Huawei NE40 router Config Guide

Quidway NetEngine80 Core RouterV300R005 Configuration Guide - Basic Configurations Issue 04 Date 2009-12-20 Part Number 00407347 Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. Huawei Technologies Co., Ltd. provides customers with comprehensive technical support and service. For any assistance, please contact our local office or company headquarters. Huawei Technologies Co., Ltd. Address: Huawei Industrial Base Bantian, Longgang Shenzhen 518129 People's Republic of China Website: http://www.huawei.com Email: [email protected] Copyright © Huawei Technologies Co., Ltd. 2009. All rights reserved. No part of this document may be reproduced or transmitted in any form or by any means without prior written consent of Huawei Technologies Co., Ltd. Trademarks and Permissions and other Huawei trademarks are trademarks of Huawei Technologies Co., Ltd. All other trademarks and trade names mentioned in this document are the property of their respective holders. Notice The information in this document is subject to change without notice. Every effort has been made in the preparation of this document to ensure accuracy of the contents, but all statements, information, and recommendations in this document do not constitute the warranty of any kind, express or implied. Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. Quidway NetEngine80 Configuration Guide - Basic Configurations Contents Contents About This Document.....................................................................................................................1 1 NE80 Core Router Overview....................................................................................................1-1 1.1 Introduction .................................................................................................................................................1-2 1.1.1 Overview ...........................................................................................................................................1-2 1.1.2 Hardware Architecture ......................................................................................................................1-2 1.1.3 Software Architecture........................................................................................................................1-3 1.2 Characteristics of the NE80.........................................................................................................................1-5 1.2.1 Support for Flattened Network Architecture .....................................................................................1-5 1.2.2 Line-Speed Forwarding.....................................................................................................................1-6 1.2.3 Multiple Interfaces ............................................................................................................................1-6 1.2.4 Carrier-Class Availability ..................................................................................................................1-6 1.2.5 Rich Services.....................................................................................................................................1-6 1.2.6 Perfect Diff-Serv/QoS .......................................................................................................................1-6 1.2.7 Excellent Security Mechanism ..........................................................................................................1-7 1.2.8 Practical NMS ...................................................................................................................................1-7 1.2.9 Flexible Networking Capabilities......................................................................................................1-8 1.3 Features List of the NE80............................................................................................................................1-8 2 Establishment of the Configuration Environment..............................................................2-1 2.1 Introduction .................................................................................................................................................2-2 2.1.1 Login Through the Console...............................................................................................................2-2 2.1.2 Login Through Telnet........................................................................................................................2-2 2.1.3 Login Through AUX Port..................................................................................................................2-2 2.2 Logging In to the Router Through the Console Port ...................................................................................2-2 2.2.1 Establishing the Configuration Task..................................................................................................2-2 2.2.2 Establishing the Physical Connection ...............................................................................................2-3 2.2.3 Configuring Terminals.......................................................................................................................2-3 2.2.4 Logging In to the Router ...................................................................................................................2-3 2.3 Logging In to Router Through Telnet..........................................................................................................2-4 2.3.1 Establishing the Configuration Task..................................................................................................2-4 2.3.2 Establishing the Physical Connection ...............................................................................................2-5 2.3.3 Configuring Login User Parameters..................................................................................................2-5 Issue 04 (2009-12-20) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. i Contents Quidway NetEngine80 Configuration Guide - Basic Configurations 2.3.4 Logging In from the Telnet Client.....................................................................................................2-5 2.4 Logging In to the Router Through the AUX Port........................................................................................2-5 2.4.1 Establishing the Configuration Task..................................................................................................2-5 2.4.2 Establishing the Physical Connection ...............................................................................................2-6 2.4.3 Initializing and Configuring the Modem on the Interface .................................................................2-6 2.4.4 Configuring the Connection Between the Remote Terminal and the Router.....................................2-6 2.4.5 Logging In to the Router ...................................................................................................................2-7 2.5 Configuration Examples..............................................................................................................................2-7 2.5.1 Example for Logging In Through the Console Port ..........................................................................2-7 2.5.2 Example for Logging In Through Telnet...........................................................................................2-9 2.5.3 Example for Logging In Through the AUX Port............................................................................. 2-11 3 CLI Overview..............................................................................................................................3-1 3.1 Introduction .................................................................................................................................................3-2 3.1.1 Command Line Interface...................................................................................................................3-2 3.1.2 Command Levels...............................................................................................................................3-2 3.1.3 Command Line Views .......................................................................................................................3-3 3.2 Online Help .................................................................................................................................................3-6 3.2.1 Full Help............................................................................................................................................3-6 3.2.2 Partial help ........................................................................................................................................3-6 3.2.3 Error Messages of the Command Line Interface...............................................................................3-7 3.3 Features of Command Line Interface ..........................................................................................................3-7 3.3.1 Editing ...............................................................................................................................................3-7 3.3.2 Displaying .........................................................................................................................................3-8 3.3.3 Regular Expressions ..........................................................................................................................3-8 3.3.4 History Commands..........................................................................................................................3-10 3.4 Shortcut Keys ............................................................................................................................................ 3-11 3.4.1 Classifying Shortcut Keys ............................................................................................................... 3-11 3.4.2 Defining Shortcut Keys ...................................................................................................................3-12 3.4.3 Use of Shortcut Keys.......................................................................................................................3-13 3.5 Configuration Examples............................................................................................................................3-13 3.5.1 Example for Using Shortcut Keys...................................................................................................3-13 3.5.2 Copying Commands Using Shortcut Keys......................................................................................3-14 3.5.3 Example for Using Tab....................................................................................................................3-14 4 Basic Configuration ...................................................................................................................4-1 4.1 Introduction .................................................................................................................................................4-2 4.2 Configuring the Basic System Environment ...............................................................................................4-2 4.2.1 Establishing the Configuration Task..................................................................................................4-2 4.2.2 Switching the Language Mode..........................................................................................................4-3 4.2.3 Configuring the Equipment Name.....................................................................................................4-3 4.2.4 Configuring the System Clock ..........................................................................................................4-3 4.2.5 Configuring the Header Text .............................................................................................................4-4 ii Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. Issue 04 (2009-12-20) Quidway NetEngine80 Configuration Guide - Basic Configurations Contents 4.2.6 Configuring Command Levels ..........................................................................................................4-4 4.3 Configuring Basic User Environment .........................................................................................................4-5 4.3.1 Establishing the Configuration Task..................................................................................................4-5 4.3.2 Configuring the Password for Switching User Levels ......................................................................4-6 4.3.3 Switching User Levels ......................................................................................................................4-6 4.3.4 Locking User Interfaces ....................................................................................................................4-7 4.4 Displaying System Status Messages............................................................................................................4-7 4.4.1 Displaying System Configuration .....................................................................................................4-8 4.4.2 Displaying System Status ..................................................................................................................4-8 4.4.3 Collecting System Diagostic Information .........................................................................................4-8 5 User Management ......................................................................................................................5-1 5.1 Introduction .................................................................................................................................................5-2 5.1.1 User Interface View...........................................................................................................................5-2 5.1.2 User Management .............................................................................................................................5-3 5.2 Configuring Console User Interface............................................................................................................5-5 5.2.1 Establishing the Configuration Task..................................................................................................5-5 5.2.2 Configuring Console Interface Attributes..........................................................................................5-6 5.2.3 Setting Console Terminal Attributes..................................................................................................5-7 5.2.4 Configuring the User Interface Priority.............................................................................................5-7 5.2.5 Configuring User Authentication ......................................................................................................5-8 5.2.6 Checking the Configuration ............................................................................................................5-10 5.3 Configuring AUX User Interface ..............................................................................................................5-10 5.3.1 Establishing the Configuration Task................................................................................................5-10 5.3.2 Configuring AUX Interface Attributes ............................................................................................ 5-11 5.3.3 Configuring AUX Terminal Attributes ............................................................................................5-12 5.3.4 Configuring User Priority................................................................................................................5-13 5.3.5 Configuring Modem Attributes .......................................................................................................5-13 5.3.6 Configuring User Authentication ....................................................................................................5-14 5.3.7 Checking the Configuration ............................................................................................................5-15 5.4 Configuring VTY User Interface...............................................................................................................5-16 5.4.1 Establishing the Configuration Task................................................................................................5-16 5.4.2 Configuring Maximum VTY User Interfaces..................................................................................5-17 5.4.3 Configuring Limits for Incoming Calls and Outgoing Calls ...........................................................5-17 5.4.4 Configuring Timeout of VTY User Authorization...........................................................................5-18 5.4.5 Configuring VTY Terminal Attributes ............................................................................................5-18 5.4.6 Configuring User Authentication ....................................................................................................5-19 5.4.7 Checking the Configuration ............................................................................................................5-21 5.5 Managing User Interfaces..........................................................................................................................5-21 5.5.1 Establishing the Configuration Task................................................................................................5-21 5.5.2 Sending Messages to Other User Interfaces ....................................................................................5-22 5.5.3 Clearing Online User.......................................................................................................................5-22 Issue 04 (2009-12-20) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. iii ..........................................................7 Configuring Local User Management ..................................................................5-30 5......................................5-22 5.3 Managing the Directory................1 Establishing the Configuration Task............ Issue 04 (2009-12-20) ...............1............5-24 5...........................5-31 5......................................1.....7...........................1 Example for Configuring Logging In to the Router Through Password .............6..2 Copying Files ................................................................................................3......................................................6-2 6.........................1....................5-29 5................5-29 5................8...........................................................1 Establishing the Configuration Task..2 Creating Local User Account .........1....................................................................6-2 6.............................7 Checking the Configuration .......................................2 Example for Logging In to the Router Through AAA..............6-7 iv Huawei Proprietary and Confidential Copyright © Huawei Technologies Co...............................7.........5-28 5.....6...............6-6 6.........6-1 6.......................6................................Contents Quidway NetEngine80 Configuration Guide .....6-2 6...............5-26 5......................................................................5-23 5..............6-7 6..............6.........3......5...4 Displaying the Directory of File........................................2 Storage Devices........................6-2 6....................................................................................2.............3...............................................................................................................................................................................................8 Configuration Examples......................................................................................................5-26 5...........3 Configuring the Service Type of the Local User ........................................................................................................5 Creating a Directory ............................................................................................................6-5 6..............................................4.........2 Viewing the Current Directory .......................................7..5-28 5.............6-2 6...............................6..................................................................1 Introduction ........5-29 5...............6-4 6.............................................................................................................................................................7...........6 Configuring User Management ............................Basic Configurations 5...................3...........6 Deleting a Directory ..................................................................8....1 Establishing the Configuration Task......................5 Configuring Non-Authentication................6-4 6.................................................................................7..........................................................6-5 6....................................5-23 5...................................................................4 Managing Files ....................................4 Directories .......................3 Switching the Directory.......................................................................................................5 Configuring Local User Status .........................................7 Configuring Access Restriction of the Local User ..............6-2 6....6 Configuring Local User Priority......................................1 Displaying Contents of Files .........................5-24 5........................8 Checking the Configuration .......................................................5-27 5.......................................3......6-3 6...........................................................6 Configuring User Priority.................2 Restoring Storage Devices with File System Troubles...........................................................4 Configuring Local User Authority for FTP Directory ..5-26 5.................................5-25 5.....................................................................6-5 6..................................................7...............................5-24 5...............................2 Configuring Authentication Mode...............................................................................................................................4 Setting Username and Password for AAA Local Authentication .................6-2 6..............................................2......................................................6..................5-27 5........................................3.............................................................7...............7..6-3 6...............................2 Managing Storage Devices...................1 Establishing the Configuration Task...........................................5-26 5.............4 Checking the Configuration .........................................3 Files .....3 Configuring Authentication Password..5-32 6 File System ................................................. Ltd...................................3 Formatting Storage Devices .........................................................................................................................................................................................................................................................................................6-6 6...............6.....................................................6-6 6.........................................................................................1 File System..................................4...............2................................................... ...................................................4........................8-3 8...3.......................8-4 8.....4........................................................8-6 8..................................7-2 7...............................6-9 6..............................................................................2. Ltd................................................2...........2 Managing Configuration Files......1 Introduction ......2....................................................................................................2 Configuring the Router to be the FTP Server .2..................................................................................................2............................5 Running Files in Batch ..................................................7-2 7............6-10 6..Basic Configurations Contents 6..........................................2...........................................................................5 Clearing Configuration Files .......................1 Establishing the Configuration Task.....................................................................7-2 7.............2.......3...................................7-2 7...........................................................3............................................................................................7 Undeleting Files .......2 Configuring the source address of FTP server.....................................2......................................4...............................2 Configuration Files and Current Configurations ....................................1...................................................8-5 8.......................................................................6 Configuring Service Types and Authorization Information...........................................................................................4 Saving Configuration File ..8-8 8...................................................................................................................6-9 6........................8-2 8..................2...............................................................3 Moving Files ..............................................2.........................................................2................. 6-11 7 Management of Configuration Files ...8-7 8............2 Configuring System Software for a Router to Load..4 Configuring the Basic FTP ACL ...............5 Checking the Configuration ............................................................................8-6 8...................8-4 8..............................................................8-9 Issue 04 (2009-12-20) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co............3 Configuring the Basic ACL..................................................................................................................................................................2...........................................................8-1 8..............................................4 Configuring the Router to Be the FTP Client .......................................................................7-4 7.................................................................................8-8 8.........................................4..........................7-1 7.....7-5 8 FTP..................1........1 Definitions...................................................................7 Checking the Configuration .........8-4 8......................................................................................................................Quidway NetEngine80 Configuration Guide .........................................8-2 8.................................................3 XModem ................................................................................................................................................6-8 6..............................1 Establishing the Configuration Task..............6-9 6............................. TFTP and XModem ......................................................3 Configuring the Configuration File for Router to Load ...................................8-2 8...................................................8-9 8........7-2 7......1.......................................7-4 7........3 Configuring FTP ACL ................2.......8-6 8........................6 Deleting Files in the Recycle Bin...............................3..........................................1 Introduction ....7-3 7......................8-3 8........1 FTP......................................6 Comparing Configuration Files..........................2 Enabling the FTP Server ....................................................6 Configuring Prompt Modes ............................................................................3...4.3 Enabling the FTP Server ..............................................................2.....................................5 Configuring the Local Username and the Password....7 Example of Configuration .......1 Establishing the Configuration Task............4 Renaming Files...........................6-10 6...........................................................................................1....................................................4.................................................................1........................................................................................................................7-5 7..................................................4 Configuring the Timeout Period......8-5 8....................................................7-3 7.......................... v ................................5 Deleting Files .............................................................................................8-2 8.......7 Checking the Configuration .............6-8 6..................1 Establishing the Configuration Task...................................................................................2 TFTP .........................................................................................8-7 8...................................................................................... ............................................................3 Downloading Files Through TFTP.........................................4..............................................................4..........................8-13 8.............................................................................8-26 9 Telnet and SSH.................8-15 8.............2...............................................................................................................................................................3 Example for Configuring the FTP Client ..................................................................................4 Scheduled Telnet Disconnection ................................2....................5 Checking the Configuration .............................................................3 SSH Terminal Services..2 Configuring the source address of FTP Client................8-16 8................2 Telnet Terminal Services ....................................8.......4............ 