Huawei AR2200 Series Configuration Manual

Enterprise routers

Hide thumbs Also See for AR2200 Series:

Configuration manual (125 pages)

Product description (239 pages)

Hardware installation and maintenance manual (219 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

199

200

201

202

203

204

205

206

207

208

209

210

211

page of 211

/ 211
Contents
Table of Contents
Bookmarks

Table of Contents

Quick Links

Summary of Contents for Huawei AR2200 Series

Page 1 Huawei AR2200 Series Enterprise Routers V200R001C01 Configuration Guide - Basic Configuration Issue Date 2011-10-15 HUAWEI TECHNOLOGIES CO., LTD.
Page 2 All other trademarks and trade names mentioned in this document are the property of their respective holders. Notice The purchased products, services and features are stipulated by the contract made between Huawei and the customer. All or part of the products, services and features described in this document may not be within the purchase scope or the usage scope.
Page 3: About This Document
Huawei AR2200 Series Enterprise Routers Configuration Guide - Basic Configuration About This Document About This Document Intended Audience This document provides the basic concepts, configuration procedures, and configuration examples in different application scenarios of the Basic configuration supported by the AR2200 device.
Page 4: Command Conventions
Huawei AR2200 Series Enterprise Routers Configuration Guide - Basic Configuration About This Document Command Conventions The command conventions that may be found in this document are defined as follows. Convention Description Boldface The keywords of a command line are in boldface.
Page 5: Table Of Contents
Huawei AR2200 Series Enterprise Routers Configuration Guide - Basic Configuration Contents Contents About This Document........................ii 1 Logging In to the System for the First Time................1 1.1 Introduction................................2 1.2 Logging In to the Device Through the Console Port or Mini USB Port............2 1.2.1 Establishing the Configuration Task......................2...
Page 6 Huawei AR2200 Series Enterprise Routers Configuration Guide - Basic Configuration Contents 3.1.3 Setting the System Clock.........................25 3.1.4 Configuring a Header..........................26 3.1.5 Configuring the Undo Command to Match in the Previous View Automatically........27 3.2 Displaying System Status Messages.........................27 3.2.1 Displaying System Configuration......................28 3.2.2 Displaying System Status........................28...
Page 7 Huawei AR2200 Series Enterprise Routers Configuration Guide - Basic Configuration Contents 5.3 Logging in to the Devices by Using Telnet......................60 5.3.1 Establishing the Configuration Task.......................61 5.3.2 Configuring VTY User Interface......................61 5.3.3 (Optional) Configuring Local Telnet Users.....................62 5.3.4 Enabling the Telnet Service........................62 5.3.5 Logging in to the router by Using Telnet....................63...
Page 8 Huawei AR2200 Series Enterprise Routers Configuration Guide - Basic Configuration Contents 6.3.7 Accessing the System by Using FTP.......................94 6.3.8 Performing File Operations by Using FTP Commands................94 6.3.9 Checking the Configuration........................96 6.4 Performing File Operations by Means of SFTP....................97 6.4.1 Establishing the Configuration Task.......................97 6.4.2 Configuring VTY User Interface......................98...
Page 9 Huawei AR2200 Series Enterprise Routers Configuration Guide - Basic Configuration Contents 8.2.3 Logging in to Another Device by Using Telnet..................128 8.2.4 Checking the Configuration........................129 8.3 Using the Redirection Function to Connect to a Remote Device..............129 8.3.1 Establishing the Configuration Task.....................129 8.3.2 Configuring the Redirection Function....................132...
Page 10 Huawei AR2200 Series Enterprise Routers Configuration Guide - Basic Configuration Contents 8.8.4 Example for Configuring TFTP......................161 8.8.5 Example for Connecting the SFTP Client to the SSH Server...............164 8.8.6 Example for Authenticating SSH Through RADIUS................168 9 Upgrade and Maintenance.......................174 9.1 Upgrade and Maintenance Overview......................175 9.1.1 License Authorization..........................175...
Page 11 Huawei AR2200 Series Enterprise Routers Configuration Guide - Basic Configuration Contents 9.7 Configuration Examples..........................195 9.7.1 Example for Upgrading System Software.....................195 9.7.2 Example for Installing a Patch File.......................199 Issue 02 (2011-10-15) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 12: Logging In To The System For The First Time
Huawei AR2200 Series Enterprise Routers Configuration Guide - Basic Configuration 1 Logging In to the System for the First Time Logging In to the System for the First Time About This Chapter You can log in to a new router through the console port or mini USB port to configure the router.
Page 13: Introduction
Huawei AR2200 Series Enterprise Routers Configuration Guide - Basic Configuration 1 Logging In to the System for the First Time 1.1 Introduction You can log in to the device that is powered on for the first time through the console port or mini USB port to configure the device.
Page 14: Establishing The Physical Connection
Huawei AR2200 Series Enterprise Routers Configuration Guide - Basic Configuration 1 Logging In to the System for the First Time Data Terminal communication parameters l Baud rate l Data bit l Parity l Stop bit l Flow-control mode NOTE When the router is logged in for the first time, the system automatically uses default parameter values.
Page 15 Huawei AR2200 Series Enterprise Routers Configuration Guide - Basic Configuration 1 Logging In to the System for the First Time Figure 1-1 Connection creation Step 2 Set interface,as shown in Figure 1-2. Figure 1-2 Interface setting Step 3 Set communication parameter, same as the default of router,as shown in Figure 1-3.
Page 16 1 Logging In to the System for the First Time Figure 1-3 Communication parameter setting Step 4 Press Enter. A command line prompt such as <Huawei> appears, and the system asks you to configure the router. You can enter a command to configure the router. Enter a question mark (?) whenever you need help.
Page 17: Cli Overview
Huawei AR2200 Series Enterprise Routers Configuration Guide - Basic Configuration 2 CLI Overview CLI Overview About This Chapter The command line interface (CLI) is used to configure and maintain devices. 2.1 CLI Introduction After you log in to the router, a prompt is displayed, indicating that you enter the command line interface (CLI).
Page 18: Cli Introduction
Huawei AR2200 Series Enterprise Routers Configuration Guide - Basic Configuration 2 CLI Overview 2.1 CLI Introduction After you log in to the router, a prompt is displayed, indicating that you enter the command line interface (CLI). The CLI is used by users to interact with the router.
Page 19 Huawei AR2200 Series Enterprise Routers Configuration Guide - Basic Configuration 2 CLI Overview Table 2-1 Command line levels Level Name Description Visit level Commands of this level include commands of network diagnosis tool (such as ping and tracert) and commands that start from the local device and visit external device (such as Telnet client side).
Page 20 Huawei AR2200 Series Enterprise Routers Configuration Guide - Basic Configuration 2 CLI Overview Figure 2-1 Entering the search window Enter a desired command level in the "Type in the word(s) to search for" textbox and click "List Topics". All commands of the specified level will be displayed as shown in Figure 2-2.
Page 21: Command Line Views
The following part uses the user, system, and aaa views as an example: # Establish connection to the router. If the router adopts the default configuration, you can enter the user view with the prompt of <Huawei>. <Huawei> # Run the system-view command to enter the system view.
Page 22: Online Help
NOTE The command prompt "Huawei" is the default host name. The prompt indicates a specific view. For example, "<HUAWEI>" indicates the user view, and "[HUAWEI-ui-console0]" indicates the console user interface view. Some commands can be used in both system and other views, but have different effects.
Page 23: Partial Help
Huawei AR2200 Series Enterprise Routers Configuration Guide - Basic Configuration 2 CLI Overview <cr> indicates that no parameter is at this position. The command is repeated in the next command line. You can press Enter to run the command. ----End 2.2.2 Partial Help...
Page 24: Cli Features
Huawei AR2200 Series Enterprise Routers Configuration Guide - Basic Configuration 2 CLI Overview Table 2-2 Common error messages of the command line Error messages Cause of the error % Unknown command, the The command cannot be found error locates at "^"...
Page 25: Displaying
Huawei AR2200 Series Enterprise Routers Configuration Guide - Basic Configuration 2 CLI Overview Function Press Tab after typing the incomplete key word and the system runs the partial help: l If the matching key word is unique, the system replaces the typed one with the complete key word and displays it in a new line with the cursor a space behind.
Page 26 Huawei AR2200 Series Enterprise Routers Configuration Guide - Basic Configuration 2 CLI Overview Formal Language Theory of the Regular Expression The regular expression consists of common characters and particular characters. Common characters Common characters are used to match themselves in a string, including all upper-case and lower-case letters, digits, punctuation, and special symbols.
