vlanif11] ip address 192.168.11.1 24
[SwitchA-Vlanif11] dhcp select interface
[SwitchA-Vlanif11] dhcp server option 43 ip-address 192.168.11.1
[SwitchA-Vlanif11] quit
[SwitchA] capwap source interface vlanif 11
[SwitchA] stp mode rstp
[SwitchA] uni-mng
Warning: This operation will enable the uni-mng mode and disconnect all ASs. STP calculation may be triggered and service traffic will be affected. Continue? [Y/N]:y

Configure AS access parameters.

# (Optional) Configure a name for each AS.

If you do not perform this step, the system will generate AS device information when ASs connect to the SVF system. An AS name is in the format of system default name-system MAC address.
If you need to perform this step, ensure that the configured model and mac-address parameters are consistent with the actual AS information. The value of mac-address must be the AS management MAC address or system MAC address. To view the AS management MAC address, run the display as access configuration command on the AS. If the management MAC displays --, the value of mac-address is the system MAC address. If the configured parameters are inconsistent with the actual AS information, the AS cannot go online.

[SwitchA-um] as name as1 model S5700S-28P-LI-AC mac-address 0200-0000-0011
[SwitchA-um-as-as1] quit
[SwitchA-um] as name as2 model S5700S-28P-LI-AC mac-address 0200-0000-0022
[SwitchA-um-as-as2] quit
[SwitchA-um] as name as3 model S5700S-28P-LI-AC mac-address 0200-0000-0033
[SwitchA-um-as-as3] quit

# Configure the fabric port that connects the parent to AS1.

[SwitchA-um] interface fabric-port 1
[SwitchA-um-fabric-port-1] port member-group interface eth-trunk 1
[SwitchA-um-fabric-port-1] quit
[SwitchA-um] quit
[SwitchA] interface xgigabitethernet 0/0/1
[SwitchA-XGigabitEthernet0/0/1] eth-trunk 1
[SwitchA-XGigabitEthernet0/0/1] quit
[SwitchA] interface xgigabitethernet 1/0/1
[SwitchA-XGigabitEthernet1/0/1] eth-trunk 1
[SwitchA-XGigabitEthernet1/0/1] quit

# Configure the fabric port that connects the parent to AS2.

[SwitchA] uni-mng
[SwitchA-um] interface fabric-port 2
[SwitchA-um-fabric-port-2] port member-group interface eth-trunk 2
[SwitchA-um-fabric-port-2] quit
[SwitchA-um] quit
[SwitchA] interface xgigabitethernet 0/0/2
[SwitchA-XGigabitEthernet0/0/2] eth-trunk 2
[SwitchA-XGigabitEthernet0/0/2] quit
[SwitchA] interface gigabitethernet 1/0/2
[SwitchA-XGigabitEthernet1/0/2] eth-trunk 2
[SwitchA-XGigabitEthernet1/0/2] quit

# Configure the fabric port that connects the parent to AS3.

[SwitchA] uni-mng
[SwitchA-um] interface fabric-port 3
[SwitchA-um-fabric-port-3] port member-group interface eth-trunk 3
[SwitchA-um-fabric-port-3] quit
[SwitchA-um] quit
[SwitchA] interface xgigabitethernet 0/0/3
[SwitchA-XGigabitEthernet0/0/3] eth-trunk 3
[SwitchA-XGigabitEthernet0/0/3] quit
[SwitchA] interface gigabitethernet 1/0/3
[SwitchA-XGigabitEthernet1/0/3] eth-trunk 3
[SwitchA-XGigabitEthernet1/0/3] quit

# Configure whitelist authentication for ASs to connect to an SVF system.

To view the AS management MAC address, run the display as access configuration command on the AS. If the management MAC displays --, the MAC address configured in the whitelist is the AS system MAC address. Otherwise, the MAC address configured in the whitelist is the AS management MAC address.

