Huawei V300R005 Configuration Manual
  1. Manuals
  2. Brands
  3. Huawei Manuals
  4. Network Router
  5. V300R005
  6. Configuration manual

Huawei V300R005 Configuration Manual

Quidway netengine80 core router
Hide thumbs Also See for V300R005:
Table of Contents

Advertisement

Quick Links

Download this manual
Quidway NetEngine80 Core Router
V300R005
Configuration Guide - Basic
Configurations
04
Issue
Date
2009-12-20
Part Number
00407347
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.

Advertisement

Table of Contents
loading

Related Manuals for Huawei V300R005

Summary of Contents for Huawei V300R005

  • Page 1 Quidway NetEngine80 Core Router V300R005 Configuration Guide - Basic Configurations Issue Date 2009-12-20 Part Number 00407347 Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
  • Page 2 Huawei Technologies Co., Ltd. provides customers with comprehensive technical support and service. For any assistance, please contact our local office or company headquarters. Huawei Technologies Co., Ltd. Address: Huawei Industrial Base Bantian, Longgang Shenzhen 518129 People's Republic of China Website: http://www.huawei.com...

  • Page 3: Table Of Contents

    2.2.4 Logging In to the Router ........................2-3 2.3 Logging In to Router Through Telnet......................2-4 2.3.1 Establishing the Configuration Task....................2-4 2.3.2 Establishing the Physical Connection ....................2-5 2.3.3 Configuring Login User Parameters....................2-5 Issue 04 (2009-12-20) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
  • Page 4 4.2.1 Establishing the Configuration Task....................4-2 4.2.2 Switching the Language Mode......................4-3 4.2.3 Configuring the Equipment Name.....................4-3 4.2.4 Configuring the System Clock ......................4-3 4.2.5 Configuring the Header Text ......................4-4 Huawei Proprietary and Confidential Issue 04 (2009-12-20) Copyright © Huawei Technologies Co., Ltd.
  • Page 5 5.4.6 Configuring User Authentication ....................5-19 5.4.7 Checking the Configuration ......................5-21 5.5 Managing User Interfaces..........................5-21 5.5.1 Establishing the Configuration Task....................5-21 5.5.2 Sending Messages to Other User Interfaces ..................5-22 5.5.3 Clearing Online User........................5-22 Issue 04 (2009-12-20) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
  • Page 6 6.3.4 Displaying the Directory of File......................6-5 6.3.5 Creating a Directory ..........................6-6 6.3.6 Deleting a Directory ..........................6-6 6.4 Managing Files ............................6-6 6.4.1 Displaying Contents of Files ......................6-7 6.4.2 Copying Files ............................6-7 Huawei Proprietary and Confidential Issue 04 (2009-12-20) Copyright © Huawei Technologies Co., Ltd.
  • Page 7 8.3.4 Configuring the Basic FTP ACL .......................8-8 8.3.5 Checking the Configuration ......................8-8 8.4 Configuring the Router to Be the FTP Client ....................8-9 8.4.1 Establishing the Configuration Task....................8-9 Issue 04 (2009-12-20) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
  • Page 8 9.2.2 Establishing a Telnet Connection ......................9-8 9.2.3 Establishing a Telnet Redirection Connection...................9-8 9.2.4 Scheduled Telnet Disconnection .......................9-9 9.2.5 Checking the Configuration ......................9-9 9.3 Configuring SSH Users ..........................9-10 9.3.1 Establishing the Configuration Task....................9-10 Huawei Proprietary and Confidential Issue 04 (2009-12-20) Copyright © Huawei Technologies Co., Ltd.
  • Page 9 9.8.3 Example for Connecting the SFTP Client to the SSH Server............9-37 9.8.4 Example for Accessing the SSH Server Through Other Port Numbers...........9-42 9.8.5 Example for Authenticating SSH Through RADIUS ..............9-49 Issue 04 (2009-12-20) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
  • Page 10 11.3.1 Establishing the Configuration Task....................11-5 11.3.2 Specifying the System Software for the Next Startup ..............11-5 11.3.3 (Optional) Configuring PAF Files ....................11-6 11.3.4 (Optional) Configuring Patch Packages ..................11-6 Huawei Proprietary and Confidential viii Issue 04 (2009-12-20) Copyright © Huawei Technologies Co., Ltd.
  • Page 11 12.9 Unloading the LPU Patch........................12-13 12.9.1 Establishing the Configuration Task....................12-13 12.9.2 Deleting the LPU Patch.......................12-14 A Glossary ............................ A-1 B Acronyms and Abbreviations ....................B-1 Index ..............................i-1 Issue 04 (2009-12-20) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
  • Page 12 Figure 9-9 Networking diagram of accessing the SSH server through other port numbers......9-43 Figure 9-10 Networking diagram of authenticating the SSH through RADIUS ..........9-49 Figure 12-1 Conversion between the statuses of a patch ................12-2 Issue 04 (2009-12-20) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
  • Page 13 Table 3-5 Describes metacharacters........................3-9 Table 3-6 Access the history commands ......................3-10 Table 3-7 System-defined shortcut keys ......................3-11 Table 5-1 Example for the absolute numbering ....................5-3 Issue 04 (2009-12-20) Huawei Proprietary and Confidential xiii Copyright © Huawei Technologies Co., Ltd.

  • Page 14: About This Document

    Quidway NetEngine80 Configuration Guide - Basic Configurations Contents Contents About This Document........................1 Huawei Proprietary and Confidential Issue 04 (2009-12-20) Copyright © Huawei Technologies Co., Ltd.

  • Page 15: Intended Audience

    This document consists of twelve chapters and is organized as follows. Chapter Content 1 NE80 Core Router Overview This chapter describes the architecture, functional features and main functions of the NE80. Huawei Proprietary and Confidential Issue 04 (2009-12-20) Copyright © Huawei Technologies Co., Ltd.
  • Page 16 Conventions Symbol Conventions The symbols that may be found in this document are defined as follows. Huawei Proprietary and Confidential Issue 04 (2009-12-20) Copyright © Huawei Technologies Co., Ltd.

  • Page 17: General Conventions

    [ x | y | ... ] Optional items are grouped in brackets and separated by vertical bars. One item is selected or no item is selected. Huawei Proprietary and Confidential Issue 04 (2009-12-20) Copyright © Huawei Technologies Co., Ltd.

  • Page 18: Keyboard Operations

    The mouse operations that may be found in this document are defined as follows. Action Description Click Select and release the primary mouse button without moving the pointer. Huawei Proprietary and Confidential Issue 04 (2009-12-20) Copyright © Huawei Technologies Co., Ltd.

  • Page 19: Update History

    Fourth commercial release. Updates in Issue 03 (2009-08-01) Third commercial release. Updates in Issue 02 (2008-10-20) Second commercial release. Updates in Issue 01 (2008-04-18) First commercial release. Huawei Proprietary and Confidential Issue 04 (2009-12-20) Copyright © Huawei Technologies Co., Ltd.
  • Page 20 1.2.4 Carrier-Class Availability........................1-6 1.2.5 Rich Services ............................1-6 1.2.6 Perfect Diff-Serv/QoS..........................1-6 1.2.7 Excellent Security Mechanism......................1-7 1.2.8 Practical NMS............................1-7 1.2.9 Flexible Networking Capabilities ......................1-8 1.3 Features List of the NE80..........................1-8 Issue 04 (2009-12-20) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
  • Page 21 Quidway NetEngine80 Configuration Guide - Basic Configurations Figures Figures Figure 1-1 Software architecture of the NE80-8 ....................1-4 Issue 04 (2009-12-20) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
  • Page 22 Quidway NetEngine80 Configuration Guide - Basic Configurations Tables Tables Table 1-1 Features list of the NE80 Series USR....................1-8 Issue 04 (2009-12-20) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 23: Ne80 Core Router Overview

    NE80 1.2 Characteristics of the This section describes the characteristics of the NE80 1.3 Features List of the This section describes the features of the NE80. Issue 04 (2009-12-20) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 24: Hardware Architecture

    All these raise higher requirements to MAN devices. According to the development of IP MANs, Huawei launches the NE80 Series USR. The NE80 has the following features: large capacity, high performance, high reliability, and...

  • Page 25: Software Architecture

    DRV modules are distributed in the RPS, FSU and EFU for driving the hardware of the MPU and the LPU. Figure 1-1 takes the NE80-8 for example to illustrate the NE80 software architecture. Issue 04 (2009-12-20) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 26: Figure 1-1 Software Architecture Of The Ne80-8

    Service (CoS) features according to different configuration requirements. The Switch Fabric monitoring module monitors the internal switching network in the NE80 Series USR. Implemented on the Huawei integrated network management platform, the NMS maintains and controls devices uniformly. Huawei Proprietary and Confidential Issue 04 (2009-12-20) Copyright ©...

  • Page 27: Characteristics Of The Ne

    1 NE80 Core Router Overview The NE80 applies the Versatile Routing Platform (VRP) software system. As a versatile operating system platform for Huawei's data communications products, the VRP realizes a modular architecture with IP services as the core. In addition to abundant functions and features, the VRP provides some application-based capabilities such as scalability and flexibility.

  • Page 28: Line-Speed Forwarding

    The NE80 realizes the QoS feature when carrying the integrated service including the real-time service. In particular, the NE80 provides various standard-based supports to Diff-Serv, including: Traffic classification Traffic policing Huawei Proprietary and Confidential Issue 04 (2009-12-20) Copyright © Huawei Technologies Co., Ltd.

  • Page 29: Excellent Security Mechanism

    IBM). The Quidview NMS can provide multi-language support and Graphic User Interface (GUI). The Quidview NMS can also be seamlessly integrated with the Huawei-developed network management systems of other fixed network communication devices to achieve centralized management of multiple devices. The Quidview NMS can also be integrated with the present...

  • Page 30: Flexible Networking Capabilities

    MAN convergence layer. Diversified entire network solutions from the access network to the core network can be provided for users when the NE80 is cooperated with Huawei's multi-service switches, Quidway Series routers, broadband access series, LAN Switch Series, and Metro transmission Series.
  • Page 31 Hot standby MPU 1:1 redundancy (applied to NE80-8 and device for redundancy NE80-4) Power supply module 1:1 redundancy System management bus 1:1 redundancy System data bus 1:1 redundancy Issue 04 (2009-12-20) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
  • Page 32 User-interface configuration, providing various authentication and authorization functions for the logon users Time service NTP Server and NTP Client Timezone Summer Time On-line On-line loading service On-line upgrading 1-10 Huawei Proprietary and Confidential Issue 04 (2009-12-20) Copyright © Huawei Technologies Co., Ltd.

  • Page 33: Ne80 Core Router Overview

    AAA = Authorization, Authentication and Accounting VRRP = Virtual Router Redundancy Protocol CAR = Committed Access Rate srTCM = Single Rate Three Color Marker trTCM = Two Rate Three Color Marker Issue 04 (2009-12-20) Huawei Proprietary and Confidential 1-11 Copyright © Huawei Technologies Co., Ltd.