Page 27 Huawei AR2200 Series Enterprise Routers Configuration Guide - Basic Configuration 2 CLI Overview Particul Syntax Example characte Matches x or y. 100|200 matches "100" or "200". 1(2|3)4 matches "124" or "134", instead of "1234", "14", "1224", and "1334". [xyz] Matches any single character in the [123] matches the character 2 in regular expression.
Page 28: Previously-Used Commands
Specifying a Filtering Mode in Command CAUTION The Huawei AR2200 Series uses a regular expression to implement the filtering function of the pipe character. A display command supports the pipe character only when there is excessive output information.
Page 29: Shortcut Keys
Huawei AR2200 Series Enterprise Routers Configuration Guide - Basic Configuration 2 CLI Overview Table 2-6 Access the previously-used commands Action Key or Command Result Display display history- Display previously-used commands entered by previously- command users. used commands. Access the last Up cursor key (↑) or...
Page 30: Defining Shortcut Keys
Huawei AR2200 Series Enterprise Routers Configuration Guide - Basic Configuration 2 CLI Overview NOTE Different terminal software defines these keys differently. Therefore, the shortcut keys on the terminal may be different from those listed in this section. Table 2-7 System-defined shortcut keys...
Page 31: Use Of Shortcut Keys
Huawei AR2200 Series Enterprise Routers Configuration Guide - Basic Configuration 2 CLI Overview Action Command Define shortcut keys hotkey { CTRL_G | CTRL_L | CTRL_O | CTRL_U } command-text NOTE When defining the shortcut keys, use double quotation marks to define the command if this command contains several commands words, that is, if spaces exist in the command.
Page 32: Example For Using Tab
Huawei AR2200 Series Enterprise Routers Configuration Guide - Basic Configuration 2 CLI Overview 2.5.1 Example for Using Tab This example shows how to use the Tab key. After inputting an incomplete keyword, you can press Tab and obtain all related keywords or verify the correctness of the input keyword.
Page 33: Example For Using Shortcut Keys
When defining shortcut keys for a command, use double quotation marks to quote the command if the command consisting of multiple words, which are separated by spaces. No double quotation marks are required for single-word commands. Step 2 Press Ctrl_U when the prompt [Huawei] appears. [Huawei] display local-user ----------------------------------------------------------------------------...
Page 34: Basic Configuration
Huawei AR2200 Series Enterprise Routers Configuration Guide - Basic Configuration 3 Basic Configuration Basic Configuration About This Chapter This chapter describes how to configure the router to follow your using habits and the actual environment requirements after logging in to the router.
Page 35: Configuring The Basic System Environment
Huawei AR2200 Series Enterprise Routers Configuration Guide - Basic Configuration 3 Basic Configuration 3.1 Configuring the Basic System Environment This section describes how to configure the basic system environment. 3.1.1 Establishing the Configuration Task Before configuring the basic system environment, familiarize yourself with the applicable environment, complete the pre-configuration tasks, and obtain the required data.
Page 36: Setting The System Clock
Step 2 Run: sysname host-name The equipment name is set. By default, the equipment name of the router is Huawei. You can change the name of the router that appears in the command prompt. ----End 3.1.3 Setting the System Clock You need to set the system time properly to ensure the cooperation between the AR2200 and other devices.
Page 37: Configuring A Header
Huawei AR2200 Series Enterprise Routers Configuration Guide - Basic Configuration 3 Basic Configuration During the configuration of the daylight saving time, you can configure the starting time and ending time in one of the following modes: date+date, week+week, date+week, and week+date.
Page 38: Configuring The Undo Command To Match In The Previous View Automatically
Huawei AR2200 Series Enterprise Routers Configuration Guide - Basic Configuration 3 Basic Configuration CAUTION l The header text starts and ends with the same character. After a character is input and Enter is pressed, an interactive interface is displayed. You can input the required information ended with the first character.
Page 39: Displaying System Configuration
Huawei AR2200 Series Enterprise Routers Configuration Guide - Basic Configuration 3 Basic Configuration Context You can use the display commands to collect information about the system status. The display commands are classified according to the following functions: Displays system configurations.
Page 40: Collecting System Diagnostic Information
Huawei AR2200 Series Enterprise Routers Configuration Guide - Basic Configuration 3 Basic Configuration NOTE When a user runs the display this command to display system status information, other users cannot run the same command until all the command output is displayed.
Page 41: Configuring User Interface
Huawei AR2200 Series Enterprise Routers Configuration Guide - Basic Configuration 4 Configuring User Interface Configuring User Interface About This Chapter When a user logs in to the router by using the console port, the TTY port, Telnet, or SSH, the system manages the session between the user and the router on the corresponding user interface.
Page 42: User Interface Overview
Huawei AR2200 Series Enterprise Routers Configuration Guide - Basic Configuration 4 Configuring User Interface 4.1 User Interface Overview The system supports console, and VTY user interfaces. Each user interface has a corresponding user interface view. A user interface view is a command line view provided by the system.
Page 43 Huawei AR2200 Series Enterprise Routers Configuration Guide - Basic Configuration 4 Configuring User Interface Table 4-1 Example for the absolute numbering Absolute number User-interface CON0 First TTY user interface (TTY0) Second TTY user interface (TTY1) Third TTY user interface (TTY2)
Page 44: Configuring The Console User Interface
Huawei AR2200 Series Enterprise Routers Configuration Guide - Basic Configuration 4 Configuring User Interface In the case of non-authentication or password authentication, the level of the command that the user can run is determined by the level of the user interface.
Page 45: Setting Physical Attributes Of Console User Interface
Huawei AR2200 Series Enterprise Routers Configuration Guide - Basic Configuration 4 Configuring User Interface 4.2.2 Setting Physical Attributes of Console User Interface You can configure the rate, flow control mode, parity mode, stop bit, and data bit for the console port.
Page 46: Setting Terminal Attributes Of Console User Interface
Huawei AR2200 Series Enterprise Routers Configuration Guide - Basic Configuration 4 Configuring User Interface By default, the data bit is 8. ----End 4.2.3 Setting Terminal Attributes of Console User Interface This section describes how to set terminal attributes of the console user interface, including the user timeout disconnection function, number of lines displayed in a terminal screen, and size of the history command buffer.
Page 47: Configuring User Priority Of Console User Interface
Huawei AR2200 Series Enterprise Routers Configuration Guide - Basic Configuration 4 Configuring User Interface 4.2.4 Configuring User Priority of Console User Interface This section describes how to control users' authority of logging in to the router and improve the security of managing the router by configuring the user priority.
Page 48 Huawei AR2200 Series Enterprise Routers Configuration Guide - Basic Configuration 4 Configuring User Interface The system view is displayed. Run: user-interface console interface-number The console user interface view is displayed. Run: authentication-mode aaa The authentication mode is set to AAA.
Page 49: Checking The Configuration
Huawei AR2200 Series Enterprise Routers Configuration Guide - Basic Configuration 4 Configuring User Interface 4.2.6 Checking the Configuration After configuring the console user interface, you can view information about the user interface, physical attributes and configurations of the user interface, local user list, and online users.
Page 50: Establishing The Configuration Task
Huawei AR2200 Series Enterprise Routers Configuration Guide - Basic Configuration 4 Configuring User Interface 4.3.1 Establishing the Configuration Task Before configuring the VTY user interface, familiarize yourself with the applicable environment, complete the pre-configuration tasks, and obtain the required data. This can help you complete the configuration task quickly and accurately.
Page 51: Optional)Setting Limit On Incoming And Outgoing Calls Of Vty User Interfaces
The user interface supports the basic ACL ranging from 2000 to 2999 and the advanced ACL ranging from 3000 to 3999. l For details of ACL configuration, refer to the Huawei AR2200 Series Enterprise Routers Configuration Guide - Security.
Page 52: Setting Terminal Attributes Of The Vty User Interface
Huawei AR2200 Series Enterprise Routers Configuration Guide - Basic Configuration 4 Configuring User Interface Procedure Step 1 Run: system-view The system view is displayed. Step 2 Run: user-interface vty first-ui-number [ last-ui-number ] The VTY user interface view is displayed.
Page 53: Setting User Priority Of Vty User Interface
Huawei AR2200 Series Enterprise Routers Configuration Guide - Basic Configuration 4 Configuring User Interface By default, the timeout period is 10 minutes. Step 5 Run: screen-length screen-length [temporary] The length of a terminal screen is set. The parameter temporary is used to display the number of lines to be temporarily displayed on a terminal screen.
