Cisco vs Huawei Essential Command Mapping


What I LIKE in Huawei after few weeks using it
-open SFP
that mean you can use any sfp brand, it will not complain, but I don’t know that will void warranty
in Aruba you can use 3rd party sfp but that will void warranty
in Ruckus open SFP as well but won’t void warranty
-1 year warranty
like Cisco
unlike Aruba and Ruckus which is limited lifetime warranty (the best in warranty, you can have 100 years warranty)
-price could be cheaper than anything else
that’s why most countries using it nowadays
-almost all the switches are L3 switch
if you want more feature such as vxlan, just add license
-telco in mind
you can have AC or DC power module in the back. if you want to change AC to DC, just add DC module
if you want more poe power just add two AC power modules
it has anti static port in the back

-save need in User mode
unlike Cisco that you type “do wr me” in config mode
unlike Aruba that you just type “wr me” in any mode
-who answer in forum is not technical enough compare to Cisco and Aruba forum

[no equivalent: shows the files used for startup]display startup (user mode)
bootboot bootrom
clear access-list countersreset acl counter all (user mode)
clear countersreset (user mode)
clear cryptoipsec sa
ike sa
clear interfacereset counters interface
clear ip bgpreset bgp all
clear ip cefreset ip fast-forwarding
clear ip route *reset ip routing-table statistics protocol all
conf tsystem-view
copy running-configsave filename
debug / no debugdebugging / undo debugging
debug pvc negodebug atm all (very dangerous – might crash router)
disablesuper 0 (number is privilege level from 0 to 3, where 3 is default and equivalent to “enable” on Cisco)
enable secret (conf mode)super pass cipher (system mode)
endreturn or ctrl+z
ip tacacshwtacacs nas-ip (this command doesn’t exist !!!)
router bgpbgp
router riprip
sendsend (user mode)
show atm pvcdisplay atm pvc-info
show clockdisplay clock
show controllerdisplay controller (but not relevant for non-modular chassis)
show crypto isakmp keydisplay ike peer
show crypto isakmp policedisplay ike proposal
show crypto isakmp sadisplay ike sa
show dsl int atm 0display dsl status interface atm 2/0
show flashdir flash: (user mode)
show frame-relay pvcdisplay fr pvc-info
show interfacesdisplay interface
show ip bgpdisplay bgp routing-table
show ip interfacedisplay ip interface
show ip nat translationdisplay nat session
show ip routedisplay routing-table
show loggingdisplay logbuffer
show policy-map interfacedisplay qos policy interface
show portdisplay port-mapping
show snmpdisplay snmp-agent statistics
show startupdisplay saved-configuration
show techdisplay diagnostic-information
show usersdisplay users
show versiondisplay version
snmp-servertftp-server (system mode)
tacacs-serverhwtacacs scheme (system mode)
terminal lengthscreen-length disable
undo screen-length disable
terminal monitorterminal debugging (user mode)
terminal no monitorundo terminal debugging (user mode)
write erasereset saved-configuration
write mem (or wr or copy run start)save
write terminal (sh run)display current-configuration

Enabling Portfast




-to enable
interfaces {
interface-range ACCESS {
member-range ge-0/0/6 to ge-0/0/45;
protocols {
rstp {
interface ACCESS {
ethernet-switching-options {
bpdu-block {
disable-timeout 60;

-to check EDGE on/off
# run show spanning-tree interface detail | match “Link type”
Link type : Pt-Pt/NONEDGE
Link type : Pt-Pt/NONEDGE
Link type : Pt-Pt/NONEDGE
Link type : Pt-Pt/NONEDGE
Link type : Pt-Pt/NONEDGE
Link type : Pt-Pt/EDGE

Mac 26s
Win 5s

Mac 28s
Win 9s

Automatically backup config to scp or tftp when “write mem”

In Cisco, I can automatically backup config using scp or tftp to other location every time I issue “wr me”

How to achieve the same in other brand?

path scp://root:eve@$h










IOS Tips

-Reset port gi1/0/1 to default:
# conf t
(config) # default interface gi1/0/1

-Reset ports 1-48 to default:
# conf t
(config)# default int range gi1/0/1-48

-Edit ports 1-48 at the same time
# conf t
(config)# int range gi1/0/1-48
(config-if)# <enter config change>

-Apply a config change to a non-contiguous range of ports
# conf t
(config) # int range gi1/0/1 – 5 , gi1/0/10 – 15
(config-if)# <enter config change>

-Do multiple steps in a single command when provisioning a port for an end-device
# conf t
(config)# int gi1/0/1
(config-if)# switchport host
   sets switch port mode to access + enables spanning tree Port Fast + disables channel grouping.