[SwitchA] as-auth
[SwitchA-as-auth] undo auth-mode
[SwitchA-as-auth] whitelist mac-address 0200-0000-0011
[SwitchA-as-auth] whitelist mac-address 0200-0000-0022
[SwitchA-as-auth] whitelist mac-address 0200-0000-0033
[SwitchA-as-auth] quit

Run the reset saved-configuration command to clear the configurations of ASs, restart the ASs, and then connect ASs to the parent using cables. Subsequently, an SVF system is set up.

Before restarting an AS, check whether the port that connects this AS to the parent is a downlink port. You can run the display port connection-type access all command on this AS to view all downlink ports on it. If this port is a downlink port, run the uni-mng up-direction fabric-port command on this AS to configure this port as an uplink port before restarting this AS. Otherwise, this AS cannot go online.
Before connecting an AS to the parent, ensure that the AS has no configuration file and no input on the console port.

# After connecting cables, run the display as all command to check whether ASs have connected to the SVF system.

[SwitchA] display as all
Total: 3, Normal: 3, Fault: 0, Idle: 0, Version mismatch: 0
--------------------------------------------------------------------------------
No.  Type           MAC            IP              State        Name
--------------------------------------------------------------------------------
0    S5700S-P-LI    0200-0000-0011 192.168.11.254  normal      as1
1    S5700S-P-LI    0200-0000-0022 192.168.11.253  normal      as2
2    S5700S-P-LI    0200-0000-0033 192.168.11.252  normal      as3
--------------------------------------------------------------------------------

When the State field in the command output displays normal for an AS, the AS has connected to the SVF system.

# Run the display uni-mng topology information command to view SVF topology information.

[SwitchA] display uni-mng topology information
The topology information of uni-mng network:
<-->: direct link        <??>: indirect link
T: Trunk ID              *: independent AS
------------------------------------------------------------------------------
 Local MAC       Hop  Local Port      T  ||  T   Peer Port      Peer MAC
------------------------------------------------------------------------------
 0400-0000-1100  0    XGE0/0/1        1  <-->0   GE0/0/27       0200-0000-0011
 0400-0000-1100  0    XGE1/0/1        1  <-->0   GE0/0/28       0200-0000-0011
 0400-0000-1100  0    XGE0/0/2        2  <-->0   GE0/0/27       0200-0000-0022
 0400-0000-1100  0    XGE1/0/2        2  <-->0   GE0/0/28       0200-0000-0022
 0400-0000-1100  0    XGE0/0/3        3  <-->0   GE0/0/27       0200-0000-0033
 0400-0000-1100  0    XGE1/0/3        3  <-->0   GE0/0/28       0200-0000-0033
------------------------------------------------------------------------------
Total items displayed : 6

# Run the display uni-mng upgrade-info verbose command to view all AS version information.

[SwitchA] display uni-mng upgrade-info verbose
The total number of AS is : 3
----------------------------------------------------------------------------
 AS name                       : as1
 Work status                   : NO-UPGRADE
 Startup system-software       : flash:/s5700s-p-li.cc
 Startup version               : V200R009C00
 Startup patch                 : --
 Next startup system-software  : --
 Next startup patch            : --
 Download system-software      : --
 Download version              : --
 Download patch                : --
 Method                        : --
 Upgrading phase               : --
 Last operation result         : --
 Error reason                  : --
 Last operation time           : --
----------------------------------------------------------------------------
 AS name                       : as2
 Work status                   : NO-UPGRADE
 Startup system-software       : flash:/s5700s-p-li.cc
 Startup version               : V200R009C00
 Startup patch                 : --
 Next startup system-software  : --
 Next startup patch            : --
 Download system-software      : --
 Download version              : --
 Download patch                : --
 Method                        : --
 Upgrading phase               : --
 Last operation result         : --
 Error reason                  : --
 Last operation time           : --
----------------------------------------------------------------------------
 AS name                       : as3
 Work status                   : NO-UPGRADE
 Startup system-software       : flash:/s5700s-p-li.cc
 Startup version               : V200R009C00
 Startup patch                 : --
 Next startup system-software  : --
 Next startup patch            : --
 Download system-software      : --
 Download version              : --
 Download patch                : --
 Method                        : --
 Upgrading phase               : --
 Last operation result         : --
 Error reason                  : --
 Last operation time           : --
----------------------------------------------------------------------------

Configure service profiles and bind them to ASs.

