This article summarizes the latest Huawei switch configuration commands for 2025. This article covers two parts: 1. Basic Huawei switch configuration commands and 2. Huawei switch configuration examples. Let's take a look.

1. Huawei Switch Category 6 Configuration Commands

1. Entering Configuration Views:

system-view → Enter system view (configuration mode).

sysname SW1 → Change the switch name.

clock timezone BJ add 08:00:00 → Set the time zone (Beijing Time).

display current-configuration → View the current running configuration.

2. VLAN and Port Configuration (Core Functions)

1. Management IP and Remote Login

Interface Vlanif 10 # Enter the management VLAN (not VLAN 1 is recommended)

ip address 172.16.1.1 255.255.255.0 # Configure the management IP

telnet server enable # Enable the Telnet service

user-interface vty 0 4

authentication-mode aaa # Force username and password authentication aaaprotocol inbound telnet # Enable the Telnet protocol

local-user admin password cipher Admin@123 # The password must contain uppercase, lowercase, and numeric characters

local-user admin service-type telnet

2. Port security and MAC binding

interface GigabitEthernet 0/0/5port-security enable # Enable

port securityport-security max-mac-num 2 # Limit the number of MAC addresses (to prevent unauthorized devices)

port-security mac-address sticky # Automatically bind the MAC address of the first access

3. Advanced function configuration (aggregation and DHCP service)

1. Link aggregation (Eth-Trunk)

interface Eth-Trunk 1 # Create an aggregation group

trunkport GigabitEthernet 0/0/3 to 0/0/5 # Add member ports

port link-type trunkload-balance src-dst-mac #

Load balancing based on source/destination MAC

2. DHCP service

dhcp enable # Enable DHCP globally

ip pool Guest # Create address pool

network 192.168.30.0 mask 24

gateway-list 192.168.30.1

interface Vlanif 30

dhcp select global # Apply address pool

IV. Security Hardening and ACLs
1. Access Control List (ACL)

acl 3000 # Advanced ACL (3000-3999)

rule 5 deny ip source 192.168.10.0 0.0.0.255 destination 192.168.20.0 0.0.0.255 # Prohibit inter-network access

interface Vlanif 10

traffic-filter inbound acl 3000 # Apply ACL policy

2. Console and User Rights

user-interface console 0

authentication-mode password

set authentication password cipher Huawei@123 # Console password

local-user operator privilege level 3 # User privilege levels (0-15, 3 for administrator)

5. Common commands for troubleshooting

display interface brief
display mac-address
display eth-trunk 1
ping 192.168.1.1
reset counters interface GigabitEthernet 0/0/1

6. IP routing and Layer 3 functions 1. Inter-VLAN routing uses VLANIF to achieve subnet communication:

interface Vlanif 10

ip address 192.168.10.1 24

interface Vlanif 20

ip address 192.168.20.1 24

# After the PC sets the corresponding gateway, cross-VLAN communication can be achieved

2. Static route pointing to the core router or firewall:

ip route-static 0.0.0.0 0.0.0.0 192.168.100.254 # Default route

2. Configuration Example: VLANs communicate through the VLANIF interface. Here we take a simple example:

As shown in the preceding figure, in an enterprise network, User 1 and User 2 have the same service but belong to different VLANs and are located on different network segments. It is now necessary to enable communication between User 1 and User 2. This scenario is most common in office networks.

Configuration strategy: Create a VLAN, add an interface to the VLAN, create a VLANIF interface, and assign an IP address to the interface. This will enable intercommunication. Let's take a look at the configuration.

1. Create VLAN

system-view //Enter the view

[HUAWEI] sysname Switch //Name the switch Switch

[Switch] vlan batch 10 20 //Create VLAN 10 vlan2

2. Configure interfaces to join VLANs

[Switch] interface gigabitethernet 0/0/1 //Enter port 0/0/1

[Switch-GigabitEthernet0/0/1] port link-type access //Set the port to Access mode

[Switch-GigabitEthernet0/0/1] port default vlan 10 //Assign the port to VLAN 10

[Switch-GigabitEthernet0/0/1] quit //Exit

[Switch] interface gigabitethernet 0/0/2 //Enter port 0/0/2

[Switch-GigabitEthernet0/0/2] port link-type access //Set the port to Access mode

[Switch-GigabitEthernet0/0/2] port default vlan 20 //Assign the port to VLAN 10

[Switch-GigabitEthernet0/0/2] quit //Exit

The key step is here

3. Configure the IP address of the VLANIF interface

[Switch] interface vlanif 10 //Enter the logical interface view of VLAN 10

[Switch-Vlanif10] ip address 10.10.10.2 24 //Configure an IP address for it

[Switch-Vlanif10] quit //Exit

[Switch] interface vlanif 20 //Enter the logical interface view of VLAN 20

[Switch-Vlanif20] ip address 10.10.20.2 24 //Configure an IP address for it

[Switch-Vlanif20] quit //Exit

After the configuration is completed, their interfaces have IP addresses and can communicate with each other. User1 in VLAN10 and User2 in VLAN20 can access each other.