8-11 8........................8-10 8...................................................................................3 Configuring SSH Users .................................................8 Configuration Examples......................................................1 Establishing the Configuration Task.....................9-2 9.............................................8-14 8...................8-15 8...6......4.......1 Establishing the Configuration Task...................8-11 8............9-2 9........ 8-11 8......6 Uploading or Downloading Files .............................................................................................8-18 8........................Basic Configurations 8.8-21 8..............................................1.1 Example for Configuring the FTP Server...........................................................9-1 9..5 Configuring TFTP ...............................................2..................................................................8-18 8........8-13 8..............................................................................3 Establishing a Telnet Redirection Connection.......................................................................................4..........................7 Configuring XModem .............................9-9 9............................3 Configuring the Basic TFTP ACL..............................................................................8-18 8....................................1 Introduction .........................7...................................................................................................................................................... Ltd..8-24 8..............................8...................... Issue 04 (2009-12-20) ...................................................................1 Establishing the Configuration Task.8-14 8..................8-12 8..............1 Overview of User Login.............................................10 Disconnecting from the FTP Server .................9-8 9.................................................................................8.............................................................................2...................................................2 Configuring the Basic ACL..........................9-7 9...................................................................................5.....................................................4....................................................7..............................................8-16 8......8-23 8...................................9-7 9...2 Configuring the source address of TFTP Client ......1 Establishing the Configuration Task............................................1...............................................1 Establishing the Configuration Task................................................9-9 9............................................................5 Example for Configuring XModem ..........................................8-15 8..............1...............................8-17 8....................................................................................................9 Changing Login Users..............................2 Example for Configuring FTP ACL ..................................................................................4..........................9-8 9.............................................8-10 8............8-17 8........................................................................5 Viewing Online Help of the FTP Command ..8-10 8...........................................................6.......................................4 Example for Configuring TFTP .....................4 Uploading Files Through TFTP ...11 Checking the Configuration..........................9-10 9.............4 Configuring Data Type and Transmission Mode for the File .................5............5.............................................................................7 Managing Directories ............................................3 Logging In to the FTP Server .........5.............................8...........................................................................4..........................................2 Getting a File Through XModem ..8........................8 Managing Files.....................4.8-14 8.....3..................6....................................................................6 Limiting the Access to the TFTP Server...................8-16 8..........9-4 9....................................................................Contents Quidway NetEngine80 Configuration Guide .....................................4.9-2 9............................................9-10 vi Huawei Proprietary and Confidential Copyright © Huawei Technologies Co...........................2..............................................2 Configuring Telnet Terminal Services .................................................2 Establishing a Telnet Connection ..........8-17 8.................................................... .............................................................7 (Optional)Authorizing SSH Users Through the Command Line ....................8............4..9-19 9.....4 (Optional)Enabling the Earlier Version-Compatible Function .........4 Enabling the STelnet Client........2 Creating an SSH User ...........................................9-24 9..............................................................................................................6........9-18 9.9-49 Issue 04 (2009-12-20) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co................4...9-29 9....9-22 9........................................................3..............................................................7............................................................................................9-20 9.....1 Establishing the Configuration Task..9-26 9..............................9-17 9............................8..................................................................................................................Basic Configurations Contents 9........3 Configuring the SSH Client to Assign the RSA Public Key to the SSH Server ....5.................................................................8 Configuration Examples................................................................................................................9-15 9.........2 Enabling the First-Time Authentication on the SSH Client.9-15 9...................................................................1 Debugging Telnet Terminal Services......................4................5 Configuring the STelnet Client Function...6....9-21 9...3.......................................5..............................................8 Configuring the Service Type of SSH Users ........6...........................................................................................................................2 Enabling the STelnet Service....................................................................................................9-27 9...............9-27 9......................................2 Configuring the First-Time Authentication on the SSH Client ................................9-12 9...................................................................9-17 9..........5..................................................................6 (Optional) Managing the File ................................... 9-11 9................................................. Ltd.....3..........9-22 9......2 Example for Connecting the STelnet Client to the SSH Server.....................9-31 9................7 (Optional)Displaying the SFTP Client Command Help ........9-16 9..................1 Establishing the Configuration Task...................................7.........................................................................................................................................8......8 Checking the Configuration ..............6 Configuring the SFTP Client Function..............................8 Checking the Configuration ............9-28 9..........5 (Optional)Configuring the Number of the Port Monitored by the SSH Server ........................................................1 Establishing the Configuration Task..6...9 (Optional)Configuring the Authorized Directory of SFTP Service for SSH Users ...5.............6 (Optional) Enabling the Trap Function...6.........................9-25 9............................5 Configuring the Authentication Mode for SSH Users...6........................4 Configuring the SSH Server .6...............3 (Optional) Configuring the SSH Client to Assign the RSA Public Key to the SSH Server ....9-20 9........10 Checking the Configuration ..........................9-28 9....................9-19 9.............................. vii .................................9-21 9..........................................9-24 9.............................................................................9-37 9...........................................................5 (Optional) Managing the Directory .................................5 Checking the Configuration ..4.................4 Enabling the SFTP Client..........................3...... 9-11 9......4..................................4.............4........................................................................9-18 9...................3 Enabling the SFTP Service...........................................4.................4 Generating a Local RSA Key Pair..................9-15 9.......9-29 9..............................2 Debugging SSH Terminal Services .............3.................................3 Example for Connecting the SFTP Client to the SSH Server............5..............4 Example for Accessing the SSH Server Through Other Port Numbers....1 Example for Configuring Telnet Terminal Services ...........................3.................................8.........9-23 9.............................9-28 9..................................................................3....9-12 9..................7 Maintaining Telnet and SSH...........................................3...6.....9-14 9..3...................................9-16 9..................................................................9-17 9........7 (Optional)Configuring the Interval for Updating the Key Pair on the SSH Server .......Quidway NetEngine80 Configuration Guide ..................................................8.................................................................9-14 9.9-25 9................3 Configuring SSH for the VTY User Interface .......................6 (Optional)Configuring the Basic Authentication Information for SSH Users..................................9-42 9.......................................................5 Example for Authenticating SSH Through RADIUS ...........9-23 9................ .......................3 Online Loading the Board Software...............................3 Managing the Device Operation...............................................................................2 Device Operation Management..4 Checking the Configuration...............................................................................................................................................................................................................................................................................10-1 10.................................10-5 10...................4 (Optional) Configuring Patch Packages ..4 Displaying the Device Information .........3 Backing Up the Electronic Label ..................................................................................................2...................................... 11-2 11........................2.....................................................................5 Resetting the Board . 11-5 11............3......................................................................3 Electronic Label .............................4 Upgrading the Stratum 3 Clock Board ........................... 11-2 11.............................................................................................................................................3 Resetting the Device and Switching over the Channel........................3...10-7 10...............................................................2...3 Copying the System Software and License to the Slave MPU .........10-6 10..............2 Uploading the System Software and License to the Master MPU.......2...............................................................................1.......................................................10-4 10.................................. 11-2 11.. 11-6 viii Huawei Proprietary and Confidential Copyright © Huawei Technologies Co......10-2 10...............................1..............................................10-4 10.....................10-9 11 System Software Upgrade .................................................................................................................................... 11-4 11...................................................................................................2 Uploading the System Software and License Files......................................................10-8 10...........Contents Quidway NetEngine80 Configuration Guide ................................................3..3...........10-4 10.............1...........................4...................2...........................1 Introduction .........................2.................................. Issue 04 (2009-12-20) .....2.5......................10-9 10......................................................................................3.......4 Configuring the Electronic Labelelectronic.......1 Setting the Temperature Warning Threshold Upgrading the Board................................................... 11-3 11....................................4...............1 Online Upgrade introduction................................1 Establishing the Configuration Task...............................2.............1......................................................1 Introduction .............................................................3 (Optional) Configuring PAF Files ..................................................2............................................10-2 10.............................2 License ............1 Establishing the Configuration Task....6 Checking the Configuration ................................... 11-4 11...........................5.........................................................4...........................................................1 Establishing the Configuration Task.......................2 Querying the Electronic Label..............................2.....2 Upgrading the Board ............................................ 11-5 11....................5 Configuring a Cleaning Cycle for the Air Filter ..............................5.............10-3 10........................................Basic Configurations 10 Router Maintenance ...................10-9 10...................................4 Remonitoring the Cleaning Cycle of the Air Filter .............................................10-7 10................................................. 11-5 11....................................10-8 10..................................................................................................2 Specifying the System Software for the Next Startup ................................2 Configuring a Checking of the Air Filter based on the Device Temperature........ 11-3 11...................................................................................................................................... 11-3 11......................................10-6 10....................................................................1..........................................3 Configuring a Cleaning Cycle for the Air Filter..................1 Establishing the Configuration Task....................10-2 10.........................3 Specifying the System Software for the Next Startup of the Router ............10-7 10....2 Downloading the Board Software ..............10-7 10.5 Checking the Configuration ..................10-8 10...............5..............10-2 10.... Ltd.............................10-2 10................................................................ 11-6 11......................................................................3...........5......................................11-1 11.........10-5 10....10-3 10......................3..................3........10-5 10.........1 Establishing the Configuration Task....1 System Software Upgrade ....................10-4 10...........2 Disabling or Re-enabling the DASL Port of the LPU ........... ......................12-6 12..........................................12-9 12.............................................................................................................12-7 12..............4....................4 Installing a Patch on the MPU.....12-10 12..2 Deactivating the LPU Patch ...3 Activating the MPU Patch.............12-1 12.................. ix .......................................12-12 12.............1 Establishing the Configuration Task....................1 Introduction .................................................................................Basic Configurations Contents 11....................................................................1 Establishing the Configuration Task.............................................................................................................................................................................................................................4 Running the LPU Patch..........................7.................................................................................................................3.................................................................................. 12-11 12.........................4...................................12-10 12........................................................................7 Installing a Patch on the LPU ...........3 Copying a Patch to the Root Directory of the Slave MPU .............................12-5 12.............................................................................. A-1 B Acronyms and Abbreviations ........12-5 12...........................Quidway NetEngine80 Configuration Guide .........................................6 Unloading the MPU Patch..9 Unloading the LPU Patch........................................................12-13 12............7.......................................................................................................................... i-1 Issue 04 (2009-12-20) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co........................................................................................................................5 Stop Running the MPU Patch.12-2 12..........................................2..........................12-14 A Glossary .................................................................12-7 12................................. 12-11 12..........................................................12-13 12.............................................................................................................................................................................2.......................................................1 Establishing the Configuration Task.................................12-3 12..............2 Deleting the LPU Patch.........................5...........3 Checking the Running of Patch on the LPU..............................................................................4.............12-7 12............................................................................. Ltd......................1 Establishing the Configuration Task................................................12-3 12..........................................................8 Stop Running the LPU Patch..................................6.....12-8 12................2 Deactivating the MPU Patch ....................12-4 12................. 11-7 12 Patch Management...........................................12-5 12.......................8.........................2 Checking the Running of Patch on the MPU .......................................2........12-12 12...................................12-13 12...............1 Establishing the Configuration Task..................3............................................12-13 12.....................................12-8 12..............1 Establishing the Configuration Task.........................3..........................12-9 12............................................................................................................2 Uploading the LPU Patch.................... 12-11 12.....12-13 12.......................12-9 12..............................9................3 Loading a Patch ........................................2 Uploading a Patch to the Root Directory of the Master MPU...3...............9..6.....................4..............................................................................................................................1 Establishing the Configuration Task.......2 Checking the Running of Patch in the System ...........12-10 12..............1 Establishing the Configuration Task...................5..................4 Running the MPU Patch.........................................................................................................................7........................................3 Activating the LPU Patch ................................................................................B-1 Index ...............7......................................5 Checking the Configuration...................12-6 12........................................................2 Deleting the MPU Patch.......8..................................................................2 Uploading the MPU Patch.................................................................. .....9-29 Figure 9-7 Networking diagram of connecting the STelnet client to the SSH server ............................................................................9-3 Figure 9-3 Usage of Telnet shortcut keys .................8-23 Figure 8-4 Networking diagram of configuring TFTP ..................................12-2 Issue 04 (2009-12-20) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co............................ Ltd......................................................2-8 Figure 2-4 Setting the port communication parameters............................9-31 Figure 9-8 Networking diagram of connecting the SFTP client to the SSH server .........9-3 Figure 9-4 Establishing an SSH channel in a LAN ................................................8-26 Figure 9-1 Telnet client services .......................................9-49 Figure 12-1 Conversion between the statuses of a patch ...........................................................................................................................................................................................................9-5 Figure 9-5 Establishing an SSH channel in a WAN........9-2 Figure 9-2 Telnet redirection services...................................8-24 Figure 8-5 Setting the Base Directory of the TFTP server .....................................................8-21 Figure 8-3 Configuring the FTP client..................Basic Configurations Figures Figures Figure 1-1 Software architecture of the NE80-8........................................................................................................................1-4 Figure 2-1 Networking diagram of logging in through the console port ...............................................................................................................................................9-37 Figure 9-9 Networking diagram of accessing the SSH server through other port numbers..... 2-11 Figure 2-7 Establishing the remote configuration environment through AUX................................................................................................................................................................................................................................................................................................................................................................................................................................2-7 Figure 2-2 New connection ........ xi ...9-43 Figure 9-10 Networking diagram of authenticating the SSH through RADIUS ..............................................................................................2-9 Figure 2-5 Establishing the configuration environment through Telnet .......................Quidway NetEngine80 Configuration Guide .............................................................................................8-19 Figure 8-2 Networking diagram of configuring FTP ACL ............................................................................................................................................................................................................................................................2-8 Figure 2-3 Setting the port....................................................................... 2-11 Figure 8-1 Networking diagram with FTP server basic functions .................8-25 Figure 8-6 Specifying the file to be sent....2-10 Figure 2-6 Running the Telnet program on the PC................................................................................................9-5 Figure 9-6 Networking diagram of the Telnet terminal services mode........ .................................................................................................................................................................................................................................................................................................................................................................................1-8 Table 3-1 Command line views ....................5-3 Issue 04 (2009-12-20) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co.........3-9 Table 3-6 Access the history commands ...................Quidway NetEngine80 Configuration Guide ....................................................................................................................................................3-7 Table 3-3 Keys for editing ......................................................................................................3-10 Table 3-7 System-defined shortcut keys ..................................................................................................................................... xiii .. Ltd........................3-8 Table 3-5 Describes metacharacters....................3-7 Table 3-4 Keys for displaying.................................................. 3-11 Table 5-1 Example for the absolute numbering ................................Basic Configurations Tables Tables Table 1-1 Features list of the NE80 Series USR .........................................3-4 Table 3-2 Common error messages of the command line ... ...................Basic Configurations Contents Contents About This Document.........................................Quidway NetEngine80 Configuration Guide .....................1 Issue 04 (2009-12-20) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co. Ltd............................ i ............ conventions. functional features and main functions of the NE80.Basic Configurations About This Document About This Document Purpose This part describes the organization of this document. product version. intended audience. 