Page 54: Setting User Authentication Mode Of The Vty User Interface
Huawei AR2200 Series Enterprise Routers Configuration Guide - Basic Configuration 4 Configuring User Interface NOTE If the command level configured in the VTY user interface view is inconsistent with the user priority, the user priority takes effect. ----End 4.3.6 Setting User Authentication Mode of the VTY User Interface The system provides three authentication modes: AAA, password authentication, and non- authentication.
Page 55: Checking The Configuration
Huawei AR2200 Series Enterprise Routers Configuration Guide - Basic Configuration 4 Configuring User Interface authentication-mode password Set the authentication mode as password. Run: set authentication password { cipher | simple } password A password for this authentication mode is set.
Page 56: Configuring A Tty User Interface
Huawei AR2200 Series Enterprise Routers Configuration Guide - Basic Configuration 4 Configuring User Interface Run the display user-interface maximum-vty command, and you can view the maximum number of VTY user interfaces. <Huawei> display user-interface maximum-vty Maximum of VTY user:15 Run the display user-interface vty [ ui-number1 | ui-number ] [ summary ] command to check the physical attributes and configurations of user interfaces.
Page 57: Setting Physical Attributes Of A Tty User Interface
Huawei AR2200 Series Enterprise Routers Configuration Guide - Basic Configuration 4 Configuring User Interface Pre-configuration Tasks Before configuring a TTY user interface, complete the following tasks: Logging in to the router by using a terminal Data Preparation To configure a TTY user interface, you need the following data.
Page 58: Setting Terminal Attributes Of Tty User Interface
Huawei AR2200 Series Enterprise Routers Configuration Guide - Basic Configuration 4 Configuring User Interface After a board registers successfully and a serial port on the board is configured to work in asynchronous mode, the router generates a random TTY number for the asynchronous serial port.
Page 59: Configuring User Priority Of Tty User Interface
Huawei AR2200 Series Enterprise Routers Configuration Guide - Basic Configuration 4 Configuring User Interface The TTY user interface view is displayed. Step 3 Run: shell The terminal service is started. Step 4 Run: idle-timeout minutes [ seconds ] The idle timeout period is set.
Page 60: Configuring The Authentication Mode On A Tty User Interface
Huawei AR2200 Series Enterprise Routers Configuration Guide - Basic Configuration 4 Configuring User Interface user-interface tty interface-number The TTY user interface view is displayed. Step 3 Run: user privilege level level The priority of the user is set. NOTE l By default, users logging in through the TTY user interface can use commands at level 3, and users logging in through other user interfaces can use commands at level 0.
Page 61: Checking The Configuration
Huawei AR2200 Series Enterprise Routers Configuration Guide - Basic Configuration 4 Configuring User Interface Run: user-interface tty first-ui-number [ last-ui-number ] The TTY user interface view is displayed. Run: authentication-mode password The authentication mode is set to password authentication. Run: set authentication password { cipher | simple } password The authentication password is configured.
Page 62: Configuration Examples
Huawei AR2200 Series Enterprise Routers Configuration Guide - Basic Configuration 4 Configuring User Interface <Huawei> display user-interface tty 17 Type Tx/Rx Modem Privi ActualPrivi Auth TTY 17 9600 2/0/0 : Current UI is active. : Current UI is active and work in async mode.
Page 63 Huawei AR2200 Series Enterprise Routers Configuration Guide - Basic Configuration 4 Configuring User Interface Transmission rate of the console user interface: 4800 bit/s Flow control mode of the console user interface: None Parity of the console user interface: even Stop bit of the console user interface: 2...
Page 64: Example For Configuring Vty User Interface
In the VTY user interface, the user priority is set to 15, the authentication mode is set to password, with the password of "huawei", and the user with the IP address of 10.1.1.1 is prohibitted from logging in to the router.
Page 65: Example For Configuring Tty User Interface
Huawei AR2200 Series Enterprise Routers Configuration Guide - Basic Configuration 4 Configuring User Interface [Huawei-acl-basic-2000] rule deny source 10.1.1.1 0 [Huawei-acl-basic-2000] rule permit source any [Huawei-acl-basic-2000] quit [Huawei] user-interface vty 0 14 [Huawei-ui-vty0-14] acl 2000 inbound Step 3 Set terminal attributes of the VTY user interface.
Page 66 Huawei AR2200 Series Enterprise Routers Configuration Guide - Basic Configuration 4 Configuring User Interface Enter the interface view and set physical attributes of the TTY user interface. Set terminal attributes of the TTY user interface. Set the user priority of the TTY user interface.
Page 67 Huawei AR2200 Series Enterprise Routers Configuration Guide - Basic Configuration 4 Configuring User Interface screen-length 30 return Issue 02 (2011-10-15) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 68: Configuring User Login
Huawei AR2200 Series Enterprise Routers Configuration Guide - Basic Configuration 5 Configuring User Login Configuring User Login About This Chapter A user can log in to the router through a console port, or by using Telnet or SSH (STelnet). After the login, the user can maintain the router locally or remotely.
Page 69: Overview Of User Login
Huawei AR2200 Series Enterprise Routers Configuration Guide - Basic Configuration 5 Configuring User Login 5.1 Overview of User Login Users can manage and maintain the router only after logging in to the router. Users can log in to the router by using the console port, Telnet, or STelnet (SSH Telnet).
Page 70: Configuring Console User Interface
Huawei AR2200 Series Enterprise Routers Configuration Guide - Basic Configuration 5 Configuring User Login Applicable Environment A user can log in to the router locally through a console port. If the router is powered on for the first time, the user has to log in through a console port.
Page 71: Checking The Configuration
Huawei AR2200 Series Enterprise Routers Configuration Guide - Basic Configuration 5 Configuring User Login 5.2.4 Checking the Configuration After a user logs in through a console port, the user can view information on the console user interface, such as use information, physical attributes and configurations, local user list, and online users.
Page 72: Establishing The Configuration Task
Huawei AR2200 Series Enterprise Routers Configuration Guide - Basic Configuration 5 Configuring User Login using Telnet. This implements remote maintenance of the router and greatly facilitates device management. 5.3.1 Establishing the Configuration Task Before configuring user login by using Telnet, familiarize yourself with the applicable environment, complete the pre-configuration tasks, and obtain the required data.
Page 73: Optional) Configuring Local Telnet Users
Huawei AR2200 Series Enterprise Routers Configuration Guide - Basic Configuration 5 Configuring User Login You can log in to the router through a console port to set the user authentication mode in the VTY user interface. Other attributes of the VTY user interface in the router, such as terminal attributes and user priorities, can also be set as needed.
Page 74: Logging In To The Router By Using Telnet
Huawei AR2200 Series Enterprise Routers Configuration Guide - Basic Configuration 5 Configuring User Login Procedure Step 1 For the IPv4 network Run: system-view The system view is displayed. Run: telnet server enable The Telnet service is enabled. Step 2 For the IPv6 network...
Page 75: Checking The Configuration
Configuration Guide - Basic Configuration 5 Configuring User Login Press "Enter" to display the command line prompt of the system view, such as <HUAWEI>. This indicates that you have accessed the Telnet server. ----End 5.3.6 Checking the Configuration After users log in to the system by using Telnet, you can view the connection status of the current user interface, connection status of each user interface, and status of all established TCP connections.
Page 76: Logging In To The Devices By Using Stelnet
Huawei AR2200 Series Enterprise Routers Configuration Guide - Basic Configuration 5 Configuring User Login <Huawei> display tcp status TCPCB Tid/Soid Local Add:port Foreign Add:port VPNID State 39952df8 36 /1509 0.0.0.0:0 0.0.0.0:0 Closed 32af9074 59 /1 0.0.0.0:21 0.0.0.0:0 14849 Listening 34042c80 73 /17 10.164.39.99:23...
Page 77: Configuring Vty User Interface
Huawei AR2200 Series Enterprise Routers Configuration Guide - Basic Configuration 5 Configuring User Login Data User name, password, authentication mode, and service type of an SSH user and remote public RSA key pair allocated to the SSH user (Optional) Name of an SSH server, number of the port monitored by the SSH server,...
Page 78: Configuring An Ssh User And Specifying Stelnet As One Of Service Types
Huawei AR2200 Series Enterprise Routers Configuration Guide - Basic Configuration 5 Configuring User Login The VTY user interface is displayed. Step 3 Run: authentication-mode aaa The AAA authentication mode is configured. Step 4 Run: protocol inbound ssh The VTY user interface is configured to support SSH.
Page 79 Huawei AR2200 Series Enterprise Routers Configuration Guide - Basic Configuration 5 Configuring User Login Name and password of the local user are created. Step 4 Run: quit Quit the AAA view. Step 5 Run: rsa local-key-pair create A local RSA key pair is generated.
Page 80: Enabling The Stelnet Server Function