# Configure an AS administrator profile and bind it to all ASs.

[SwitchA] uni-mng
[SwitchA-um] as-admin-profile name admin_profile
[SwitchA-um-as-admin-admin_profile] user asuser password hello@123
[SwitchA-um-as-admin-admin_profile] quit
[SwitchA-um] as-group name admin_group
[SwitchA-um-as-group-admin_group] as name-include as
[SwitchA-um-as-group-admin_group] as-admin-profile admin_profile
[SwitchA-um-as-group-admin_group] quit

# Configure network basic profiles and bind them to AS ports.

[SwitchA-um] network-basic-profile name basic_profile
[SwitchA-um-net-basic-basic_profile] user-vlan 10
[SwitchA-um-net-basic-basic_profile] quit
[SwitchA-um] port-group name port_group
[SwitchA-um-portgroup-port_group] as name as1 interface all
[SwitchA-um-portgroup-port_group] as name as2 interface all
[SwitchA-um-portgroup-port_group] as name as3 interface all
[SwitchA-um-portgroup-port_group] network-basic-profile basic_profile
[SwitchA-um-portgroup-port_group] quit
[SwitchA-um] quit

# Configure a user access profile and bind it to all AS ports.

[SwitchA] dot1x-access-profile name 1
[SwitchA-dot1x-access-profile-1] quit
[SwitchA] authentication-profile name dot1x_auth
[SwitchA-authen-profile-dot1x_auth] dot1x-access-profile 1
[SwitchA-authen-profile-dot1x_auth] quit
[SwitchA] uni-mng
[SwitchA-um] user-access-profile name access_profile
[SwitchA-um-user-access-access_profile] authentication-profile dot1x_auth
[SwitchA-um-user-access-access_profile] quit
[SwitchA-um] port-group name port_group
[SwitchA-um-portgroup-port_group] user-access-profile access_profile
[SwitchA-um-portgroup-port_group] quit

# Commit the configurations so that the configurations in service profiles can be delivered to ASs.

[SwitchA-um] commit as all
Warning: Committing the configuration will take a long time. Continue?[Y/N]: y

# Run the display uni-mng commit-result profile command to check whether the configurations in service profiles have been delivered to ASs.

[SwitchA-um] display uni-mng commit-result profile
Result of profile:
--------------------------------------------------------------------------------
 AS Name                         Commit Time               Commit/Execute Result
--------------------------------------------------------------------------------
 as1                             2016-03-23 21:27:35       Success/Success
 as2                             2016-03-23 21:27:35       Success/Success
 as3                             2016-03-23 21:27:37       Success/Success
--------------------------------------------------------------------------------

When the Commit/Execute Result field in the command output displays Success/Success for an AS, the configurations in service profiles have been delivered to the AS.

# Run the attach as name as-name command on the parent to log in to AS1 and check whether the configured login user name and password are correct.

[SwitchA-um] attach as name as1
Info: Connecting to the remote AS now. Use the quit command to return to the user view.
Trying 192.168.11.254 ...
Press CTRL+K to abort
Connected to 192.168.11.254 ...