1 .Quidway NetEngine80 Configuration Guide . Ltd. Chapter Content 1 NE80 Core Router Overview This chapter describes the architecture. Related Versions The following table lists the product versions related to this document. Issue 04 (2009-12-20) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co.. Product Name Version Quidway NetEngine80 Core Router V300R005 Intended Audience This document is intended for: z Network planning engineer z Hardware installation engineer z Commissioning engineer z On-site maintenance engineer z System maintenance engineer Organization This document consists of twelve chapters and is organized as follows. and update history. Issue 04 (2009-12-20) . TFTP and XModem.Basic Configurations About This Document Chapter Content 2 Establishment of the Configuration Environment This chapter describes the procedures to set up the configuration environments through CON.Quidway NetEngine80 Configuration Guide . 11 System Software Upgrade This chapter describes the principle and concepts of the system software upgrade. 2 Huawei Proprietary and Confidential Copyright © Huawei Technologies Co. Telnet. command views and hot keys. 8 FTP. Index This chapter collates important keywords used in this manual to help the reader to access the required information quickly. 10 Router Maintenance This chapter describes the principle and concepts of the router maintenance. 9 Telnet and SSH This chapter describes how to log in to the router through Telnet and configure the router. 3 CLI Overview This chapter describes the command line interface. 12 Patch Management This chapter describes the principle and concepts of patch management..TFTP and XModem This chapter describes how to configure the basic functions of the FTP server. uploading and downloading files through FTP. Ltd. and the management of configuration file. Appendix A Glossary & B Acronyms and Abbreviations This chapter collates glossary and frequently used acronyms and abbreviations in this manual. 4 Basic Configurtion This chapter describes how to configure the basic system environment on the router 5 User Management This chapter describes the basic concepts of the user interface and the user management 6 File System This chapter describes the file system and its configuration. Conventions Symbol Conventions The symbols that may be found in this document are defined as follows. and AUX. command levels. 7 Management of Configuration Files This chapter describes how to configure the file management. performance degradation.. 3 . General Conventions The general conventions that may be found in this document are defined as follows. One item is selected or no item is selected. which if not avoided. Italic Book titles are in italics. Provides additional information to emphasize or supplement important points of the main text. [] Items (keywords or arguments) in square brackets [ ] are optional.. Issue 04 (2009-12-20) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co. log in as user root. which if not avoided. which if not avoided.Quidway NetEngine80 Configuration Guide .. ] Optional items are grouped in brackets and separated by vertical bars. } Optional items are grouped in braces and separated by vertical bars. One item is selected. Indicates a hazard with a medium or low level of risk. could result in equipment damage. will result in death or serious injury. Convention Description Boldface The keywords of a command line are in boldface. or unexpected results. [ x | y | . Indicates a tip that may help you solve a problem or save time. data loss. Courier New Examples of information displayed on the screen are in Courier New. folders. could result in minor or moderate injury. Convention Description Times New Roman Normal paragraphs are in Times New Roman. and users are in boldface. For example. { x | y | .Basic Configurations Symbol About This Document Description Indicates a hazard with a high level of risk. Command Conventions The command conventions that may be found in this document are defined as follows... Boldface Names of files. directories. Ltd. Italic Command arguments are in italics. Indicates a potentially hazardous situation. menus. Keyboard Operations The keyboard operations that may be found in this document are defined as follows. Mouse Operations The mouse operations that may be found in this document are defined as follows. For example. pressing Alt. 4 Action Description Click Select and release the primary mouse button without moving the pointer.. > Multi-level menus are in boldface and separated by the ">" signs. and dialog titles are in boldface. &<1-n> The parameter before the & sign can be repeated 1 to n times. Key 2 Press the keys in turn. For example. For example. tabs. Convention Description Boldface Buttons. GUI Conventions The GUI conventions that may be found in this document are defined as follows. For example. For example. # A line starting with the # sign is comments. Key 1. } * Optional items are grouped in braces and separated by vertical bars. Format Description Key Press the key.... Ltd. pressing Ctrl+Alt+A means the three keys should be pressed concurrently. click OK. Huawei Proprietary and Confidential Copyright © Huawei Technologies Co. windows. choose File > Create > Folder. ] * Optional items are grouped in brackets and separated by vertical bars. A means the two keys should be pressed in turn. Several items or no item can be selected. Key 1+Key 2 Press the keys concurrently. parameters. [ x | y | . Issue 04 (2009-12-20) . press Enter and press Tab. A minimum of one item or a maximum of all items can be selected.Basic Configurations About This Document Convention Description { x | y | ..Quidway NetEngine80 Configuration Guide . the latest document issue contains all updates made in previous issues.. Therefore.Quidway NetEngine80 Configuration Guide . Issue 04 (2009-12-20) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co. Ltd. 5 . Updates in Issue 04 (2009-12-20) Fourth commercial release. Update History Updates between document issues are cumulative. Updates in Issue 03 (2009-08-01) Third commercial release. Updates in Issue 02 (2008-10-20) Second commercial release. Updates in Issue 01 (2008-04-18) First commercial release.Basic Configurations About This Document Action Description Double-click Press the primary mouse button twice continuously and quickly without moving the pointer. Drag Press and hold the primary mouse button and move the pointer to a certain position. .........Quidway NetEngine80 Configuration Guide ........2 Line-Speed Forwarding..............................................................8 Practical NMS......................................................................................................1-2 1......................3 Features List of the NE80..1................................................................................................1-2 1.......................................2...........................................5 Rich Services .............................1 Support for Flattened Network Architecture.................................................................2 Hardware Architecture ................................2....................1-5 1.........................1-6 1....7 Excellent Security Mechanism..................................1-7 1.....1-6 1...........................................1-8 Issue 04 (2009-12-20) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co.......1-6 1..............................9 Flexible Networking Capabilities ....................1-7 1.........1 Introduction .........................1-8 1...............................................................................................1 Overview........................................2.........................................................1-1 1.........................................................2................................................................................................................1...............................................................................................................................................1-3 1.......................................................1-2 1.....................................Basic Configurations Contents Contents 1 NE80 Core Router Overview..............................................3 Multiple Interfaces .....................................................................................4 Carrier-Class Availability............................. i ..................... Ltd........3 Software Architecture ............................................................1-6 1..1-6 1.............................................2..................1-5 1......2........6 Perfect Diff-Serv/QoS.......................2..................................................................................................................................................2 Characteristics of the NE80.........................1..2................................................................................................................2...... ............ iii ................................1-4 Issue 04 (2009-12-20) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co................Quidway NetEngine80 Configuration Guide .... Ltd..........Basic Configurations Figures Figures Figure 1-1 Software architecture of the NE80-8 ........................... ....... Ltd........................ v ..................1-8 Issue 04 (2009-12-20) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co......Quidway NetEngine80 Configuration Guide ........Basic Configurations Tables Tables Table 1-1 Features list of the NE80 Series USR....................................... Section Describes 1.Basic Configurations 1 1 NE80 Core Router Overview NE80 Core Router Overview About This Chapter The following table lists the contents of this chapter. 1-1 .3 Features List of the This section describes the features of the NE80.2 Characteristics of the This section describes the characteristics of the NE80 1.Quidway NetEngine80 Configuration Guide .1 Introduction This section describes the hardware and software architecture of the NE80 1. Issue 04 (2009-12-20) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co.. Ltd. It is no longer limited to merely supplying individual broadband internet access services. such as line-speed forwarding on high-speed interface.1. The LCs include Line Processing Unit (LPU). Issue 04 (2009-12-20) . When one MPU fails. Ltd.Quidway NetEngine80 Configuration Guide . The NE80 is the fifth-generation router. and offers more choices. Huawei launches the NE80 Series USR. Multi-Protocol Label Switching Virtual Private Network (MPLS VPN). All these raise higher requirements to MAN devices. data exchange. and networks of various industries and enterprises. According to the development of IP MANs. and security service. virtual leased line.1 Overview Nowadays the IP Metropolitan Area Network (MAN) has developed into a new stage.2 Hardware Architecture The boards of the NE80 are classified into Switch and Routing Unit (MPU) and Line Card (LC).Basic Configurations 1 NE80 Core Router Overview 1. IP telephone/ videoconferencing.1. 1. The NE80 supports the following LPUs: z 1-2 Ethernet LPU Huawei Proprietary and Confidential Copyright © Huawei Technologies Co. for it provides cost-effective network solutions. Therefore. route control. content service. oriented to the carrier's backbone edge networks. including: z Overview z Hardware Architecture z Software Architecture 1.1 Introduction This section describes the basic knowledge of the NE80 Series USR. The NE80 has the following features: large capacity. LPU LPUs implement the interconnection and data forwarding with other devices. which provide abundant service processing capabilities and flexible networking capability. and stratum-3 clock. the NE80 is an optimal choice for new MANs. and serves as a powerful core router or a Layer 3 Ethernet switch. The NE80 have two MPUs for 1 + 1 redundancy. and abundant service capability required by MANs. Ethernet switching. but covers all-around services including enterprise interconnection. perfect Quality of Service (QoS) mechanism and carrier-class reliability. The NE80 enriches and perfects the high-end router series of Huawei. the service will be automatically switched to the other MPU. The NE80 incorporates the powerful IP service processing capability of routers and the low-cost Ethernet switching capability of Layer 3 Ethernet switches. high reliability.. the core and the convergence layer of MANs. high performance. Flexible Card Line Processing Unit (LPUF) and service board. MPU The MPU completes such functions as system management. For more information about the NE80 hardware system.Basic Configurations z POS LPU z cPOS LPU z ATM LPU z RPR LPU z E1 LPU 1 NE80 Core Router Overview POS = Packet Over SONET/SDH cPOS = channelized POS ATM = Asynchronous Transfer Mode RPR = Resilient Packet Ring LPUF LPUFs are LPUs whose PIM cards can be replaced. The architecture can improve the stability and the processing performance of the system. namely route control and packet forwarding. Forwarding Support Unit (FSU). Figure 1-1 takes the NE80-8 for example to illustrate the NE80 software architecture. Ltd. 1. 1-3 .3 Software Architecture The software system of the NE80 adopts the architecture of two physically independent functional units. Driver (DRV). The NAT board is used to solve the problems like the shortage of public network addresses and ensure the network security on the Internet.. Express Forwarding Unit (EFU). The NAT board features large capacity and high performance. DRV modules are distributed in the RPS. Issue 04 (2009-12-20) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co. Each LPUF can hold two PIM cards. The following PIM cards are supported: z 10/100M auto-sensing Ethernet electrical interface PIM card z Gigabit Ethernet optical interface PIM PIC card z E1/T1 interface PIM card z E3 interface PIM card z T3 interface PIM card Service Board The NE80 provides Network Address Translation (NAT) service board.1. FSU and EFU for driving the hardware of the MPU and the LPU.Quidway NetEngine80 Configuration Guide . and the switch fabric monitoring module running on the MPU manages the MPU and monitors its operation. Routing Process System (RPS). The system software consists of the following five parts: Network Management System (NMS). refer to the Quidway NetEngiNE80 Core Router Installation Manual. and can support the translation between private and public network addresses. monitors the whole system. and negotiates the link parameters.Basic Configurations 1 NE80 Core Router Overview Figure 1-1 Software architecture of the NE80-8 Highway Highway FSU Highway Highway FSU Highway FSU Switch Fabric Monitoring module Highway RPS Highway Highway Highway Switch Fabric Monitoring module EFU EFU EFU LPU1 LPU2 LPU8 As the control and management unit of the system. the RPS runs on the active and standby MPUs and performs the following tasks: z Route control The RPS calculates and maintains the routes. 1-4 Huawei Proprietary and Confidential Copyright © Huawei Technologies Co. Ltd. Issue 04 (2009-12-20) . traffic shaping. traffic policing. and congestion avoiding and controlling. z Traffic control The RPS defines the traffic classification rules. configures the traffic parameters. configures the queue resources and flow control parameters for Diff-Serv QoS. and collects statistics for services. In addition. Implemented on the Huawei integrated network management platform. the NMS maintains and controls devices uniformly.Quidway NetEngine80 Configuration Guide . z Maintenance and management The RPS maintains the devices. and Class of Service (CoS) features according to different configuration requirements. it generates the Forward Information Base (FIB) table and delivers it to each LPU for IP forwarding. controls the links. z Label control The RPS distributes labels. manages the network and devices. it generates the FIB table and delivers it to each LPU for MPLS forwarding. the FSU can maintain and manage local devices for LPUs and provide some system monitoring and diagnosis services. Running on the CPU of the LPU. In addition. sets up and maintains the Label Switch Paths (LSPs). forwards data.. the FSU manages the service interfaces (configuring and monitoring them). the EFU can provide such QoS functions as traffic classifying. It can implement Diff-Serv. firewall. traffic measuring. In addition. In addition to fast forwarding of IP packets. diagnoses faults. traffic scheduling. The Switch Fabric monitoring module monitors the internal switching network in the NE80 Series USR. they need function as both access devices and core devices. the VRP provides some application-based capabilities such as scalability and flexibility. The operable and manageable IP network becomes the development trend of MANs and enterprise networks at present. Fewer network layers help carriers utilize network devices more efficiently and slash the maintenance and management cost. VPN. which can protect carriers' investment to its maximum extent. 1. This architecture reveals its deficiency increasingly because IP services are becoming leading services in the network. The devices at the core layer of the telecom network are used with high efficiency because a great amount of user data is processed there. The flattened network architecture puts forward higher requirements on the devices at the convergence layer. thus providing excellent data forwarding capability for the routing device. The NE80 is such a product that implements various services due to its abundant service features. In addition to abundant functions and features. Issue 04 (2009-12-20) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co.2 Characteristics of the NE80 This section includes: z Support for Flattened Network Architecture z Line-Speed Forwarding z Multiple Interfaces z Carrier-Class Availability z Rich Services z Perfect Diff-Serv/QoS z Excellent Security Mechanism z Practical NMS z Flexible Networking Capabilities 1. Ltd.Basic Configurations 1 NE80 Core Router Overview The NE80 applies the Versatile Routing Platform (VRP) software system. QoS. that is.. The VRP is open to sustainable development. 1-5 . within which data services are typically provided after they are processed by four vertical function layers. Therefore. the VRP integrates multiple crucial technologies for data communications such as routing. the devices out of the core layer are used less efficiently due to sparse distribution of access users. Whereas. user. With the TCP/IP protocol stack as the core.2. the NE80 can directly connect downlink with Gigabit Ethernet switches or dedicated access devices. The VRP provides consistent network. and management interfaces for various hardware platforms and flexible solutions for users. As a versatile operating system platform for Huawei's data communications products. In addition. This classical architecture will still exist for a certain period. the NE80 can form a ring network through Resilient Packet Ring (RPR) or connect to core devices through dual homing. Flattening of the network architecture is the trend with the development of technologies and the change of services. the VRP realizes a modular architecture with IP services as the core. and security. a flattened IP network architecture should be employed if possible. For example. and high reliability. excellent hardware platform.Quidway NetEngine80 Configuration Guide .1 Support for Flattened Network Architecture Modern telecom network has a hierarchical architecture. and uplink with provincial backbone or national backbone networks. internal management bus and power supply. IP addresses can be dynamically assigned to users and be managed. data exchange. In this way. Users can select the cards flexibly as required to meet the requirements for different networking solutions and network expansion. E-learning. In particular.2 Line-Speed Forwarding The NE80 supports the IPv4/MPLS distributed forwarding at the line speed. Packet over SDH/SONET (POS) interface..2. Through Dynamic Host Configuration Protocol (DHCP) Relay and built-in DHCP Server. the shortage of public IP addresses can be solved. The policy service mechanism enables the system to have powerful performance optimization capability. 1. The application of the MPLS VPN service guarantees the delivery of services of carriers using networks more economically and rationally with no need to increase the bandwidth.5 Rich Services The IP multicast forwarding feature provides the foundation for carriers to carry on various network voice and video services (Web TV. the NE80 provides various standard-based supports to Diff-Serv.2.2. Asynchronous Transfer Mode (ATM) interface. Ltd. which improves the service quality and optimizes the network architecture. the router can meet the high reliability requirement when it is used as the POP. including: 1-6 z Traffic classification z Traffic policing Huawei Proprietary and Confidential Copyright © Huawei Technologies Co.4 Carrier-Class Availability The key parts of the NE80 adopt redundant hot backup design. including system control. All the components are hot swappable. the router is adaptable to complex environments. or the switching node on the backbone networks. 1. the convergence layer.6 Perfect Diff-Serv/QoS The NE80 realizes the QoS feature when carrying the integrated service including the real-time service. the NE80 may reduce the levels of the network construction to achieve the flattened network. the convergence layer. and RPR interface with high interface density. the NE80 provides the Fast Ethernet (FE) interface. Issue 04 (2009-12-20) . telemedicine and video conference). E1/cE1 interface.Basic Configurations 1 NE80 Core Router Overview In this case. channelized POS (cPOS) interface.2.2. Gigabit Ethernet (GE) interface. route processing system. 1. The application of the NAT service supports addressing with public and private network addresses mixed in the MAN to save IP addresses. satisfactory attack defense capability and QoS guarantee while ensuring the line rate processing and forwarding capability. With the rich routing features.Quidway NetEngine80 Configuration Guide . 1.3 Multiple Interfaces At present. E3 interface. T3 interface. Thus. or the switching node on the backbone networks 1. Thus the NE80 can meet the bandwidth requirements when it is used as the Point of Presence (POP). such as HP OpenView.7 Excellent Security Mechanism The NE80 provides the packet filtering/Access Control List (ACL) mechanism to prevent illegal accesses and attacks of malicious packets. faults. The NE80 enables the network carriers to provide users with different QoS guarantee and makes the Internet become the integrated network that carries data. modifying and uploading NE80 configuration files and upgrading the NE80 software.8 Practical NMS Huawei Quidview NMS can manage Huawei's data communication products. Intermediate System-Intermediate System (IS-IS). Ltd. The Quidview NMS can provide multi-language support and Graphic User Interface (GUI). HP. the NE80 provides abundant statistics including statistics of various types of traffic. and IBM). such as Windows NT/2000 and Unix (SUN. the NE80 can implement six groups of Per-Hop Behaviors (PHBs) defined in the standard such as EF. the performance. device logs. The Quidview NMS provides the functions of managing the network topology (in real time). What's up Gold and SNMPc. The NE80 supports port mirroring to analyze the traffic of a certain interface. voice and video services simultaneously.2.2. the configuration. 1. saving. The NE80 supports Unicast Reverse Path Forwarding (URPF) to prevent network attacks based on the source address spoofing. AF1 to AF4 and BE as well as the other services. It can run on multiple operating systems. The NE80 supports two user authentication modes: local authentication and Remote Authentication Dial-In User Service (RADIUS) authentication to prevent illegal configuration of the device. IBM NetView. The Quidview NMS can also perform such functions as downloading. The Quidview NMS can also be seamlessly integrated with the Huawei-developed network management systems of other fixed network communication devices to achieve centralized management of multiple devices.Quidway NetEngine80 Configuration Guide . QoS policy. In addition. to provide means of centralized management of devices from multiple manufacturers. 1.. 1-7 .Basic Configurations z Traffic shaping z Queue management z Queue Scheduling 1 NE80 Core Router Overview Therefore. such as Open Shortest Path First (OSPF). security and users. Routing Information Protocol (RIP) and Border Gateway Protocol version 4 (BGP4). traffic sampling and NAT information statistics. Issue 04 (2009-12-20) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co. supporting Simple Network Management Protocol (SNMP) V1/V2c/V3 and the Client/Server model. The NE80 achieves the hardware-implemented NAT. and VPN service. The NE80 provides multiple authentication methods (such as plain text authentication and MD5) for key routing protocols. The Quidview NMS can also be integrated with the present popular universal NMSs of the industry. 1.3 Features List of the NE80 Table 1-1 Features list of the NE80 Series USR Attribute Description Network interconnection LAN protocol Ethernet_II VLAN (802. and offers switching capacities from 16 Gbit/s to 64 Gbit/s for users.2. The NE80 is suitable for multiple applications from the backbone core network to the edge convergence network.9 Flexible Networking Capabilities The NE80 has the capability of forwarding packets at the line speed. Intranet and MAN core. Diversified entire network solutions from the access network to the core network can be provided for users when the NE80 is cooperated with Huawei's multi-service switches.Basic Configurations 1 NE80 Core Router Overview 1.. The NE80 can be deployed in an IP backbone network. and Metro transmission Series.Quidway NetEngine80 Configuration Guide . provides abundant access means and rich service features. Issue 04 (2009-12-20) . Ltd. broadband access series. The NE80 can also provide powerful service and flexible networking at the edge network and the MAN convergence layer. Quidway Series routers.1Q) Link layer protocol PPP and MP HDLC FR IP over ATM RPR STP/RSTP/MSTP Q-in-Q VLANIF Layer 2 VLAN VLAN sub-interface Network protocol IP service ARP DHCP Relay DHCP Server IP Unnumbered Policy routing 1-8 Huawei Proprietary and Confidential Copyright © Huawei Technologies Co. LAN Switch Series. 1-9 .Basic Configurations Attribute 1 NE80 Core Router Overview Description IPv4 Static routing management Dynamic unicast routing protocol RIP-1/RIP-2 OSPF BGP IS-IS Route policy MPLS MPLS LDP Basic forwarding LSPM VPLS/HVPLS MPLS TE RSVP TE VPN VPN MPLS/BGP VPN. serving as PE/P Hierarchical VPN (HoVPN) Multi-AS VPN MPLS L2VPN (Martini and Kompella) VPLS/HVPLS PWE3 Network security AAA service CHAP authentication PAP authentication RADIUS Other security features NAT Port mirroring Port traffic sampling Flow control on the service LC and the MPU IP packet filtering URPF MAC address learning limit HWTACAS+ SSH V1. Ltd..Quidway NetEngine80 Configuration Guide .5 Hierarchical protection of the command line. so as to prevent unauthorized users from accessing the router Reliability of the device Hot standby for redundancy MPU 1:1 redundancy (applied to NE80-8 and NE80-4) Power supply module 1:1 redundancy System management bus 1:1 redundancy System data bus 1:1 redundancy Issue 04 (2009-12-20) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co. Log function Virtual file system User-interface configuration. Layer 3 and Layer 4 srTCM algorithm and trTCM algorithm Traffic policing and shaping for such services as EF and AF that are based on Diff-Serv LSP explicit route distribution of MPLS Local or remote configuration through Aux port Local or remote configuration through Telnet Hierarchical protection for the command.Quidway NetEngine80 Configuration Guide . so as to prevent unauthorized users from accessing the router Detailed debugging information helpful in the diagnosis of network faults Network testing tools such as Tracert and Ping command for quick network diagnosis Telnet command for direct logon to manage other routers FTP Server/Client for downloading and uploading the configuration file and application program TFTP Client for downloading and uploading the configuration file and application program XModem protocol for local downloading of the configuration file and application program. Ltd. Issue 04 (2009-12-20) .Basic Configurations 1 NE80 Core Router Overview Attribute Description Other features Route consistency checking (route aging) IP fast rerouting VRRP QoS Configuration management Traffic classification Supports simple traffic classification Traffic policing and shaping CAR Policy-based routing IP route redirection MPLS QoS Mapping between EXP and DSCP on the area edge Command line interface Local configuration through Console port Supports the complex traffic classification of the integrated packets of Layer 2.. providing various authentication and authorization functions for the logon users Time service NTP Server and NTP Client Timezone Summer Time On-line service 1-10 On-line loading On-line upgrading Huawei Proprietary and Confidential Copyright © Huawei Technologies Co. error. Alarm information and log information can be outputted through SNMP Agent and the cache Network Management SNMP V1/V2c/V3 others NQA RMON NOTE HDLC = High-level Data Link Control RPR = Resilient Packet Ring URPF = Unicast Reverse Path Forwarding AAA = Authorization.Quidway NetEngine80 Configuration Guide .Basic Configurations Attribute 1 NE80 Core Router Overview Description Information processing center Three types of information: alarm information. Ltd. critical. notification. alert.. 1-11 . informational and debugging Information outputted to the log host and user terminal. Authentication and Accounting VRRP = Virtual Router Redundancy Protocol CAR = Committed Access Rate srTCM = Single Rate Three Color Marker trTCM = Two Rate Three Color Marker Issue 04 (2009-12-20) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co. warning. log information and debugging information Eight grades of information: emergences. ................................................2-5 2..........................................2-2 2..............................4 Logging In to the Router..............................................................1 Login Through the Console ....4.1.............2.....................................................2-4 2....................................4.......................2-5 2......2-5 2........5..........4........................................................................2-6 2..............................3 Example for Logging In Through the AUX Port .................................................................................4 Logging In from the Telnet Client...........2-2 2...........3.......1 Establishing the Configuration Task ...................... Ltd.....2-7 2...5 Configuration Examples...............................2 Establishing the Physical Connection ................................................................................................................................................................2 Establishing the Physical Connection ............................................2-2 2...........................1 Establishing the Configuration Task ...............................................................2-5 2.....................4 Configuring the Connection Between the Remote Terminal and the Router ..........5 Logging In to the Router........2......1 Establishing the Configuration Task .......................... 2-11 Issue 04 (2009-12-20) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co.2-2 2....................................5..................................................3.......................................................2-7 2.2-1 2...............................................................................................................................4.....2-3 2.................1..2-2 2...2....1.................................................................................................................................2 Establishing the Physical Connection ......................2-4 2.....................................................................................................3 Configuring Terminals .................4..................................3........................................2 Login Through Telnet ................................2-3 2.........................................................2-6 2...............................................................5...................2-9 2.2..................3 Initializing and Configuring the Modem on the Interface.............................1 Introduction ................................................2-2 2................................................4 Logging In to the Router Through the AUX Port......3 Login Through AUX Port ........................1 Example for Logging In Through the Console Port..........................................2-5 2............. i .....................Basic Configurations Contents Contents 2 Establishment of the Configuration Environment..............................Quidway NetEngine80 Configuration Guide ....3....................................2 Example for Logging In Through Telnet.......................................................................................3 Logging In to Router Through Telnet..................3 Configuring Login User Parameters .........2-7 2..........2-6 2................................................................................................................................................................................................................2-3 2....................2 Logging In to the Router Through the Console Port ...................................................................... .... 2-11 Issue 04 (2009-12-20) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co.......................................................2-8 Figure 2-3 Setting the port...........................2-8 Figure 2-4 Setting the port communication parameters............................2-7 Figure 2-2 New connection ......................................................................2-9 Figure 2-5 Establishing the configuration environment through Telnet ..................Quidway NetEngine80 Configuration Guide . iii .............................................................................................................................................................................................. 2-11 Figure 2-7 Establishing the remote configuration environment through AUX .......................................................................2-10 Figure 2-6 Running the Telnet program on the PC............................ Ltd................................................Basic Configurations Figures Figures Figure 2-1 Networking diagram of logging in through the console port ................................................................... See Example for Logging In Through Telnet.5 Configuration Examples Issue 04 (2009-12-20) This section provides several examples of establishing configuration environments. See Example for Logging In Through the AUX.. 2.3 Logging In to Router Through Telnet This section describes how to establish configuration environments through Telnet. Huawei Proprietary and Confidential Copyright © Huawei Technologies Co. 2.Basic Configurations 2 2 Establishment of the Configuration Environment Establishment of the Configuration Environment About This Chapter The following table shows the contents of this chapter. Ltd. 2. 2-1 .2 Logging In to the Router Through the Console This section describes how to establish configuration environments through the console port.4 Logging In to the Router Through the AUX Port This section describes how to establish configuration environments through the AUX port. 2.Quidway NetEngine80 Configuration Guide .1 Introduction This section describes the working modes of establishing configuration environments. Section Description 2. See Example for Logging In Through the Console Port. 1. z AAA local authentication: indicates the login user should enter the correct user name and password. the login authentication and the incoming and outgoing call restriction.1.2 Establishment of the Configuration Environment Quidway NetEngine80 Configuration Guide .Basic Configurations 2. If necessary. 2-2 Huawei Proprietary and Confidential Copyright © Huawei Technologies Co. z The configuration environment cannot be established through Telnet or the AUX port.3 Login Through AUX Port If you cannot configure the router by local login and there is no reachable route to other routers. Issue 04 (2009-12-20) . 2.2. ensure that there are directly-connected or reachable routes between terminals and the router. Enter "?" for help.2 Logging In to the Router Through the Console Port 2. Do not modify the IP address of the router when you configure the router through Telnet because the modification may disconnect Telnet.1 Establishing the Configuration Task Applicable Environment If you log in to the router for the first time or perform the local configuration..1. the user account. you can connect PC to the router that to be configured through AUX port in PSTN. Pre-enable the Modem dialup of the AUX port through the console port and configure the username and password. z Non-authentication: indicates the login user need not enter the user name or password. Enter the command to check the running status of the router or to configure the router.1 Introduction 2. set up the connection again after entering a new IP address. 2. The destination router authenticates the user based on the configured parameters in three modes: z Password authentication: indicates the login user should enter the correct password. you need to log in to the router through the Console port. Ltd. use only the console port to configure the router: z The router is powered on for the first time. Also. 2.2 Login Through Telnet Pre-configure the IP addresses of interfaces on the router. If the login succeeds. a command line prompt such as <Quidway> appears on the Telnet client interface.1 Login Through the Console In the following cases. Basic Configurations 2 Establishment of the Configuration Environment Pre-configuration Tasks Before configuring the router through the console port.4 Logging In to the Router Do as follows on the PC: Issue 04 (2009-12-20) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co. ----End 2. 2-3 .Quidway NetEngine80 Configuration Guide .2.2.3 Configuring Terminals Do as follows on the PC: Step 1 Run the terminal emulation program on the PC. Step 2 Power on all devices to perform a self-check. No. setting the communication parameter of the terminal to 9600 bps. Procedure 1 Establishing the Physical Connection 2 Configuring Terminals 3 Logging In to the Router 2. stop bit and flow control) Configuration Procedures To configure the router through the Console port. No. Data 1 Terminal communication parameters (including baud rate. stop bit to 1. you need the following data. parity..2 Establishing the Physical Connection Do as follows on the router: Step 1 Connect the COM port on the PC and the console port on the router by cable.2. complete the following tasks: z Preparing the PC/terminal (including serial port and RS-232 cable) z Installing terminal emulation program on the PC (such as Windows XP hyper terminal) Data Preparation To configure the router through the Console port. ----End 2. data bit. data bit to 8. complete the following configuration procedures. Ltd. Specify no parity and no flow control. you can log in to the router through Telnet for local or remote configuration. complete the following tasks: z Powering on devices and performing a self-check z Preparing the PC (including the serial port and Ethernet crossover/direct network cable Data Preparation To log in to the router through Telnet.Basic Configurations Step 1 Press Enter until a command line prompt such as Quidway appears. No.3 Logging In to Router Through Telnet 2. password and authentication mode) Configuration Procedures To configure the router through Telnet. Issue 04 (2009-12-20) . 2-4 No. Now enter the configuration environment in the user view. ----End 2. Procedure 1 Establishing the Physical Connection 2 Configuring Login User Parameters 3 Logging In from the Telnet Client Huawei Proprietary and Confidential Copyright © Huawei Technologies Co.1 Establishing the Configuration Task Applicable Environment If you know the IP address of the router. you need the following data..3. Pre-configuration Tasks Before configuring the router through Telnet. Ltd.2 Establishment of the Configuration Environment Quidway NetEngine80 Configuration Guide . complete the following procedures. Data 1 IP address of the PC 2 IP address of the Ethernet interface on the router 3 User information accessed through Telnet (including user name. ----End 2. For details.Basic Configurations 2 Establishment of the Configuration Environment 2. ----End 2. complete the following tasks: z Preparing the PC/terminal (including the serial port and RS-232 cable) z Preparing the PC terminal emulation program (such as Windows XP hyper terminal) z Preparing two Modems Data Preparation To configure the router..4 Logging In from the Telnet Client Do as follows on the PC: Step 1 Run the Telnet client program on the PC.Basic Configurations. a command line prompt such as <Quidway> appears. Step 2 Enter the user name and password in the login window.3.4. After authentication.3. connect the serial port of the PC and the AUX port of the router through the Modem. 2.Quidway NetEngine80 Configuration Guide . Now enter the configuration environment in the user view. Pre-configuration Tasks Before configuring the router through the AUX port dialup.3. Issue 04 (2009-12-20) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co. Ltd. and input the IP address of the interface on the destination router that provides the Telnet service.3 Configuring Login User Parameters Do as follows on the router: Step 1 Configure the authentication mode of login users.4 Logging In to the Router Through the AUX Port 2. Step 2 Configure the authority limitation of login user. 2-5 . you need the following data.2 Establishing the Physical Connection Connect the router and the PC directly or connect the router and the PC respectively to the network through the network cable.1 Establishing the Configuration Task Applicable Environment If you cannot configure the router by local login and there is no reachable route to other routers. refer to Chapter 5 "User Management" in the Quidway NetEngine80 Core Router . such as Dial.2 Establishing the Physical Connection Do as follows on the login router: Step 1 Connect the Modem with the PC and the network.4. Step 3 Click OK to enter the Connect To window. Step 2 Enter the connection name of the PC and the router. 2-6 Huawei Proprietary and Confidential Copyright © Huawei Technologies Co. Data 1 Type of terminals 2 Terminal communication parameters 3 Modem communication parameters Quidway NetEngine80 Configuration Guide . 2.. Step 2 Connect the Modem with the router through the AUX port and the network. ----End 2. No. refer to the Quidway NetEngine80 Core Router Configuration Guide .2 Establishment of the Configuration Environment No. Ltd. complete the following procedures. Procedure 1 Establishing the Physical Connection 2 Initializing and Configuring the Modem on the Interface 3 Configuring the Connection Between the Remote Terminal and the Router 4 Logging In to the Router 2.4.4.Security.3 Initializing and Configuring the Modem on the Interface Do as follows on the router: z Configure the authentication mode of login user z Configure the authority limitation of login user For details.4 Configuring the Connection Between the Remote Terminal and the Router Do as follows on the terminal PC: Step 1 Run the terminal emulation program on the PC (such as Windows XP HyperTerminal) to enter the Connection Description window.Basic Configurations Configuration Procedures To configure the router by dialup through the AUX port. Issue 04 (2009-12-20) . Connect the PC and the router through the console port 2. Step 5 Click OK to enter the Connect window. Step 6 Click Dial. Configure the login on the PC end 3.Quidway NetEngine80 Configuration Guide . Issue 04 (2009-12-20) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co.4. ----End 2. ----End 2.5 Logging In to the Router Do as follows on the login router: Step 1 Enter the user name and password in the login window.Basic Configurations 2 Establishment of the Configuration Environment Step 4 Enter the parameters and select options. Figure 2-1 Networking diagram of logging in through the console port Router PC Configuration Roadmap The configuration roadmap is as follows: 1.5 Configuration Examples 2. you need the terminal communication parameters (including baud bit. 2-7 . After configuration. stop bit and flow control). Now enter the configuration environment in the user view. a command line prompt such as <Quidway> appears. Log in to the router Data Preparation To complete the configuration..1 Example for Logging In Through the Console Port Networking Requirements Initialize the configuration of the router when the router is powered on for the first time. parity. Ltd. data bit.5. The local configuration environment is established. Specify no parity and no flow control as shown from Figure 2-2 to Figure 2-4. stop bit to be 1. Issue 04 (2009-12-20) .2 Establishment of the Configuration Environment Quidway NetEngine80 Configuration Guide .. Step 2 Run the terminal emulation program on the PC. data bit to be 8. Ltd.Basic Configurations Configuration Procedure Step 1 Connect the serial port of the PC (or terminal) to the console port of the router through standard RS-232 configuration cable. Figure 2-2 New connection Figure 2-3 Setting the port 2-8 Huawei Proprietary and Confidential Copyright © Huawei Technologies Co. Set the terminal communication parameters to be 9600 bps. refer to the following chapters. For details. Issue 04 (2009-12-20) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co.2 Example for Logging In Through Telnet Networking Requirements You can log in to the router on other network segments through the PC or other terminals to perform remote maintenance. When the self-check ends. 2-9 .5. Enter "?" for help.Quidway NetEngine80 Configuration Guide . ----End 2. Ltd. Enter the command to check the running status of the router or configure the router. you are prompted to press Enter until a command line prompt such as Quidway appears..Basic Configurations 2 Establishment of the Configuration Environment Figure 2-4 Setting the port communication parameters Power on the router to perform a self-check and the system performs automatic configuration. Run the Telnet on the PC. Ltd. Configure user login parameters 3.92 255.0 [Quidway-GigabitEthernet1/0/0] quit # Configure login authentication mode [Quidway] aaa [Quidway-aaa] local-user huawei password cipher test2 [Quidway-aaa] local-user huawei service-type telnet [Quidway-aaa] local-user huawei level 3 [Quidway-aaa] quit [Quidway] user-interface vty 0 4 [Quidway-ui-vty0-14] authentication-mode aaa Step 3 Configure the client login.38. as shown in Figure 2-6.160.255.0. 2-10 Huawei Proprietary and Confidential Copyright © Huawei Technologies Co. Logging in to the router from the client side Data Preparation To complete the configuration. you need the following data z IP address of the PC z IP address of the Ethernet interface on the router z User information accessed through Telnet (including the user name.Basic Configurations 2 Establishment of the Configuration Environment Figure 2-5 Establishing the configuration environment through Telnet GE1/0/0 202. # Configure the login address <Quidway> system-view [Quidway] interface GigabitEthernet 1/0/0 [Quidway-GigabitEthernet1/0/0] ip address 202. password and authentication mode) Configuration Procedure Step 1 Connect the PC and the router respectively to the network.38.160. Issue 04 (2009-12-20) . Establish the physical connection 2. Step 2 Configure login user parameters.Quidway NetEngine80 Configuration Guide ..92/16 WAN PC Router Target Router Configuration Roadmap The configuration roadmap is as follows: 1. connect the serial port of the PC and the AUX port of the router through the Modem.5. The detailed configuration environment is shown as Figure 2-7.3 Example for Logging In Through the AUX Port Networking Requirements If you cannot configure the router by local login and there is no reachable route to other routers..Basic Configurations 2 Establishment of the Configuration Environment Figure 2-6 Running the Telnet program on the PC Click OK. Establish the physical connection 2. a command line prompt such as <Quidway> appears. Now enter the configuration environment in the user view. 2-11 .Quidway NetEngine80 Configuration Guide . Configure Modem parameters 3. Ltd. After authentication. ----End 2. Configure the AUX port to support the Modem dialup Issue 04 (2009-12-20) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co. Figure 2-7 Establishing the remote configuration environment through AUX Modem Modem PSTN AUX Router COM PC Configuration Roadmap The configuration roadmap is as follows: 1. Enter the user name and password in the login window. Issue 04 (2009-12-20) .. refer to the following chapters.2 Establishment of the Configuration Environment Quidway NetEngine80 Configuration Guide . Step 2 Configure the AUX port to support the Modem dialup. Press Enter on the PC emulation terminal or terminal until a command line prompt of the Modem such as ">" appears. ----End 2-12 Huawei Proprietary and Confidential Copyright © Huawei Technologies Co. Ltd. you need the following data: z Type of terminals z Terminal communication parameters z Modem communication parameters Configuration Procedure Step 1 Establish the physical connection as shown in Figure 2-7. Enter the user name and password in the remote terminal emulation program. see 2. For detailed operations. a command line prompt such as <Quidway> appears.Basic Configurations Data Preparation To complete the configuration. Step 4 Log in to the router. Configure the Modem to meet the requirements of AUX communication.4 Configuring the Connection Between the Remote Terminal and the Router. <Quidway> system-view [Quidway] aaa [Quidway-local-aaa-server] local-user huawei password cipher test1 [Quidway-local-aaa-server] local-user huawei service-type terminal [Quidway-local-aaa-server] local-user huawei level 3 [Quidway-local-aaa-server] quit [Quidway] user-interface aux 0 [Quidway-ui-aux0] authentication-mode aaa [Quidway-ui-aux0] modem both Step 3 Configure Modem parameters. After authentication. Enter the command to check the running status of the router or configure the router.4. Enter "?" for help. For details. # Run the PC emulation terminal. see Modem descriptions. ..............................5.................................3-1 3........................3-6 3..............................................................................................................................................................3-13 3.....................................................................................................................................................................................................3...............3 Regular Expressions.............................................................................................3-8 3....................................3-3 3......................4....................................................3-14 3.................................1.............1 Editing..............................................................................................................................................2 Defining Shortcut Keys.......1 Introduction ...........................3-13 3..............................................2..........................................................................3-6 3........3-2 3..............................................................3-12 3...1...............Quidway NetEngine80 Configuration Guide ................3-7 3..........................................................4.........3-13 3................................................................3-2 3..................5 Configuration Examples................................................... Ltd..3 Command Line Views..................3 Features of Command Line Interface ................................................2.............................................................................................................4............................3-8 3..2 Partial help ..........3............................................................................................................Basic Configurations Contents Contents 3 CLI Overview...........................3 Use of Shortcut Keys .......................................3 Error Messages of the Command Line Interface...................................................3-10 3................................................................................3...................................................................................................................1...............................................................................................................3-6 3..................... 3-11 3..5............................1 Full Help ..........................................3-7 3...................................2 Copying Commands Using Shortcut Keys.................................................................................3 Example for Using Tab ..2 Displaying......3-2 3...............4 History Commands ..................................2 Command Levels .............................................. 3-11 3.............3.......................4 Shortcut Keys ..............5....................................................................2 Online Help ..............................................1 Example for Using Shortcut Keys..................................1 Command Line Interface ...........3-7 3................3-14 Issue 04 (2009-12-20) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co...................2........1 Classifying Shortcut Keys............................................................................................ i ........................................................ .................................3-10 Table 3-7 System-defined shortcut keys ............ iii ........................... Ltd..................3-8 Table 3-5 Describes metacharacters ..................... 3-11 Issue 04 (2009-12-20) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co.....................................................................................................................................................................3-4 Table 3-2 Common error messages of the command line.......................................................................................................................................................3-9 Table 3-6 Access the history commands..........................3-7 Table 3-3 Keys for editing ........................................................................................................................................................................................................Basic Configurations Tables Tables Table 3-1 Command line views ...................Quidway NetEngine80 Configuration Guide ............................................................3-7 Table 3-4 Keys for displaying.............................................................. 3 Features of Command Line Interface This section describes the error messages of the command line. 3.1 Introduction This section describes the basic concepts of the command line. Section Description 3. Issue 04 (2009-12-20) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co. 3-1 .. 3.Quidway NetEngine80 Configuration Guide .Basic Configurations 3 CLI Overview 3 CLI Overview About This Chapter The following table shows the contents of this chapter. Ltd.2 Online Help This section describes how to use the online help of the command line.5 Configuration Examples This section provides examples for using shortcut keys.4 Shortcut Keys This section describes how to use shortcut keys. 3. 3. Basic Configurations 3 CLI Overview 3.1. Issue 04 (2009-12-20) . z Local or remote configuration through Telnet or Secure Shell (SSH).Quidway NetEngine80 Configuration Guide . z The system saves the incomplete command to the configuration files in the complete form. the incomplete command cannot be restored. z Remote configuration by logging in to the an asynchronous serial interface on a router through Modem dialup.1 Command Line Interface When a prompt appears. z Local configuration through the console port. A CLI features as follows: z Local or remote configuration through AUX port.1 Introduction 3. Ltd. you enter the command line interface (CLI) and interact with routers through CLI. 3.. therefore. The command can be in an incomplete form. password authentication and Authentication. z A user interface view for specific configuration management. z Hierarchical command protection for users of different levels. z The telnet command for directly logging in to and manage other routers. z Running a history command. pay attention to the length of the incomplete command. These methods make it easy for users to enter their commands. that is running the commands based on the corresponding level. The system provides a series of configuration commands. Huawei Proprietary and Confidential Copyright © Huawei Technologies Co. when the system is restarted. z Local authentication. The default command level are as follows: z 3-2 Level 0-Visit level: Commands of this level include commands of network diagnosis tool (such as ping and tracert) and commands that start from the local device and visit external device (including Telnet client side. So.2 Command Levels The system adopts a hierarchical protection mode that has 16 command levels. like DosKey. z FTP service for the file uploading and downloading. Authorization and Accounting (AAA) to prevent the unauthorized user from accessing the router. the command may have more than 255 characters. You can configure and manage the router by entering commands on CLI. z The system supports the command with 255 characters at most. z A command line interpreter provides intelligent command resolution methods such as key word fuzzy match and context conjunction. z Network testing commands such as tracert and ping for rapidly diagnosing a network. z Abundant debugging information to help in diagnosing the network.1. z Entering "?" for online help at any time. SSH client side and Rlogin) and so on. However. Quidway NetEngine80 Configuration Guide - Basic Configurations 3 CLI Overview z Level 1-Monitoring level: Commands of this level, including the display commands and the debugging commands, are used for system maintenance, service fault diagnosis, and so on. z Level 2-Configuration level: Commands of this level are service configuration commands that provide direct network service to the user, including routing and network layer commands. z Level 3-Management level: Commands of this level are commands that influence basis operation of the system and provide support to the service. They include file system commands, FTP commands, TFTP commands, XModem downloading commands, configuration file switching commands, power supply control commands, backup board control commands, user management commands, level setting commands, system internal parameter setting commands, and so on. To implement the refined management, you can increase the command levels to 0-15. For the increase in the command levels, refer to Chapter 4 "Basic Configuration" in the Quidway NetEngine80 Configuration Guide - Basic Configurations. z The default command level may be higher than the command level defined according to the command rules in application. z Login users have the same 16 levels as the command levels. The login users can use only the command of the levels that are equal to or lower than their own levels. For details of login user levels, refer to section 5.1.2 "User Management" in Chapter 5 "User Login." 