Huawei AR2200 Series Enterprise Routers Configuration Guide - Basic Configuration 5 Configuring User Login Quit the public key editing view. l If the specified hex-data is invalid, the public key cannot be generated after the peer- public-key end command is run.
Page 81: Optional) Configuring The Stelnet Server Parameters
SSH1.X, SSH2.0 is extended in structure and supports more compatibility authentication modes and key exchange methods. SSH2.0 also supports more advanced services such as SFTP. The Huawei AR2200 Series supports SSH versions ranging from 1.3 to 2.0. Interval at...
Page 82: Logging In To The Router By Using Stelnet
Huawei AR2200 Series Enterprise Routers Configuration Guide - Basic Configuration 5 Configuring User Login Table 5-3 Configurations of server parameters Server Operation Parameter Earlier SSH Run the ssh server compatible-ssh1x enable command. version By default, an SSH server running SSH2.0 is compatible with SSH1.X. To compatibility prevent clients running SSH1.3 to SSH1.99 to log in, run the undo ssh server...
Page 83: Checking The Configuration
Huawei AR2200 Series Enterprise Routers Configuration Guide - Basic Configuration 5 Configuring User Login ----End 5.4.8 Checking the Configuration After configuring users to log in by using STelnet, you can view the SSH server configuration. Prerequisite Configurations of logins by using STelnet are complete.
Page 84: Common Operations After Login
Huawei AR2200 Series Enterprise Routers Configuration Guide - Basic Configuration 5 Configuring User Login ------------------------------------------------------------------------------- Username Auth-type User-public-key-name ------------------------------------------------------------------------------- guest password null RsaKey001 password password null ------------------------------------------------------------------------------- If no SSH user is specified, information about all SSH users logging in to an SSH server will be displayed.
Page 85: Switching User Levels
Huawei AR2200 Series Enterprise Routers Configuration Guide - Basic Configuration 5 Configuring User Login Data Preparations Before performing operations after login, you need the following data: Data Password used for switching user levels Type and number of the user interface Contents of the message to be sent 5.5.2 Switching User Levels...
Page 86: Locking User Interfaces
Huawei AR2200 Series Enterprise Routers Configuration Guide - Basic Configuration 5 Configuring User Login super [ level ] User levels are switched. By default, the level is 3. Step 5 Follow the prompt and enter a password. If the password entered is correct, the user can switch to a higher level. If the user enters a password incorrectly for three consecutive times, the user remains at the current login level and returns to the user view.
Page 87: Displaying Logged-In Users
Huawei AR2200 Series Enterprise Routers Configuration Guide - Basic Configuration 5 Configuring User Login Procedure Step 1 Run: send { all | ui-type ui-number | ui-number1 } You can enable message sending between user interfaces. Step 2 Following the prompt, you can view the message to be sent. You can press Ctrl_Z or Enter to end the display, and press Ctrl_C to abort the display.
Page 88 Huawei AR2200 Series Enterprise Routers Configuration Guide - Basic Configuration 5 Configuring User Login Configuration Roadmap Connect a PC to the router through a console port. Perform login settings on the PC. Log in to the router. NOTE In this example, a terminal emulator is used.
Page 89 Huawei AR2200 Series Enterprise Routers Configuration Guide - Basic Configuration 5 Configuring User Login Figure 5-3 Interface setting Figure 5-4 Communication parameter setting Step 3 Power on the router and wait for the completion of the self-check. After the router starts normally and finishes the self-check, the system prompts you to press Enter.
Page 90: Example For Logging In By Telnet
Huawei AR2200 Series Enterprise Routers Configuration Guide - Basic Configuration 5 Configuring User Login Wait till the prompt (mostly the <Huawei>) appears, and then you can use a command to view the running status of the router or configure the router. ----End 5.6.2 Example for Logging In by Telnet...
Page 91: Example For Configuring User Login By Using Stelnet
Click OK. Enter the user name and password in the login window. After authentication, a command line prompt such as <Huawei> appears. Enter the configuration environment in the user view. ----End 5.6.3 Example for Configuring User Login by Using STelnet This part provides an example describing how to configure user login by using STelnet..
Page 92 [SSH Server-ui-vty0-4] protocol inbound ssh [SSH Server-ui-vty0-4] quit NOTE If SSH is configured as the login protocol, the AR2200 automatically disables Telnet. Step 3 Configure the password of the SSH user Client001 to huawei. [SSH Server] aaa Issue 02 (2011-10-15) Huawei Proprietary and Confidential...
Page 93 Huawei AR2200 Series Enterprise Routers Configuration Guide - Basic Configuration 5 Configuring User Login [SSH Server-aaa] local-user client001 password cipher huawei [SSH Server-aaa] local-user client001 privilege level 3 [SSH Server-aaa] local-user client001 service-type ssh [SSH Server-aaa] quit Step 4 Verify the configuration.
Page 94: Managing File System
Huawei AR2200 Series Enterprise Routers Configuration Guide - Basic Configuration 6 Managing File System Managing File System About This Chapter The file system manages the files and directories in the storage devices on the router. It can move and delete a file or directory and display the contents of the file.
Page 95: File System Overview
Huawei AR2200 Series Enterprise Routers Configuration Guide - Basic Configuration 6 Managing File System 6.1 File System Overview The router effectively manages all files by means of the file system. 6.1.1 File System The file system manages the files and directories in the storage devices. It can create, delete, modify, and rename a file or directory and display the contents of the file.
Page 96: Performing File Operations By Means Of The File System
Huawei AR2200 Series Enterprise Routers Configuration Guide - Basic Configuration 6 Managing File System Table 6-1 File management methods File Management Method Implementation Logging in to the system You can log in to the system through the Console or by using Telnet or STelnet to manage files.
Page 97: Managing Storage Devices
The router provides two reserved USB slots (usb0 and usb1) and an SD card slot (sd0). Only Huawei-certified storage devices can be used. You can format a storage device when you fail to repair the file system or you do not need any data saved on the storage device.
Page 98: Managing The Directory
Huawei AR2200 Series Enterprise Routers Configuration Guide - Basic Configuration 6 Managing File System 6.2.3 Managing the Directory You can manage directories to logically store files in hierarchy. Context You can manage directories by changing and displaying directories, displaying files in directories and sub-directories, and creating and deleting directories.
Page 99 Huawei AR2200 Series Enterprise Routers Configuration Guide - Basic Configuration 6 Managing File System – By running the more file-name command, you can view the file named file-name. Contents of a text file are displayed screen after screen. If you hold and press the spacebar on the current terminal, all contents of the current file can be displayed.
Page 100: Performing File Operations By Means Of Ftp
Huawei AR2200 Series Enterprise Routers Configuration Guide - Basic Configuration 6 Managing File System NOTE If the current directory is not the parent directory, you must operate the file by using the absolute path. Run: reset recycle-bin [ filename ] The file is deleted.
Page 101: Establishing The Configuration Task
Huawei AR2200 Series Enterprise Routers Configuration Guide - Basic Configuration 6 Managing File System 6.3.1 Establishing the Configuration Task Before performing file operations by means of FTP, familiarize yourself with the applicable environment, complete the pre-configuration tasks, and obtain the required data. This can help you complete the configuration task quickly and accurately.
Page 102: Optional) Specifying A Port Number For The Ftp Server
Huawei AR2200 Series Enterprise Routers Configuration Guide - Basic Configuration 6 Managing File System The system view is displayed. Step 2 Run: set default ftp-directory directory The default FTP working directory is configured. NOTE The configuration in this step is valid for only TACACS users.
Page 103: Enabling The Ftp Server
Huawei AR2200 Series Enterprise Routers Configuration Guide - Basic Configuration 6 Managing File System The port number of the FTP server is configured. If a new number of a monitored port is configured, the FTP server interrupts all the FTP connections and monitors the port of the new number.
Page 104: Optional) Configuring An Ftp Acl
Huawei AR2200 Series Enterprise Routers Configuration Guide - Basic Configuration 6 Managing File System The system view is displayed. Step 2 Run: ftp server-source { -a ip-address | -i interface-type interface-number } The source IP address and source interface of an FTP server is configured.
Page 105: Accessing The System By Using Ftp
Huawei AR2200 Series Enterprise Routers Configuration Guide - Basic Configuration 6 Managing File System Step 5 Run: ftp acl acl-number The basic FTP ACL is configured. ----End 6.3.7 Accessing the System by Using FTP After the FTP server is configured, you can access the router from the PC by using FTP to manage the files on the router.
Page 106 Huawei AR2200 Series Enterprise Routers Configuration Guide - Basic Configuration 6 Managing File System Context After logging in to the FTP server, you can perform the following operations: Configuring data type for the file Uploading or downloading files Creating directories on or deleting directories from the FTP server...