-Use macros to run a script by entering a single command AND use variables
 Create the macro
# conf t
(config)# macro name SetTrunk
description TRUNK PORT
switchport trunk encapsulation dot1q
switchport mode trunk
switchport trunk native vlan $NATIVE
switchport trunk allowed vlan $ALLOWED
mls qos trust dscp
no shut
 Now apply the macro to a port you want to create as a trunk, set the native VLAN to 123 and define all VLANs as being allowed
# conf t
(config)# int gi1/0/1
(config-if)# macro apply SetTrunk $NATIVE 123 $ALLOWED all

-Show all interfaces and the CRC count for each
# show interface | i protocol|CRC
GigabitEthernet1/0/5 is up, line protocol is up (connected)
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored

-Find what ports are not currently connected
# sh int status | i notconnect

-Show what ports are down due to BPDUguard
# sh int status | i err
# show log | i BPDU|bpdu
%SPANTREE-2-BLOCK_BPDUGUARD: Received BPDU on port GigabitEthernet1/0/16 with BPDU Guard enabled. Disabling port.
%PM-4-ERR_DISABLE: bpduguard error detected on Gi1/0/16, putting Gi1/0/16 in err-disable state

-Delete a directory
# del /force /recursive directory_name

-For all switches in a stack, define both a primary AND a secondary boot image
# all flash:c3750-ipbasek9-mz.122-55.SE8.bin;flash:c3750-ipbasek9-mz.122-55.SE7.bin

-Get extended details about the packets crossing an interface
#show interfaces f2/0/17 controller
     Transmit FastEthernet2/0/17              Receive
     18971276 Bytes                         33189871 Bytes
        14754 Unicast frames                   59339 Unicast frames
        43389 Multicast frames                  3440 Multicast frames
        99892 Broadcast frames                 43925 Broadcast frames
            0 Too old frames                29986661 Unicast bytes
            0 Deferred frames                 346082 Multicast bytes
            0 MTU exceeded frames            2855260 Broadcast bytes
            0 1 collision frames                   0 Alignment errors
            0 2 collision frames                   0 FCS errors
            0 3 collision frames                   0 Oversize frames
            0 4 collision frames                  17 Undersize frames
            0 5 collision frames                   0 Collision fragments
            0 6 collision frames
            0 7 collision frames               46501 Minimum size frames
            0 8 collision frames                7813 65 to 127 byte frames
            0 9 collision frames                1613 128 to 255 byte frames
            0 10 collision frames               2114 256 to 511 byte frames
            0 11 collision frames              47218 512 to 1023 byte frames
            0 12 collision frames               1462 1024 to 1518 byte frames
            0 13 collision frames                  0 Overrun frames
            0 14 collision frames                  0 Pause frames
            0 15 collision frames
            0 Excessive collisions                 0 Symbol error frames
            0 Late collisions                      0 Invalid frames, too large
            0 VLAN discard frames                  0 Valid frames, too large
            0 Excess defer frames                  0 Invalid frames, too small
       112850 64 byte frames                       0 Valid frames, too small
         6718 127 byte frames
        20771 255 byte frames                      0 Too old frames
        16109 511 byte frames                      0 Valid oversize frames
         1445 1023 byte frames                     0 System FCS error frames
          142 1518 byte frames                     0 RxPortFifoFull drop frame
            0 Too large frames
            0 Good (1 coll) frames
            0 Good (>1 coll) frames

-Show receive and transmit utilization for all ports
0# sh controllers utilization
Port       Receive Utilization  Transmit Utilization
Fa2/0/1            0                    0
Fa2/0/2            0                    0
Fa2/0/3            0                    0
Fa2/0/4            0                    0
Fa2/0/5            0                    0

-Modify an access-list that is referenced with a class-map and policy-map (basically, you need to delete from the top down and rebuild from the bottom up):
Steps explained
# conf t
   remove the policy within the policy map that references the class-map that references the access-list (access-group)
   Remove the class-map that references the access-list (access-group)
   do a no access-list to remove the ACL
   Enter in the ACL statements
   Enter in the class-map statements
   change to policy-map
   Enter in the policy-map statements
Steps performed
   For this setup we’ll use this configuration
# conf t
(config)# policy-map MARK-LAN-DSCP
(config-pmap)# class EF-105-CLASS
(config-pmap-c)# set dscp ef
(config-pmap-c)# class-map match-any EF-105-CLASS
(config-cmap)# match access-group 105
(config-cmap)# exit
(config)# access-list 105 permit ip host any
GOAL: To edit access-list 105 and change one of the source IP’s without the switch choking on itself
# conf t
(config)# policy-map MARK-LAN-DSCP
(config-pmap)# no class EF-105-CLASS
(config-pmap) # exit
(config)# no class-map match-any EF-105-CLASS
(config)# no access-list 105
(config)# access-list 105 permit ip host any
(config)# access-list 105 permit ip host any
(config)# class-map match-any EF-105-CLASS
(config-cmap)# match access-group 105
(config-cmap)# exit
(config)# policy-map MARK-LAN-DSCP
(config-pmap)# class EF-105-CLASS
(config-pmap-c)# set dscp ef
(config-pmap-c)# exit
(config-pmap)# exit
(config)# exit
# wr