3.1.3 Command Line Views The command line interface has different command views. All the commands must register in one or more command views. You can run a command only when you enter the corresponding command view. # Establish connection with the router. If the router adopts the default configuration, you can enter the user view with the prompt of <Quidway>. # Type system-view, and you can enter the system view. <Quidway> system-view [Quidway] # Type aaa in the system view, and you can enter the AAA view. [Quidway] aaa [Quidway-aaa] The prompt <Quidway> indicates the default router name. The prompt <> indicates the user view and the prompt [ ] indicates other views. Some commands that are implemented in the system view can also be implemented in the other views. But the function implemented associate with the command view. For example, the mpls command (for starting MPLS) can be run in the system view to enable the MPLS capability globally. It can also be run in the interface view to enable the MPLS capability on this interface. Different command line views are shown in Table 3-1. Issue 04 (2009-12-20) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. 3-3 Quidway NetEngine80 Configuration Guide - Basic Configurations 3 CLI Overview Table 3-1 Command line views 3-4 View Description aaa AAA view aaa-accounting AAA accounting view aaa-authen AAA authentication view aaa-author AAA authorization view aaa-domain AAA domain view aaa-recording AAA recording view acl-adv Advanced ACL view acl-basic Basic ACL view acl-if ACL view based on interface Atm-pvc ATM PVC view aux AUX interface view bgp BGP view bgp-af-l2vpn BGP AF L2VPN view bgp-af-vpnv4 BGP AF VPNV4 view bgp-af-vpn-instance BGP AF VPN instance view vpls-family VPLS address family view cpos CPOS interface view dhcp DHCP address pool view e1 E1 interface view e3 E3 interface view ethernet Ethernet interface view explicit-path Explicit path view fr-class Frame relay view ftp-client FTP client view GigabitEthernet GE interface view hwtacacs HWTACACS view ike-proposal IKE view ipsec-policy-isakmp IPSEC policy Isakmp view ipsec-policy-manual IPSEC policy manual view ipsec-policy-template IPSEC policy template view Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. Issue 04 (2009-12-20) Quidway NetEngine80 Configuration Guide - Basic Configurations 3 CLI Overview View Description ipsec-proposal IPSEC view isis IS-IS view l2tp L2TP view loopback Loopback interface view mp-group Mp-group interface view mpls MPLS view mpls-l2vpn MPLS-L2VPN view mpls-ldp MPLS-LDP view null Null interface view ospf OSPF view ospf-area OSPF area view policy-based-route Policy-based route view pos POS interface view radius RADIUS view rip RIP view rip-af-vpn-instance RIP AF VPN instance view ripng RIPng view route-policy Route policy view rsa-key-code RSA key code view rsa-public-key RSA public key view serial Serial interface view shell Shell view system System view t1 T1 interface view t3 T3 interface view tunnel Tunnel interface view tunnel-policy Tunnel policy view user-interface User interface view virtual-ethernet Virtual Ethernet interface view virtual-template Virtual template interface view vpn-instance VPN instance view Issue 04 (2009-12-20) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. 3-5 Quidway NetEngine80 Configuration Guide - Basic Configurations 3 CLI Overview View Description aaa AAA view aaa-accounting AAA accounting view aaa-authen AAA authentication view 3.2 Online Help The command line interface provides the two online helps: z Full help z Partial help 3.2.1 Full Help You can obtain the full help of the command line in the following ways: z Enter "?" in any command line view to display all the commands and their simple descriptions. <Quidway> ? z Enter a command and "?" separated by a space. If the key word is at this position, all key words and their simple descriptions are displayed. For example: <Quidway> language-mode ? Chinese Chinese environment English English environment Chinese and English are keywords; Chinese environment and English environment describe the keywords respectively. z Enter a command and "?" separated by a space, and if a parameter is at this position, the related parameter names and parameter descriptions are displayed. For example: Quidway] ftp timeout ? INTEGER<1-35791> Specify FTP timeout minutes [Quidway] ftp timeout 35 ? <cr> In the preceding display, INTEGER<1-35791> describes the parameter value; Specify FTP timeout minutes is a simple description of the parameter usage; <cr> indicates that no parameter is at this position. The command is repeated in the next command line. You can press Enter to run the command. 3.2.2 Partial help You can obtain the partial help of the command line in the following ways: z Enter a character string and "?" separated by a space to display all commands that begin with this character string. <Quidway> d? debugging 3-6 delete dir display downlpu Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. Issue 04 (2009-12-20) Quidway NetEngine80 Configuration Guide - Basic Configurations z 3 CLI Overview Enter a command with "?" closely following it to display all the key words that begin with this character string. <Quidway> display v? version virtual-access version vlan z vpls vlan vpn-group vlan-group vrrp voltage vpls vrrp vsi vsi Enter the first several letters of a key word in the command and then press Tab to display the complete key word on the condition that the letters uniquely identify the key word. Otherwise, if you continue to press Tab, different key words are displayed. You can select the needed key word. 3.2.3 Error Messages of the Command Line Interface All the commands entered by the user are run correctly, if the grammar check has been passed. Otherwise, error messages are reported to the user. See Table 3-2 for the common error messages. Table 3-2 Common error messages of the command line Error messages Cause of the error Unrecognized command The command cannot be found The key word cannot be found Wrong parameter Parameter type error The parameter value exceeds the limit Incomplete command Incomplete command inputted Too many parameters Too many parameters inputted Ambiguous command Indefinite parameters inputted 3.3 Features of Command Line Interface 3.3.1 Editing The command line supports multi-line edition. The maximum length of each command is 255 characters. Keys for editing often used are shown in Table 3-3. Table 3-3 Keys for editing Key Function Common key Inserts a character in the current position of the cursor if the editing buffer is not full and the cursor moves rightward. Otherwise an alarm is generated. Issue 04 (2009-12-20) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. 3-7 an alarm is generated. 3.3 Regular Expressions When a lot of information is output. 3. you can filter the display through regular expressions.3. Space Continues to display the information on next screen. z If there are several matches or no match at all. When the cursor reaches the head of the command. the cursor is closely follows the word end and you can type a space to enter the next word. Enter Continues to display the information on next line. Issue 04 (2009-12-20) . Left cursor key ← or Ctrl+B Moves the cursor leftward by the space of a character.Quidway NetEngine80 Configuration Guide . In this case. an alarm is genarated. When the cursor reaches the head of the command. In this case. the system replaces the typed one with the complete key word and displays it in a new line with the cursor a space behind. Then you can press Tab to view the matching key word one by one. z When the information displayed exceeds a full screen.3. Tab Press Tab after typing the incomplete key word and the system runs the partial help: z If the matching key word is unique. the system displays the prefix first.. the user has three choices as shown in Table 3-4.Basic Configurations 3 CLI Overview Key Function Backspace Deletes the character on the left of the cursor and the cursor moves leftward. Right cursor key → or Ctrl+F Moves the cursor rightward by the space of a character. it provides the pause function. z If a wrong key word is input. When the cursor reaches the end of the command. 3-8 Huawei Proprietary and Confidential Copyright © Huawei Technologies Co. the alarm bell rings. Ltd. Table 3-4 Keys for displaying Key Function Ctrl+C Stops the display and running of the command. press Tab and your input is displayed in a new line.2 Displaying You can control to display on CLI as follows: z Display prompt and help information in both Chinese and English. For example: ^ip: matches the target object that begins with the character string "ip". [^a-z] Matches any character that is not within the specified range. Table 3-5 Describes metacharacters Metacharacter Connotation \ Escape character . when a regular expression is defined as "hello". $ Characters on the left of it must appear at the end of the target object.Basic Configurations 3 CLI Overview The regular expression is a tool for matching and replacing modes. {n} The matches appear for n times (n is a non-negative integer). ^ Characters on the right of it must appear at the beginning of the target object. Note that there is no space between n and m. [a-z] Matches any character within the specified range. [xyz] Matches the character listed in the square character. it matches only the character string "hello". For example.. Matches any single character including space except for \n. To help users construct the matching mode flexibly. Ltd. Users should construct the matching mode based on certain rules. regular expressions provide some special characters that are called metacharacters. + Characters on the left of it appear for 1 or many times continuously in the target object. [^xyz] Matches any character that is not listed in the square bracket (^ is on the left of the character). Metacharacters are used to define the modes of other characters in the target object.} The matches appear for at least n times (n is a non-negative integer). {n. Issue 04 (2009-12-20) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co. * Characters on the left of it appear for 0 or many times continuously in the target object.Quidway NetEngine80 Configuration Guide . and then match the mode with the target object. 3-9 . | Or relationship exists between characters on the left and right sides of it.m} The matches appear for n-m times (m and n are non-negative integer and n is smaller than or equal to m). {n. The simplest regular expressions do not contain any metacharacter. ip$: matches the target object that ends with the character string "ip". NE80 supports two ways of applying regular expression in filtering. Metacharacters are described in Table 3-5. Quidway NetEngine80 Configuration Guide - Basic Configurations 3 CLI Overview Specifying a Filtering Mode in Command For the commands supporting regular expressions, there are three filtering methods: z | begin regular-expression: displays the information that begins with the line that matches regular expression. z | exclude regular-expression: displays the information that excludes the lines that match regular expression. z | include regular-expression: displays the information that includes the lines that match regular expression. Specify a Filtering Mode when Information is Displayed When a lot of information is output and displayed, you can specify a filtering mode in the prompt "---- More ----". z /regular-expression: displays the information that begins with the line that matches regular expression. z -regular-expression: displays the information that excludes lines that match regular expression. z +regular-expression: displays the information that includes lines that match regular expression. Regular expressions are used to filter the output, such as the metacharacter {}. If the number of matching times exceeds the scope specified in {}, the matching times out and the information cannot be displayed normally. Thus, ensure to avoid repeating regular expressions. Different products have different scopes. 3.3.4 History Commands The command line interface automatically saves the history command entered by the user. This function is similar to the Doskey. The user can invoke and run the saved history command at any time. By default, the system saves 10 history commands at most for each user. The operations are as shown in Table 3-6. Table 3-6 Access the history commands 3-10 Action Key or Command Result Display the history commands. display history-command Display the history commands entered by users. Access the last history command. Up cursor key Display the last history command if there is an earlier history command ↑ or Ctrl+P Otherwise, an alarm is generated. Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. Issue 04 (2009-12-20) Quidway NetEngine80 Configuration Guide - Basic Configurations 3 CLI Overview Action Key or Command Result Access the next history command. Down cursor key ↓ or Ctrl+N Display the next history command if there is a later history command. Otherwise, the command is cleared and the alarm bell rings. On the HyperTerminal of Windows 9X, cursor key ↑ is invalid. Because the HyperTerminals of Windows 9X define the keys differently. In this case, you can replace the cursor key ↑ with Ctrl+P. When you use the history command, note the following: z The saved history commands are the same as that those input by users. For example, if the user inputs an incomplete command, the saved command also is incomplete. z If the user runs the same command for several times, the earliest command is saved. If the command is input in different forms, they are considered as different commands. z For example, if the display ip routing-table command is run for several times, only one history command is saved. If the disp ip routing command and the display ip routing-table command are run, two history commands are saved. 3.4 Shortcut Keys 3.4.1 Classifying Shortcut Keys The shortcut keys in the system are classified into the following types: z User-oriented and user-defined shortcut keys: CTRL_G, CTRL_L, and CTRL_O. The user can correlate these shortcut keys with any commands. When the shortcut keys are pressed, the system automatically runs the corresponding command. For the details of defining the shortcut keys, see Defining Shortcut Keys. z System-defined shortcut keys: These shortcut keys with fixed functions are defined by the system. Table 3-7 lists the system-defined shortcut keys. Different terminal software defines these keys differently. Therefore, the shortcut keys on the terminal may be different from those listed in this section. Table 3-7 System-defined shortcut keys Key Function CTRL_A The cursor moves to the beginning of the current line. CTRL_B The cursor moves leftward by the space of a character. CTRL_C Terminates the running function. CTRL_D Deletes the character where the cursor lies. CTRL_E The cursor moves to the end of the current line. Issue 04 (2009-12-20) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. 3-11 Quidway NetEngine80 Configuration Guide - Basic Configurations 3 CLI Overview Key Function CTRL_F The cursor moves rightward by the space of a character. CTRL_H Deletes one character on the left of the cursor. CTRL_K Terminates the outbound connection. CTRL_N Displays the next command in the history command buffer. CTRL_P Displays the previous command in history command buffer. CTRL_R Redisplays the information of the current line. CTRL_SHIFT_V Pastes the contents on the clipboard. CTRL_T Kill outgoing connection when connecting. CTRL_U Delete all characters up to the cursor. CTRL_W Deletes a character string or character on the left of the cursor. CTRL_X Deletes all the characters on the left of the cursor. CTRL_Y Deletes all the characters on the right of the cursor. CTRL_Z Returns to the user view. CTRL_] Terminates the inbound or redirection connections. ESC_B The cursor moves leftward by the space of a word. ESC_D Deletes a word on the right of the cursor. ESC_F The cursor moves rightward to the next word end. ESC_N The cursor moves downward to the next line. ESC_P The cursor moves upward to the previous line. ESC_SHIFT_< Sets the position of the cursor to the beginning of the clipboard. ESC_SHIFT_> Sets the position of the cursor to the end of the clipboard. 3.4.2 Defining Shortcut Keys When defining the shortcut keys, use double quotation marks to define the command if this command contains several commands words. That is, spaces exist in the command. Configure as follows in the system view. 3-12 Action Command Define shortcut keys. hotkey { CTRL_G | CTRL_L | CTRL_O } command-text Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. Issue 04 (2009-12-20) Quidway NetEngine80 Configuration Guide - Basic Configurations 3 CLI Overview By default, CTRL_G, CTRL_L and CTRL_O correspond to the following commands respectively: z CTRL_G: display current-configuration z CTRL_L: display ip routing-table z CTRL_O: undo debugging all 3.4.3 Use of Shortcut Keys z You can press the shortcut keys wherever you can type a command. Then the system displays the full corresponding command. z If you have typed part of a command and have not pressed Enter, you can press the shortcut keys to clear the input and display the full corresponding command. This operation has the same effect with that deleting all commands and then re-entering the complete command. z The shortcut keys are run as the commands, the syntax is recorded to the command buffer and log for fault location and querying. The terminal in use may affect the functions of the shortcut keys. For example, if the customized shortcut keys of the terminal conflict with those of the router, the input shortcut keys are captured by the terminal program and hence the shortcut keys do not function. Run the following command in any view to display the use of shortcut keys. Action Command View the use of shortcut keys. display hotkey 3.5 Configuration Examples 3.5.1 Example for Using Shortcut Keys Defining Shortcut Keys Step 1 Correlate Ctrl_G with the display ip routing-table command and run the shortcut keys. <Quidway> system-view [Quidway] hotkey ctrl_u display ip routing-table Step 2 Press Ctrl+G when the prompt Quidway appears. [Quidway] display ip routing-table Route Flags: R - relay, D - download to fib -----------------------------------------------------------------------------Routing Tables: Public Destinations : 5 Destination/Mask Proto Pre Cost Flags 51.51.51.9/32 Direct 0 Issue 04 (2009-12-20) Routes : 5 0 NextHop D 127.0.0.1 Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. Interface InLoopBack0 3-13 Quidway NetEngine80 Configuration Guide - Basic Configurations 3 CLI Overview 100.2.0.0/16 Direct 0 0 D 100.2.150.51 100.2.150.51/32 Direct 0 0 D 127.0.0.1 100.2.255.255/32 Direct 0 127.0.0.0/8 Direct 0 GigabitEthernet0/0/0 InLoopBack0 0 D 127.0.0.1 InLoopBack0 0 D 127.0.0.1 InLoopBack0 ----End 3.5.2 Copying Commands Using Shortcut Keys Step 1 Enter the command in any view. # Move the cursor to the beginning of the command and press ESC_SHIFT_<. Move the cursor to the end and press ESC_SHIFT_>. Then, press CTRL_Cf for copying. <Quidway> display ip routing-table Step 2 Run the display clipboard command to view the contents on the clipboard. <Quidway> display clipboard ---------------- CLIPBOARD----------------display ip routing-table Step 3 Press Ctrl+Shift+V to paste the contents of clipboard. <Quidway> display ip routing-table ----End 3.5.3 Example for Using Tab There are three cases in using Tab as shown in the following example: z The matching key word is unique after the incomplete key word is typed in. Step 1 Type the incomplete key word. [Quidway] info- Step 2 Press Tab. [Quidway] info-center The system replaces the typed one with the complete key word and displays it in a new line with the cursor a space behind ----End z There are several matches or no match at all after the incomplete key word is typed in. # info-center can be followed by three key words. [Quidway] info-center log? logbuffer logfile loghost Type the incomplete key word. [Quidway] info-center l Step 1 Press Tab. 3-14 Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. Issue 04 (2009-12-20) . ----End Issue 04 (2009-12-20) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co. Step 3 Type a space to enter the next word "channel". [Quidway] info-center loglog Step 2 Press Tab. Step 2 Continue to press Tab. The prefix in this example is "log". 3-15 . [Quidway] info-center loghost [Quidway] info-center logbuffer [Quidway] info-center logfile Stop pressing Tab after the key word logfile that you need is displayed. The cursor is closely following the word end. [Quidway] info-center loglog The wrong input "loglog" is displayed in a new line. Step 1 Type a wrong key word "loglog". Ltd.Quidway NetEngine80 Configuration Guide . [Quidway] info-center logfile channel ----End z A wrong key word is typed in.Basic Configurations 3 CLI Overview [Quidway] info-center log The system displays the prefix first. ......2 Configuring the Basic System Environment ........................................................................1 Introduction ...............................................Basic Configurations Contents Contents 4 Basic Configuration ...............................................Quidway NetEngine80 Configuration Guide ......2.............................................................................................1 Displaying System Configuration ..2......................................6 Configuring Command Levels.........2 Configuring the Password for Switching User Levels ..................................................3 Configuring the Equipment Name ............................................................................................. Ltd......................................4-1 4.........4-7 4...............................3....................................................4 Locking User Interfaces ...........2 Switching the Language Mode.........3.....................................................................3 Configuring Basic User Environment ........4-3 4...............3 Collecting System Diagostic Information ........................4-8 Issue 04 (2009-12-20) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co.........................2.....2........................................................................................4 Configuring the System Clock ......4-8 4.4.....................................................................................4-6 4..........................................4-8 4..................................................................4-5 4.......4-3 4...........4-5 4................................................................................................................2..4-4 4...................................................4-4 4..............................................5 Configuring the Header Text...................................................................4-3 4.3 Switching User Levels ........2 Displaying System Status.4-2 4.......................................4.........4...................................................................1 Establishing the Configuration Task ...4-7 4...........................4-6 4..................................................4 Displaying System Status Messages .3........................................................................................................................................ i .........................3......................................................................................................1 Establishing the Configuration Task ......................................4-2 4........................4-2 4................................................................2........................................ . 4.3 Configuring Basic User Environment This section describes the configuration of the basic user configuration environment on the router. 4. 4-1 . 4.Quidway NetEngine80 Configuration Guide .Basic Configurations 4 Basic Configuration 4 Basic Configuration About This Chapter The following table shows the contents of this chapter. Issue 04 (2009-12-20) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co.1 Introduction This section describes the basic configurations.4 Displaying System Status Messages This section describes the display commands for displaying basic system configuration.2 Configuring the Basic System Environment This section describes how to configure the basic system environment on the router. Section Description 4. Ltd. system time. the product supports commands of Level 0 to Level 3. host name. namely. Issue 04 (2009-12-20) . If the user needs to define more levels. header text. you need the following data. you need to configure the basic system environments to meet the requirements of the practical environments.1 Introduction Before configuring the services. Pre-configuration Tasks Before configuring basic system environment.Basic Configurations 4 Basic Configuration 4. users often need to perform basic configurations for actual operation and maintenance. visit level.. 4. 4-2 No. the user can extend the range of command line level from the range of Level 0 to Level 3 to the range of Level 0 to Level 15. configuration level.Quidway NetEngine80 Configuration Guide .2. The product provides configurations of two kinds of basic environments: z Basic system environment: mainly includes the language mode. or refine manage privilege on the device. Data Preparation To configure basic system environment.2 Configuring the Basic System Environment 4. Ltd. power on the router. z Basic user environment: mainly includes password for changing levels and the terminal lock. By default. command level for actual environment. Data 1 Language mode 2 System time 3 Host name 4 Login information 5 Command level Huawei Proprietary and Confidential Copyright © Huawei Technologies Co. and management level.1 Establishing the Configuration Task Applicable Environment Before configuring the services. system name. monitoring level. 2 Switching the Language Mode Do as follows on the router: Step 1 Run: language-mode { chinese | english } The language mode is switched.4 Configuring the System Clock Do as follows on the router: Step 1 Run: clock datetime HH:MM:SS YYYY/MM/DD Issue 04 (2009-12-20) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co. the English mode is used. 4.2. run this command to switch the language mode. Step 2 Run: sysname host-name The equipment name is set.Basic Configurations 4 Basic Configuration Configuration Procedures No. 4-3 . 4.. Ltd. Procedure 1 Switching the Language Mode 2 Configuring the Equipment Name 3 Configuring the System Clock 4 Configuring the Header Text 5 Configuring Command Levels 4. The help information on the router can be in English and in Chinese. ----End By default.2.2.Quidway NetEngine80 Configuration Guide . When you need the help information in Chinese. ----End You can change the name of the router that appears in the command prompt.3 Configuring the Equipment Name Do as follows on the router: Step 1 Run: system-view The system view is displayed. ----End 4. 4.6 Configuring Command Levels Do as follows on the router: Step 1 Run: system-view 4-4 Huawei Proprietary and Confidential Copyright © Huawei Technologies Co. log in or start interactive configuration.. Configure the header text to provide detailed indication. Step 3 Run: header shell { information text | file file-name } The header text is set after the login. Ltd. Issue 04 (2009-12-20) . ----End Header text is the prompt displayed by the system when users connect to the router. Step 2 Run: header login { information text | file file-name } The header text is set during login. Step 3 Run: clock daylight-saving-time time-zone-name one-year start-time start-data end-time end-data offset Or: clock daylight-saving-time time-zone-name repeating start-time { start-year month { first | second | third | fourth | fifth | last } weekday | start-date } end-time { end-year month { first | second | third | fourth | fifth | last } weekday | end-date } offset The daylight time is set.2.5 Configuring the Header Text Do as follows on the router: Step 1 Run: system-view The system view is displayed. The product supports setting the time zone and daylight time. To guarantee cooperation with other devices.Quidway NetEngine80 Configuration Guide .2. Step 2 Run: clock timezone time-zone-name { add | minus } offset The time zone is set.Basic Configurations 4 Basic Configuration The UTC standard time is set. you need to accurately set the system time. z No command lines exist in Level 2 to Level 9 and Level 11 to Level 14. 4-5 . At the same time.3 Configuring Basic User Environment 4. the user needs to change to a high identity level. ----End If the user does not adjust a command level separately.Quidway NetEngine80 Configuration Guide .3. the system asks if the user wants to continue to update the command line level. it requires the user to configure the basic environment for changing levels. With the command. the system prompts the user to set a super-password for the level 15 user. From Level 2 to Level 10 and from Level 3 to Level 15. This results in that the user that does not log in through the Console port fails to update the level. Step 3 Run: command-privilege level level view view-name command-key The command level is configured. If you select "Y". When no password for level 15 user is configured. you can specify the level and view for multiple commands at one time (command-key).1 Establishing the Configuration Task Applicable Environment The user can log in to a router with lower level.The user can adjust the command lines to these levels separately to refine the management of privilege. perform simple configurations or view configurations. Ltd. When the configuration is complicated. just select "N" to set a password. z The command Level 2 is updated to Level 10 and Level 3 is updated to Level 15. Step 2 Run: command-privilege level rearrange Update the command level in batch. 4. after the command level is updated.Basic Configurations 4 Basic Configuration The system view is displayed.. all originally-registered command lines adjust automatically according to following rules: z The commands of Level 0 and Level 1 remain still. Thus. but one-step by batch. this is not a two-step process. Then.. the command level can be updated in batch directly. Pre-configuration Tasks Before configuring the basic environment for the user. complete the following task: z Issue 04 (2009-12-20) Powering on the router properly Huawei Proprietary and Confidential Copyright © Huawei Technologies Co. Data 1 Password for the user level switching Configuration Procedures No. Ltd. 4.2 Configuring the Password for Switching User Levels When simple is used. Step 2 Run: super password [ level user-level ] { simple | cipher } password The password for switching user levels is configured. cipher is used to save the password in encrypted text.Quidway NetEngine80 Configuration Guide . Therefore. Login users with lower level can get the password by viewing the configuration.Basic Configurations 4 Basic Configuration Data Preparation To configure the basic environment for the user. you need the following data: No.3 Switching User Levels Do as follows on the router: 4-6 Huawei Proprietary and Confidential Copyright © Huawei Technologies Co. ----End When users log in to the router with a lower user level. Do as follows on the router: Step 1 Run: system-view The system view is displayed. the password is saved in the configuration files in simple text.. This may cause security problems. The password needs to be configured beforehand. Procedure 1 Configuring the Password for Switching User Levels 2 Switching User Levels 3 Locking User Interfaces 4. Issue 04 (2009-12-20) . they switch to a super user level to perform advanced operations by entering the corresponding password.3.3. If the password input is correct. refer to the Quidway NetEngine80Core RouterConfiguration Guide .. You must enter the correct password to unlock the user interface. ----End An accurate password must be entered when the user is switched from a lower level to a higher level.4 Displaying System Status Messages Using the display commands to get the following status messages: z System configuration message z System working status message Issue 04 (2009-12-20) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co.Basic Configurations 4 Basic Configuration Step 1 Run: super [ level ] User levels are switched.Security. the message "locked !" is displayed. 4. Step 2 Follow the prompt and enter a password. Step 2 Follow the system prompt and input an unlock password. When the login user of lower levels is switched to the user of higher level through super. ----End When you leave the operation terminals for the moment. the user can switch to a higher level. the system only records the switchover in the log. and then confirm.3. <Quidway> lock Enter Password: Confirm Password: After configuration. 4. If the user inputs a password incorrectly for three times successively. 4-7 . Ltd. When the switched level is lower than that of the current level.4 Locking User Interfaces Do as follows on the router: Step 1 Run: lock The user interface is locked. the system automatically sends trap messages records the switchover in the log. For detailed configurations.Quidway NetEngine80 Configuration Guide . the user remains the current login level and the user view is returned. you can lock the user interface in case unauthorized users operate the interface. users can perform HWTACACS Authentication. When configuring the switchover of user levels on the router. But you cannot collect enough information. You can use the display diagnostic-information command to collect the running information about the current modules in the system. 4. display cpu. z Run the display this command to display the configuration of the current view. display history-command and so on.Quidway NetEngine80 Configuration Guide . The display diagnostic-information command collects the information for once after running the following commands.2 Displaying System Status Run one or more of following commands according to your needs: z Run the display debugging [ interface interface-type interface-number ] [ module-name ] command to display the debugging status.Basic Configurations 4 Basic Configuration z System statistics message z Restart message on the AMB See the related sections for display commands about protocols and interfaces. Run the following commands in all views. including display clock. Issue 04 (2009-12-20) . because there are many display commands.1 Displaying System Configuration Run one or more of following commands according to your needs: z Run the display version command to display the system edition. display saved-configuration. z Run the display clock command to display the system time. z Run the display users [ all ] command to display the terminal user. When the system fails or performing the routine maintenance. display interface. 4-8 Huawei Proprietary and Confidential Copyright © Huawei Technologies Co. 4. Ltd. display version.4. you need to collect a lot of information to locate the fault. The following only shows the system display commands.3 Collecting System Diagostic Information Run the following command according to your needs: Run the display diagnostic-information [ file-nme ] command to display the system diagnosis information.4.. display current-configuration. z Run the display current-configuration command to display the current configuration. 4. z Run the display saved-configuration command to display the original configuration.4. ...........5-22 5................................3 Configuring AUX User Interface ..................5-3 5...5-17 5...........................................1 Establishing the Configuration Task ............3 Configuring AUX Terminal Attributes...................................................................................................................................................5-7 5........................................................4.........................................................................4............2 Configuring Console Interface Attributes ............................................................................7 Checking the Configuration ..................................................5 Configuring Modem Attributes ................................5-10 5.....................................................................................................2....................................5-8 5.....................................................................5-7 5......3............4 Configuring Timeout of VTY User Authorization .....................................1 Establishing the Configuration Task ....................5-22 Issue 04 (2009-12-20) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co...................................................................................................5.......5.5-16 5.Basic Configurations Contents Contents 5 User Management ..5-2 5........................................3 Configuring Limits for Incoming Calls and Outgoing Calls......................................................................................................................................................................5-10 5........................................Quidway NetEngine80 Configuration Guide .....5-18 5..................................................................5-15 5.....................................................4........................... 5-11 5..........................................................................4 Configuring User Priority ...............................................5-5 5............................................................................................2..............................................5-13 5.................................................................................................5-12 5.......5.......................................................................6 Checking the Configuration ..............................................................................................1....7 Checking the Configuration ................5-22 5.....................4........6 Configuring User Authentication ...........3.........5-13 5.......................3 Clearing Online User .....6 Configuring User Authentication .............................................................2....................................................................3...3.........5-21 5............................3........2.......4............................................................................................................................................5-1 5..........................................................................................................................................4 Checking the Configuration .......................5-16 5...............5-17 5....................2 Configuring Console User Interface..................................2............................2 Configuring Maximum VTY User Interfaces ....5-14 5.............................1 Establishing the Configuration Task .........................................................................2.........1..........4........1 Establishing the Configuration Task .......................................5-2 5.....................5-10 5..............5-21 5.................5-21 5..........4 Configuring the User Interface Priority .........................................................................5 Configuring User Authentication ........................1 User Interface View ....................1 Introduction ............................................................5-18 5...........................5-19 5.... Ltd..............2 User Management ...................................5-5 5..............2 Configuring AUX Interface Attributes......5 Managing User Interfaces ..............................................................5 Configuring VTY Terminal Attributes ...............................3..................................................3 Setting Console Terminal Attributes .. i .4 Configuring VTY User Interface...................................................5.....4.........................................2 Sending Messages to Other User Interfaces..........................................3....................................5-6 5.................. ...8 Checking the Configuration ........................................................5-31 5............6 Configuring Local User Priority ..6.................................................... Ltd............................................................................................7.............7....................5-29 5....Basic Configurations 5..........................................................................................6.............................7 Configuring Local User Management .................................................................................................................................................................8.............................................7.................................1 Establishing the Configuration Task ...............Contents Quidway NetEngine80 Configuration Guide ..........................................7 Checking the Configuration ...............6 Configuring User Management ............................5-28 5................................................5-23 5....5 Configuring Local User Status......5-27 5..........5-27 5................................................. Issue 04 (2009-12-20) .6 Configuring User Priority ...........................................5-32 ii Huawei Proprietary and Confidential Copyright © Huawei Technologies Co.....4 Setting Username and Password for AAA Local Authentication ....................................2 Example for Logging In to the Router Through AAA ................5-26 5...................................................................................................................................................................3 Configuring the Service Type of the Local User.7 Configuring Access Restriction of the Local User......5-26 5.....7...............................................................5-23 5.....8 Configuration Examples...............................................................................................................................................6..........................5-30 5..........................................................................................................5-29 5..6.4 Configuring Local User Authority for FTP Directory..................7...7....7.....................5-24 5.........6..............................5-25 5.....5-26 5.3 Configuring Authentication Password ...............................2 Creating Local User Account....................................5-24 5.....................5 Configuring Non-Authentication .........................1 Establishing the Configuration Task ...................................7.............................................1 Example for Configuring Logging In to the Router Through Password ....8..............................................6....................................5-26 5....5-28 5...5-24 5..........................................6........................5-29 5.............................2 Configuring Authentication Mode ............... ................. Ltd...................5-3 Issue 04 (2009-12-20) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co........Basic Configurations Tables Tables Table 5-1 Example for the absolute numbering .................Quidway NetEngine80 Configuration Guide ............................... iii ........... 1 Introduction This section describes the basic concepts of the user interface and the user management.4 Configuring VTY User This section describes how to configure the user interface of VTY.Basic Configurations 5 User Management 5 User Management About This Chapter The following table shows the contents of this chapter.2 Configuring Console User Interface This section describes how to configure the user interface on console port.Quidway NetEngine80 Configuration Guide .8 Configuration Examples This section provides examples for logging in to the router in different ways.5 Managing User Interfaces This section describes how to send messages and clear users between interfaces. 5-1 .7 Configuring Local User Management This section describes how to configure and authenticate the local user. 5. Issue 04 (2009-12-20) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co. Ltd.. Section Description 5. 5. 5. 5.3 Configuring AUX User Interface This section describes how to configure the user interface on AUX port. 5. 5.6 Configuring User Management This section describes how to manage and authenticate the user that logs in to the router. 5. User Interface Numbering The following are user interface numbering methods: z Relative numbering The format of the relative numbering is user interface type + number. 5-2 Huawei Proprietary and Confidential Copyright © Huawei Technologies Co. Absolute numbering This specifies a user interface or a group of user interfaces. AUX.. The main control unit provides one EIA/TIA-232 DCE console port for local configuration by directly connecting a terminal to a router.1 User Interface View The user interface view is a command line view provided by the system. Ltd. There is only a single console port and an AUX port and there are 0-15 VTY interfaces. and VTY.1. It must comply with the following rules: z − Number of the console port: CON 0 − Number of the auxiliary port: AUX 0 − Number of the VTY: VTY 0 for the first line. All type of user interfaces use relative numbering. Table 5-1 Shows the absolute numbers of the user interfaces in this system. It is used to configure and manage all the physical and logical interfaces in the asynchronous mode. The default number is five.1 Introduction 5.Quidway NetEngine80 Configuration Guide . You can use the user-interface maximum-vty command to set the maximum number of user interfaces. The starting number is 0 and the rest is in the sequence of CON -> AUX -> VTY. A virtual type line (VTY) is the Telnet connection with the router through a terminal. z Virtual type line (VTY) The virtual port is a logical terminal line. The main control unit has one EIA/TIA-232 DTE AUX port. z Auxiliary port (AUX) The main control unit of a router provides the auxiliary port that is a line device port. the system supports three types of user interfaces: CON. User Interfaces Supported by the System z Console port (CON) The console port is a serial port provided by the main control unit of the router provides the console port. and is used by a terminal to access the router through the Modem.Basic Configurations 5 User Management 5. It is used for local or remote access to the router. By default. It is used only in a single or a group of specified type of user-interfaces. Issue 04 (2009-12-20) . VTY 1 for the second line and so on. The remote user accesses the router through Telnet if the router is configured with the IP address of the MCU or that of the interface board. Run the display user-interface command to view the absolute number of user interfaces. The remote user accesses the network by establishing a PPP connection with the router. any user can configure the router by connecting a PC with it through the console port. the absolute numbers of the AUX interface and the VTY interface may be different. users of a router are classified as follows: z HyperTerminal users: They access the router through the console port or the AUX port. Configure the usernames and the user password for the router to ensure network security and to ease user management.Basic Configurations 5 User Management Table 5-1 Example for the absolute numbering Absolute number User-interface 0 CON0 33 AUX0 34 The first virtual interface (VTY0) 35 The second virtual interface (VTY1) 36 The third virtual interface (VTY2) 37 The fourth virtual interface (VTY3) 38 The fifth virtual interface (VTY4) For different types of devices. In such a condition. z Telnet users: They access the router through Telnet.Quidway NetEngine80 Configuration Guide . Ltd. z Secure Shell (SSH) users: They establish SSH connections with the router to access the network. Issue 04 (2009-12-20) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co..2 User Management The username and the password are not configured when a router is powered on for the first time. The numbers from 1 to 32 are reserved for the TTY user interfaces.1. z File Transfer Protocol (FTP) users: They establish FTP connections with the router to transfer files. 5. 5-3 . User Classification Based on the services obtained. z Point-to-Point Protocol (PPP) users: They establish PPP connections (such as dialing and PPPoA) with the router to access the network. The four types of user authentication are as follows: z Non-authentication: In this type.2 "Command Level" in Chapter 3 "Command Line Introduction. a user accesses the router without the username and password. 5-4 z At least one HyperTerminal user is created on a router z A Telnet user is created for remote access. This is safer when compared to non-authentication. Monitoring. The user with the level 3 can access all the commands. AAA local authentication authenticates the Telnet and HyperTerminal users." User Authentication After the user configuration. For details of command level. Authorization and Accounting (AAA) local: This scheme needs both the username and the password. The user can access the commands with the level equal to or smaller than the user level. z AAA authentication scheme: This scheme cooperates with AAA server. which authenticates PPP users.. the level of the command that can be accessed by the login user depends on the level of the local user in the AAA configuration. 1. z An FTP user uploads or downloads files on a router from the remote. User Planning The network administrator provides the user plan based on the actual requirements. A user can access a command depending on the user level. the system authenticates users when they access the router.Basic Configurations 5 User Management User Level The system provides hierarchical management to HyperTerminal users and Telnet users. the higher the priority is. and are marked from 0 to15. Configure and Management.1. For example. The login user has the same 16 levels like the command. The higher the mark is. z In the case of AAA authentication. Ltd. the user can access the commands with level 0. if the user level is 2. refer to section 3. z Authentication. This is not recommended due to security reasons z Password authentication: In this type. z In the case of non-authentication or password authentication. a user accesses the router only with the password rather than the username. They are Visit. or 2.Quidway NetEngine80 Configuration Guide . z A PPP user can access networks through PPP connections. the level of the command that can be accessed by the login user depends on the level of the login user interface. Huawei Proprietary and Confidential Copyright © Huawei Technologies Co. Issue 04 (2009-12-20) . checksum mode. Procedure 1 Configuring Console Interface Attributes 2 Setting Console Terminal Attributes 3 Configuring the User Interface Priority 4 Configuring User Authentication Issue 04 (2009-12-20) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co. complete the following procedures. you need the following data. refer to the Chapter 8 "FTP. No. Ltd. 5.." z For the configuration of PPP user. Configuration Procedures To configure a console interface.Basic Configurations 5 User Management z For the configuration of FTP user. 5-5 .1 Establishing the Configuration Task Applicable Environment If you need to maintain a router on a local device. user name. flow-control mode.2. TFTP and XModem. refer to Quidway NetEngine80 Core Router Configuration Guide . No. screen length of terminal.Quidway NetEngine80 Configuration Guide . Pre-configuration Tasks Before configuring console user interface. Data 1 Transmission rate. and data bit 2 Idle timeout period for user. stop bit.Security.2 Configuring Console User Interface 5. the console user interface is required. and password All the default values of the data are stored on the router and does not need additional configuration. complete the following tasks: z Powering on the router z Connecting the PC with the router properly Data Preparation To configure console user-interface. and the size of history command buffer 3 User priority 4 User authentication method. By default.Basic Configurations 5 User Management No.2. the transmission rate is 9600 bit/s.Quidway NetEngine80 Configuration Guide . Issue 04 (2009-12-20) . By default. Step 4 (Optional) Run: flow-control { hardware | none | software } The flow control mode is set. the value is none. By default. Ltd. the data bit is 8. Step 5 (Optional) Run: parity { even | mark | none | odd | space } The parity mode is set. Step 2 Run: user-interface [ ui-type ] first-ui-number [ last-ui-number ] The user interface view is displayed. By default.5 | 1 | 2 } The stop bit is set. Step 6 (Optional)Run: stopbits { 1. the value is 9600 bit/s. By default. By default. Step 7 (Optional)Run: databits { 5 | 6 | 7 | 8 } The data bit is set.. ----End 5-6 Huawei Proprietary and Confidential Copyright © Huawei Technologies Co.2 Configuring Console Interface Attributes Do as follows on the router that the user logs in to: Step 1 Run: system-view The system view is displayed. the flow-control mode is none. 5. the value is 1 bit. Procedure 5 Checking the Configuration You can configure one or more user interfaces simultaneously in any view. Step 3 (Optional) Run: speed speed-value The transmission rate is set. Step 4 Run: idle-timeout minutes [ seconds ] The timeout period is set. Step 5 Run: screen-length screen-length One-screen length of the terminal screen is set.4 Configuring the User Interface Priority Do as follows on the router that the user logs in to: Step 1 Run: system-view The system view is displayed. idle timeout period for users on the user interface is 10 minutes. Step 6 Run: history-command max-size size-value The buffer of the history command is set. Step 2 Run: user-interface [ ui-type ] first-ui-number [ last-ui-number ] The user interface view is displayed. Step 3 Run: Shell The terminal service is started.3 Setting Console Terminal Attributes Do as follows on the router that the user logs in to: Step 1 Run: system-view The system view is displayed. the user cannot log in to the router. Ltd.Quidway NetEngine80 Configuration Guide .2. ----End 5.. 5-7 .Basic Configurations 5 User Management When the user logs in to a router through a console interface. Issue 04 (2009-12-20) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co.2. Step 2 Run: user-interface [ ui-type ] first-ui-number [ last-ui-number ] The user interface view is displayed. Otherwise. By default. the configured attributes for the console interface on the super terminal should accord with the attributes of the interface on the router. 5. 2 "Command Level" in Chapter 3 "CLI Overview". A user can only use the command of proper level corresponding to the user level. see section 3. Step 4 Run: quit Exit from the console user interface view. Step 3 Run: authentication-mode aaa The authentication mode is set to AAA. This process is to set the priority for a user who logs in through the console interface..5 Configuring User Authentication Three user authentication modes are available on the router: z AAA authentication: requires the user name and password. Step 2 Run: user-interface console 0 The console user interface view is displayed. the user cannot log in to the router through the console interface.2. Ltd.Basic Configurations 5 User Management Step 3 Run: user privilege level level The priority of the user interface is set. z Password authentication: needs no user name but a password.Quidway NetEngine80 Configuration Guide . Step 6 Run: 5-8 Huawei Proprietary and Confidential Copyright © Huawei Technologies Co. Configuring AAA Authentication Do as follows on the router: Step 1 Run: system-view The system view is displayed. No authentication is needed when the user logs in to the router. 5. Step 5 Run: aaa The AAA view is displayed. z Non-authentication: requires the user name and password.1. The priority of the user is set. Otherwise. Issue 04 (2009-12-20) . ----End For more information about the command priority. Ltd. Step 2 Run: user-interface console 0 The console user interface view is displayed.. Step 3 Run: authentication-mode none The authentication mode is set to non-authentication. Step 2 Run: user-interface console 0 The console user interface view is displayed. Step 3 Run: authentication-mode password You can set authentication mode as password authentication. ----End Configuring Password Authentication Do as follows on the router: Step 1 Run: system-view The system view is displayed. ----End Configuring Non-Authentication Do as follows on the router: Step 1 Run: system-view The system view is displayed.Quidway NetEngine80 Configuration Guide . ----End Issue 04 (2009-12-20) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co. 5-9 . Step 4 Run: set authentication password { cipher | simple } password A password for authentication is set.Basic Configurations 5 User Management local-user user-name password { simple | cipher } password Name and password of the local user are created. 6 Checking the Configuration Run the following commands to check the previous configuration. flow-control mode. and data bit 2 Idle timeout period for user. you need the following data.Quidway NetEngine80 Configuration Guide . 5-10 No. Data 1 Transmission rate. user name. Ltd. checksum mode. complete the following tasks: z Powering on the router z Connecting the PC with the router properly Data Preparation Before configuring AUX user interface. and password Huawei Proprietary and Confidential Copyright © Huawei Technologies Co. stop bit.Basic Configurations 5 User Management 5.. Pre-configuration Tasks Before configuring AUX user interface.3 Configuring AUX User Interface 5.2. display users [ all ] View physical attributes and configurations of the user interface display user-interface console 0 [ summary ] View the local user list display local-user View online users display access-user 5. and the size of history command buffer 3 User priority 4 Modem attributes 5 (Optional) Auto-execute commands 6 User authentication method. AUX user interface is required. screen length of terminal.1 Establishing the Configuration Task Applicable Environment When the user needs to maintain a remote router. Action Command View the information about the user interface use.3. Issue 04 (2009-12-20) . the checksum bit is none. Step 2 Run: user-interface aux 0 The AUX user interface view is displayed. Step 5 Run: parity { even | mark | none | odd | space } The checksum bit is set. Step 3 (Optional) Run: speed speed-value The transmission rate is set. Step 4 (Optional) Run: flow-control { hardware | none | software } The flow control mode is set..3. No. Configuration Procedures To configure an AUX user interface. the transmission rate is 9600 bit/s. 5-11 . Procedure 1 Configuring AUX Interface Attributes 2 Configuring AUX Terminal Attributes 3 Configuring User Priority 4 Configuring Modem Attributes 5 Configuring User Authentication 6 Checking the Configuration 5.Quidway NetEngine80 Configuration Guide . complete the following procedures. By default. Issue 04 (2009-12-20) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co. By default. Ltd. By default.2 Configuring AUX Interface Attributes Do as follows on the router: Step 1 Run: system-view The system view is displayed.Basic Configurations 5 User Management All data above have default values on the router. and generally you do not need to specify them. the flow-control mode is none. .5 | 1 | 2 } The stop bit is set. the configured attributes for the console port on the super terminal should accord with the attributes of the port on the router. Ltd. 5. the user cannot log in to the router. the data bit is 8. Step 3 Run: shell AUX terminal service is enabled.3 Configuring AUX Terminal Attributes Do as follows on the router: Step 1 Run: system-view The system view is displayed. By default. Step 7 (Optional) Run: databits { 5 | 6 | 7 | 8 } The data bit is set. the stop bit is 1 bit. Step 4 Run: idle-timeout minutes [ seconds ] User idle timeout is enabled. By default.Basic Configurations 5 User Management Step 6 (Optional) Run: stopbits { 1. idle timeout period for users is 10 minutes. Step 6 Run: history-command max-size size-value 5-12 Huawei Proprietary and Confidential Copyright © Huawei Technologies Co. the length of the terminal screen is 24 lines. Issue 04 (2009-12-20) .3. ----End When the user logs in to a router through an AUX port. Otherwise. By default. Step 5 Run: screen-length screen-length The screen length of the terminal screen is set. Step 2 Run: user-interface aux 0 The AUX user interface view is displayed.Quidway NetEngine80 Configuration Guide . By default. Step 2 Run: user-interface aux 0 The AUX user interface view is displayed. the size of history command buffer on user interface is 10 history commands.Quidway NetEngine80 Configuration Guide . from picking up to detecting carrier. Step 3 Run: user privilege level level The user priority is set. By default. Step 2 Run: user-interface aux 0 The AUX user interface view is displayed. Step 4 Run: modem auto-answer Enable auto answer. Ltd.5 Configuring Modem Attributes Do as follows on the router that the user logs in to: Step 1 Run: system-view The system view is displayed.Basic Configurations 5 User Management The size of the history command buffer is configured.3. the time since the establishment of calling. that is. 5-13 . ----End 5. Step 5 Run: modem [ both | call-in ] Issue 04 (2009-12-20) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co.3. Step 3 Run: modem timer answer seconds Set the period since the system receives the ring signal until waits for CD_UP.4 Configuring User Priority Do as follows on the router: Step 1 Run: system-view The system view is displayed.. ----End 5. z None: requires neither user name nor password. No authentication is needed when the user logs in to the router.Quidway NetEngine80 Configuration Guide . Step 6 Run: local-user user-name password { simple | cipher } password Local user and password are configured. Ltd.3.. Step 2 Run: user-interface aux 0 The AUX user interface view is displayed. Otherwise. Step 4 Run: quit Exit from the AUX user interface view. ----End Configuring Password Authentication Do as follows on the router: 5-14 Huawei Proprietary and Confidential Copyright © Huawei Technologies Co. Step 3 Run: authentication-mode aaa Authentication mode is set to AAA. Configuring AAA Authentication Do as follows on the router: Step 1 Run: system-view The system view is displayed.6 Configuring User Authentication The router supports user authentication of three types: z AAA authentication: requires the user name and password. ----End 5. Step 5 Run: aaa The aaa view is displayed. z Password authentication: requires no user name but a password must be set.Basic Configurations 5 User Management The switch of incoming call or outgoing call is set. Issue 04 (2009-12-20) . the user cannot log in to the router through the console interface. ----End Configuring Non-Authentication Do as follows on the router: Step 1 Run: system-view The system view is displayed. Ltd. 5-15 .7 Checking the Configuration Run the following commands to check the previous configuration. Step 4 Run: set authentication password { cipher | simple } password Step 5 Set password for this mode.. ----End 5. Step 3 Run: authentication-mode password Authentication mode is set to password. Action Command View usage information of the user interface display users [ all ] View physical attributes and configurations of the user interface display user-interface console 0 [ summary ] Issue 04 (2009-12-20) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co. Step 3 Run: authentication-mode none Authentication mode is set to none. Step 2 Run: user-interface aux 0 The AUX user interface view is displayed.Quidway NetEngine80 Configuration Guide .Basic Configurations 5 User Management Step 1 Run: system-view The system view is displayed.3. Step 2 Run: user-interface aux 0 The AUX user interface view is displayed. Quidway NetEngine80 Configuration Guide . Ltd. Procedure 1 Configuring Maximum VTY User Interfaces 2 Configuring Limits for Incoming Calls and Outgoing Calls Huawei Proprietary and Confidential Copyright © Huawei Technologies Co. Issue 04 (2009-12-20) .4 Configuring VTY User Interface 5. and the size of history command buffer 5 User authentication method. Data 1 Maximum VTY user interfaces 2 (Optional) ACL code to limit VTY user interface to call in and out 3 (Optional) Timeout of command line authentication 4 Idle timeout period for user. complete the following procedures. 5-16 No. complete the following tasks: z Powering on the router z Correctly connecting PC and router Data Preparation To configure the VTY user interface. and password Configuration Procedures To configure a VTY user interface.Basic Configurations 5 User Management Action Command View the local user list display local-user View online users display access-user 5. No. Pre-configuration Tasks Before configuring VTY user interface. you need the following data.4. screen length of terminal.. user name. you need to configure the VTY user interface.1 Establishing the Configuration Task Applicable Environment If you want to configure and manage Telnet or log in to the router through SSH. .Quidway NetEngine80 Configuration Guide . the system applies password authentication by default. this parameter needs not be configured if. To allow 15 VTY users online at the same time.3 Configuring Limits for Incoming Calls and Outgoing Calls Do as follows on the router that the user logs in to: Step 1 Run: system-view The system view is displayed. Procedure 3 Configuring Timeout of VTY User Authorization 4 Configuring VTY Terminal Attributes 5 Configuring User Authentication 5 User Management 5. Step 2 Run: Issue 04 (2009-12-20) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co. Ltd.4.Basic Configurations No.4. If the number of maximum VTY user interfaces to be configured is larger than the number of current maximum interfaces. a maximum of five users are allowed online. the authentication mode and password need to be configured for newly added user interfaces. The prompt is shown as follows: Warning:Login password has not been set! For example. For newly added user interfaces. Step 2 Run: user-interface maximum-vty number Set the maximum VTY user interfaces that can log in to the router at the same time. you need to run the authentication-mode command and the set authentication password command to configure authentication modes and passwords for VTY user interface 5 to interface 14.2 Configuring Maximum VTY User Interfaces Do as follows on the router that the user logs in to: Step 1 Run: system-view The system view is displayed. ----End If the number of maximum VTY user interfaces to be configured is smaller than the number of current maximum interfaces. 5-17 . shown as follows: <Quidway> system-view [Quidway] user-interface maximum-vty 15 [Quidway] user-interface vty 5 14 [Quidway-ui-vty5-14] authentication-mode password [Quidway-ui-vty5-14] set authentication password cipher huawei 5. 4.4 Configuring Timeout of VTY User Authorization Do as follows the router that the user logs in to: Step 1 Run: system-view The system view is displayed.5 Configuring VTY Terminal Attributes Do as follows on the router: Step 1 Run: system-view The system view is displayed. Step 3 Run: authorization-cmd timeout timeout-value The timeout of command line authorization I set. the command can be run. When you need to prevent a user of certain address or segment address from logging in to the router. When authorization is passed. Step 3 Run: acl acl-number { inbound | outbound } Configure the limits to calling in/out of VTY user interface. ----End The product supports to authorize HWTACACS command line to login users according to user level or SSH user name.. each command the user inputs must be authorized by the HWTACACS server.4.Basic Configurations 5 User Management user-interface [ ui-type ] first-ui-number [ last-ui-number ] The user interface view is displayed. ----End 5. If the user receives no authorization from the HWTACACS server within the timeout limit time. Ltd. and use the outbound command. the command cannot be run. use the inbound command. Issue 04 (2009-12-20) . Step 2 Run: user-interface vty first-ui-number [ last-ui-number ] The VTY user interface view is displayed. When the user logs in to the router and needs command line authorization. 5. when you need to prevent a user who logs in to a router from accessing other routers.Quidway NetEngine80 Configuration Guide . Step 2 Run: 5-18 Huawei Proprietary and Confidential Copyright © Huawei Technologies Co. No authentication is needed when the user logs in to the router. z Password authentication: requires no user name but a password must be set.Quidway NetEngine80 Configuration Guide . Ltd. Step 6 Run: history-command max-size size-value Step 7 Set the size of the history command buffer.4. 5-19 . Step 5 Run: screen-length screen-length The screen length of the terminal screen is set. Step 3 Run: authentication-mode aaa Set the authentication mode as AAA.6 Configuring User Authentication Three authentication modes are available on a router: z AAA authentication: requires the user name and password. ----End 5. Issue 04 (2009-12-20) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co. Step 3 Run: shell VTY terminal service is enabled.) z None: requires neither user name nor password. Step 2 Run: user-interface vty number1 [ number2 ] The VTY user interface view is displayed. Step 4 Run: idle-timeout minutes [ seconds ] User disconnection after timeout is enabled. Configuring AAA Authentication Do as follows on the router: Step 1 Run: system-view The system view is displayed.Basic Configurations 5 User Management user-interface vty number1 [ number2 ] The VTY user interface view is displayed. the user cannot log in to the router through console interface. Otherwise.. Step 3 Run: authentication-mode password Set the authentication mode as password. Step 2 Run: user-interface vty number1 [ number2 ] The VTY user interface view is displayed. ----End Configuring Password Authentication Do as follows on the router: Step 1 Run: system-view The system view is displayed. Step 5 Run: aaa The AAA view is displayed.Basic Configurations 5 User Management Step 4 Run: quit Exit from the VTY user interface view. Ltd. Step 2 Run: user-interface vty number1 [ number2 ] 5-20 Huawei Proprietary and Confidential Copyright © Huawei Technologies Co.. Step 6 Run: local-user user-name password { simple | cipher } password Create local user and password. ----End Configuring Non-Authentication Do as follows on the router: Step 1 Run: system-view The system view is displayed. Step 4 Run: Set authentication password { simple | cipher } password Set a password for this authentication mode.Quidway NetEngine80 Configuration Guide . Issue 04 (2009-12-20) . you need the following data: No. complete the following tasks: z Powering on the router z Connecting the PC with the router properly Data Preparation To manage the user interface. Ltd. you need to send messages between user interfaces and clear designated user and so on. 5-21 .. Action Command View the usage information of the user interface display users [ all ] View the number of maximum VTY user interfaces display user-interface maximum-vty View the physical attributes and configurations of the user interface display user-interface [ ui-typeui-number | number| summary ] 5. ----End 5. Step 3 Run: authentication-mode none The authentication mode is set to none. Data 1 Type and number of the user interface 2 Contents of the message to be sent Issue 04 (2009-12-20) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co.Basic Configurations 5 User Management The VTY user interface view is displayed.5 Managing User Interfaces 5.4. Pre-configuration Tasks Before managing the user interface.1 Establishing the Configuration Task Applicable Environment To ensure the operator can manage routers safely.5.Quidway NetEngine80 Configuration Guide .7 Checking the Configuration Run the following commands to check the previous configuration. Procedure 1 Sending Messages to Other User Interfaces 2 Clearing Online User 3 Checking the Configuration 5. Ltd.Basic Configurations 5 User Management Configuration Procedures To configure a user interface.2 Sending Messages to Other User Interfaces Do as follows on the router: Step 1 Run: send { all | interface-type interface-number | number } You can enable message sending between user interfaces.. Issue 04 (2009-12-20) . You can press Ctrl+Z or Enter key to end. Upon the prompts. you can confirm whether to clear designated online users. Following the prompt. complete the following procedures.5. ----End 5. 5-22 Action Command Display the usage information of the user interface display users [ all ] Check the online user display access-user Huawei Proprietary and Confidential Copyright © Huawei Technologies Co.5. ----End 5. No.4 Checking the Configuration Run the following commands to check the previous configuration. you can enter the message to be sent.3 Clearing Online User Do as follows on the router: Step 1 Run: free user-interface { ui-number | ui-type ui-number1 } Online users are cleared.Quidway NetEngine80 Configuration Guide .5. 6 Configuring User Management 5. configure a username and the user password for the router. remote users can log in to the router to access networks through Telnet or establish a PPP connection with the router. Ltd. Data 1 Authentication mode 2 Username and password 3 User priority Configuration Procedures To configure user management.6.1 Establishing the Configuration Task Applicable Environment This section describes how to configure the user priority and the authentication. To ensure network security and ease user management.. you need the following data. No. 5-23 . complete the following tasks: z Powering on the router z Connecting the PC with the router properly Data Preparation To configure a user. Remote users access the network by establishing PPP connection with the router. complete the following procedures. Pre-configuration Tasks Before configuring a user interface.Quidway NetEngine80 Configuration Guide . No. This can be done if the router is configured with the IP address of the MCU or that of the interface board.Basic Configurations 5 User Management 5. To access the network. Procedure 1 Configuring Authentication Mode 2 Configuring Authentication Password 3 Setting Username and Password for AAA Local Authentication 4 Configuring Non-Authentication 5 Configuring User Priority 6 Checking the Configuration Issue 04 (2009-12-20) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co. Ltd.3 Configuring Authentication Password Do as follows on the router that the user logs in to: Step 1 Run: system-view The system view is displayed.. ----End 5. Step 3 Run: authentication-mode { aaa | password | none } The user authentication mode is configured.4 Setting Username and Password for AAA Local Authentication Do as follows on the router that the user logs in to: Step 1 Run: system-view 5-24 Huawei Proprietary and Confidential Copyright © Huawei Technologies Co.6.2 Configuring Authentication Mode Do as follows on the router that the user logs in to: Step 1 Run: system-view The system view is displayed.Quidway NetEngine80 Configuration Guide .6. Step 2 Run: user-interface [ ui-type ] first-ui-number [ last-ui-number ] The user interface view is displayed. Step 3 Run: set authentication password { cipher | simple } password The authentication password is configured.6. 5.Basic Configurations 5 User Management 5. Issue 04 (2009-12-20) . Step 2 Run: user-interface [ ui-type ] first-ui-number [ last-ui-number ] The user interface view is displayed. ----End The default authentication mode is the password authentication. Step 3 Run: set authentication aaa Step 4 Run: aaa The AAA view is displayed. ----End Configuring the non-authentication may cause security problems of the router. ----End 5. Step 3 Run: set authentication none The non-authentication is configured.6.5 Configuring Non-Authentication Do as follows on the router that the user logs in to: Step 1 Run: system-view The system view is displayed. Step 2 Run: user-interface [ ui-type ] first-ui-number [ last-ui-number ] The user interface view is displayed. Issue 04 (2009-12-20) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co.Quidway NetEngine80 Configuration Guide . Step 5 Run: local-user user-name password { simple | cipher } password The local username and the password are configured. Ltd. Step 2 Run: user-interface [ ui-type ] first-ui-number [ last-ui-number ] The user interface view is displayed. 5-25 .Basic Configurations 5 User Management The system view is displayed.. Quidway NetEngine80 Configuration Guide .Basic Configurations 5 User Management z If the authentication mode is non-authentication or password authentication.6.7 Checking the Configuration Run the following commands to check the previous configuration. you need the following data. Pre-configuration Tasks Before configuring local user management. and manage local users on local routers. display local-user Check information about the access users..1 Establishing the Configuration Task Applicable Environment Create. the priority of the user-interface determines the command level that the users can access. 5-26 No. Issue 04 (2009-12-20) . complete the following tasks: z Powering on the router z Connecting the PC with the router properly Data Preparation To configure the local user management. Action Command Check the user information. 5. 5.7. display users [ all ] Check information about local users. z If the authentication mode needs the username and the password. Ltd. Data 1 Username and password 2 Service type of the local user 3 FTP directory of the local user 4 The status of the local user Huawei Proprietary and Confidential Copyright © Huawei Technologies Co.7 Configuring Local User Management 5.6 Configuring User Priority Refer to the Quidway NetEngine80 Configuration Guide . the priority of the user determines the command level that the users can access.6. display access-user 5.Security. maintain. No.Quidway NetEngine80 Configuration Guide . Procedure 1 Creating Local User Account 2 Configuring the Service Type of the Local User 3 Configuring Local User Authority 4 Configuring Local User Status 5 Configuring Local User Priority 6 Configuring Access Restriction of the Local User 7 Checking the Configuration 5.7. ----End 5. Step 3 Run: local-user user-name password { simple | cipher } password The local user account is created. complete the following procedures.Basic Configurations No.3 Configuring the Service Type of the Local User Do as follows on the router: Step 1 Run: system-view Issue 04 (2009-12-20) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co. Ltd. 5-27 . Step 2 Run: aaa The AAA view is displayed. Data 5 The maximum number of accessing local users 5 User Management Configuration Procedures To configure local user management..7.2 Creating Local User Account Do as follows on the router: Step 1 Run: system-view The system view is displayed. Step 2 Run: aaa The AAA view is displayed.. Step 3 Run: local-user user-name ftp-directory directory The local user authority for the FTP directory is configured. 5.5 Configuring Local User Status Do as follows on the router: Step 1 Run: system-view The system view is displayed. Step 3 Run: 5-28 Huawei Proprietary and Confidential Copyright © Huawei Technologies Co.Basic Configurations 5 User Management The system view is displayed. Step 2 Run: aaa The AAA view is displayed.7. Ltd.7. Step 2 Run: aaa The AAA view is displayed. Issue 04 (2009-12-20) .Quidway NetEngine80 Configuration Guide . ----End By configuring the service type of the local user. ----End 5. Step 3 Run: local-user user-name service-type { bind | ftp | ppp | ssh | telnet | terminal | web | x25-pad } * The service type of the local user is configured.4 Configuring Local User Authority for FTP Directory Do as follows on the router: Step 1 Run: system-view The system view is displayed. you can manage the user based on service types. ----End 5. ----End 5.7.Basic Configurations 5 User Management local-user user-name state { active | block } The local user status is configured.7. 5-29 .Quidway NetEngine80 Configuration Guide . Step 3 Run: local-user user-name access-limit access-limit The access restriction of the local user is configured. ----End 5. Step 3 Run: local-user user-name level level The local user priority is configured. Ltd.8 Checking the Configuration Run the following command to check the previous configuration.7.7 Configuring Access Restriction of the Local User Do as follows on the router: Step 1 Run: system-view The system view is displayed. Issue 04 (2009-12-20) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co.6 Configuring Local User Priority Do as follows on the router: Step 1 Run: system-view The system view is displayed. Step 2 Run: aaa The AAA view is displayed. Step 2 Run: aaa The AAA view is displayed.. You can view the status and type of the local user. <Quidway> display local-user username aaa -------------------------------------------------------------User-name : aaa Password :huawei State : Active Service-type : All ACL-number : - User-CAR : - Idle-cut : No Access-limit : No Online-number : 0 MAC-address : - User-level : 0 FTP-directory : - Call-number : - Callback-check : Yes Callback-number : - ------------------------------------------------------------ 5.2 printed Run the display local-user username user-name command. such as the user level. You can view details of the AAA local user. display local-user [ domain domain-name | user-name user-name ] Run the display local-user command.Basic Configurations 5 User Management Action Command Check the attribute of the local user.Quidway NetEngine80 Configuration Guide . Ltd.8 Configuration Examples After the following two configuration examples are completed. <Quidway> display local-user ---------------------------------------------------------------User-name State Type CAR Access-limit Online ---------------------------------------------------------------aaa@163 Active All aaa Active All Dft Dft 1 No 0 0 ---------------------------------------------------------------Total 2. the current user VTY0 cannot run commands at levels higher than two. FTP authorization directory.. Ensure that you can log in to the router through other methods to delete the configuration. 5-30 Huawei Proprietary and Confidential Copyright © Huawei Technologies Co. Issue 04 (2009-12-20) . Ltd. Configure the simple authentication and the disconnect time. [Quidway] display current-configuration # sysname Quidway Issue 04 (2009-12-20) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co. 2. Users need to input the password Huawei to log on successfully.8.1 Example for Configuring Logging In to the Router Through Password Networking Requirements The COM port of the PC is connected with the Console port. you need the following data: z The password of the authentication mode z The connection time Configuration Procedure <Quidway> system-view [Quidway] user-interface vty 0 [Quidway-ui-vty0] user privilege level 2 [Quidway-ui-vty0] authentication-mode password [Quidway-ui-vty0] set authentication password simple huawei [Quidway-ui-vty0] idle-timeout 30 # Use the display this command to check all configurations. Enter the user interface. 3. Data Preparation To complete the configuration. 5-31 ..Quidway NetEngine80 Configuration Guide . Set the priority of VTY0 to 2 and authenticate the passwords of users. Configuration Roadmap The configuration roadmap is as follows: 1. After login. Configure the priority of VTY0 as 2.Basic Configurations 5 User Management 5. it means that the user-interface is disconnected from the router. [Quidway-ui-vty0] display this # user-interface con 0 user-interface aux 0 user-interface vty 0 user privilege level 2 set authentication password simple huawei idle-timeout 30 0 user-interface vty 1 4 # return # Use the display current-configuration command to view the system files. if the operations are not carried out in 30 minutes. 2 Example for Logging In to the Router Through AAA Networking Requirements The COM port of the PC and the console port of the router are connected. Configuration Roadmap The configuration roadmap is as follows: 5-32 Huawei Proprietary and Confidential Copyright © Huawei Technologies Co.Basic Configurations 5 User Management # user-interface con 0 user-interface aux 0 user-interface vty 0 user privilege level 2 set authentication password simple huawei idle-timeout 30 0 user-interface vty 1 4 # return Configuration Files # sysname Quidway # interface GigabitEthernet6/0/0 # interface NULL0 # aaa authentication-scheme default # authorization-scheme default # accounting-scheme default # domain default # # user-interface con 0 user-interface vty 0 user privilege level 2 set authentication password simple huawei idle-timeout 30 0 user-interface vty 1 4 # return 5. Configure the priority of VTY0 to be 2. the connection with the router is disabled. perform AAA authentication on the user that logs in through VTY 0. The login user must enter the username "Huawei" and the password "Huawei".Quidway NetEngine80 Configuration Guide . Issue 04 (2009-12-20) . Ltd.8.. After login. if the user does not operate the router within 30 minutes. Data Preparation To complete the configuration.Quidway NetEngine80 Configuration Guide .Basic Configurations 5 User Management 1. Enter the AAA view to configure the username. Enter the user interface view to configure the priority of VTY0 to be 2 and the disconnection time. 3. Switch on the idle timeout for the local user in the AAA view. Ltd. the password and the user level.. you need the following data: z Username and password for authentication z Disconnection time Configuration Procedure <Quidway> system-view [Quidway] user-interface vty 0 [Quidway-ui-vty0] user privilege level 2 [Quidway-ui-vty0] authentication-mode aaa [Quidway-ui-vty0] idle-timeout 30 [Quidway-ui-vty0] quit [Quidway] aaa [Quidway -aaa] local-user huawei password cipher huawei [Quidway -aaa] local-user huawei level 2 [Quidway-aaa] local-user huawei idle-cut Configuration Files # sysname Quidway # aaa local-user huawei password cipher N`C55QK<`=/Q=^Q`MAF4<1!! local-user huawei level 2 local-user huawei idle-cut # authorization-scheme default # accounting-scheme default # domain default # user-interface vty 0 authentication-mode aaa user privilege level 2 idle-timeout 30 0 # return Issue 04 (2009-12-20) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co. 5-33 . 2. ................................................................................6-7 6.........................................7 Undeleting Files ...............................................6-9 6...4.........................6-5 6......................................4 Renaming Files ...............................................................................................................................................................6-5 6.........................6-9 6......Basic Configurations Contents Contents 6 File System ...5 Running Files in Batch.............3 Formatting Storage Devices......................................................................................................................................6-6 6...................................................................4............................6 Deleting a Directory...............6-8 6..............6-7 6...................................................................................3.............1..............6-10 6............6-2 6..................6-6 6.......................................3..........6-3 6......4 Managing Files.....6-2 6......................................................2 Viewing the Current Directory.... Ltd......................................................................6-2 6............ 