Page 107: Checking The Configuration
Huawei AR2200 Series Enterprise Routers Configuration Guide - Basic Configuration 6 Managing File System – Run: mkdir remote-directory A directory is created on the FTP server. – Run: rmdir remote-directory A directory is removed from the FTP server. Run one or more commands in the following to manage files.
Page 108: Performing File Operations By Means Of Sftp
Huawei AR2200 Series Enterprise Routers Configuration Guide - Basic Configuration 6 Managing File System <Huawei> display ftp-server FTP server is running Max user number User count Timeout value(in minute) Listening Port Acl number FTP server's source address 1.1.1.1 Run the display ftp-users command to view the user name, port number, authorization directory of the FTP user configured presently.
Page 109: Configuring Vty User Interface
Huawei AR2200 Series Enterprise Routers Configuration Guide - Basic Configuration 6 Managing File System Data (Option) Number of the port monitored by the SSH server (Option) The interval for updating the key pair on the SSH server Name of the SSH server,Number of the port monitored by the SSH server,Preferred...
Page 110: Configuring An Ssh User And Specifying Sftp As One Of Service Types
Huawei AR2200 Series Enterprise Routers Configuration Guide - Basic Configuration 6 Managing File System Step 3 Run: authentication-mode aaa The AAA authentication mode is configured. Step 4 Run: protocol inbound ssh The VTY user interface is configured to support SSH.
Page 111 Huawei AR2200 Series Enterprise Routers Configuration Guide - Basic Configuration 6 Managing File System Step 4 Run: rsa local-key-pair create A local RSA key pair is generated. NOTE l Before performing the other SSH configurations, you must configure the rsa local-key-pair create command to generate a local key pair.
Page 112: Enabling The Sftp Service
Huawei AR2200 Series Enterprise Routers Configuration Guide - Basic Configuration 6 Managing File System l If the specified key-name is deleted in other views, the system prompts that the key does not exist after the peer-public-key end command is run and the system view is displayed.
Page 113: Accessing The System By Using Sftp
Huawei AR2200 Series Enterprise Routers Configuration Guide - Basic Configuration 6 Managing File System The SFTP service is enabled. By default, the SFTP service is disabled. ----End 6.4.6 Accessing the System by Using SFTP After the configuration is complete, users can log in to the router from the user terminal by using SFTP to manage files on the router.
Page 114: Performing File Operations By Using Sftp
Huawei AR2200 Series Enterprise Routers Configuration Guide - Basic Configuration 6 Managing File System ----End 6.4.7 Performing File Operations by Using SFTP On the SFTP client, you can log in to the SSH server to create or delete directories on the SSH server.
Page 115: Checking The Configuration
Huawei AR2200 Series Enterprise Routers Configuration Guide - Basic Configuration 6 Managing File System The file on the remote server is downloaded. – Run: put local-filename [ remote-filename ] The local file is uploaded to the remote server. – Run: rmdir remote-directory &<1-10>...
Page 116: Configuration Examples
Huawei AR2200 Series Enterprise Routers Configuration Guide - Basic Configuration 6 Managing File System NOTE If the default interception port is in use, information about the current interception port is not displayed. Run the display ssh server session command. The command output shows that the session information between SSH server and client.
Page 117: Example For Performing File Operations By Means Of Ftp
Huawei AR2200 Series Enterprise Routers Configuration Guide - Basic Configuration 6 Managing File System Source file path and target file path Procedure Step 1 Display the file information in the current directory, flash:/ is the flash memory identifier. <Huawei> dir...
Page 118 IP address of the FTP server, that is, 10.137.217.221 Timeout period for the FTP connection, that is, 20 minutes FTP username as huawei and password as huawei on the server Destination file name and its position in the FTP client Procedure Step 1 Configure the IP address of the FTP server.
Page 119 Huawei AR2200 Series Enterprise Routers Configuration Guide - Basic Configuration 6 Managing File System Step 4 Run the FTP commands at the windows command line prompt, and enter the correct user name and password to set up an FTP connection with the FTP server.
Page 120: Example For Performing File Operations By Means Of Sftp
Huawei AR2200 Series Enterprise Routers Configuration Guide - Basic Configuration 6 Managing File System FTP server enable interface GigabitEthernet1/0/0 ip address 10.137.217.221 255.255.0.0 local-user huawei password simple Huawei local-user huawei service-type ftp local-user huawei ftp-directory flash: authentication-scheme default authorization-scheme default...
Page 121 Configuration Guide - Basic Configuration 6 Managing File System Data Preparation To complete the configuration, you need the following data: SSH user authentication mode: password, user name: client001, password: huawei User level of client001: 3 IP address of the SSH server: 10.137.217.225 Procedure Step 1 Configure a local key pair on the SSH server.
Page 122 Huawei AR2200 Series Enterprise Routers Configuration Guide - Basic Configuration 6 Managing File System Figure 6-5 Accessing Interface ----End Configuration Files Configuration file of the SSH server sysname SSH Server local-user client001 password cipher huawei local-user client001 privilege level 3...
Page 123: Configuring System Startup
Huawei AR2200 Series Enterprise Routers Configuration Guide - Basic Configuration 7 Configuring System Startup Configuring System Startup About This Chapter When the router starts, system software is started and configuration files are loaded. To ensure smooth running of the router, you need to efficiently manage system software and configuration files.
Page 124: System Startup Overview
Huawei AR2200 Series Enterprise Routers Configuration Guide - Basic Configuration 7 Configuring System Startup 7.1 System Startup Overview When the router starts, system software is started and configuration files are loaded. 7.1.1 System Software System software is the operation system of the router, and is the basis for the router to run properly and provide various services.
Page 125: Establishing The Configuration Task
Huawei AR2200 Series Enterprise Routers Configuration Guide - Basic Configuration 7 Configuring System Startup 7.2.1 Establishing the Configuration Task Before managing configuration files, familiarize yourself with the applicable environment, complete the pre-configuration tasks, and obtain the required data. This can help you complete the configuration task quickly and accurately.
Page 126: Clearing A Configuration File
Huawei AR2200 Series Enterprise Routers Configuration Guide - Basic Configuration 7 Configuring System Startup Run: autosave interval { time } | { value } | { configuration time } The system is configured to save the configuration file periodically. If interval time is specified, the system saves the configuration file at the specified interval regardless of whether the configuration is changed.
Page 127: Comparing Configuration Files
Huawei AR2200 Series Enterprise Routers Configuration Guide - Basic Configuration 7 Configuring System Startup If you do not run the startup saved-configuration configuration-file command to specify a new correct configuration file, or do not run the save command to save the configuration file after the configuration file is cleared, the router will use the default configuration file at the next startup.
Page 128: Specifying A File For System Startup
Huawei AR2200 Series Enterprise Routers Configuration Guide - Basic Configuration 7 Configuring System Startup Run the display startup command to check files for startup. Run the dir [ /all ] [ filename ] [ device-name ] command to check files saved in the storage device.
Page 129: Configuring System Software For A Router To Load For The Next Startup
Huawei AR2200 Series Enterprise Routers Configuration Guide - Basic Configuration 7 Configuring System Startup Data System software and its file name on the AR2200 Configuration file and its file name on the AR2200 7.3.2 Configuring System Software for a router to Load for the Next...
Page 130: Checking The Configuration
Huawei AR2200 Series Enterprise Routers Configuration Guide - Basic Configuration 7 Configuring System Startup Procedure Run: startup saved-configuration configuration-file Configuration file is saved for the router to load next time on startup. ----End 7.3.4 Checking the Configuration After specifying a file for system startup, you can check the contents of the configuration file to be loaded and the information about the file to be used during the next startup on the router.
Page 131: Example For Configuring System Startup
Huawei AR2200 Series Enterprise Routers Configuration Guide - Basic Configuration 7 Configuring System Startup 7.4.1 Example for Configuring System Startup This section provides an example for configuring system startup. In this example, the configuration file is saved and the system software and configuration file to be loaded during the next startup are specified so that the router can start in a required manner.
Page 132 Huawei AR2200 Series Enterprise Routers Configuration Guide - Basic Configuration 7 Configuring System Startup NOTE The software package arsoft.cc has been loaded to the AR2200. For details on how to upload the software package, see 6.3 Performing File Operations by Means of FTP.
Page 133: Accessing Another Device
Huawei AR2200 Series Enterprise Routers Configuration Guide - Basic Configuration 8 Accessing Another Device Accessing Another Device About This Chapter To manage configurations or operate files of another device, you can access the device by using Telnet, STelnet, TFTP, FTP, or SFTP from the device that you have logged in to.
Page 134: Accessing Another Device Overview
Huawei AR2200 Series Enterprise Routers Configuration Guide - Basic Configuration 8 Accessing Another Device 8.1 Accessing Another Device Overview This section describes how to access another device on the network by using Telnet, FTP, TFTP, or SSH. Figure 8-1 Networking diagram for accessing another device from the router...
Page 135 Huawei AR2200 Series Enterprise Routers Configuration Guide - Basic Configuration 8 Accessing Another Device Figure 8-3 Telnet redirection services Ethernet Router Async0 Async3 Async1 Async2 Router1 Switch Modem Router2 NOTE Only the devices that provide the asynchronous interface support the Telnet redirection service.
Page 136: Ftp Method
Huawei AR2200 Series Enterprise Routers Configuration Guide - Basic Configuration 8 Accessing Another Device NOTE If the network disconnects, the shortcut keys become invalid. The instruction cannot be sent to the server. <Ctrl_T>: The client interrupts the connection. When the server fails and the client is unaware of the failure, the server does not respond to the input of the client.
Page 137: Ssh Method
Huawei AR2200 Series Enterprise Routers Configuration Guide - Basic Configuration 8 Accessing Another Device The binary format: transfers program files. The ASCII format: transfers text files. At present, the AR2200 serves only as the TFTP client and transfers files in the binary format.
Page 138: Logging In To Other Devices By Using Telnet
Huawei AR2200 Series Enterprise Routers Configuration Guide - Basic Configuration 8 Accessing Another Device logging in to the server through SFTP, the client must be configured with the period of sending the keepalive packet and the number of times for no reply restriction on the server if no packet is received by the client.
Page 139: Optional) Configuring A Source Ip Address For An Telnet Client
Huawei AR2200 Series Enterprise Routers Configuration Guide - Basic Configuration 8 Accessing Another Device Data Preparation To log in to another device by using Telnet, you need the following data: Data IP address or host name of RouterB Number of the TCP port used by the RouterB to provide Telnet services 8.2.2 (Optional) Configuring a Source IP Address for an Telnet...
Page 140: Checking The Configuration
Huawei AR2200 Series Enterprise Routers Configuration Guide - Basic Configuration 8 Accessing Another Device Procedure Run: telnet [ vpn-instance vpn-instance-name ] [-a source-ip-address ] host-name [ port-number ] Log in to the router and manage other routers. ----End 8.2.4 Checking the Configuration When you log in to another router successfully from the router that you have logged in to, you can check information about the established TCP connection.
Page 141 Huawei AR2200 Series Enterprise Routers Configuration Guide - Basic Configuration 8 Accessing Another Device A remote device can be a router, a switch, an electricity terminal, a finance terminal, or other terminals that use serial interfaces to transmit data. Managing remote routers and switches...
Page 142 Huawei AR2200 Series Enterprise Routers Configuration Guide - Basic Configuration 8 Accessing Another Device Figure 8-7 Using redirection to connect to remote intelligent terminals Nework Monitor Device Router Async0 Async3 Async2 Async1 Intelligent Electricity Intelligent Electricity Intelligent Electricity Intelligent Electricity...
Page 143: Configuring The Redirection Function
Huawei AR2200 Series Enterprise Routers Configuration Guide - Basic Configuration 8 Accessing Another Device 8.3.2 Configuring the Redirection Function After configuring the redirection function on a router, you can use an operation terminal to manage remote serial interface devices. Prerequisite The 8AS board on the router has registered successfully and the asynchronous serial interfaces are in Up state.
Page 144: Checking The Configuration
Huawei AR2200 Series Enterprise Routers Configuration Guide - Basic Configuration 8 Accessing Another Device The redirection function is associated with a VPN instance. By default, the redirection function is not associated with any VPN instance, and all users on public and private networks can use the redirection function to log in to remote devices.
Page 145: Logging In To Other Device By Using Stelnet
Huawei AR2200 Series Enterprise Routers Configuration Guide - Basic Configuration 8 Accessing Another Device 8.4 Logging in to other Device by Using STelnet STelnet ensures secure Telnet services. You can log in to another router from the router that you have logged in to by using STelnet, and thus to manage the device remotely.
Page 146: Configuring The First Successful Login To Another Device (Allocating An Rsa Public Key To The Ssh Server)
Huawei AR2200 Series Enterprise Routers Configuration Guide - Basic Configuration 8 Accessing Another Device Context If the first-time authentication on the SSH client is enabled, the STelnet client does not check the validity of the RSA public key when logging in to the SSH server for the first time. After the login, the system automatically allocates the RSA public key and saves it for authentication in next login.
Page 147: Logging In To Another Device By Using Stelnet
Huawei AR2200 Series Enterprise Routers Configuration Guide - Basic Configuration 8 Accessing Another Device Procedure Step 1 Run: system-view The system view is displayed. Step 2 Run: rsa peer-public-key key-name The public key view is displayed. Step 3 Run: public-key-code begin The public key editing view is displayed.
Page 148: Checking The Configuration
Huawei AR2200 Series Enterprise Routers Configuration Guide - Basic Configuration 8 Accessing Another Device Do as follows on the router that serves as an SSH client: Procedure Step 1 Run: system-view The system view is displayed. Step 2 Run the stelnet [ -a source-address ] host-ipv4 [ port ] [ [ -vpn-instance vpn-instance-name ] |...
Page 149: Optional) Configuring A Source Ip Address For A Tftp Client
Huawei AR2200 Series Enterprise Routers Configuration Guide - Basic Configuration 8 Accessing Another Device Applicable Environment You can transfer files through TFTP between the server and the client in a simple interaction environment. The current Router functions as a TFTP client, and theRouter to be accessed functions as a TFTP server.
Page 150: Optional) Configuring Tftp Access Authority
Huawei AR2200 Series Enterprise Routers Configuration Guide - Basic Configuration 8 Accessing Another Device After the configuration, the source IP address of the TFTP client displayed on the TFTP server must be the same as the configured one. ----End 8.5.3 (Optional) Configuring TFTP Access Authority This section describes how to use an ACL rule to authorize the users to specify the TFTP servers that can be accessed by using TFTP from the router that you have logged in to.
Page 151: Uploading Files By Using Tftp
Huawei AR2200 Series Enterprise Routers Configuration Guide - Basic Configuration 8 Accessing Another Device Procedure Run: tftp [ -a source-ip-address | -i interface-type interface-number ] tftp- server [ public-net | vpn-instance vpn-instance-name ] get source-filename [ destination-filename ] The router is configured to download files through TFTP.
Page 152: Accessing Files On Another Device By Using Ftp
Huawei AR2200 Series Enterprise Routers Configuration Guide - Basic Configuration 8 Accessing Another Device rule 10 permit source 1.1.1.1 0 8.6 Accessing Files on Another Device by Using FTP This section describes how to configure the router as an FTP client to log in to the FTP server, and to upload files to or download files from the server.
Page 153: Connecting To Other Devices By Using Ftp Commands
Huawei AR2200 Series Enterprise Routers Configuration Guide - Basic Configuration 8 Accessing Another Device Prerequisite An IP address is configured for an interface on the router and functions as the source IP address of an FTP connection. In this manner, security checks can be implemented.
Page 154: Operating Files By Using Ftp Commands
Huawei AR2200 Series Enterprise Routers Configuration Guide - Basic Configuration 8 Accessing Another Device Run: open [ -a source-ip-address | -i interface-type interface-number ] host [ port-number ] [ vpn-instance vpn-instance-name ] The router is connected to the FTP server.
Page 155 Huawei AR2200 Series Enterprise Routers Configuration Guide - Basic Configuration 8 Accessing Another Device – Run: verbose The verbose mode for FTP is enabled. When verbose is enabled, all FTP responses are displayed. After file transmission, the statistics about transmission efficiency will be displayed.
Page 156: Changing Login Users
Huawei AR2200 Series Enterprise Routers Configuration Guide - Basic Configuration 8 Accessing Another Device If the directory name is not specified when a specific remote file is selected, the system searches the working directory for the specific file. – Run: dir [ remote-filename ] [ local-filename ] The specified directory or file on the local FTP server is displayed.
Page 157: Checking The Configuration
Huawei AR2200 Series Enterprise Routers Configuration Guide - Basic Configuration 8 Accessing Another Device Procedure Run the following commands according to different configurations. – Run: quit The client router is disconnected from the FTP server. Return to the user view.
Page 158: Optional) Configuring A Source Ip Address For An Sftp Client
Huawei AR2200 Series Enterprise Routers Configuration Guide - Basic Configuration 8 Accessing Another Device Applicable Environment SFTP is short for SSH FTP that is a secure FTP protocol. SFTP is on the basis of SSH. It ensures that users can log in to a remote device securely for file management and transmission, and enhances the security in data transmission.
Page 159: Configuring The First Successful Login To Another Device (Enabling The First-Time Authentication On The Ssh Client)
Huawei AR2200 Series Enterprise Routers Configuration Guide - Basic Configuration 8 Accessing Another Device Procedure Step 1 Run: system-view The system view is displayed. Step 2 Run: sftp client-source { -a source-ip-address | -i interface-type interface-number } A source IP address is configured for an SFTP client.
Page 160: Configuring The First Successful Login To Another Device (Allocating An Rsa Public Key To The Ssh Server)
Huawei AR2200 Series Enterprise Routers Configuration Guide - Basic Configuration 8 Accessing Another Device 8.7.4 Configuring the First Successful Login to Another Device (Allocating an RSA Public Key to the SSH Server) To configure the first successful login to another device on the SSH client, you need to allocate an RSA public key to the SSH server before the login.
Page 161: Connecting To Other Devices By Using Sftp
Huawei AR2200 Series Enterprise Routers Configuration Guide - Basic Configuration 8 Accessing Another Device peer-public-key end Return to the system view from the public key view. ----End 8.7.5 Connecting to Other Devices by Using SFTP You can log in to the SSH server from the SSH client through SFTP.
Page 162 Huawei AR2200 Series Enterprise Routers Configuration Guide - Basic Configuration 8 Accessing Another Device Procedure Managing the directory Perform the following as required: – Run: cd [ remote-directory ] The current operating directory of users is changed. – Run: cdup The operating directory of users is switched to the upper-level directory.
Page 163: Checking The Configuration
Huawei AR2200 Series Enterprise Routers Configuration Guide - Basic Configuration 8 Accessing Another Device 8.7.7 Checking the Configuration After logging in to another device by using SFTP, you can view the source address of the SSH client, the mappings between all SSH servers and the RSA public keys on the client, the global configurations of the SSH servers, and the sessions between the SSH servers and the client.
Page 164 Huawei AR2200 Series Enterprise Routers Configuration Guide - Basic Configuration 8 Accessing Another Device On Router B, configure the authentication mode and password for VTY0 to VTY4. Configure users to use passwords to log in to Router B from Router A using Telnet.
Page 165 Configuration Guide - Basic Configuration 8 Accessing Another Device >>User password: Huawei Integrated Access SoftwareAR. Copyright(C) Huawei Technologies Co., Ltd. 2010-2011. All rights reserved. <RouterB> Step 4 Configure a Telnet server port number on Router B. <RouterB> system-view [RouterB]sysman service telnet port 1028 After the command is executed, logging in to the port through telnet fails, al l the telnet users exit, and a new port is created.
Page 166: Example For Configuring The Redirection Function For Remote Device Management
Huawei AR2200 Series Enterprise Routers Configuration Guide - Basic Configuration 8 Accessing Another Device 8.8.2 Example for Configuring the Redirection Function for Remote Device Management This section provides an example to illustrate how to configure the redirection function. This function allows you to manage remote devices through asynchronous serial interfaces.
Page 167 Huawei AR2200 Series Enterprise Routers Configuration Guide - Basic Configuration 8 Accessing Another Device TTY 43 9600 5/0/2 TTY 44 9600 5/0/3 TTY 45 9600 5/0/4 TTY 46 9600 5/0/5 TTY 47 9600 5/0/6 TTY 48 9600 5/0/7 + 129...
Page 168: Example For Configuring The Device As The Stelnet Client To Connect To The Ssh Server
SSH server with the password, RSA, password-rsa, or all authentication mode. Configure two login clients: Configure Client001 with the password as huawei and adopt the password authentication. Configure Client002, adopt the RSA authentication and assign the public key RsaKey001 to Client002.
Page 169 [SSH Server-aaa] local-user client001 service-type ssh [SSH Server-aaa] quit l Create an SSH user named Client002. # Create an SSH user named Client002, set the password to huawei, and configure RSA authentication for the user. [SSH Server] aaa [SSH Server-aaa] local-user client002 password cipher huawei...
Page 170 Huawei AR2200 Series Enterprise Routers Configuration Guide - Basic Configuration 8 Accessing Another Device # Generate a local key pair for Client002. <Huawei> system-view [Huawei] sysname client002 [client002] rsa local-key-pair create # Check the RSA public key of the client.
Page 171 Press CTRL+K to abort Connected to 10.164.39.222 ... Enter password: Enter the password huawei. The following information indicates that the login succeeds. Info: The max number of VTY users is 20, and the number of current VTY users on line is 6.
Page 172: Example For Configuring Tftp
Huawei AR2200 Series Enterprise Routers Configuration Guide - Basic Configuration 8 Accessing Another Device client002 RsaKey001 ------------------------------------------------------------------------------- ----End Configuration Files Configuration file of the SSH server sysname SSH Server rsa peer-public-key rsakey001 public-key-code begin 3047 0240 BFF35E4B C61BD786 F907B5DE 7D6770C3 E5FD17AB 203C8FCB BBC8FDF2 F7CB674E...
Page 173: Networking Requirements
Huawei AR2200 Series Enterprise Routers Configuration Guide - Basic Configuration 8 Accessing Another Device Networking Requirements As shown in Figure 8-11, the IP address of the TFTP server is 10.111.16.160/24. Log in to the router from the HyperTerminal and then download the file ar.cc from the TFTP server.
Page 174 Huawei AR2200 Series Enterprise Routers Configuration Guide - Basic Configuration 8 Accessing Another Device Figure 8-12 Setting the Base Directory of the TFTP server NOTE The display may be different depending on different TFTP server applications run in the computer.
Page 175: Example For Connecting The Sftp Client To The Ssh Server
Huawei AR2200 Series Enterprise Routers Configuration Guide - Basic Configuration 8 Accessing Another Device <Huawei> tftp 10.111.16.160 put sd1:/iascfg.zip Info: Transfer file in binary mode. Uploading the file to the remote TFTP server. Please wait... TFTP: Uploading the file successfully.
Page 176 [SSH Server-aaa] local-user client001 ftp-directory flash: [SSH Server-aaa] quit l Create an SSH user named Client002. # Create an SSH user named Client002, set the password to huawei, and configure RSA authentication for the user. [SSH Server] aaa [SSH Server-aaa] local-user client002 password cipher huawei...
Page 177 Huawei AR2200 Series Enterprise Routers Configuration Guide - Basic Configuration 8 Accessing Another Device 0240 BFF35E4B C61BD786 F907B5DE 7D6770C3 E5FD17AB 203C8FCB BBC8FDF2 F7CB674E 519E8419 0F6B97A8 EA91FC4B B9E18836 5E74BFD5 4C687767 A89C6B43 1D7E3E1B 0203 010001 ===================================================== Time of Key pair created: 2007-12-29 16:20:05+08:00...
Page 178 Huawei AR2200 Series Enterprise Routers Configuration Guide - Basic Configuration 8 Accessing Another Device Connected to 10.164.39.222 ... Enter password: sftp-client> # Log in to the SSH server from Client002 in RSA authentication mode. <client002> system-view [client002] sftp 10.164.39.222 Please input the username: client002 Trying 10.164.39.222 ...
Page 179: Example For Authenticating Ssh Through Radius
Huawei AR2200 Series Enterprise Routers Configuration Guide - Basic Configuration 8 Accessing Another Device local-user client001 password simple huawei local-user client001 service-type ssh local-user client001 ftp-directory flash: local-user client002 ftp-directory flash: sftp server enable ssh user client002 authentication-type rsa ssh user client002 assign rsa-key RsaKey001...
Page 180 Huawei AR2200 Series Enterprise Routers Configuration Guide - Basic Configuration 8 Accessing Another Device Figure 8-14 Networking diagram of authenticating the SSH through RADIUS GE1/0/0 10.164.39.222/24 GE1/0/0 10.164.39.221/24 10.164.6.49/24 SSH Client SSH Server Radius Server Configuration Roadmap The configuration roadmap is as follows: Configure the RADIUS template on the SSH server.
Page 181 Step 3 Create SSH users. Create users ssh1@ssh.com and ssh2@ssh.com on the RADIUS server. Specify the NAS's IP address 10.164.39.222 and set the password to huawei. The NAS's IP address is the IP address of the SSH server connected to the RADIUS server.
Page 182 # Specify the RADIUS server at 10.164.6.49 as the RADIUS authentication and set the authentication port number to 1812. [Huawei-radius-ssh] radius-server authentication 10.164.6.49 1812 # Set the shared key of the RADIUS server to huawei. [Huawei-radius-ssh] radius-server shared-key cipher huawei [Huawei-radius-ssh] quit Step 5 Configure the RADIUS domain name on the SSH server.
Page 183 The server's public key will be saved with the name: 10.164.39.222. Please wait... Enter password: Enter the password huawei. The following information indicates that the login succeeds. Info: The max number of VTY users is 10, and the current number of VTY users on line is 2.
Page 184 Huawei AR2200 Series Enterprise Routers Configuration Guide - Basic Configuration 8 Accessing Another Device 0240 C4989BF0 416DA8F2 2675910D 7F2997E8 5573A35D 0163FD4A FAC39A6E 0F45F325 A4E3AA1D 54692B04 C6A28D3D C58DE2E8 E0D58D65 7A25CF92 A74D21F9 E917182B 0203 010001 public-key-code end peer-public-key end authentication-scheme newscheme authentication-mode radius domain ssh.com...
Page 185: Upgrade And Maintenance
