USG 6300 – Bidirectional NAT on Huawei Firewalls

glitchlist Uncategorized Leave a Comment

Nat 1:1 static configuration or “Server Mapping” in Huawei have a strange behavior on the WEB GUI. Based on USG 6300 series with V500R001C60SPC500 firmware, when you configure bidirectional NAT it behaves like a SOURCE NAT. Solution: There are platforms, such as new generation firewalls that have a very powerful web management portal. But in general in network environments, especially …

HUAWEI AP Firmware Rollback with AC Controller

glitchlist Uncategorized Leave a Comment

Sometimes AP hardware & software upgrades run faster than Wireless Controllers. In a few years, APs quickly go out of production. It may happen that you find yourself installing new generation access points on Controllers with obsolete firmware. The best solution is to plan a firmware upgrade but you can’t schedule it in 5 minutes. An incorrect firmware or patch …

Huawei – Physical decoding errors

glitchlist Uncategorized Leave a Comment

When you have a strange network problem on a fiber uplink you may experience this output in display interface command: The error Symbols: 529186 generate link flappings many times a day. Ethernet RFCs describe how to place an L2 frame in the physical layer (L1), 8B/10B encoding process takes 8bit of Media Access Control Layer and converts it in a …

Securing OSPFv2

glitchlist Blog Leave a Comment

OSPF is a king routing protocol that speaks on Multicast addresses 224.0.0.5 and 224.0.0.6. Once the neighborhood relationship is installed and LSAs are exchanged, the SPF algorithm starts running. If the new OSPF peer is a malicious router it can cause a lot of damage to your routing table such as: Network congestions Dos attacks Loops LSA flooding and why …

ip route-static

glitchlist Blog Leave a Comment

In Huawei, there are some options to make a static route less static and more dynamic! Now, you can bind a static IP route on certain events that happen in your network. Events can be triggered by: BFD session EFM state NQA An example could be forward a network on a Core Router without using a routing protocol: .glitchlist crew

runts, giants and throttles

glitchlist Blog Leave a Comment

show interface is maybe the most famous command that is entered when we start troubleshooting.Interpreting the output of this command is like reading the results of the blood analysis, some results are easy to understand, while others are very cryptic but very useful to take us to another level of troubleshooting! Let’s see runts, giants an throttles: RUNTS are frames …

Huawei S5700 Parity Check Error

glitchlist Blog Leave a Comment

If you find this warning in your switches S5700: According to Huawei: This is a soft error with a low probability. The device is not physically damaged and no hardware failure occurs. In the logs we found that single bit destoryed chip table was repaired by the software, but many “parity logs” also record. In the end the solution was to replace …

HUAWEI – enable IGMP-snooping

glitchlist Blog Leave a Comment

igmp-snooping is not a protocol but a feature that switches have to control multicast traffic. In a broadcast domain, multicast is flooded on all ports so the snooping mechanism listen for an IGMP client and send multicast traffic only on the necessary ports in the multicast forwarding table. Troubleshooting commands: .glitchlist crew