  • Page 34: Introduction

    2.5.1 Example for Logging In Through the Console Port................2-7 2.5.2 Example for Logging In Through Telnet....................2-9 2.5.3 Example for Logging In Through the AUX Port ................2-11 Issue 04 (2009-12-20) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
  • Page 35 Figure 2-5 Establishing the configuration environment through Telnet ............2-10 Figure 2-6 Running the Telnet program on the PC................... 2-11 Figure 2-7 Establishing the remote configuration environment through AUX ..........2-11 Issue 04 (2009-12-20) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 36: About This Chapter

    Through the AUX Port environments through the AUX port. Example for Logging In Through the AUX. 2.5 Configuration Examples This section provides several examples of establishing configuration environments. Issue 04 (2009-12-20) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 37: Login Through The Console

    If you log in to the router for the first time or perform the local configuration, you need to log in to the router through the Console port. Huawei Proprietary and Confidential Issue 04 (2009-12-20) Copyright © Huawei Technologies Co., Ltd.

  • Page 38: Configuration Procedures

    9600 bps, data bit to 8, stop bit to 1. Specify no parity and no flow control. ----End 2.2.4 Logging In to the Router Do as follows on the PC: Issue 04 (2009-12-20) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 39: Logging In To Router Through Telnet

    Configuration Procedures To configure the router through Telnet, complete the following procedures. Procedure Establishing the Physical Connection Configuring Login User Parameters Logging In from the Telnet Client Huawei Proprietary and Confidential Issue 04 (2009-12-20) Copyright © Huawei Technologies Co., Ltd.

  • Page 40: Logging In From The Telnet Client

    Preparing the PC/terminal (including the serial port and RS-232 cable) Preparing the PC terminal emulation program (such as Windows XP hyper terminal) Preparing two Modems Data Preparation To configure the router, you need the following data. Issue 04 (2009-12-20) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 41: Establishing The Physical Connection

    Connection Description window. Step 2 Enter the connection name of the PC and the router, such as Dial. Step 3 Click OK to enter the Connect To window. Huawei Proprietary and Confidential Issue 04 (2009-12-20) Copyright © Huawei Technologies Co., Ltd.

  • Page 42: Logging In To The Router

    Log in to the router Data Preparation To complete the configuration, you need the terminal communication parameters (including baud bit, data bit, parity, stop bit and flow control). Issue 04 (2009-12-20) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 43: Figure 2-2 New Connection

    9600 bps, data bit to be 8, stop bit to be 1. Specify no parity and no flow control as shown from Figure 2-2 Figure 2-4. Figure 2-2 New connection Figure 2-3 Setting the port Huawei Proprietary and Confidential Issue 04 (2009-12-20) Copyright © Huawei Technologies Co., Ltd.

  • Page 44: Figure 2-4 Setting The Port Communication Parameters

    2.5.2 Example for Logging In Through Telnet Networking Requirements You can log in to the router on other network segments through the PC or other terminals to perform remote maintenance. Issue 04 (2009-12-20) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 45: Figure 2-5 Establishing The Configuration Environment Through Telnet

    [Quidway] interface GigabitEthernet 1/0/0 [Quidway-GigabitEthernet1/0/0] ip address 202.38.160.92 255.255.0.0 [Quidway-GigabitEthernet1/0/0] quit # Configure login authentication mode [Quidway] aaa [Quidway-aaa] local-user huawei password cipher test2 [Quidway-aaa] local-user huawei service-type telnet [Quidway-aaa] local-user huawei level 3 [Quidway-aaa] quit [Quidway] user-interface vty 0 4 [Quidway-ui-vty0-14] authentication-mode aaa Step 3 Configure the client login.

  • Page 46: Figure 2-6 Running The Telnet Program On The Pc

    PSTN Router Configuration Roadmap The configuration roadmap is as follows: Establish the physical connection Configure Modem parameters Configure the AUX port to support the Modem dialup Issue 04 (2009-12-20) Huawei Proprietary and Confidential 2-11 Copyright © Huawei Technologies Co., Ltd.
  • Page 47 Figure 2-7. Step 2 Configure the AUX port to support the Modem dialup. <Quidway> system-view [Quidway] aaa [Quidway-local-aaa-server] local-user huawei password cipher test1 [Quidway-local-aaa-server] local-user huawei service-type terminal [Quidway-local-aaa-server] local-user huawei level 3 [Quidway-local-aaa-server] quit [Quidway] user-interface aux 0 [Quidway-ui-aux0] authentication-mode aaa [Quidway-ui-aux0] modem both Step 3 Configure Modem parameters.
  • Page 48 3.4.3 Use of Shortcut Keys .........................3-13 3.5 Configuration Examples..........................3-13 3.5.1 Example for Using Shortcut Keys......................3-13 3.5.2 Copying Commands Using Shortcut Keys..................3-14 3.5.3 Example for Using Tab ........................3-14 Issue 04 (2009-12-20) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
  • Page 49 Table 3-3 Keys for editing ..........................3-7 Table 3-4 Keys for displaying..........................3-8 Table 3-5 Describes metacharacters ........................3-9 Table 3-6 Access the history commands......................3-10 Table 3-7 System-defined shortcut keys ......................3-11 Issue 04 (2009-12-20) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 50: Cli Overview

    This section describes the error messages of the command Line Interface line. 3.4 Shortcut Keys This section describes how to use shortcut keys. 3.5 Configuration Examples This section provides examples for using shortcut keys. Issue 04 (2009-12-20) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 51: Introduction

    (such as ping and tracert) and commands that start from the local device and visit external device (including Telnet client side, SSH client side and Rlogin) and so on. Huawei Proprietary and Confidential Issue 04 (2009-12-20) Copyright © Huawei Technologies Co., Ltd.

  • Page 52: Command Line Views

    It can also be run in the interface view to enable the MPLS capability on this interface. Different command line views are shown in Table 3-1. Issue 04 (2009-12-20) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 53: Table 3-1 Command Line Views

    FTP client view GigabitEthernet GE interface view hwtacacs HWTACACS view ike-proposal IKE view ipsec-policy-isakmp IPSEC policy Isakmp view ipsec-policy-manual IPSEC policy manual view ipsec-policy-template IPSEC policy template view Huawei Proprietary and Confidential Issue 04 (2009-12-20) Copyright © Huawei Technologies Co., Ltd.
  • Page 54 T3 interface view tunnel Tunnel interface view tunnel-policy Tunnel policy view user-interface User interface view virtual-ethernet Virtual Ethernet interface view virtual-template Virtual template interface view vpn-instance VPN instance view Issue 04 (2009-12-20) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 55: Online Help

    You can obtain the partial help of the command line in the following ways: Enter a character string and "?" separated by a space to display all commands that begin with this character string. <Quidway> d? debugging delete display downlpu Huawei Proprietary and Confidential Issue 04 (2009-12-20) Copyright © Huawei Technologies Co., Ltd.

  • Page 56: Table 3-2 Common Error Messages Of The Command Line

    Inserts a character in the current position of the cursor if the editing buffer is not full and the cursor moves rightward. Otherwise an alarm is generated. Issue 04 (2009-12-20) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 57: Table 3-4 Keys For Displaying

    Enter Continues to display the information on next line. 3.3.3 Regular Expressions When a lot of information is output, you can filter the display through regular expressions. Huawei Proprietary and Confidential Issue 04 (2009-12-20) Copyright © Huawei Technologies Co., Ltd.

  • Page 58: Table 3-5 Describes Metacharacters

    The simplest regular expressions do not contain any metacharacter. For example, when a regular expression is defined as "hello", it matches only the character string "hello". NE80 supports two ways of applying regular expression in filtering. Issue 04 (2009-12-20) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 59: Table 3-6 Access The History Commands

    Access the last Up cursor key Display the last history command if there is an history earlier history command ↑ or Ctrl+P command. Otherwise, an alarm is generated. 3-10 Huawei Proprietary and Confidential Issue 04 (2009-12-20) Copyright © Huawei Technologies Co., Ltd.

  • Page 60: Table 3-7 System-Defined Shortcut Keys

    The cursor moves leftward by the space of a character. CTRL_C Terminates the running function. CTRL_D Deletes the character where the cursor lies. CTRL_E The cursor moves to the end of the current line. Issue 04 (2009-12-20) Huawei Proprietary and Confidential 3-11 Copyright © Huawei Technologies Co., Ltd.

  • Page 61: Defining Shortcut Keys

    That is, spaces exist in the command. Configure as follows in the system view. Action Command Define shortcut hotkey { CTRL_G | CTRL_L | CTRL_O } command-text keys. 3-12 Huawei Proprietary and Confidential Issue 04 (2009-12-20) Copyright © Huawei Technologies Co., Ltd.

  • Page 62: Use Of Shortcut Keys

    Route Flags: R - relay, D - download to fib ------------------------------------------------------------------------------ Routing Tables: Public Destinations : 5 Routes : 5 Destination/Mask Proto Pre Cost Flags NextHop Interface 51.51.51.9/32 Direct 0 D 127.0.0.1 InLoopBack0 Issue 04 (2009-12-20) Huawei Proprietary and Confidential 3-13 Copyright © Huawei Technologies Co., Ltd.

  • Page 63: Copying Commands Using Shortcut Keys

    # info-center can be followed by three key words. [Quidway] info-center log? logbuffer logfile loghost Type the incomplete key word. [Quidway] info-center l Step 1 Press Tab. 3-14 Huawei Proprietary and Confidential Issue 04 (2009-12-20) Copyright © Huawei Technologies Co., Ltd.
  • Page 64 Step 1 Type a wrong key word "loglog". [Quidway] info-center loglog Step 2 Press Tab. [Quidway] info-center loglog The wrong input "loglog" is displayed in a new line. ----End Issue 04 (2009-12-20) Huawei Proprietary and Confidential 3-15 Copyright © Huawei Technologies Co., Ltd.
  • Page 65 4.3.3 Switching User Levels .........................4-6 4.3.4 Locking User Interfaces ........................4-7 4.4 Displaying System Status Messages ......................4-7 4.4.1 Displaying System Configuration ......................4-8 4.4.2 Displaying System Status........................4-8 4.4.3 Collecting System Diagostic Information ....................4-8 Issue 04 (2009-12-20) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 66: Basic Configuration

    This section describes the configuration of the basic user Environment configuration environment on the router. 4.4 Displaying System Status This section describes the display commands for Messages displaying basic system configuration. Issue 04 (2009-12-20) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 67: Introduction

    Before configuring basic system environment, power on the router. Data Preparation To configure basic system environment, you need the following data. Data Language mode System time Host name Login information Command level Huawei Proprietary and Confidential Issue 04 (2009-12-20) Copyright © Huawei Technologies Co., Ltd.