Info: The max number of VTY users is 10, and the number
      of current VTY users on line is 1.
      The current login time is 2016-03-25 22:31:18+00:00.
<HUAWEI>

# Check whether service configurations of AS ports are generated.

<HUAWEI> display current-configuration
......
#
interface Eth-Trunk0
 port link-type hybrid
 port hybrid tagged vlan 1 11
 stp instance 0 cost 200
 traffic-filter outbound acl 4998
 traffic-limit outbound acl 3999 cir 128 pir 128 cbs 16000 pbs 16000
 traffic-statistic outbound acl 3999
 traffic-limit outbound acl 4999 cir 32 pir 32 cbs 4000 pbs 4000
 traffic-statistic outbound acl 4999
 mode lacp
 mad detect mode relay
#
interface GigabitEthernet0/0/1
 stp root-protection
 authentication access-point
 authentication dot1x
#
interface GigabitEthernet0/0/26
 eth-trunk 0
 broadcast-suppression 100
#
......

Configuration Summary

You can configure service profiles and bind them to ASs before or after the ASs connect to the SVF system. The AS service configuration mode includes the pre-configured and non-pre-configured modes depending on the time services are configured. Whatever configuration mode you use, you must run the commit as { name as-name | all } command to commit the configuration after completing it.
- Pre-configured mode: Before ASs connect to the SVF system, pre-configure service profiles, bind them to the ASs, save the configuration on the parent, and then run the commit as { name as-name | all } command to commit the configuration. When the ASs connect to the SVF system, configurations in the service profiles are automatically delivered to the ASs.
- Non-pre-configured mode: After ASs connect to the SVF system, configure service profiles, bind them to the ASs, and then run the commit as { name as-name | all } command to commit the configuration so that configurations in the service profiles can be delivered to the ASs.
After the SVF function is enabled, the Spanning Tree Protocol (STP) and Link Layer Discovery Protocol (LLDP) functions are enabled globally on the parent. Pay attention to the following points when using the STP and LLDP functions in an SVF system:
- You can disable the STP and LLDP functions only on ports, not globally.
- Do not disable the LLDP function on member ports of a fabric port. Otherwise, the SVF topology will become abnormal.
After the SVF function is enabled, the parent will change STP to Rapid Spanning Tree Protocol (RSTP) and set the priority of instance 0 to 28762 using the stp instance 0 priority 28672 command. Note that the priority of instance 0 cannot be set to a value greater than 28672. After the SVF function is disabled, the default priority of instance 0 is restored. When the SVF function is enabled or disabled, STP recalculates the port roles and changes the port status. Traffic on the ports will be interrupted temporarily.
The MAD relay function is automatically enabled on the Eth-Trunk to which a downlink fabric port is bound, and the MAD function is automatically enabled on the Eth-Trunk to which an uplink fabric port is bound to perform MAD in an AS that is a stack. When the standby switch in the AS is removed, MAD cannot be performed because the standby switch restarts automatically without saving the configuration.
To prevent the SVF function from being affected, do not perform MIB operations to modify the configuration automatically generated in an SVF system, for example, the configuration of STP, LLDP, and Eth-Trunk to which a fabric port is bound.
On the parent, there may be a delay in displaying the output of some commands executed on ASs, including the patch delete all and patch load filename all [ active | run ] commands.
In an SVF system, the maximum frame length allowed by ports cannot be configured on an AS. Therefore, the maximum frame length is the default value 9216 (including the CRC field).
Internal attacks of a management VLAN will cause ASs to disconnect from the SVF system. You need to error down the attacked ports or remove the ports from the management VLAN after identifying the attack source.
After an AS disconnects from the SVF system, in versions earlier than V200R012C00, all downlink ports of the AS will be error down. In V200R012C00 and later versions, to ensure that downlink networks of the AS can communicate with each other, downlink ports of the AS will not be error down.
Configured Control and Provisioning of Wireless Access Points (CAPWAP) tunnel parameters apply to the SVF system. To ensure that the CAPWAP tunnel of the SVF system works normally, you are advised to retain the default CAPWAP tunnel parameters.
When an AS is an S5700-10P-LI or S2750-EI, and the assign forward-mode ipv4-hardware command has been executed in the system view to enable Layer 3 hardware forwarding for IPv4 packets before the AS connects to the SVF system:
- The AS cannot negotiate to connect to the SVF system if the AS directly connects to the parent.
- Configuring a management VLAN is not allowed if the AS connects to the parent across a network.
You need to start the AS in standalone mode and then run the undo assign forward-mode command in the system view to disable Layer 3 hardware forwarding for IPv4 packets.
In the SVF system, network access rights available before users pass network admission control (NAC) authentication can be authorized through authentication-free rules instead of a user control list (UCL) group.
SVF does not support built-in Portal servers.