kron backup config

NOTE: make sure all devices has the same clock or point to the same NTP server

(config)# clock timezone GMT +7
(config)# archive
(config-archive)# path tftp://IP_of_TFTP_SERVER/$h$t
(config-archive)# write-memory
-kron will run 12AM
(config)# kron occurrence backup-config at 0:0 recurring
-kron will run 1 min later
(config)# kron occurrence backup-config in 1 oneshot

(config-kron-occurrence)# policy-list backup-config
(config)# kron policy-list backup-config
(config-kron-policy)# cli wr me
(config-kron-policy)# end
# wr me
#show kron schedule
backup-config inactive, will run once in 0 days 11:43:14

-to backup to local flash directory
Directory of flash0:/
    1  drw-           0  Jan 30 2013 07:00:00 +07:00  boot
  264  drw-           0  Oct 14 2013 07:00:00 +07:00  config
  267  -rw-   139942304  Mar 25 2015 07:00:00 +07:00  vios-adventerprisek9-m
  270  -rw-      524288  Feb 15 2018 21:55:44 +07:00  nvram
  271  -rw-          79  Feb 19 2018 11:35:08 +07:00  e1000_bia.txt
#cd backup
Directory of flash0:/backup/
No files in directory
2142715904 bytes total (1997635584 bytes free)
(config)# archive
(config-archive)#path flash:/backup/$h$t

How to save running-config to a text file

# copy run flash:STAN.txt
make changes

# configure replace flash:STAN.txt

# copy flash:STAN.txt run
Its actually merge the config but not replace it


enable archive and rollback which will rollback the old configuration if not confirmed (Just like in Junos)
# conf t
# (config) archive
# (config) path flash:STAN
# (config) end
-first archive
# archive config
# show archive
The maximum archive configurations allowed is 10.
There are currently 1 archive configurations saved.
The next archive file will be named flash:STAN-<timestamp>-1
Archive #  Name
   1        flash:STAN-Feb-15-02-28-02.841-0 <- Most Recent
-make changes
-save 2nd archive
# archive config
# show archive
-two archive listed then choose which archive you want to revert to
# configure replace flash:STAN-Feb-15-02-28-02.841-0 revert trigger timer 10
after 10min running-config will be reverted to STAN-Feb-15-02-28-02.841-0
# configure replace flash:STAN-Feb-15-02-28-02.841-0 revert trigger

if you want to immediately revert to target archive

send either the startup or running config to a TFTP, FTP or SCP server
# copy running-config archive:
# copy running-config flash:
# copy running-config flash0:
# copy running-config flash1:
# copy running-config flash2:
# copy running-config flash3:
# copy running-config ftp:
# copy running-config tftp:
# copy running-config scp:
# copy running-config http:

# copy running-config https:

enable session> logging in putty using connection properties
term len 0
sh run
in this way all the file is placed without need to press for next page
then you stop logging and you have your file.
to have again pages type:
term len 25

putty saves an header with date and time at the beginning after that you have clean text file.

go to file then click on log session then save the file with .txt extension

thay way your config file will be saved in text format

using Ansible
SolarWInds NCM

Console Cisco causing BSOD with EventViewer Error 10016

-Putty 0.7
-Windows 10 Pro

-Aten USB to RS-232 Adapter UC232A

1. every time I console to Cisco switch through COM port.
It will crash BSOD after some time

Error 10016 in EventViewer:
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
 and APPID
 to the user NBCTCP\nbctcp SID (S-1-5-21-2067972773-1120365315-274810299-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

-download and install latest ATEN UC232A WIN10 driver from
The solution seems odd because Win10 already has Aten driver as shown below.
But if I didn’t install latest WIN10 driver, it will causing BSOD

Error “The first key-exchange algorithm supported by the server is diffie-hellman-group1-sha1”

2018-01-31 21_43_01-Windows 10 Event 10016 Fix_ The application-specific permission settings do not

Above error happen every time I ssh to my 3750 using Putty 0.7

CAT3750#sh ver

Cisco IOS Software, C3750 Software (C3750-IPSERVICESK9-M), Version 12.2(55)SE12


-using latest TeraTerm. It seems TeraTerm using relaxed Key Exchange


-modify Putty as shown below (I am not prefer this method)
2018-02-01 09_22_37-PuTTY Configuration

-harden IOS by upgrading to version 15 and follow this