  • Page 68: Switching The Language Mode

    You can change the name of the router that appears in the command prompt. 4.2.4 Configuring the System Clock Do as follows on the router: Step 1 Run: clock datetime HH:MM:SS YYYY/MM/DD Issue 04 (2009-12-20) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 69: Configuring The Header Text

    Header text is the prompt displayed by the system when users connect to the router, log in or start interactive configuration. Configure the header text to provide detailed indication. 4.2.6 Configuring Command Levels Do as follows on the router: Step 1 Run: system-view Huawei Proprietary and Confidential Issue 04 (2009-12-20) Copyright © Huawei Technologies Co., Ltd.

  • Page 70: Configuring Basic User Environment

    Thus, it requires the user to configure the basic environment for changing levels. Pre-configuration Tasks Before configuring the basic environment for the user, complete the following task: Powering on the router properly Issue 04 (2009-12-20) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 71: Configuring The Password For Switching User Levels

    When users log in to the router with a lower user level, they switch to a super user level to perform advanced operations by entering the corresponding password. The password needs to be configured beforehand. 4.3.3 Switching User Levels Do as follows on the router: Huawei Proprietary and Confidential Issue 04 (2009-12-20) Copyright © Huawei Technologies Co., Ltd.

  • Page 72: Locking User Interfaces

    You must enter the correct password to unlock the user interface. 4.4 Displaying System Status Messages Using the display commands to get the following status messages: System configuration message System working status message Issue 04 (2009-12-20) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 73: Displaying System Configuration

    The display diagnostic-information command collects the information for once after running the following commands, including display clock, display version, display cpu, display interface, display current-configuration, display saved-configuration, display history-command and so on. Huawei Proprietary and Confidential Issue 04 (2009-12-20) Copyright © Huawei Technologies Co., Ltd.
  • Page 74 5.5 Managing User Interfaces ...........................5-21 5.5.1 Establishing the Configuration Task ....................5-21 5.5.2 Sending Messages to Other User Interfaces..................5-22 5.5.3 Clearing Online User .........................5-22 5.5.4 Checking the Configuration .......................5-22 Issue 04 (2009-12-20) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
  • Page 75 5.7.8 Checking the Configuration .......................5-29 5.8 Configuration Examples..........................5-30 5.8.1 Example for Configuring Logging In to the Router Through Password ..........5-31 5.8.2 Example for Logging In to the Router Through AAA ...............5-32 Huawei Proprietary and Confidential Issue 04 (2009-12-20) Copyright © Huawei Technologies Co., Ltd.
  • Page 76 Quidway NetEngine80 Configuration Guide - Basic Configurations Tables Tables Table 5-1 Example for the absolute numbering ....................5-3 Issue 04 (2009-12-20) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 77: User Management

    This section describes how to configure and authenticate Management the local user. 5.8 Configuration Examples This section provides examples for logging in to the router in different ways. Issue 04 (2009-12-20) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 78: Introduction

    By default, the system supports three types of user interfaces: CON, AUX, and VTY. Table 5-1 Shows the absolute numbers of the user interfaces in this system. Huawei Proprietary and Confidential Issue 04 (2009-12-20) Copyright © Huawei Technologies Co., Ltd.

  • Page 79: Table 5-1 Example For The Absolute Numbering

    Point-to-Point Protocol (PPP) users: They establish PPP connections (such as dialing and PPPoA) with the router to access the network. Secure Shell (SSH) users: They establish SSH connections with the router to access the network. Issue 04 (2009-12-20) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 80: User Authentication

    A Telnet user is created for remote access. An FTP user uploads or downloads files on a router from the remote. A PPP user can access networks through PPP connections. Huawei Proprietary and Confidential Issue 04 (2009-12-20) Copyright © Huawei Technologies Co., Ltd.

  • Page 81: Configuring Console User Interface

    Configuration Procedures To configure a console interface, complete the following procedures. Procedure Configuring Console Interface Attributes Setting Console Terminal Attributes Configuring the User Interface Priority Configuring User Authentication Issue 04 (2009-12-20) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 82: Configuring Console Interface Attributes

    By default, the value is 1 bit. Step 7 (Optional)Run: databits { 5 | 6 | 7 | 8 } The data bit is set. By default, the data bit is 8. ----End Huawei Proprietary and Confidential Issue 04 (2009-12-20) Copyright © Huawei Technologies Co., Ltd.

  • Page 83: Setting Console Terminal Attributes

    Do as follows on the router that the user logs in to: Step 1 Run: system-view The system view is displayed. Step 2 Run: user-interface [ ui-type ] first-ui-number [ last-ui-number ] The user interface view is displayed. Issue 04 (2009-12-20) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 84: Configuring User Authentication

    The authentication mode is set to AAA. Step 4 Run: quit Exit from the console user interface view. Step 5 Run: The AAA view is displayed. Step 6 Run: Huawei Proprietary and Confidential Issue 04 (2009-12-20) Copyright © Huawei Technologies Co., Ltd.
  • Page 85 The system view is displayed. Step 2 Run: user-interface console 0 The console user interface view is displayed. Step 3 Run: authentication-mode none The authentication mode is set to non-authentication. ----End Issue 04 (2009-12-20) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 86: Checking The Configuration

    Idle timeout period for user, screen length of terminal, and the size of history command buffer User priority Modem attributes (Optional) Auto-execute commands User authentication method, user name, and password 5-10 Huawei Proprietary and Confidential Issue 04 (2009-12-20) Copyright © Huawei Technologies Co., Ltd.

  • Page 87: Configuring Aux Interface Attributes

    Step 5 Run: parity { even | mark | none | odd | space } The checksum bit is set. By default, the checksum bit is none. Issue 04 (2009-12-20) Huawei Proprietary and Confidential 5-11 Copyright © Huawei Technologies Co., Ltd.

  • Page 88: Configuring Aux Terminal Attributes

    The screen length of the terminal screen is set. By default, the length of the terminal screen is 24 lines. Step 6 Run: history-command max-size size-value 5-12 Huawei Proprietary and Confidential Issue 04 (2009-12-20) Copyright © Huawei Technologies Co., Ltd.

  • Page 89: Configuring User Priority

    Step 4 Run: modem auto-answer Enable auto answer. Step 5 Run: modem [ both | call-in ] Issue 04 (2009-12-20) Huawei Proprietary and Confidential 5-13 Copyright © Huawei Technologies Co., Ltd.

  • Page 90: Configuring User Authentication

    Step 6 Run: local-user user-name password { simple | cipher } password Local user and password are configured. ----End Configuring Password Authentication Do as follows on the router: 5-14 Huawei Proprietary and Confidential Issue 04 (2009-12-20) Copyright © Huawei Technologies Co., Ltd.

  • Page 91: Checking The Configuration

    View usage information of the user display users [ all ] interface View physical attributes and display user-interface console 0 [ summary ] configurations of the user interface Issue 04 (2009-12-20) Huawei Proprietary and Confidential 5-15 Copyright © Huawei Technologies Co., Ltd.

  • Page 92: Configuring Vty User Interface

    Configuration Procedures To configure a VTY user interface, complete the following procedures. Procedure Configuring Maximum VTY User Interfaces Configuring Limits for Incoming Calls and Outgoing Calls 5-16 Huawei Proprietary and Confidential Issue 04 (2009-12-20) Copyright © Huawei Technologies Co., Ltd.

  • Page 93: Configuring Maximum Vty User Interfaces

    [Quidway] user-interface maximum-vty 15 [Quidway] user-interface vty 5 14 [Quidway-ui-vty5-14] authentication-mode password [Quidway-ui-vty5-14] set authentication password cipher huawei 5.4.3 Configuring Limits for Incoming Calls and Outgoing Calls Do as follows on the router that the user logs in to: Step 1 Run: system-view The system view is displayed.

  • Page 94: Configuring Timeout Of Vty User Authorization

    5.4.5 Configuring VTY Terminal Attributes Do as follows on the router: Step 1 Run: system-view The system view is displayed. Step 2 Run: 5-18 Huawei Proprietary and Confidential Issue 04 (2009-12-20) Copyright © Huawei Technologies Co., Ltd.

  • Page 95: Configuring User Authentication

    Step 2 Run: user-interface vty number1 [ number2 ] The VTY user interface view is displayed. Step 3 Run: authentication-mode aaa Set the authentication mode as AAA. Issue 04 (2009-12-20) Huawei Proprietary and Confidential 5-19 Copyright © Huawei Technologies Co., Ltd.
  • Page 96 Configuring Non-Authentication Do as follows on the router: Step 1 Run: system-view The system view is displayed. Step 2 Run: user-interface vty number1 [ number2 ] 5-20 Huawei Proprietary and Confidential Issue 04 (2009-12-20) Copyright © Huawei Technologies Co., Ltd.

  • Page 97: Checking The Configuration

    Data Preparation To manage the user interface, you need the following data: Data Type and number of the user interface Contents of the message to be sent Issue 04 (2009-12-20) Huawei Proprietary and Confidential 5-21 Copyright © Huawei Technologies Co., Ltd.

  • Page 98: Sending Messages To Other User Interfaces

    Run the following commands to check the previous configuration. Action Command Display the usage information of the user interface display users [ all ] Check the online user display access-user 5-22 Huawei Proprietary and Confidential Issue 04 (2009-12-20) Copyright © Huawei Technologies Co., Ltd.

  • Page 99: Configuring User Management

    To configure user management, complete the following procedures. Procedure Configuring Authentication Mode Configuring Authentication Password Setting Username and Password for AAA Local Authentication Configuring Non-Authentication Configuring User Priority Checking the Configuration Issue 04 (2009-12-20) Huawei Proprietary and Confidential 5-23 Copyright © Huawei Technologies Co., Ltd.

  • Page 100: Configuring Authentication Mode

    The default authentication mode is the password authentication. 5.6.4 Setting Username and Password for AAA Local Authentication Do as follows on the router that the user logs in to: Step 1 Run: system-view 5-24 Huawei Proprietary and Confidential Issue 04 (2009-12-20) Copyright © Huawei Technologies Co., Ltd.

  • Page 101: Configuring Non-Authentication

    The user interface view is displayed. Step 3 Run: set authentication none The non-authentication is configured. ----End Configuring the non-authentication may cause security problems of the router. Issue 04 (2009-12-20) Huawei Proprietary and Confidential 5-25 Copyright © Huawei Technologies Co., Ltd.

  • Page 102: Configuring User Priority

    To configure the local user management, you need the following data. Data Username and password Service type of the local user FTP directory of the local user The status of the local user 5-26 Huawei Proprietary and Confidential Issue 04 (2009-12-20) Copyright © Huawei Technologies Co., Ltd.

