< Home

Restrictions on an SVF System

Restrictions of Other Features

  • The SVF function is mutually exclusive with the web initial login mode, EasyDeploy, USB-based deployment, and NETCONF functions.

  • The SVF function can be enabled only when the NAC configuration mode is unified mode. Therefore, the commands in NAC common mode cannot be configured in an SVF system. For example, the guest VLAN commands in NAC common mode cannot be configured in an SVF system.
  • In an SVF system running V200R008C00 and earlier versions, you can run the authentication free-rule command to control the network access right of NAC users before they pass authentication. UCL-based group authorization is not supported for NAC users.
  • In an SVF system running V200R009C00 and later versions, you can run the free-rule command to control the network access right of NAC users before they pass authentication. UCL-based group authorization is not supported for NAC users.
  • S2700&S5700&S6700&S600-E series switches support the built-in Portal server function. After these switches join an SVF system, they do not support the built-in Portal server function.
  • The system automatically enables the STP and LLDP functions globally on the parent. Pay attention to the following points when using the STP and LLDP functions in an SVF system:

    • The STP and LLDP functions cannot be disabled globally but can be disabled on interfaces.

    • The LLDP function cannot be disabled on member ports of a fabric port, ports connected to APs, and AP uplink ports. Otherwise, SVF topology information becomes inaccurate.

  • After the SVF function is enabled, the parent changes STP to Rapid Spanning Tree Protocol (RSTP) and sets the priority of instance 0 to 28672 using the stp instance 0 priority 28672 command. Note that the priority of instance 0 cannot be set to a value greater than 28672. After the SVF function is disabled, the priority of instance 0 restores to the default value. When the SVF function is enabled or disabled, STP recalculates the port roles and changes the interface status. Subsequently, traffic on the interface is interrupted temporarily.

Restrictions After the SVF Function Is Enabled

  • When the parent in an SVF system is a cluster or stack, MAD in direct mode is supported, and MAD in relay mode is supported by using the Eth-Trunk bound to a fabric port in independent configuration mode. When an AS in the SVF system is a stack, only MAD in relay mode is supported by using the Eth-Trunk bound to a fabric port and MAD in direct mode is not supported. When the standby switch in the AS is removed, MAD cannot be performed because the standby switch restarts automatically without saving the configuration.

  • To prevent the SVF function from being affected, do not perform the following operations using MIBs:
    • Modify the configurations automatically generated in an SVF system, including STP configuration, LLDP configuration, and Eth-Trunk binding to a fabric port.
    • Execute the commands shielded in an SVF system, including the commands used to configure STP, LLDP, and member ports of a fabric port.
  • The parent notifies the web NMS of only the alarms reported by the AS service module described in the MBR section in "O&M and Troubleshooting-Alarm Handling".

  • On the parent, there is a delay in displaying the output of some commands (such as patch delete all and patch load filename all [ active | run ]) executed on the ASs.

  • In versions earlier than V200R011C10, Eth-Trunk can be manually created and deleted on an AS in centralized mode. In V200R011C10 and later versions, Eth-Trunk cannot be manually created and deleted on an AS in centralized mode and must be created and deleted on the parent.

  • In an SVF system, the maximum frame length allowed by interfaces cannot be configured on an AS. Therefore, the maximum frame length is the default value 9216 (including the CRC field).

  • After an AS goes online, a static ARP entry in which the IP address is the management address of the parent is generated on the AS. Deleting the static ARP entry is not allowed. Otherwise, the AS may be forcibly removed from the SVF system.

  • Internal attacks in the management VLAN will cause an AS to go offline. You need to identify the attack source and then shut down the attacked port or remove the port from the management VLAN.

  • After an AS goes offline, traffic on the network attached to the AS cannot be forwarded in the following scenarios:
    • The parent and AS run V200R012C00 or an earlier version. In versions earlier than V200R012C00, after an AS goes offline, its downlink service ports will all be error down.
    • The SVF system works in centralized forwarding mode. In centralized forwarding mode, after an AS goes offline, traffic on the network attached to the AS cannot be forwarded through the parent.
    • The level-1 AS service configuration mode is set to independent mode using the port connect independent-as command or the level-2 AS service configuration mode is set to independent mode using the down-direction fabric-port connect independent-as command, and downlink service ports of the AS have authentication configurations. After an AS goes offline, AS authentication fails, so traffic on the network attached to the AS cannot be forwarded.
  • When an AS goes offline and needs to go online again, and the AS configuration is changed on the parent after the AS goes offline, the AS restarts and then goes online again.
  • After an AS is changed to the independent mode, it is recommended that you just add or remove the fabric port of the AS to or from a VLAN. If you perform other configurations on the fabric port, the AS may go offline. For details, see the description of the port connect independent-as command.
When an AS connects to the parent across a Layer 2 network, pay attention to the following points
  • Automatic AS discovery is not supported, and fabric ports of the parent and AS need to be manually configured.
  • The indirectly-connected fabric port of the parent and configured uplink fabric port of the AS do not support connection error check. The administrator needs to ensure the connection correctness of the Eth-Trunk, and the AS can only connect to third-party network devices through Eth-Trunks in manual load balancing mode.
  • The administrator needs to ensure that the downlink fabric port of the parent and the intermediate Layer 2 network are correctly configured, the SVF management VLAN and service VLAN between the parent and AS are correctly connected, and the intermediate network transparently transmits data traffic between the parent and AS. Therefore, the intermediate network must be a pure Layer 2 network.
  • The AS does not support the MAD function because this function requires that third-party devices support the MAD relay function.
  • In centralized forwarding mode, traffic from the network segment where the AS resides may be forwarded by the intermediate network but not the parent.
  • After the AS is configured to work in client mode, the AS can only be manually configured to return to the standalone mode and must be restarted. If the AS is a stack, new stack member devices will be automatically configured to work in client mode after the AS is configured to work in client mode.
Parent Topic: Licensing Requirements and Limitations for SVF
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic