H3C SecPath F5030 Configuration Manual
  1. Manuals
  2. Brands
  3. H3C Manuals
  4. Firewall
  5. SecPath F5030
  6. Configuration manual

H3C SecPath F5030 Configuration Manual

Comware 7 fundamentals
Hide thumbs Also See for SecPath F5030:
Table of Contents

Advertisement

Quick Links

Comware 7 Fundamentals Configuration Guide
New H3C Technologies Co., Ltd.
http://www.h3c.com
Software version:
F5030, F5030-6GW, F5060, F5080, F5000-M, F5000-A
F5010, F5020-GM, F5020, F5040, F5000-C, F5000-S
F1020, F1030, F1050, F1060, F1070, F1080, F1020-GM, F1070-GM
F1000-AK130, AK135, AK140, AK145, AK150, AK155, AK160, AK165, AK170,
AK175, AK180, AK185
F1005, F1010, F1003-L, F1005-L
F1000-AK108, AK109, AK110, AK115, AK120, AK125
Document version: 6W400-20190620
H3C SecPath Firewalls
E9628
E9342
E9345
E9345
E9536
E9536

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the SecPath F5030 and is the answer not in the manual?

Questions and answers

Subscribe to Our Youtube Channel

Related Manuals for H3C SecPath F5030

Summary of Contents for H3C SecPath F5030

  • Page 1 H3C SecPath Firewalls Comware 7 Fundamentals Configuration Guide New H3C Technologies Co., Ltd. http://www.h3c.com Software version: F5030, F5030-6GW, F5060, F5080, F5000-M, F5000-A E9628 F5010, F5020-GM, F5020, F5040, F5000-C, F5000-S E9342 F1020, F1030, F1050, F1060, F1070, F1080, F1020-GM, F1070-GM E9345 F1000-AK130, AK135, AK140, AK145, AK150, AK155, AK160, AK165, AK170,...
  • Page 2 The information in this document is subject to change without notice. All contents in this document, including statements, information, and recommendations, are believed to be accurate, but they are presented without warranty of any kind, express or implied. H3C shall not be liable for technical or editorial errors or omissions contained herein.
  • Page 3 Preface • This configuration guide describes the fundamentals and configuration procedures for Layer 2—WAN access features, including PPP, 3G modem, and 4G modem. • CLI. • RBAC, device login, and device access control. • Management of the device, file systems, configuration files, and licenses. •...
  • Page 4 Convention Description Asterisk marked braces enclose a set of required syntax choices separated by vertical { x | y | ... } * bars, from which you select a minimum of one. Asterisk marked square brackets enclose optional syntax choices separated by vertical [ x | y | ...
  • Page 5 It is normal that the port numbers, sample output, screenshots, and other information in the examples differ from what you have on your device. Documentation feedback You can e-mail your comments about product documentation to info@h3c.com. We appreciate your comments.

  • Page 6: Table Of Contents

    Contents Managing a 3G/4G modem ································································ 1     About managing a 3G/4G modem ································································································· 1   Restrictions: Hardware compatibility with 3G/4G modem management ·················································· 1   Restrictions and guidelines: 3G/4G modem management ··································································· 1   3G/4G modem management tasks at a glance ················································································· 2  ...

  • Page 7: Managing A 3G/4G Modem

    Managing a 3G/4G modem About managing a 3G/4G modem A 3G/4G modem connects a device to a 3G/4G network. USB 3G/4G modems are available for the device. A USB 3G/4G modem is hot swappable. The device uses a fixed cellular interface to manage a USB 3G/4G modem.

  • Page 8: 3G/4G Modem Management Tasks At A Glance

    • A USB 3G/4G modem is not usable when the USB interface to which the modem is attached is shut down. For more information about shutting down a USB interface, see Fundamentals Configuration Guide. • Unless otherwise noted, the 3G/4G modem configuration in this document is saved in the NVM of the 3G/4G modem.

  • Page 9: Configuring The 4G Modem Cellular Interface

    Configuring the 4G modem cellular interface Enter system view. system-view Enter cellular interface view. controller cellular cellular-number Configure a description for the cellular interface. description text By default, the description for a cellular interface is interface name Interface, for example, Cellular 2/4/0 Interface.

  • Page 10: Restoring The Default Settings For An Eth-Channel Interface

    Restoring the default settings for an Eth-channel interface Restrictions and guidelines CAUTION: Restoring the default interface settings might interrupt ongoing network services. Make sure you are fully aware of the impact of this command when you use it on a live network. The default command might fail to restore the default settings for some commands for reasons such as command dependencies and system restrictions.

  • Page 11: Configuring A 3G/4G Network

    For more information about the command, see DHCP commands in Layer 3–IP Service Command Reference. Obtain an IP address by using the modem-manufacturer's proprietary protocol. IPv4: ip address cellular-alloc IPv6: ipv6 address cellular-alloc Configure an IP address manually. ip address ip address { mask-length | mask } [ sub ] By default, no IP address is configured for an Eth-channel interface.

  • Page 12: Configuring Parameter Profiles

    (Optional.) Specify an LTE frequency band. lte band band-number The default setting for this command and support for the band-number argument depend on the 4G modem model. Configuring parameter profiles About parameter profiles A parameter profile defines the following items: •...

  • Page 13: Specifying The Primary And Backup Profiles

    Specifying the primary and backup profiles About the primary and backup profiles By default, profile 1 is used for 3G/4G modem dialup. The dialup fails if profile 1 does not exist. You can also specify the primary and backup profiles for 3G/4G modem dialup. The primary profile always has priority over the backup profile.

  • Page 14: Associating 3G/4G Link Backup With A Track Entry

    sim switch-to card-number By default, a 3G/4G modem uses the primary SIM card. Enable the 3G/4G modem to automatically switch back to the primary SIM card. sim switch-back enable [ wait-time time ] By default, automatic switchback to the primary SIM card is disabled. Associating 3G/4G link backup with a track entry About associating 3G/4G link backup with a track entry This configuration allows the system to use a track entry to monitor the status of the primary 3G/4G...

  • Page 15: Configuring Dm

    controller cellular interface-number Enable PIN verification. pin verification enable [ pin ] The default setting depends on the modem model. Whether you are required to enter the PIN when enabling PIN verification depends on the modem model. Specify the PIN for verification. pin verify { cipher | simple } string By default, no PIN is configured on a device for 3G/4G modem verification.

  • Page 16: Issuing A Configuration Directive To A 3G/4G Modem

    system-view Enter cellular interface view. controller cellular interface-number Set the RSSI thresholds. rssi { gsm | 1xrtt | evdo | lte } { low lowthreshold | medium mediumthreshold } By default, the lower and upper RSSI thresholds for a 3G/4G modem are –150 dBm and 0 dBm, respectively.

  • Page 17: Configuring Manual Reboot

    modem response timer time auto-recovery threshold By default, the response timeout is 10 seconds and the consecutive timeout threshold is 3. The configuration is saved on the device rather than the 3G/4G modem. Configuring manual reboot About manual reboot A 3G/4G modem can automatically detect running errors and reboot. If the 3G/4G modem fails to reboot by itself, you can use this command to manually reboot it.

  • Page 18: 4G Modem Management Configuration Examples

    Task Command interface. [ interface-number ] ] display interface [ eth-channel Display information about an Eth-channel interface. [ channel-id ] ] [ brief [ description | down ] ] reset counters controller [ cellular Clear the statistics for a cellular interface.

  • Page 19: Troubleshooting

    To resolve the issue: Execute the shutdown command and the undo shutdown command on the cellular interface. If the 3G/4G modem still fails to function, execute the modem reboot command on the cellular interface. If the issue persists, contact H3C Support.
  • Page 20 Contents Configuring PPP ·············································································· 1     About PPP ······························································································································· 1   PPP protocols ····················································································································· 1   PPP link establishment process ······························································································ 1   PPP authentication ·············································································································· 2   PPP for IPv4 ······················································································································ 2   PPP for IPv6 ······················································································································ 3  ...

  • Page 21: Configuring Ppp

    Configuring PPP About PPP Point-to-Point Protocol (PPP) is a point-to-point link layer protocol. It provides user authentication, supports synchronous/asynchronous communication, and allows for easy extension. PPP protocols PPP includes the following protocols: • Link control protocol (LCP)—Establishes, tears down, and monitors data links. •...

  • Page 22: Ppp Authentication

    If a network layer protocol is configured, the PPP link enters the Network-Layer Protocol phase for NCP negotiation, such as IPCP negotiation and IPv6CP negotiation. If the NCP negotiation succeeds, the link goes up and becomes ready to carry negotiated network-layer protocol packets.

  • Page 23: Ppp For Ipv6

    IP address negotiation IP address negotiation enables one end to assign an IP address to the other. An interface can act as a client or a server during IP address negotiation: • Client—Obtains an IP address from the server. Use the client mode when the device accesses the Internet through an ISP.

  • Page 24: Ppp Tasks At A Glance

    • Method 3—The client requests prefixes through DHCPv6 and assigns them to downstream hosts. The hosts then uses the prefixes to generate global IPv6 addresses. This method uses the same principle of selecting address pools as method 2. The device can assign a host an IPv6 address in either of the following ways: •...

  • Page 25: Configuring Pap Authentication

    LCP negotiation succeeds. If the response packet from the peer carries a recommended authentication mode, the authenticator directly uses the authentication mode if it finds the mode configured. Configuring PAP authentication Restrictions and guidelines for PAP authentication For local AAA authentication, the username and password of the peer must be configured on the authenticator.
  • Page 26 • For remote AAA authentication, the username and password of the peer must be configured on the remote AAA server. • The username and password configured for the peer must meet the following requirements: The username configured for the peer must be the same as that configured on the peer by using the ppp chap user command.

  • Page 27: Configuring Chap Authentication (Authenticator Name Is Not Configured)

    Configuring CHAP authentication (authenticator name is not configured) Restrictions and guidelines for CHAP authentication (authenticator name is not configured) For local AAA authentication, the username and password of the peer must be configured on the authenticator. For remote AAA authentication, the username and password of the peer must be configured on the remote AAA server.

  • Page 28: Configuring The Polling Feature

    MS-CHAP-V2 authentication supports password change only when using RADIUS. As a best practice, do not set the authentication method for PPP users to none when MS-CHAP-V2 authentication is used. For local AAA authentication, the username and password of the peer must be configured on the authenticator.

  • Page 29: Configuring Ppp Negotiation

    Restrictions and guidelines On a slow link, increase the keepalive interval to prevent false shutdown of the interface. This situation might occur when keepalive packets are delayed because a large packet is being transmitted on the link. The keepalive interval must be smaller than the negotiation timeout time. Procedure Enter system view.

  • Page 30: Enabling Ip Segment Match

    system-view Enter interface view. interface interface-type interface-number Enable IP address negotiation. ip address ppp-negotiate By default, IP address negotiation is not enabled. If you execute this command and the ip address command multiple times, the most recent configuration takes effect. For more information about the ip address command, see Layer 3—IP Services Command Reference.

  • Page 31: Configuring Acfc Negotiation

    Configuring ACFC negotiation About ACFC negotiation PPP can compress the address and control fields of PPP packets to increase the payload size. ACFC negotiation notifies the peer that the local end can receive packets carrying compressed address and control fields. ACFC negotiation is implemented at the LCP negotiation stage.

  • Page 32: Enabling Ip Header Compression

    Configuring the local end to send PFC requests Enter system view. system-view Enter interface view. interface interface-type interface-number Configure the local end to send PFC requests by including the PFC option in outbound LCP negotiation requests. ppp pfc local request By default, the local end does not include the PFC option in outbound LCP negotiation requests.

  • Page 33: Enabling Ppp Link Quality Monitoring

    [ nonstandard ] By default, IP header compression is disabled. The nonstandard option must be specified when the device communicates with a non-H3C device. When the nonstandard keyword is specified, only RTP header compression is supported and TCP header compression is not supported.

  • Page 34: Configuring The Nas-Port-Type Attribute

    ppp lqm lcp-echo [ packet size ] [ interval interval ] By default, an interface does not send LCP echo packets when LQM detects a low quality link. This feature can avoid PPP link flapping caused by loss of large LCP packets. Configuring the NAS-Port-Type attribute About the NAS-Port-Type attribute The NAS-Port-Type attribute is used for RADIUS authentication and accounting.

  • Page 35: Display And Maintenance Commands For Ppp

    By default, PPP accounting is disabled. Display and maintenance commands for PPP Execute display commands in any view and reset commands in user view. Task Command display ip pool [ pool-name | group Display PPP address pools. group-name ] display ppp access-user { domain domain-name interface interface-type interface-number [ count ] | ip-address...

  • Page 36: Configuring Pppoe

    Configuring PPPoE About PPPoE Point-to-Point Protocol over Ethernet (PPPoE) extends PPP by transporting PPP frames encapsulated in Ethernet over point-to-point links. PPPoE specifies the methods for establishing PPPoE sessions and encapsulating PPP frames over Ethernet. PPPoE requires a point-to-point relationship between peers instead of a point-to-multipoint relationship as in multi-access environments such as Ethernet.

  • Page 37: Configuring A Pppoe Client

    Host-initiated network structure As shown in Figure 3, a PPPoE session is established between each host (PPPoE client) and the carrier device (PPPoE server). The service provider assigns an account to each host for billing and control. The host must be installed with PPPoE client software. Figure 3 Host-initiated network structure Configuring a PPPoE client Operation mode...

  • Page 38: Configuring A Dialer Interface

    Configuring a dialer interface About dialer interfaces Before establishing a PPPoE session, you must first create a dialer interface and configure bundle DDR on the interface. Each PPPoE session uniquely corresponds to a dialer bundle, and each dialer bundle uniquely corresponds to a dialer interface. A PPPoE session uniquely corresponds to a dialer interface.

  • Page 39: Configuring A Pppoe Session

    10. (Optional.) Set the MTU for the dialer interface mtu size By default, the MTU on a dialer interface is 1500 bytes. The dialer interface fragments a packet that exceeds the configured MTU, and adds a 2-byte PPP header and a 6-byte PPPoE header to each fragment. You should modify the MTU of a dialer interface to make sure the total length of any fragment packet is less than the MTU of the physical interface.

This manual is also suitable for:

Secpath f5030-6gwSecpath f5060Secpath f5080Secpath f5000-mSecpath f5000-aSecpath f5010 ... Show all

Table of Contents