  • Page 103: Creating Local User Account

    The local user account is created. ----End 5.7.3 Configuring the Service Type of the Local User Do as follows on the router: Step 1 Run: system-view Issue 04 (2009-12-20) Huawei Proprietary and Confidential 5-27 Copyright © Huawei Technologies Co., Ltd.

  • Page 104: Configuring Local User Authority For Ftp Directory

    Do as follows on the router: Step 1 Run: system-view The system view is displayed. Step 2 Run: The AAA view is displayed. Step 3 Run: 5-28 Huawei Proprietary and Confidential Issue 04 (2009-12-20) Copyright © Huawei Technologies Co., Ltd.

  • Page 105: Configuring Local User Priority

    The access restriction of the local user is configured. ----End 5.7.8 Checking the Configuration Run the following command to check the previous configuration. Issue 04 (2009-12-20) Huawei Proprietary and Confidential 5-29 Copyright © Huawei Technologies Co., Ltd.

  • Page 106: Configuration Examples

    After the following two configuration examples are completed, the current user VTY0 cannot run commands at levels higher than two. Ensure that you can log in to the router through other methods to delete the configuration. 5-30 Huawei Proprietary and Confidential Issue 04 (2009-12-20) Copyright © Huawei Technologies Co., Ltd.

  • Page 107: Example For Configuring Logging In To The Router Through Password

    Networking Requirements The COM port of the PC is connected with the Console port. Set the priority of VTY0 to 2 and authenticate the passwords of users. Users need to input the password Huawei to log on successfully. After login, if the operations are not carried out in 30 minutes, it means that the user-interface is disconnected from the router.

  • Page 108: Example For Logging In To The Router Through Aaa

    The COM port of the PC and the console port of the router are connected. Configure the priority of VTY0 to be 2, perform AAA authentication on the user that logs in through VTY 0. The login user must enter the username "Huawei" and the password "Huawei".

  • Page 109: Configuration Files

    [Quidway-ui-vty0] user privilege level 2 [Quidway-ui-vty0] authentication-mode aaa [Quidway-ui-vty0] idle-timeout 30 [Quidway-ui-vty0] quit [Quidway] aaa [Quidway -aaa] local-user huawei password cipher huawei [Quidway -aaa] local-user huawei level 2 [Quidway-aaa] local-user huawei idle-cut Configuration Files sysname Quidway local-user huawei password cipher N`C55QK<`=/Q=^Q`MAF4<1!!
  • Page 110 6.4.5 Deleting Files ............................6-9 6.4.6 Deleting Files in the Recycle Bin......................6-9 6.4.7 Undeleting Files ...........................6-9 6.5 Running Files in Batch..........................6-10 6.6 Configuring Prompt Modes.........................6-10 6.7 Example of Configuration........................... 6-11 Issue 04 (2009-12-20) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 111: File System

    6.6 Configuring Prompt This section describes how to realize the prompt for users Modes to run commands. 6.7 Example of Configuration This section describes the instance of file system. Issue 04 (2009-12-20) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 112: Introduction

    Pre-configuration Tasks Before managing the storage devices, complete the following tasks: Installing the router and starting it normally Enabling the client to log in to the router Huawei Proprietary and Confidential Issue 04 (2009-12-20) Copyright © Huawei Technologies Co., Ltd.

  • Page 113: Restoring Storage Devices With File System Troubles

    You can format the storage device when you fail to repair the file system or ensure that you do not need all the data saved on the device. Do as follows on the router: Step 1 Run: Issue 04 (2009-12-20) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 114: Managing The Directory

    Data Directory name to be created Directory name to be deleted Configuration Procedures To complete the configuration, perform the following procedures. Procedure Viewing the Current Directory Switching Huawei Proprietary and Confidential Issue 04 (2009-12-20) Copyright © Huawei Technologies Co., Ltd.

  • Page 115: Viewing The Current Directory

    Step 2 Run: cd directory The directory of the files to be displayed is displayed. Step 3 Run: dir [ /all ] [ /h ] [ filename ] Issue 04 (2009-12-20) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 116: Creating A Directory

    6.4 Managing Files Applicable Environment Configure the file system to transfer files between the client and the server. Pre-configuration Tasks Before configuring the file system, complete the following tasks: Huawei Proprietary and Confidential Issue 04 (2009-12-20) Copyright © Huawei Technologies Co., Ltd.

  • Page 117: Displaying Contents Of Files

    The directory of the file is displayed. Step 3 Run: more filename The content of the file is displayed. ----End 6.4.2 Copying Files Do as follows on the router: Issue 04 (2009-12-20) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 118: Moving Files

    Step 1 Enter the user view. Step 2 Run: cd directory The directory of the file is displayed. Step 3 Run: rename source-filename destination-filename The file is renamed. ----End Huawei Proprietary and Confidential Issue 04 (2009-12-20) Copyright © Huawei Technologies Co., Ltd.

  • Page 119: Deleting Files

    Step 1 Run: undelete filename The file is undeleted. ----End If the current directory is not the parent directory, you must operate the file using the absolute path. Issue 04 (2009-12-20) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 120: Running Files In Batch

    If quiet is selected as the prompt mode of the file system, no prompt is displayed when mis-operation such as deleting a file, which results in data loss, is performed. 6-10 Huawei Proprietary and Confidential Issue 04 (2009-12-20) Copyright © Huawei Technologies Co., Ltd.

  • Page 121: Example Of Configuration

    Check the files under a certain directory. Copy a file to this directory. Check this directory and view that the file is copied successfully to the specified directory. Issue 04 (2009-12-20) Huawei Proprietary and Confidential 6-11 Copyright © Huawei Technologies Co., Ltd.
  • Page 122 4 Mar 01 2004 21:19:27 snmpboots -rw- 80 Mar 09 2004 09:47:36 header-file.txt drw- - Mar 09 2004 09:50:38 log.txt 15875 KB total (5032 KB free) ----End 6-12 Huawei Proprietary and Confidential Issue 04 (2009-12-20) Copyright © Huawei Technologies Co., Ltd.
  • Page 123 7.2.3 Configuring the Configuration File for Router to Load ...............7-3 7.2.4 Saving Configuration File........................7-4 7.2.5 Clearing Configuration Files........................7-4 7.2.6 Comparing Configuration Files......................7-5 7.2.7 Checking the Configuration .........................7-5 Issue 04 (2009-12-20) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 124: Management Of Configuration Files

    Section Description 7.1 Introduction This section describes the basic concepts of the configuration file. 7.2 Managing Configuration This section describes the method of managing Files configuration file. Issue 04 (2009-12-20) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 125: Introduction

    To start the router normally, you need to select correct system software and configuration file for the router to load. After modifying current configurations, you need to save the modified contents. You need to view the configuration of the router. Huawei Proprietary and Confidential Issue 04 (2009-12-20) Copyright © Huawei Technologies Co., Ltd.

  • Page 126: Configuring System Software For A Router To Load

    The parameter slave-board is valid only on the router with dual main control boards. ----End 7.2.3 Configuring the Configuration File for Router to Load Do as follows on the router: Step 1 Run: Issue 04 (2009-12-20) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 127: Saving Configuration File

    Huawei Proprietary and Confidential Issue 04 (2009-12-20) Copyright © Huawei Technologies Co., Ltd.

  • Page 128: Comparing Configuration Files

    The system software and configuration file that are to be loaded on the router next time are correct and they are saved in the root directory of the storage device. Issue 04 (2009-12-20) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
  • Page 129 8.4.7 Managing Directories......................... 8-11 8.4.8 Managing Files...........................8-12 8.4.9 Changing Login Users ........................8-13 8.4.10 Disconnecting from the FTP Server....................8-13 8.4.11 Checking the Configuration ......................8-14 8.5 Configuring TFTP ............................8-14 Issue 04 (2009-12-20) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
  • Page 130 8.8.1 Example for Configuring the FTP Server ..................8-18 8.8.2 Example for Configuring FTP ACL....................8-21 8.8.3 Example for Configuring the FTP Client ...................8-23 8.8.4 Example for Configuring TFTP ......................8-24 8.8.5 Example for Configuring XModem ....................8-26 Huawei Proprietary and Confidential Issue 04 (2009-12-20) Copyright © Huawei Technologies Co., Ltd.
  • Page 131 Figure 8-4 Networking diagram of configuring TFTP ..................8-24 Figure 8-5 Setting the Base Directory of the TFTP server ................8-25 Figure 8-6 Specifying the file to be sent......................8-26 Issue 04 (2009-12-20) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 132: Ftp, Tftp And Xmodem

    TFTP router. 8.7 Configuring XModem This section describes how to transfer files through XModem. 8.8 Configuration Examples This section provides examples for configuring FTP, TFTP, and XModem. Issue 04 (2009-12-20) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 133: Introduction

    After the negotiation succeeds, the sending program begins to send packets. When the receiving program receives a complete packet, it checks the packet according to the negotiated mode: Huawei Proprietary and Confidential Issue 04 (2009-12-20) Copyright © Huawei Technologies Co., Ltd.

  • Page 134: Configuring The Router To Be The Ftp Server

    The file directory authorized to the FTP user Configuration Procedures To configure an FTP server, you need to take following steps. Procedure Configuring the source address of FTP server Enabling the FTP Server Issue 04 (2009-12-20) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 135: Configuring The Source Address Of Ftp Server

    8.2.4 Configuring the Timeout Period Do as follows on the router that serves as the FTP server: Step 1 Run: system-view The system view is displayed. Step 2 Run: Huawei Proprietary and Confidential Issue 04 (2009-12-20) Copyright © Huawei Technologies Co., Ltd.

  • Page 136: Configuring The Local Username And The Password

    The FTP service type is configured. Step 4 Run: local-user user-name ftp-directory directory The authorized directory of the FTP user is configured. ----End Issue 04 (2009-12-20) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 137: Checking The Configuration

    Before configuring the FTP ACL, complete the following tasks: Powering on the router Connecting the FTP client with the server Data Preparation To configure the FTP ACL, you need the following data. Huawei Proprietary and Confidential Issue 04 (2009-12-20) Copyright © Huawei Technologies Co., Ltd.

  • Page 138: Enabling The Ftp Server

    Do as follows on the router that serves as the FTP server: Step 1 Run: system-view The system view is displayed. Step 2 Run: acl acl-number The ACL view is displayed. Step 3 Run: Issue 04 (2009-12-20) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 139: Configuring The Basic Ftp Acl

    After configuring the FTP server, run the display ftp-server command. You can view that the FTP ACL is 2345. <Quidway> display ftp-server FTP server is running Max user number User count Timeout value(in minute) Acl Number 2345 Huawei Proprietary and Confidential Issue 04 (2009-12-20) Copyright © Huawei Technologies Co., Ltd.