Huawei AR2200 Series Enterprise Routers Configuration Guide - Basic Configuration 9 Upgrade and Maintenance Upgrade and Maintenance About This Chapter Upgrade and maintenance of the router can optimize device performance, monitor device operation status, simplify operation and maintenance, and reduce carriers' Operation Expenditure (OPEX).
Page 186: Upgrade And Maintenance Overview
Huawei AR2200 Series Enterprise Routers Configuration Guide - Basic Configuration 9 Upgrade and Maintenance 9.1 Upgrade and Maintenance Overview Devices can be upgraded and maintained by activating GTL license files, upgrading system software, managing patches, monitoring CPU and memory usage, or restarting devices.
Page 187: Cpu And Memory Usage Thresholds
Huawei AR2200 Series Enterprise Routers Configuration Guide - Basic Configuration 9 Upgrade and Maintenance Patch Status Description Patch Status Transition Running A patch file is in the running state A patch file in the running state can when it is stored in the patch area be deleted from the patch area in and run permanently.
Page 188: Establishing The Configuration Task
Huawei AR2200 Series Enterprise Routers Configuration Guide - Basic Configuration 9 Upgrade and Maintenance 9.2.1 Establishing the Configuration Task A GTL license file must be activated if license-controlled features need to be used on a newly purchased device, or the activated GTL license file on the existing device has expired.
Page 189: Uploading A Gtl License File
NOTE l A user who uses the GTL license for the first time must buy the GTL license from Huawei, and then load the GTL license file to the main control board. l A user who wants to upgrade the GTL license needs to run the license revoke command to obtain an invalidation code, and then apply to Huawei for a new GTL license by using the invalidation code.
Page 190: Optional) Enabling The Emergency State Of The Gtl License Module
Run: license active file-name The GTL license is activated and you obtained permission. NOTE If you use the GTL license for the first time, buy the GTL license file from Huawei. Upgrade the GTL license. Run: license revoke The GTL license invalidation code is returned.
Page 191: Checking The Configuration
License Serial No : LIC20110309010210 Creator : Huawei Technologies Co., Ltd. Created Time : 2011-03-09 19:36:14 Country : China Custom : R&D of Huawei Technologies Co., Ltd. Office : Shenzhen Feature name : ACCESS Authorize type : DEMO Expired date...
Page 192: Checking The System Before The Upgrade
Note the following points before upgrading system software: Obtain the new system software and relevant documents for the upgrade from Huawei. Refer to the related Upgrade Guide officially released by Huawei when upgrading a device, because system software versions differ in different types of products.
Page 193: Downloading Resource Files
MPUs are working properly. Run the display health command in the user view and record the command output. If you cannot locate faults that have occurred during the upgrade, provide the information to Huawei technical personnel for troubleshooting.
Page 194 If a password is configured, you must enter the password after pressing Ctrl+B to display the BootROM menu (the default password is huawei ). l You can change the password under the BootROM menu. Make a note of your password and keep it in a safe place.
Page 195: Specifying The System Software To Be Used At The Next Startup
Huawei AR2200 Series Enterprise Routers Configuration Guide - Basic Configuration 9 Upgrade and Maintenance NOTE l FTP types include FTP and TFTP. l Management interface refers to gigabitethernet 0/0/0 on the MPU. Step 5 After the system returns to the network menu, select choice 4 to download the specified resource file from the local FTP server.
Page 196: Configuring A Backup Startup File
Huawei AR2200 Series Enterprise Routers Configuration Guide - Basic Configuration 9 Upgrade and Maintenance l Run: startup patch file-name A patch file to be used at the next startup is specified for the MPU. Step 3 (Optional) Run: startup saved-configuration configuration-file The configuration file to be used at the next startup is specified for the MPUs.
Page 197: Restarting A Device
Huawei AR2200 Series Enterprise Routers Configuration Guide - Basic Configuration 9 Upgrade and Maintenance Procedure Step 1 Run: upgrade slot slot-id startup bootrom The BootROM is upgraded. Step 2 Run: reset slot slot-id The LPU is reset. After the LPU is reset, run the display version slot slot-id command to check whether the BootROM is upgraded successfully.
Page 198: Checking The Configuration
Huawei AR2200 Series Enterprise Routers Configuration Guide - Basic Configuration 9 Upgrade and Maintenance Context Before activating the GTL license, run the dir command to verify that the license file has been loaded to the storage device (Flash memory, SD card, or USB flash drive).
Page 199: Managing Patches
Huawei AR2200 Series Enterprise Routers Configuration Guide - Basic Configuration 9 Upgrade and Maintenance 9.4 Managing Patches This section describes several operations that can be performed on patches. You can install patches to upgrade the system without interrupting services, specify the patch file to be used...
Page 200: Specifying A Patch File To Be Used At The Next Startup
Huawei AR2200 Series Enterprise Routers Configuration Guide - Basic Configuration 9 Upgrade and Maintenance running patches. If the command output shows that there is a running patch file in the system, delete the running patch file. In addition, perform the following operations before patch installation: Upload a patch file to the master MPU.
Page 201: Uninstalling A Patch
Huawei AR2200 Series Enterprise Routers Configuration Guide - Basic Configuration 9 Upgrade and Maintenance 9.4.4 Uninstalling a Patch If an installed patch does not meet system requirements, or more storage space of the patch area is needed, you can uninstall the patch by running a command in the user view.
Page 202: Establishing The Configuration Task
Huawei AR2200 Series Enterprise Routers Configuration Guide - Basic Configuration 9 Upgrade and Maintenance 9.5.1 Establishing the Configuration Task Before setting CPU and memory usage thresholds, familiarize yourself with the applicable environment, complete the pre-configuration tasks, and obtain the data required for the configuration.
Page 203: Setting A Memory Usage Threshold
Huawei AR2200 Series Enterprise Routers Configuration Guide - Basic Configuration 9 Upgrade and Maintenance The system view is displayed. Step 2 Run: set cpu-usage threshold threshold-value [ restore restore-threshold-value ] [ slot slot-id ] An alarm threshold and a clear alarm threshold are set for the CPU usage on an MPU or an LPU in a specified slot.
Page 204: Restarting The Device
Huawei AR2200 Series Enterprise Routers Configuration Guide - Basic Configuration 9 Upgrade and Maintenance Procedure Run the display cpu-usage command to check CPU usage. Run the display cpu-usage [ configuration ] [ slot slot-id ] command to check CPU usage.
Page 205: Restarting The Device Immediately
Huawei AR2200 Series Enterprise Routers Configuration Guide - Basic Configuration 9 Upgrade and Maintenance 9.6.2 Restarting the Device Immediately Before restarting the router, you must choose whether to save the current configuration file of the router. Context CAUTION Running the reboot command is not recommended, because this will interrupt network services in a short period.
Page 206: Checking The Configuration
As shown in Figure 9-2, the system software of the cannot meet customer's requirements and needs to be upgraded. Huawei has provided related upgrade files for the customer to perform software upgrade on the. Figure 9-2 Networking diagram for upgrading system software GE2/0/0 10.1.1.1/24...
Page 207 Specify FTP as the mode of uploading the system software, the device as the FTP server, user 1 as the user name, and huawei as the user password. Specify the system software and configuration file to be used at the next startup.
Page 208 Huawei AR2200 Series Enterprise Routers Configuration Guide - Basic Configuration 9 Upgrade and Maintenance NOTE The Windows XP operating system is used as an example. Store the uploaded file in the specified directory (C:\temp in this example). Choose Start >...
Page 209 [HuaWei] display version Huawei Versatile Routing Platform Software VRP (R) software, Version 5.90 (AR2200 V200R001C00) Copyright (C) 2000-2010 Huawei Technologies Co., LTD Huawei AR2240 Router uptime is 0 week, 0 day, 3 hours, 59 minutes BKP 0 version information: 1. PCB Version : AR01BAK1A VER.C...
Page 210: Example For Installing A Patch File
The device performance needs to be optimized without affecting the use of the current version on the device. As shown in Figure 9-3, the performance of the device needs to be optimized. Huawei has provided a patch file for the customer to install. Figure 9-3 Networking diagram for installing a patch file GE2/0/0 10.1.1.1/24...
Page 211 Huawei AR2200 Series Enterprise Routers Configuration Guide - Basic Configuration 9 Upgrade and Maintenance Step 2 Load and run the patch. <HuaWei> patch load SPH-1.1.952.pat all run Patch operation succeeded Step 3 Verify the configuration. After the configuration is complete, run the display patch-information command to view information about the running patch.

Huawei AR2200 Series Configuration Manual

About this Document

1 Logging in to the System for the First Time

151 CLI Overview

3 Basic Configuration

4 Configuring User Interface

5 Configuring User Login

6 Managing File System

7 Configuring System Startup

8 Accessing Another Device

9 Upgrade and Maintenance

Quick Links

Related Manuals for Huawei AR2200 Series

Summary of Contents for Huawei AR2200 Series