Parent Configuration File (configuration in V200R011C10 as an example)

#
sysname SwitchA
#
vlan batch 11
#
stp mode rstp
stp instance 0 priority 28672
#
authentication-profile name dot1x_auth
 dot1x-access-profile 1
#
lldp enable
#
dhcp enable
#
interface Vlanif11
 ip address 192.168.11.1 255.255.255.0
 dhcp select interface
 dhcp server option 43 ip-address 192.168.11.1
#
interface Eth-Trunk1
 port link-type hybrid
 port hybrid tagged vlan 1 10 to 11
 stp root-protection
 stp edged-port disable
 mode lacp
 mad relay
#
interface Eth-Trunk2
 port link-type hybrid
 port hybrid tagged vlan 1 10 to 11
 stp root-protection
 stp edged-port disable
 mode lacp
 mad relay
#
interface Eth-Trunk3
 port link-type hybrid
 port hybrid tagged vlan 1 10 to 11
 stp root-protection
 stp edged-port disable
 mode lacp
 mad relay
#
interface XGigabitEthernet0/0/1
 eth-trunk 1
#
interface XGigabitEthernet0/0/2
 eth-trunk 2
#
interface XGigabitEthernet0/0/3
 eth-trunk 3
#
interface XGigabitEthernet0/0/4
 mad detect mode direct
#
interface XGigabitEthernet1/0/1
 eth-trunk 1
#
interface XGigabitEthernet1/0/2
 eth-trunk 2
#
interface XGigabitEthernet1/0/3
 eth-trunk 3
#
interface XGigabitEthernet1/0/4
 mad detect mode direct
#
capwap source interface vlanif11
#
as-auth
 whitelist mac-address 0200-0000-0011
 whitelist mac-address 0200-0000-0022
 whitelist mac-address 0200-0000-0033
#
uni-mng
 as name as1 model S5700S-28P-LI-AC mac-address 0200-0000-0011    //Check whether the AS configuration and ports connected to the ASs are correct.
 as name as2 model S5700S-28P-LI-AC mac-address 0200-0000-0022
 as name as3 model S5700S-28P-LI-AC mac-address 0200-0000-0033
 interface fabric-port 1
  port member-group interface Eth-Trunk 1
 interface fabric-port 2
  port member-group interface Eth-Trunk 2
 interface fabric-port 3
  port member-group interface Eth-Trunk 3
 as-admin-profile name admin_profile                //Check the administrator profile configuration.
  user asuser password %^%#Ky,WNqWh_DZ[(V96yvSEph)VLMc/+U}>]i2:"9n:%^%#
 network-basic-profile name basic_profile         //Check the network basic profile configuration.
  user-vlan 10
 user-access-profile name access_profile            //Check the user access profile configuration.
  authentication-profile dot1x_auth
 as-group name admin_group                //Check whether an AS group has been created and bound to the AS administrator profile.
  as-admin-profile admin_profile
  as name as1
  as name as2
  as name as3
 port-group name port_group              //Check whether the port group has been bound to service profiles and whether ports connected to ASs have been added to the port group.
  network-basic-profile basic_profile
  user-access-profile access_profile
  as name as1 interface GigabitEthernet 0/0/1 to 0/0/24
  as name as2 interface GigabitEthernet 0/0/1 to 0/0/24
  as name as3 interface GigabitEthernet 0/0/1 to 0/0/24
#
dot1x-access-profile name 1
#
return

Related Information

Video

S Series Switches SVF Feature Introduction