  • Page 140: Configuring The Router To Be The Ftp Client

    Logging In to the FTP Server Configuring Viewing Online Help of the FTP Command Uploading or Downloading Files Managing Directories Managing Files Changing Login Users Disconnecting from the FTP Issue 04 (2009-12-20) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 141: Configuring The Source Address Of Ftp Client

    The router is connected to the FTP server, and the FTP client view is displayed. Step 2 Run: ascii | binary The data type of the file to be transmitted is ASCII code or binary. Step 3 Run: passive 8-10 Huawei Proprietary and Confidential Issue 04 (2009-12-20) Copyright © Huawei Technologies Co., Ltd.

  • Page 142: Viewing Online Help Of The Ftp Command

    [-a source-ip-address | -i { interface-name | interface-type interface-num } ] [ host [ port-number ] ] [ vpn-instance vpn-instance-name ] The router is connected to the FTP server. Issue 04 (2009-12-20) Huawei Proprietary and Confidential 8-11 Copyright © Huawei Technologies Co., Ltd.

  • Page 143: Managing Files

    [ remote-filename ] [ local-filename ] The specified directory or file on the remote FTP server is displayed. Run: dir [ remote-filename ] [ local-filename ] 8-12 Huawei Proprietary and Confidential Issue 04 (2009-12-20) Copyright © Huawei Technologies Co., Ltd.

  • Page 144: Changing Login Users

    The client router is disconnected from the FTP server. Return to the user view. Run: close quit The client router is disconnected from the FTP server. Return to the FTP view. ----End Issue 04 (2009-12-20) Huawei Proprietary and Confidential 8-13 Copyright © Huawei Technologies Co., Ltd.

  • Page 145: Checking The Configuration

    To configure TFTP, you need the following data. Data IP address of the TFTP server Name of the specific file in the TFTP server File directory ACL number 8-14 Huawei Proprietary and Confidential Issue 04 (2009-12-20) Copyright © Huawei Technologies Co., Ltd.

  • Page 146: Configuring The Source Address Of Tftp Client

    [-a source-ip-address | -i { interface-name | interface-type interface-num } ] tftp-server put source-filename [ destination-filename ] The router is configured to upload files through TFTP. ----End Issue 04 (2009-12-20) Huawei Proprietary and Confidential 8-15 Copyright © Huawei Technologies Co., Ltd.

  • Page 147: Limiting The Access To The Tftp Server

    Do as follows on the router that serves as the TFTP client: Step 1 Run: system-view The system view is displayed. Step 2 Run: acl acl-number The ACL view is displayed. 8-16 Huawei Proprietary and Confidential Issue 04 (2009-12-20) Copyright © Huawei Technologies Co., Ltd.

  • Page 148: Configuring The Basic Tftp Acl

    Logging in to the router through the terminal emulation program and specifying the file path in the terminal emulation program Data Preparation To configure XModem, you need the following data. Issue 04 (2009-12-20) Huawei Proprietary and Confidential 8-17 Copyright © Huawei Technologies Co., Ltd.

  • Page 149: Getting A File Through Xmodem

    8-1, the IP address of the FTP server is 172.16.104.110/24. Log in to the router from the HyperTerminal and then download files from the FTP server. 8-18 Huawei Proprietary and Confidential Issue 04 (2009-12-20) Copyright © Huawei Technologies Co., Ltd.

  • Page 150: Figure 8-1 Networking Diagram With Ftp Server Basic Functions

    Data Preparation To complete the configuration, you need the following data: FTP username as quidway and password as huawei on the server The correct path of the original files on the FTP server The destination file name and its position in the router...
  • Page 151 FTP server enable interface Ethernet2/0/0 undo shutdown ip address 172.16.104.110 255.255.255.0 local-user quidway password simple Huawei local-user quidway service-type ftp local-user quidway ftp-directory flash:/ftp/system authentication-scheme default authorization-scheme default 8-20 Huawei Proprietary and Confidential Issue 04 (2009-12-20) Copyright © Huawei Technologies Co., Ltd.

  • Page 152: Figure 8-2 Networking Diagram Of Configuring Ftp Acl

    "Configuring the Router to be the FTP Server". Step 2 Configure the basic ACL. <Quidway> system-view [Quidway] acl number 2001 [Quidway-acl-basic-2001]rule permit source 172.16.104.111 0.0.0.255 [Quidway-acl-basic-2001]quit Issue 04 (2009-12-20) Huawei Proprietary and Confidential 8-21 Copyright © Huawei Technologies Co., Ltd.
  • Page 153 172.16.104.110 255.255.255.0 local-user quidway password simple Huawei local-user quidway service-type ftp local-user quidway ftp-directory flash:/ftp/system authentication-scheme default authorization-scheme default accounting-scheme default domain default Return 8-22 Huawei Proprietary and Confidential Issue 04 (2009-12-20) Copyright © Huawei Technologies Co., Ltd.

  • Page 154: Figure 8-3 Configuring The Ftp Client

    200 Type set to I. [ftp] lcd flash:/ % Local directory now flash: Step 3 Download the newest system software from the remote FTP server on the router. Issue 04 (2009-12-20) Huawei Proprietary and Confidential 8-23 Copyright © Huawei Technologies Co., Ltd.

  • Page 155: Figure 8-4 Networking Diagram Of Configuring Tftp

    The destination file name and its path on the Quidway router. Configuration Procedure Step 1 Start the TFTP server, set its Base Directory as the directory where the vrp.cc file resides. Figure 8-5 shows the interface. 8-24 Huawei Proprietary and Confidential Issue 04 (2009-12-20) Copyright © Huawei Technologies Co., Ltd.

  • Page 156: Figure 8-5 Setting The Base Directory Of The Tftp Server

    1004 Feb 05 2001 09:51:22 vrp1.zip -rw- 6247 May 19 2006 15:00:10 license.txt -rw- 14343 May 16 2006 14:13:42 paf.txt.bak 15875 KB total (5032 KB free) ----End Issue 04 (2009-12-20) Huawei Proprietary and Confidential 8-25 Copyright © Huawei Technologies Co., Ltd.

  • Page 157: Figure 8-6 Specifying The File To Be Sent

    The received file is saved on theFlash memory of the router and the file name is test.txt. <Quidway> xmodem get flash:/test.txt **** WARNING **** xmodem is a slow transfer protocol limited to the current speed 8-26 Huawei Proprietary and Confidential Issue 04 (2009-12-20) Copyright © Huawei Technologies Co., Ltd.
  • Page 158 3844 Jul 14 2004 11:51:45 exception.dat -rw- 8628372 Jun 01 2005 10:14:34 vrp330-0521.01.bin -rw- 45 Jul 27 2005 10:51:26 test.txt 15875 KB total (5015 KB free) ----End Issue 04 (2009-12-20) Huawei Proprietary and Confidential 8-27 Copyright © Huawei Technologies Co., Ltd.

  • Page 159: Telnet And Ssh

    9.4.6 (Optional) Enabling the Trap Function ....................9-18 9.4.7 (Optional)Configuring the Interval for Updating the Key Pair on the SSH Server......9-19 9.4.8 Checking the Configuration .......................9-19 9.5 Configuring the STelnet Client Function ....................9-20 Issue 04 (2009-12-20) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
  • Page 160 9.8.3 Example for Connecting the SFTP Client to the SSH Server ............9-37 9.8.4 Example for Accessing the SSH Server Through Other Port Numbers ..........9-42 9.8.5 Example for Authenticating SSH Through RADIUS.................9-49 Huawei Proprietary and Confidential Issue 04 (2009-12-20) Copyright © Huawei Technologies Co., Ltd.
  • Page 161 Figure 9-8 Networking diagram of connecting the SFTP client to the SSH server ..........9-37 Figure 9-9 Networking diagram of accessing the SSH server through other port numbers ......9-43 Figure 9-10 Networking diagram of authenticating the SSH through RADIUS ..........9-49 Issue 04 (2009-12-20) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 162: Telnet And Ssh

    9.7 Maintaining Telnet and This section describes how to debug the Telnet and SSH terminal services. 9.8 Configuration Examples This section provides examples for configuring Telnet and SSH. Issue 04 (2009-12-20) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 163: Figure 9-1 Telnet Client Services

    Figure 9-2. The typical application is to connect the 8/16-port asynchronous interface of the router with multiple devices for their remote configuration and maintenance. Huawei Proprietary and Confidential Issue 04 (2009-12-20) Copyright © Huawei Technologies Co., Ltd.

  • Page 164: Figure 9-2 Telnet Redirection Services

    Note: The max number of VTY users is 5, and the current number of VTY users on line is 0. The connection was closed by the remote host! <RouterA> Issue 04 (2009-12-20) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 165: Ssh Terminal Services

    SSH server or a UNIX host. As shown in Figure 9-4 Figure 9-5, an SSH channel is set up for the local connection and the Wide Area Network (WAN) connection. Huawei Proprietary and Confidential Issue 04 (2009-12-20) Copyright © Huawei Technologies Co., Ltd.

  • Page 166: Figure 9-4 Establishing An Ssh Channel In A Lan

    SSH. This is to prevent the password from being intercepted. SSH provides encryption to the transmitted data to guarantee security and reliability. − SFTP client Issue 04 (2009-12-20) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
  • Page 167 After the authentication succeeds, the client sends the session request to the server. The server then processes this request and the interactive session is performed. Performing the interactive session Huawei Proprietary and Confidential Issue 04 (2009-12-20) Copyright © Huawei Technologies Co., Ltd.

  • Page 168: Configuring Telnet Terminal Services

    Number of the TCP port that provides Telnet services on the remote router Timeout period of the user interface Configuration Procedures Procedure Establishing a Telnet Connection Establishing a Telnet Redirection Connection Scheduled Telnet Disconnection Checking the Configuration Issue 04 (2009-12-20) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 169: Establishing A Telnet Connection

    [ vpn-instance vpn-instance-name ] [-a source-ip-address ] host-name [ port-number ] Log in to the router through the specified interface and connect with the asynchronous interface of the specified interface. ----End Huawei Proprietary and Confidential Issue 04 (2009-12-20) Copyright © Huawei Technologies Co., Ltd.

  • Page 170: Scheduled Telnet Disconnection

    TCPCB Tid/Soid Local Add:port Foreign Add:port VPNID State 39952df8 36 /1509 0.0.0.0:0 0.0.0.0:0 Closed 32af9074 59 /1 0.0.0.0:21 0.0.0.0:0 14849 Listening 34042c80 73 /17 10.164.39.99:23 10.164.6.13:1147 Established Issue 04 (2009-12-20) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 171: Configuring Ssh Users

    (Optional)Configuring the Basic Authentication Information for SSH Users (Optional)Authorizing SSH Users Through the Command Line Configuring the Service Type of SSH Users (Optional)Configuring the Authorized Directory of SFTP Service for SSH Users 9-10 Huawei Proprietary and Confidential Issue 04 (2009-12-20) Copyright © Huawei Technologies Co., Ltd.

  • Page 172: Creating An Ssh User

    The system view is displayed. Step 2 Run: user-interface [ vty ] first-ui-number [ last-ui-number ] The VTY user interface is displayed. Step 3 Run: Issue 04 (2009-12-20) Huawei Proprietary and Confidential 9-11 Copyright © Huawei Technologies Co., Ltd.

  • Page 173: Generating A Local Rsa Key Pair

    The authentication mode for SSH users is configured. Perform the following as required: Authenticate the SSH user through the password. Run: ssh user user-name authentication-type password 9-12 Huawei Proprietary and Confidential Issue 04 (2009-12-20) Copyright © Huawei Technologies Co., Ltd.
  • Page 174 Before the peer RSA public key is assigned to the SSH client, the SSH server must be configured and the peer RSA public key must be the RSA public key of the SSH client. Issue 04 (2009-12-20) Huawei Proprietary and Confidential 9-13 Copyright © Huawei Technologies Co., Ltd.

  • Page 175: Optional)Configuring The Basic Authentication Information For Ssh Users

    After the command line authorization is configured for the SSH client through the RSA authentication, you must perform the AAA configuration; otherwise, the command line authorization does not become valid for the SSH client. ----End 9-14 Huawei Proprietary and Confidential Issue 04 (2009-12-20) Copyright © Huawei Technologies Co., Ltd.

  • Page 176: Configuring The Service Type Of Ssh Users

    [Quidway] display ssh user-information client001 User Name : client001 Authentication-type : password User-public-key-name : - Issue 04 (2009-12-20) Huawei Proprietary and Confidential 9-15 Copyright © Huawei Technologies Co., Ltd.

  • Page 177: Configuring The Ssh Server

    Enabling the STelnet Service Enabling the SFTP Service (Optional)Enabling the Earlier Version-Compatible Function (Optional)Configuring the Number of the Port Monitored by the SSH Server (Optional) Enabling the Trap Function 9-16 Huawei Proprietary and Confidential Issue 04 (2009-12-20) Copyright © Huawei Technologies Co., Ltd.

  • Page 178: Enabling The Stelnet Service

    Do as follows on the router that serves as the SSH server: Step 1 Run: system-view The system view is displayed. Step 2 Run: ssh server compatible-ssh1x enable The earlier version-compatible function is enabled. Issue 04 (2009-12-20) Huawei Proprietary and Confidential 9-17 Copyright © Huawei Technologies Co., Ltd.

  • Page 179: Optional)Configuring The Number Of The Port Monitored By The Ssh Server

    Do as follows on the login router: Step 1 Run: system-view The system view is displayed. Step 2 Run: snmp-agent trap enable ssh The trap function is enabled. ----End 9-18 Huawei Proprietary and Confidential Issue 04 (2009-12-20) Copyright © Huawei Technologies Co., Ltd.

  • Page 180: Optional)Configuring The Interval For Updating The Key Pair On The Ssh Server

    STelnet server: Enable SSH server port: 55535 If the default number of the monitored port is adopted, information about the currently monitored port is not displayed. Issue 04 (2009-12-20) Huawei Proprietary and Confidential 9-19 Copyright © Huawei Technologies Co., Ltd.

  • Page 181: Configuring The Stelnet Client Function

    To configure the functions for STelnet client server, you need to take the following steps. Procedure Enabling the First-Time Authentication on the SSH Client (Optional) Configuring the SSH Client to Assign the RSA Public Key to the SSH Server 9-20 Huawei Proprietary and Confidential Issue 04 (2009-12-20) Copyright © Huawei Technologies Co., Ltd.

  • Page 182: Enabling The First-Time Authentication On The Ssh Client

    The system view is displayed. Step 2 Run: ssh client servername assign rsa-key keyname The RSA public key is assigned to the SSH server. ----End Issue 04 (2009-12-20) Huawei Proprietary and Confidential 9-21 Copyright © Huawei Technologies Co., Ltd.

  • Page 183: Enabling The Stelnet Client

    Version : 2.0 State : started Username : client001 Retry CTOS Cipher : aes128-cbc STOC Cipher : aes128-cbc CTOS Hmac : hmac-sha1-96 STOC Hmac : hmac-sha1-96 9-22 Huawei Proprietary and Confidential Issue 04 (2009-12-20) Copyright © Huawei Technologies Co., Ltd.

  • Page 184: Configuring The Sftp Client Function

    Preferred HMAC algorithm from the SFTP server to the SSH client Preferred algorithm of key exchange Name of the egress Source address Directory name File name Issue 04 (2009-12-20) Huawei Proprietary and Confidential 9-23 Copyright © Huawei Technologies Co., Ltd.

  • Page 185: Configuring The First-Time Authentication On The Ssh Client

    Step 1 Run: system-view The system view is displayed. Step 2 Run: ssh client servername assign rsa-key keyname Assign a public key to the SSH server. ----End 9-24 Huawei Proprietary and Confidential Issue 04 (2009-12-20) Copyright © Huawei Technologies Co., Ltd.

  • Page 186: Enabling The Sftp Client

    Step 3 According to the requirement, select and perform one or more configurations below. Run: cd remote-directory The current operating directory of users is changed. Run: cdup The operating directory of users is switched to the upper-level directory. Run: Issue 04 (2009-12-20) Huawei Proprietary and Confidential 9-25 Copyright © Huawei Technologies Co., Ltd.

  • Page 187: Optional) Managing The File

    [local-file] The file on the remote server is downloaded. Run: put local-file [remote-file] The local file is uploaded to the remote server. Run: remove remote-file 9-26 Huawei Proprietary and Confidential Issue 04 (2009-12-20) Copyright © Huawei Technologies Co., Ltd.

  • Page 188: Optional)Displaying The Sftp Client Command Help

    VTY4 through sftp service in rsa authentication mode. [Quidway] display ssh server session Session 2: Conn : VTY 4 Version : 2.0 State : started Username : client002 Issue 04 (2009-12-20) Huawei Proprietary and Confidential 9-27 Copyright © Huawei Technologies Co., Ltd.

  • Page 189: Maintaining Telnet And Ssh

    Delete the SSH user using the following commands in the system view. Action Command Delete the specified SSH user. undo ssh user user-name Delete all the SSH users. undo ssh user 9-28 Huawei Proprietary and Confidential Issue 04 (2009-12-20) Copyright © Huawei Technologies Co., Ltd.

  • Page 190: Figure 9-6 Networking Diagram Of The Telnet Terminal Services Mode

    Users need to input the password when they log in to Router B from Router A through Telnet. Data Preparation To complete the configuration, you need the following data: Issue 04 (2009-12-20) Huawei Proprietary and Confidential 9-29 Copyright © Huawei Technologies Co., Ltd.
  • Page 191 VTY users on line is 1. <RouterB> ----End Configuration Files Configuration file of Router A (It is not mentioned here.) Configuration file of Router B 9-30 Huawei Proprietary and Confidential Issue 04 (2009-12-20) Copyright © Huawei Technologies Co., Ltd.

  • Page 192: Figure 9-7 Networking Diagram Of Connecting The Stelnet Client To The Ssh Server

    SSH server through the password or RSA authentication. Configure two login clients: Configure Client001 with the password as huawei and adopt the password authentication. Configure Client002, adopt the RSA authentication and assign the public key RsaKey001 to Client002.
  • Page 193 # Set the password authentication for the SSH user Client001. [Quidway] ssh user client001 [Quidway] ssh user client001 authentication-type password # Set the password of the SSH user Client001 to huawei. [Quidway] aaa [Quidway-aaa]local-user client001 password simple huawei [Quidway-aaa]local-user client001 service-type ssh [Quidway-aaa] quit Create an SSH user Client002.
  • Page 194 # Send the RSA public key generated on the client software to the server. [Quidway]rsa peer-public-key RsaKey001 Enter "RSA public key" view, return system view with "peer-public-key end". [Quidway-rsa-public-key]public-key-code begin Issue 04 (2009-12-20) Huawei Proprietary and Confidential 9-33 Copyright © Huawei Technologies Co., Ltd.
  • Page 195 Do you want to save the server's public key?(Y/N):y he server's public key will be saved with the name: 10.164.39.222. Please wait...s Enter password: Enter the password "huawei", and the following output is displayed after successful login: *********************************************************** All rights reserved (2000-2007) Without the owner's prior written consent, * no decompiling or reverse-engineering shall be allowed.
  • Page 196 Username : client001 Retry CTOS Cipher : aes128-cbc STOC Cipher : aes128-cbc CTOS Hmac : hmac-sha1-96 STOC Hmac : hmac-sha1-96 : diffie-hellman-group1-sha1 Service Type : stelnet Issue 04 (2009-12-20) Huawei Proprietary and Confidential 9-35 Copyright © Huawei Technologies Co., Ltd.
  • Page 197 0203 010001 public-key-code end peer-public-key end local-user client001 password simple huawei local-user client001 service-type ssh ssh user client002 assign rsa-key rsakey001 ssh user client001 authentication-type password 9-36 Huawei Proprietary and Confidential Issue 04 (2009-12-20) Copyright © Huawei Technologies Co., Ltd.

  • Page 198: Figure 9-8 Networking Diagram Of Connecting The Sftp Client To The Ssh Server

    To complete the configuration, you need the following data: Name and the authentication mode of the SSH user Password or the RSA public key of the SSH user Name of the SSH server Issue 04 (2009-12-20) Huawei Proprietary and Confidential 9-37 Copyright © Huawei Technologies Co., Ltd.
  • Page 199 # Create an SSH user with the name Client001. The authentication mode is password. [Quidway] ssh user client001 [Quidway] ssh user client001 authentication-type password # Set huawei as the password for the Client001 of the SSH user. [Quidway] aaa [Quidway-aaa] local-user client001 password simple huawei [Quidway-aaa] local-user client001 service-type ssh Create an SSH user with user name Client002 and RSA authentication.
  • Page 200 [Quidway-rsa-key-code] BFF35E4B C61BD786 F907B5DE 7D6770C3 E5FD17AB [Quidway-rsa-key-code] 203C8FCB BBC8FDF2 F7CB674E 519E8419 0F6B97A8 [Quidway-rsa-key-code] EA91FC4B B9E18836 5E74BFD5 4C687767 A89C6B43 [Quidway-rsa-key-code] 1D7E3E1B [Quidway-rsa-key-code] 0203 [Quidway-rsa-key-code] 010001 [Quidway-rsa-key-code] public-key-code end [Quidway-rsa-public-key] peer-public-key end Issue 04 (2009-12-20) Huawei Proprietary and Confidential 9-39 Copyright © Huawei Technologies Co., Ltd.
  • Page 201 # Display the SSH status. [Quidway] display ssh server status SSH version : 1.99 SSH connection timeout : 60 seconds SSH server key generating interval : 0 hours 9-40 Huawei Proprietary and Confidential Issue 04 (2009-12-20) Copyright © Huawei Technologies Co., Ltd.
  • Page 202 User Name :client001 Authentication-type :password User-public-key-name :- Sftp-directory flash : Service-type :sftp Authorization-cmd User 2: User Name :client002 Authentication-type :rsa User-public-key-name :RsaKey001 Sftp-directory Service-type :sftp Authorization-cmd ----End Issue 04 (2009-12-20) Huawei Proprietary and Confidential 9-41 Copyright © Huawei Technologies Co., Ltd.

  • Page 203: Example For Accessing The Ssh Server Through Other Port Numbers

    Thus, only the valid user can set up the socket connection through the non-standard monitored port set by the SSH server, and follow the procedure of negotiating the SSH version number, 9-42 Huawei Proprietary and Confidential Issue 04 (2009-12-20) Copyright © Huawei Technologies Co., Ltd.

  • Page 204: Figure 9-9 Networking Diagram Of Accessing The Ssh Server Through Other Port Numbers

    Name of the SSH server Number of the port monitored by the SSH server Configuration Procedure Step 1 Generate a local key pair on the server. <Quidway> system-view Issue 04 (2009-12-20) Huawei Proprietary and Confidential 9-43 Copyright © Huawei Technologies Co., Ltd.
  • Page 205 Key type: RSA encryption Key ===================================================== Key code: 3067 0260 BCFAC085 49A2E70E 1284F901 937D7B63 D7A077AB D2797280 4BCA86C0 4CD18B70 5DFAC9D3 9A3F3E74 9B2AF4CB 69FA6483 E87DA590 7B47721A 16391E27 1C76ABAB 743C568B 1B35EC7A 8572A096 BCA9DF0E 9-44 Huawei Proprietary and Confidential Issue 04 (2009-12-20) Copyright © Huawei Technologies Co., Ltd.
  • Page 206 # Create an SSH user with the name Client001. The authentication mode is password. [Quidway] ssh user client001 [Quidway] ssh user client001 authentication-type password # Set huawei as the password for the Client001 of the SSH user. [Quidway] aaa [Quidway-aaa] local-user client001 password simple huawei...
  • Page 207 Do you want to save the server's public key?(Y/N):y he server's public key will be saved with the name: 10.164.39.222. Please wait... Enter password: Enter the password Huawei and view as follows: *********************************************************** All rights reserved (2000-2007) Without the owner's prior written consent, * no decompiling or reverse-engineering shall be allowed.
  • Page 208 CTOS Cipher : aes128-cbc STOC Cipher : aes128-cbc CTOS Hmac : hmac-sha1-96 STOC Hmac : hmac-sha1-96 : diffie-hellman-group1-sha1 Service Type : sftp Authentication Type : rsa ----End Issue 04 (2009-12-20) Huawei Proprietary and Confidential 9-47 Copyright © Huawei Technologies Co., Ltd.
  • Page 209 GigabitEthernet1/0/0 ip address 10.164.39.220 255.255.255.0 ssh client first-time enable return Configuration file of Client002 on the SSH client sysname client002 interface GigabitEthernet1/0/0 ip address 10.164.39.221 255.255.255.0 9-48 Huawei Proprietary and Confidential Issue 04 (2009-12-20) Copyright © Huawei Technologies Co., Ltd.

  • Page 210: Figure 9-10 Networking Diagram Of Authenticating The Ssh Through Radius

    To complete the configuration, you need the following data: Configure the password authentications for the two SSH users respectively. RADIUS authentication Name of the RADIUS template Issue 04 (2009-12-20) Huawei Proprietary and Confidential 9-49 Copyright © Huawei Technologies Co., Ltd.
  • Page 211 Public key code for pasting into OpenSSH authorized_keys file : ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAQQC/815LxhvXhvkHtd59Z3DD5f0XqyA8j8u7yP3y98tn TlGehBkPa5eo6pH8S7nhiDZedL/VTGh3Z6ica0Mdfj4b rsa-key ===================================================== Time of Key pair created: 16:38:51 2007/5/25 Key name: Quidway_Server Key type: RSA encryption Key 9-50 Huawei Proprietary and Confidential Issue 04 (2009-12-20) Copyright © Huawei Technologies Co., Ltd.
  • Page 212 Step 3 Create the SSH user. On the RADIUS server, add two users named ssh1@ssh.com and ssh2@ssh.com respectively; in addition, designate the NAS address 10.164.39.222 and the key huawei. The NAS address refers to the address of SSH server that connects to the RADIUS server.
  • Page 213 [Quidway] radius-server template ssh # Configure the IP address and port of the RADIUS authentication server. [Quidway-radius-ssh] radius-server authentication 10.164.16.49 1812 # Configure the key of RADIUS server as huawei. [Quidway-radius-ssh] radius-server shared-key huawei [Quidway-radius-ssh] quit Step 5 Configure RADIUS domain name.
  • Page 214 # Display the connection of the SSH server. [Quidway] display ssh server session Session 1: Conn : VTY 0 Version : 2.0 State : started Username : ssh1@ssh.com Retry CTOS Cipher : aes128-cbc Issue 04 (2009-12-20) Huawei Proprietary and Confidential 9-53 Copyright © Huawei Technologies Co., Ltd.
  • Page 215 9-54 Huawei Proprietary and Confidential Issue 04 (2009-12-20) Copyright © Huawei Technologies Co., Ltd.
  • Page 216 : user-interface vty 0 4 authentication-mode aaa protocol inbound ssh Return Issue 04 (2009-12-20) Huawei Proprietary and Confidential 9-55 Copyright © Huawei Technologies Co., Ltd.
  • Page 217 10.5.2 Configuring a Checking of the Air Filter based on the Device Temperature ........10-8 10.5.3 Configuring a Cleaning Cycle for the Air Filter................10-9 10.5.4 Remonitoring the Cleaning Cycle of the Air Filter................10-9 10.5.5 Checking the Configuration ......................10-9 Issue 04 (2009-12-20) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 218: Router Maintenance

    10.3 Managing the Device This section describes how to manage the device Operation operation. 10.4 Configuring the This section describes how to configure the electronic Electronic Label label. Issue 04 (2009-12-20) Huawei Proprietary and Confidential 10-1 Copyright © Huawei Technologies Co., Ltd.

  • Page 219: Introduction

    The manufacturing information of the boards and optical modules can be backed up at the FTP server or the Flash card of the router. 10.2 Upgrading the Board 10-2 Huawei Proprietary and Confidential Issue 04 (2009-12-20) Copyright © Huawei Technologies Co., Ltd.

  • Page 220: Establishing The Configuration Task

    10 Router Maintenance To ensure the normal running of the router, upgrade the board software with caution. Upgrade the software under the guidance of the technical support personnel from Huawei. For detailed upgrade procedure, refer to the router release notes.

  • Page 221: Online Loading The Board Software

    10.2.6 Checking the Configuration Run the following commands to check the previous configuration. Action Command View the system version. display version View the status of the device. display device 10-4 Huawei Proprietary and Confidential Issue 04 (2009-12-20) Copyright © Huawei Technologies Co., Ltd.

  • Page 222: Managing The Device Operation

    The DASL port on the LPU is disabled. Step 2 Plug out the LPU. Step 3 Run: undo downlpu slot-id The DASL port of the LPU is re-enabled ----End Issue 04 (2009-12-20) Huawei Proprietary and Confidential 10-5 Copyright © Huawei Technologies Co., Ltd.

  • Page 223: Resetting The Device And Switching Over The Channel

    } | dem { link-status | state | statistic }} [ slot-id ] ] Display the startup type and time of display lpu { slot-id | all } startup the LPU. 10-6 Huawei Proprietary and Confidential Issue 04 (2009-12-20) Copyright © Huawei Technologies Co., Ltd.

  • Page 224: Configuring The Electronic Labelelectronic

    The system view is displayed. Step 2 Run: backup elabel filename [ slot-id ] The electronic label is backed up to the default FLash Memory. ----End Issue 04 (2009-12-20) Huawei Proprietary and Confidential 10-7 Copyright © Huawei Technologies Co., Ltd.

  • Page 225: Configuring A Cleaning Cycle For The Air Filter

    10.5.2 Configuring a Checking of the Air Filter based on the Device Temperature Do as follows on the router: Step 1 Run: system-view The system view is displayed. Step 2 Run: dustproof check-auto 10-8 Huawei Proprietary and Confidential Issue 04 (2009-12-20) Copyright © Huawei Technologies Co., Ltd.

  • Page 226: Configuring A Cleaning Cycle For The Air Filter

    Run the following commands to check the previous configuration. Action Command View the information about the display dustproof air filter. <Quidway> display dustproof Clean Dustproof-Net cycle : 365(days) Last clean date : 2009/02/07 Issue 04 (2009-12-20) Huawei Proprietary and Confidential 10-9 Copyright © Huawei Technologies Co., Ltd.
  • Page 227 Quidway NetEngine80 10 Router Maintenance Configuration Guide - Basic Configurations Up to last clean days : 1(day) Clean alarm existence days: 0(day) 10-10 Huawei Proprietary and Confidential Issue 04 (2009-12-20) Copyright © Huawei Technologies Co., Ltd.

  • Page 228: System Software Upgrade

    11.3.2 Specifying the System Software for the Next Startup..............11-5 11.3.3 (Optional) Configuring PAF Files ....................11-6 11.3.4 (Optional) Configuring Patch Packages ................... 11-6 11.3.5 Checking the Configuration ......................11-7 Issue 04 (2009-12-20) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 229: System Software Upgrade

    11.3 Specifying the System This section describes how to specify the system software Software for the Next Startup for the next startup of the router. of the Router Issue 04 (2009-12-20) Huawei Proprietary and Confidential 11-1 Copyright © Huawei Technologies Co., Ltd.

  • Page 230: Introduction

    This does not affect the current features or functions. Therefore, users can flexibly decide the required features according to the service demands without making great investment at the time of purchase. 11-2 Huawei Proprietary and Confidential Issue 04 (2009-12-20) Copyright © Huawei Technologies Co., Ltd.

  • Page 231: Uploading The System Software And License Files

    Upload the system software and license files to the Flash Memory of the master MPU. The router supports the uploading of files through FTP, TFTP and Xmodem. Choose an uploading method based on the requirements. Issue 04 (2009-12-20) Huawei Proprietary and Confidential 11-3 Copyright © Huawei Technologies Co., Ltd.

  • Page 232: Copying The System Software And License To The Slave Mpu

    6165 Aug 30 2006 03:36:24 license.txt -rw- 817148 Aug 30 2006 11:04:12 NE.bin 15875 KB total (5032 KB free) The vrpcfg.zip is the default configuration file of the system. 11-4 Huawei Proprietary and Confidential Issue 04 (2009-12-20) Copyright © Huawei Technologies Co., Ltd.

  • Page 233: Specifying The System Software For The Next Startup Of The Router

    Do as follows on the router to be upgraded: Step 1 Run: startup system-software file-name The system software is specified for starting the master MPU the next time. Issue 04 (2009-12-20) Huawei Proprietary and Confidential 11-5 Copyright © Huawei Technologies Co., Ltd.

  • Page 234: Optional) Configuring Paf Files

    Specify the patch files for the slave MPU after next startup. Step 3 Run: patch-state run { all | slot slot-id } 11-6 Huawei Proprietary and Confidential Issue 04 (2009-12-20) Copyright © Huawei Technologies Co., Ltd.

  • Page 235: Checking The Configuration

    Startup paf file: flash:/paf_v300r005c01.txt Next startup paf file: flash:/paf_v300r005c01.txt Startup license file: flash:/license_v300r005c01.txt Next startup license file: flash:/license_v300r005c01.txt Startup patch package: NULL Next startup patch package: NULL Issue 04 (2009-12-20) Huawei Proprietary and Confidential 11-7 Copyright © Huawei Technologies Co., Ltd.

  • Page 236: Patch Management

    12.8.1 Establishing the Configuration Task ....................12-13 12.8.2 Deactivating the LPU Patch......................12-13 12.9 Unloading the LPU Patch........................12-13 12.9.1 Establishing the Configuration Task ....................12-13 12.9.2 Deleting the LPU Patch........................12-14 Issue 04 (2009-12-20) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
  • Page 237 Quidway NetEngine80 Configuration Guide - Basic Configurations Figures Figures Figure 12-1 Conversion between the statuses of a patch..................12-2 Issue 04 (2009-12-20) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 238: Patch Management

    12.8 Stop Running the LPU This section describes how to stop running the LPU Patch patch. 12.9 Unloading the LPU Patch This section describes how to unload the LPU patch. Issue 04 (2009-12-20) Huawei Proprietary and Confidential 12-1 Copyright © Huawei Technologies Co., Ltd.

  • Page 239: Figure 12-1 Conversion Between The Statuses Of A Patch

    If a patch runs in the system, delete the patch before installing the new patch. The NE80 provides the patch function, and you can use the patch program released by Huawei to upgrade the system software. Patch Status A patch program has three statuses: activated, deactivated and running.

  • Page 240: Checking The Running Of Patch In The System

    Before checking the running of patch in the system, complete the following tasks: Ensuring that the router is started normally after power-on Ensuring that the router can be logged in to Data Preparation None. Issue 04 (2009-12-20) Huawei Proprietary and Confidential 12-3 Copyright © Huawei Technologies Co., Ltd.

  • Page 241: Checking The Running Of Patch On The Mpu

    Deactive Patch Unit : no patch The value of the bolded part in the preceding output is 0. This indicates that no patch runs in the current system. 12-4 Huawei Proprietary and Confidential Issue 04 (2009-12-20) Copyright © Huawei Technologies Co., Ltd.

  • Page 242: Checking The Running Of Patch On The Lpu

    MPUs. Upload the patch to the root directory of the Flash Memory or cfcard of the master MPU. Then, copy the patch to the root directory of the Flash Memory or cfcard of the MPU. Issue 04 (2009-12-20) Huawei Proprietary and Confidential 12-5 Copyright © Huawei Technologies Co., Ltd.

  • Page 243: Uploading A Patch To The Root Directory Of The Master Mpu

    The patch is copied to the root directory of the Flash Memory of the slave MPU. ----End If you need to copy multiple files to the Flash Memory of the slave MPU, repeat the preceding step. 12-6 Huawei Proprietary and Confidential Issue 04 (2009-12-20) Copyright © Huawei Technologies Co., Ltd.

  • Page 244: Installing A Patch On The Mpu

    Step 1 Run: system-view The system view is displayed. Step 2 Run: patch load file-name The MPU patch is uploaded. Step 3 Run: patch load file-name slave Issue 04 (2009-12-20) Huawei Proprietary and Confidential 12-7 Copyright © Huawei Technologies Co., Ltd.

  • Page 245: Activating The Mpu Patch

    Do as follows on the router to be upgraded. Step 1 Run: system-view The system view is displayed. Step 2 Run: patch run The MPU patch is run. 12-8 Huawei Proprietary and Confidential Issue 04 (2009-12-20) Copyright © Huawei Technologies Co., Ltd.

  • Page 246: Stop Running The Mpu Patch

    Do as follows on the router to be upgraded. Step 1 Run: system-view The system view is displayed. Step 2 Run: patch deactive The MPU patch is deactivated. Step 3 Run: Issue 04 (2009-12-20) Huawei Proprietary and Confidential 12-9 Copyright © Huawei Technologies Co., Ltd.

  • Page 247: Unloading The Mpu Patch

    Step 2 Do as follows on the router to be upgraded. Run: patch delete The MPU patch is deleted. Step 3 Run: patch delete slave The slave MPU patch is deleted. ----End 12-10 Huawei Proprietary and Confidential Issue 04 (2009-12-20) Copyright © Huawei Technologies Co., Ltd.

  • Page 248: Installing A Patch On The Lpu

    Do as follows on the router to be upgraded. Step 1 Run: system-view The system view is displayed. Step 2 Run: patch load file-name slot slot-id The LPU patch is uploaded. ----End Issue 04 (2009-12-20) Huawei Proprietary and Confidential 12-11 Copyright © Huawei Technologies Co., Ltd.

  • Page 249: Activating The Lpu Patch

    A patch can be run only after it is activated. Running a patch means that the patch is activated permanently and the patch remains valid after the board is reset. 12-12 Huawei Proprietary and Confidential Issue 04 (2009-12-20) Copyright © Huawei Technologies Co., Ltd.

  • Page 250: Stop Running The Lpu Patch

    12.9 Unloading the LPU Patch 12.9.1 Establishing the Configuration Task Applicable Environment When upgrading the system software or installing a new patch, you need to delete the running patch. Issue 04 (2009-12-20) Huawei Proprietary and Confidential 12-13 Copyright © Huawei Technologies Co., Ltd.

  • Page 251: Deleting The Lpu Patch

    Do as follows on the router to be upgraded. Step 1 Run: system-view The system view is displayed. Step 2 Run: patch delete slot slot-id The LPU patch is deleted. ----End 12-14 Huawei Proprietary and Confidential Issue 04 (2009-12-20) Copyright © Huawei Technologies Co., Ltd.
  • Page 252 Quidway NetEngine80 Configuration Guide - Basic Configurations Contents Contents A Glossary ............................ A-1 B Acronyms and Abbreviations ....................B-1 Huawei Proprietary and Confidential Issue 04 (2009-12-20) Copyright © Huawei Technologies Co., Ltd.
  • Page 253 Compared with the ACL, the black list can filter the packet at a high speed because its matching region is simple. It can shield the packet from the specified IP address. Huawei Proprietary and Confidential Issue 04 (2009-12-20) Copyright © Huawei Technologies Co., Ltd.
  • Page 254 FTP is implemented based on the file system. HGMPv2 Huawei Group Management Protocol Version 2. A protocol in which the discovery, topology collection, centralized management and remote maintenance are implemented on Layer 2 devices of a cluster that are connected with the router.
  • Page 255 Neighbor Discovery Protocol. A protocol that is used to discover the information of the neighboring Huawei device that is connected with the local device. Network Management System. A system that sends various query packets and receives the response packet and trap packet form the managed devices and displays all the information.
  • Page 256 Basic parameters for running the MA5200G such as host name, language mode System environment and system time. After configuration, the system environment can meet the requirements of the actual environment. Huawei Proprietary and Confidential Issue 04 (2009-12-20) Copyright © Huawei Technologies Co., Ltd.
  • Page 257 Versatile Routing Platform. A versatile routing operating system platform developed for all data communication products of Huawei. With the IP service as its core, the VRP adopts the componentized architecture. The VRP realizes rich functions and provides tailorability and scalability based on applications.
  • Page 258 A Glossary Configuration Guide - Basic Configurations X.25 over TCP. A protocol that implements the interconnection between two X.25 networks through the TCP packet bearing X.25 frames. Huawei Proprietary and Confidential Issue 04 (2009-12-20) Copyright © Huawei Technologies Co., Ltd.

  • Page 259: Acronyms And Abbreviations

    Asynchronous Transfer Mode Auxiliary port Border Gateway Protocol Class-based Queue CHAP Challenge Handshake Authentication Protocol Custom Queuing CR-LDP Constrain-based Routing LDP DHCP Dynamic Host Configuration Protocol Domain Name System Huawei Proprietary and Confidential Issue 04 (2009-12-20) Copyright © Huawei Technologies Co., Ltd.
  • Page 260 Link Access Procedure Balanced Label Distribution Protocol Medium Access Control MBGP Multiprotocol Extensions for BGP-4 Multiple Frame Relay MultiLink PPP MPLS Multiprotocol Label Switching MSDP Multicast Source Discovery Protocol Huawei Proprietary and Confidential Issue 04 (2009-12-20) Copyright © Huawei Technologies Co., Ltd.
  • Page 261 RADIUS Remote Authentication Dial In User Service Routing Information Protocol Resilient Packet Ring RSVP Resource Reservation Protocol Traffic Engineering Transmission Control Protocol TFTP Trivial File Transfer Protocol Huawei Proprietary and Confidential Issue 04 (2009-12-20) Copyright © Huawei Technologies Co., Ltd.
  • Page 262 Virtual Private LAN Service Virtual Private Network Versatile Routing Platform VRRP Virtual Router Redundancy Protocol Wide Area Network Weighted Fair Queuing WRED Weighted Random Early Detection X.25 Over TCP Huawei Proprietary and Confidential Issue 04 (2009-12-20) Copyright © Huawei Technologies Co., Ltd.
  • Page 263 Quidway NetEngine80 Configuration Guide - Basic Configurations Contents Contents Index ..............................i-1 Huawei Proprietary and Confidential Issue 04 (2009-12-20) Copyright © Huawei Technologies Co., Ltd.
  • Page 264 4-7 regular expression begin, 3-10 File System exclude, 3-10 overview, 6-2 include, 3-10 configuration, 8-3 example, 8-18 overview, 8-2 setting terminal attributes, 5-7 overview, 9-4 Huawei Proprietary and Confidential Issue 04 (2009-12-20) Copyright © Huawei Technologies Co., Ltd.
  • Page 265 5-2 Telnet terminal attribute, 5-7 configuration, 9-7 user-management overview, 9-2 configuration, 5-16, 5-23 TFTP configuration, 8-14 example, 8-24 XModem overview, 8-2 configuration, 8-17 example, 8-26 overview, 8-2 Huawei Proprietary and Confidential Issue 04 (2009-12-20) Copyright © Huawei Technologies Co., Ltd.

This manual is also suitable for:

Quidway netengine80

Table of Contents