6-11 Issue 04 (2009-12-20) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co....................................6-2 6...................................................................3 Switching the Directory ..................................................................... i .............................................................1..........................1 Introduction ........3.............................................................................................................3 Moving Files ....................................................................................................................Quidway NetEngine80 Configuration Guide .................................4 Directories.............3 Managing the Directory .......................3..........................................4...................................................................................7 Example of Configuration.................................................................................................5 Creating a Directory..2.................1 Establishing the Configuration Task .................2..........................................4.............3.........................................................................6-10 6.............................5 Deleting Files .........................................4...6-2 6................................................2.............................................................6 Configuring Prompt Modes..............................................................................1...............................................6-4 6......................................6-6 6......................4.......6-5 6.......3......................................2 Copying Files ............................................................1 File System ................................................1 Establishing the Configuration Task ............................4 Displaying the Directory of File ..................1 Displaying Contents of Files....6-4 6......6-3 6.....................................................................................6-8 6.......................6-1 6..............................................................................................................................................2 Restoring Storage Devices with File System Troubles .........................................................................2 Storage Devices .............6 Deleting Files in the Recycle Bin............................................................................................................6-9 6..................................................................................................6-2 6........................................................................................................4.6-2 6...............................................................................................................................................................................................................3 Files..........................................................1.................2 Managing Storage Devices............ 3 Managing the Directory This section describes how to configure to realize the directory management.6 Configuring Prompt Modes This section describes how to realize the prompt for users to run commands. Ltd.5 Running Files in Batch This section describes how to configure to realize batch process.Basic Configurations 6 File System 6 File System About This Chapter The following table shows the contents of this chapter.. 6. 6.1 Introduction This section describes the basic concepts of the file system. Section Description 6. 6. 6. Issue 04 (2009-12-20) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co. 6.Quidway NetEngine80 Configuration Guide .7 Example of Configuration This section describes the instance of file system.4 Managing Files This section describes how to realize file management.2 Managing Storage Devices This section describes how to configure to display the management of the storage devices. 6. 6-1 . 2.Basic Configurations 6 File System 6. 6. It can create.1. complete the following tasks: 6-2 z Installing the router and starting it normally z Enabling the client to log in to the router Huawei Proprietary and Confidential Copyright © Huawei Technologies Co..4 Directories The directory is a mechanism in which the system integrates and organizes the file. Issue 04 (2009-12-20) . It is the logical container of the file.2 Storage Devices Storage devices are hardware devices for storing messages. Functions The file system has two functions: managing the storage devices and managing the files that are stored in those storage devices.3 Files The file is a mechanism in which the system stores and manages messages. 6. Pre-configuration Tasks Before managing the storage devices.1 Introduction This section covers the topics that you need to know before you configure a file system. 6.1 Establishing the Configuration Task Applicable Environment When the router cannot access data normally.1. 6.1.1.Quidway NetEngine80 Configuration Guide .1 File System Definitions The file system manages the files and directories in the storage devices. 6. the abnormal storage devices need to be restored. modify and rename a file or directory and display the contents of the file. The storage device of the NE80 is the Hard Disk. Ltd. delete. Flash.2 Managing Storage Devices 6. No.3 Formatting Storage Devices Formatting storage devices may lead to data lost. You can format the storage device when you fail to repair the file system or ensure that you do not need all the data saved on the device.Basic Configurations 6 File System Data Preparation Before managing the storage devices. Do as follows on the router: Step 1 Run: Issue 04 (2009-12-20) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co. Do as follows on the router: Step 1 Run: user-view The user view is displayed. you need the following data. Ltd. ----End 6. the terminal of the router prompts to restoring.2. Step 2 Run: fixdisk device-name Repair the storage devices with file system troubles. No.Quidway NetEngine80 Configuration Guide .. Data 1 Device name Configuration Procedures You can perform Step 1 and Step 2 in a random order. Procedure 1 Restoring Storage Devices with File System Troubles 2 Formatting Storage Devices 6. 6-3 .2.2 Restoring Storage Devices with File System Troubles When the file system fails on some storage device. Basic Configurations 6 File System user-view The user view is displayed. No. 6. Data 1 Directory name to be created 2 Directory name to be deleted Configuration Procedures To complete the configuration. complete the following tasks: z Powering on the router z Connecting the client with the server correctly Data Preparation To configure a management directory. Issue 04 (2009-12-20) . the reason may lie on the hardware.3. ----End If the storage device cannot work after you running the format device-name command. 6-4 No. perform the following procedures. Step 2 Run: format device-name The storage device is formatted. you need the following data.Quidway NetEngine80 Configuration Guide .. Ltd.1 Establishing the Configuration Task Applicable Environment When you need to transfer files between the client and the server.3 Managing the Directory 6. Procedure 1 Viewing the Current Directory 2 Switching Huawei Proprietary and Confidential Copyright © Huawei Technologies Co. configure the directory by using the file system. Pre-configuration Tasks Before configuring the management directory. 3 Switching the Directory Do as follows on the router: Step 1 Enter the user view. Procedure 3 Displaying 4 Creating 5 Deleting 6 File System 6. Step 2 Run: cd directory A directory is specified. Ltd. Step 3 Run: dir [ /all ] [ /h ] [ filename ] Issue 04 (2009-12-20) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co. Step 2 Run: pwd The current directory is displayed.Quidway NetEngine80 Configuration Guide .3.2 Viewing the Current Directory Do as follows on the router: Step 1 Enter the user view. 6-5 .4 Displaying the Directory of File Do as follows on the router: Step 1 Enter the user view.Basic Configurations No. ----End 6. ----End 6.. Step 3 Run: pwd The current directory is displayed.3. and the specified directory is displayed. Step 2 Run: cd directory The directory of the files to be displayed is displayed.3. 3. Pre-configuration Tasks Before configuring the file system. Step 3 Run: rmdir directory The directory is deleted. complete the following tasks: 6-6 Huawei Proprietary and Confidential Copyright © Huawei Technologies Co. Step 3 Run: mkdir directory The directory is created.Basic Configurations 6 File System The file list in the directory is displayed. Issue 04 (2009-12-20) . ----End 6.4 Managing Files Applicable Environment Configure the file system to transfer files between the client and the server. running the dir command displays only the file information of the current directory.Quidway NetEngine80 Configuration Guide . By default. Ltd.6 Deleting a Directory Do as follows on the router: Step 1 Enter the user view. Step 2 Run: cd directory The parent directory of the directory to be created is displayed.. ----End 6. ----End 6.5 Creating a Directory Do as follows on the router: Step 1 Enter the user view. Step 2 Run: cd directory The parent directory of the directory to be deleted is displayed.3. Basic Configurations z Powering on the router z Connecting the client with the server correctly 6 File System Data Preparation To configure a file system.1 Displaying Contents of Files Do as follows on the router: Step 1 Enter the user view.. Step 2 Run: cd directory The directory of the file is displayed. you need the following data. Data 1 File name to be created 2 File name to be deleted Configuration Procedures No. No. ----End 6. Ltd.Quidway NetEngine80 Configuration Guide .4.4.2 Copying Files Do as follows on the router: Issue 04 (2009-12-20) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co. Procedure 1 Displaying Contents of Files 2 Copying Files 3 Moving Files 4 Renaming Files 5 Deleting Files 6 Deleting Files in the Recycle Bin 7 Undeleting Files 6. 6-7 . Step 3 Run: more filename The content of the file is displayed. Step 2 Run: cd directory The directory of the file is displayed. otherwise. ----End The length of the file must exceed zero bytes. Step 2 Run: cd directory The directory of the file is displayed. Issue 04 (2009-12-20) .3 Moving Files Do as follows on the router: Step 1 Enter the user view. Ltd. Step 3 Run: rename source-filename destination-filename The file is renamed.Quidway NetEngine80 Configuration Guide . ----End 6-8 Huawei Proprietary and Confidential Copyright © Huawei Technologies Co.4. ----End 6.4 Renaming Files Do as follows on the router: Step 1 Enter the user view. the file cannot be copied.Basic Configurations 6 File System Step 1 Enter the user view. Step 3 Run: copy source-filename destination-filename The file is copied. 6. Step 2 Run: cd directory The directory of the file is displayed. Step 3 Run: move source-filename destination-filename The file is moved..4. ----End Running this command deletes only the files in the recycle bin of the master MPU. 6-9 . you must operate the file using the absolute path.4. Issue 04 (2009-12-20) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co.4..6 Deleting Files in the Recycle Bin Do as follows on the router: Step 1 Run: reset recycle-bin [ filename ] The file is deleted.Quidway NetEngine80 Configuration Guide .5 Deleting Files Do as follows on the router: Step 1 Enter the user view.7 Undeleting Files Do as follows on the router: Step 1 Run: undelete filename The file is undeleted. ----End If the current directory is not the parent directory. 6.4. ----End 6. Step 2 Run: cd directory The directory of the file is displayed. Ltd. Step 3 Run: delete [ /unreserved ] filename The file is deleted.Basic Configurations 6 File System 6. is performed. Pre-configuration Tasks Before configuring the batch process. No. Issue 04 (2009-12-20) . no prompt is displayed when mis-operation such as deleting a file. ----End 6.5 Running Files in Batch Applicable Environment When the batch file is created.6 Configuring Prompt Modes If quiet is selected as the prompt mode of the file system. Data 1 Name of the batch file Configuration Procedures Do as follows on the router: Step 1 Run: system-view The system view is displayed. Step 2 Run: execute filename The batched file is executed.Basic Configurations 6 File System 6. you can run the batch file to implement routine tasks automatically.. 6-10 Huawei Proprietary and Confidential Copyright © Huawei Technologies Co.Quidway NetEngine80 Configuration Guide . Ltd. you need the following data. which results in data loss. complete the following tasks: z Powering on the router z Uploading the batched files on the client end to the router Data Preparation To configure the batch process. and the prompt is required. the prompt mode is alert. ----End 6. Issue 04 (2009-12-20) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co.Quidway NetEngine80 Configuration Guide .7 Example of Configuration Networking Requirements By configuring the file system of the router. By default. Copy a file to this directory. Check this directory and view that the file is copied successfully to the specified directory. Check the files under a certain directory. Configuration Roadmap The configuration roadmap is as follows: 1. 6-11 . The file path in the storage device must be correct. complete the following tasks: z Powering on the router z Logging in to the router by the client end Data Preparation None Configuration Procedures Do as follows on the router: Step 1 Enter the user view. Ltd. 3. Step 3 Run: file prompt { alert | quiet } The prompt mode of the file system is configured. the source file name is the name of the target file by default.Basic Configurations 6 File System Applicable Environment The data may be lost or damaged during process. 2. If the user does not specify a target file name.. the user can operate the router through the console port and copy files to the specified directory. Pre-configuration Tasks Before configuring a file system. Step 2 Run: system-view The system view is displayed. dat snmpboots header-file.txt 15875 KB total (5032 KB free) Step 2 Copy files from flash:/log.. <Quidway> dir slave#flash Directory of slave#flash:/ 0 -rw- 37 Apr 28 2007 08:56:55 1 -rw- 4279 Apr 27 2007 18:03:56 vrpcfg.Basic Configurations 6 File System Data Preparation To complete the configuration. you need the following data: z Source file name and target file name z Source file path and target file path Configuration Procedures Step 1 Display the file information in the current directory. Issue 04 (2009-12-20) .txt 0 -rw- 1 -rw- 7094180 Feb 29 2004 21:43:57 2 -rw- 94456 Feb 24 2004 19:23:50 3 -rw- 444 Jul 25 2003 14:45:30 hostkey 4 -rw- 572 Jul 25 2003 14:45:40 serverkey 5 -rw- 4 Mar 01 2004 21:19:27 6 -rw- 80 Mar 09 2004 09:47:36 7 drw- .txt slave#flash:/log.txt slave#flash:/log.zip 2 -rw- 6226 Apr 12 2007 12:20:07 license.txt to flash:/log.txt vrpcfg.txt ?[Y/N]:y % Copyed flash:/log. and you can view that the file is copied to the specified directory.txt 4 -rw- 6666 Aug 17 2006 09:32:35 log.Quidway NetEngine80 Configuration Guide .txt log. <Quidway> copy flash:/log.cc matnlog.cfg vrp5.txt. Copy flash:/log.txt to slave#flash:/log. <Quidway> dirflash: Directory of flash:/ 0 -rw- 37 Apr 28 2007 08:56:55 1 -rw- 4279 Apr 27 2007 18:03:56 private-data.txt 3 -rw- 12079 Apr 12 2007 12:20:21 paf.zip 2 -rw- 6226 Apr 12 2007 12:20:07 license.txt 15875 KB total (5032 KB free) ----End 6-12 Huawei Proprietary and Confidential Copyright © Huawei Technologies Co. Ltd.txt Step 3 Display the file information in the current directory.txt.txt 4 -rw- 6666 Aug 37 2006 09:34:35 log.Mar 09 2004 09:50:38 2906 Jan 21 2004 20:36:33 private-data.txt 3 -rw- 12079 Apr 12 2007 12:20:21 paf.txt vrpcfg. ...............................................................................1 Establishing the Configuration Task ................................................... Ltd........................................1 Introduction ..........................................................................7-4 7.............................7-2 7............6 Comparing Configuration Files..............................................2.7-1 7..................................7-2 7.........7-2 7.........................7-5 Issue 04 (2009-12-20) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co...........1 Definitions ....................................................................2......................................2....2................................3 Configuring the Configuration File for Router to Load .............................7-4 7....1....Basic Configurations Contents Contents 7 Management of Configuration Files ..................2........................2 Configuring System Software for a Router to Load.......................................................................5 Clearing Configuration Files........................................7-5 7......................................................4 Saving Configuration File.............................................................7 Checking the Configuration ..........................................................................2 Configuration Files and Current Configurations.................................2..................................................1...................... i ...............2 Managing Configuration Files......................................7-3 7...................................................7-3 7.....7-2 7...............................................................................................Quidway NetEngine80 Configuration Guide ......................2.........................7-2 7....... . Section Description 7. 7. 7-1 .1 Introduction This section describes the basic concepts of the configuration file.Basic Configurations 7 7 Management of Configuration Files Management of Configuration Files About This Chapter The following table shows the contents of this chapter. Ltd.2 Managing Configuration Files This section describes the method of managing configuration file.Quidway NetEngine80 Configuration Guide . Issue 04 (2009-12-20) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co. 2 Managing Configuration Files 7. z To save space. When the system restarts. 7. z Current configurations: indicates the effective configurations of the currently running router. Therefore. If no configuration file exists in the default save path. you need to save the modified contents. those commands cannot be restored.1. Use the save command to save the current configuration to the configuration file of the default storage devices. the router uses the default parameters.1 Introduction 7. the command length in the configuration file may exceed 255 characters.Basic Configurations 7. 7-2 Huawei Proprietary and Confidential Copyright © Huawei Technologies Co. z The system can run the command with the maximum length of 255 characters.1 Establishing the Configuration Task Applicable Environment To start the router normally. The configuration file is a text file in the following formats: z It is saved in the command format. Issue 04 (2009-12-20) . and the current configuration become the initial configuration of the router when the router is powered on next time. the command is saved in complete form. 7. For the default values of the configuration parameters. default parameters are not saved. z If the configuration is in the incomplete form. including the command in the incomplete form.1. routing protocol configuration and so on..7 Management of Configuration Files Quidway NetEngine80 Configuration Guide .2 Configuration Files and Current Configurations z Initial configurations: On powering on. You need to view the configuration of the router. physical interface configuration. After modifying current configurations. the router retrieves the configuration files from the default save path to initiate itself. you need to select correct system software and configuration file for the router to load.1 Definitions The configuration file is the add-in configuration item when restarting the router this time or next time. Ltd. z Users can modify the current configuration s of the router through the command line interface. Every two command sections are separated by one or several blank lines or comment lines (beginning with "#"). logic interface configuration. z Commands are organized on the basis of the command view.2. see the following sections. z The sequence of command sections is global configuration. All commands of the identical command view are grouped into a section. No.3 Configuring the Configuration File for Router to Load Do as follows on the router: Step 1 Run: Issue 04 (2009-12-20) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co. install the router and start it properly.2.Quidway NetEngine80 Configuration Guide . Data Preparation To manage configuration files.. 7-3 . you need the following data. No. Procedure 1 Configuring System Software for a Router to Load 2 Configuring the Configuration File for Router to Load 3 Saving Configuration File 4 Clearing Configuration Files 5 Comparing Configuration Files 6 Checking the Configuration 7.2 Configuring System Software for a Router to Load Do as follows on the router: Step 1 Run: startup system-software system-filename [ slave-board ] The system software for the router to load next time when it starts is configured.2. The parameter slave-board is valid only on the router with dual main control boards. Data 1 system software and its file name 2 Configuration file and its name 3 The number of start line from which ling the comparison of the configuration file begins Configuration Procedures You can perform Procedure 1 to Procedure 5 in a random order.Basic Configurations 7 Management of Configuration Files Pre-configuration Tasks Before managing the configuration files. Ltd. ----End 7. When saving the configuration file for the first time. 7.Basic Configurations startup saved-configuration config-filename Configuration file for the router to load next time when it starts is saved. ----End When the router turns on.7 Management of Configuration Files Quidway NetEngine80 Configuration Guide . if you do not specify the optional parameter config-filename.5 Clearing Configuration Files The configuration files in flash need to be cleared in follow two situations: z After the software of the router is upgraded. ----End The user can modify the current configuration through the command line interface. Issue 04 (2009-12-20) . you can use the save command to save the current configuration in the flash memory. if you neither use the startup saved-configuration command to specify a configuration file that contains correct configuration. To set the current configuration as initial configuration when the router starts next time.4 Saving Configuration File Do as follows on the router to save the configuration file: Step 1 Run: save [ config-filename ] The current configurations are saved. the router initiates with default parameters. 7-4 Huawei Proprietary and Confidential Copyright © Huawei Technologies Co. the configuration in this configuration file is called initial configuration. The effective configuration when a router is working is called current configuration. Step 1 Run: reset saved-configuration The configuration file loaded currently is cleared. ----End After the configuration file is cleared.2.cfg" or not. the software does not match the configuration file. nor use the save command to save the configuration file. Thus. it initiates with default parameters next time when the router starts. 7.2.. If there is no configuration file in the flash. Ltd. z The configuration file is found damaged or the router is load with incorrect configuration files. it initiates by reading the configuration file from the flash memory by default. the router asks you whether to save the file as "vrpcfg. Do as follows on the router to clear the configuration file. ----End 7.Basic Configurations 7 Management of Configuration Files 7.Quidway NetEngine80 Configuration Guide . 7-5 . and you can find the following results: z The current configuration of the router is correct without any redundant configuration. Action Command Check current configuration files display current-configuration Check the configuration file that the router loads the next time when it starts display saved-configuration Check the configuration file that the router loads this time when it starts display saved-configuration last Check the file information used by the device upon start display startup View the file information in storage device dir [ /all ] [ filename ] After the configurations succeed. run the preceding commands.7 Checking the Configuration Run the following commands to check the previous configuration.2. Ltd. Issue 04 (2009-12-20) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co.6 Comparing Configuration Files Do as follows on the router: Step 1 Run: compare configuration [current-line-number save-line-number ] The current configuration and initial configuration are under comparison.. z The system software and configuration file that are to be loaded on the router next time are correct and they are saved in the root directory of the storage device.2. z The current configuration of the router is saved in the storage device. ......................8-10 8...................................8-2 8...........................................6 Uploading or Downloading Files .....................................Basic Configurations Contents Contents 8 FTP.......1 Establishing the Configuration Task ................8-10 8......8-8 8.................................................2.......................................................... Ltd..................1 FTP ............................................8-2 8....................8-4 8...........8-2 8.............................................................................................4.........4..............3...............3 Enabling the FTP Server ............3......................................................8-3 8................................................................1 Introduction ...........................................2 TFTP ........................................5 Viewing Online Help of the FTP Command ...................................................................4 Configuring the Router to Be the FTP Client.........3 XModem ................................8-13 8.....8-10 8.............................................4..............................................................4 Configuring the Timeout Period.............3 Configuring the Basic ACL..........4.........................8-7 8....................................................................2 Configuring the source address of FTP server .........4................3.....................................................8-6 8..................................5 Configuring the Local Username and the Password ...11 Checking the Configuration ..2 Enabling the FTP Server ..........................................................1 Establishing the Configuration Task ...........................................................................................................................................8-5 8........................................8-9 8...........3...................................................................8-9 8......................................................................2 Configuring the source address of FTP Client ...................8-6 8... 8-11 8.......................................6 Configuring Service Types and Authorization Information ...........................................................8-14 8..........2 Configuring the Router to be the FTP Server.........2............................1............... 8-11 8..........3..7 Checking the Configuration ...............................2...........................................................................2...................................2.........................1..................................................................................................................................4............4 Configuring Data Type and Transmission Mode for the File.......................................................................................................................................................................................................................................................................................................4....8-8 8...........2...............................................................................................................8-3 8................................. 8-11 8.......................1................................................................................................ TFTP and XModem ...10 Disconnecting from the FTP Server....8-7 8.................3 Logging In to the FTP Server................................8-6 8.....................................................................8-12 8............................. i ..9 Changing Login Users ................................4...4......................................3 Configuring FTP ACL..............................1 Establishing the Configuration Task ....................4..................................4...........................................8-4 8......................................5 Checking the Configuration ..............2..........................................Quidway NetEngine80 Configuration Guide ..............................................................5 Configuring TFTP ....................................................................................................7 Managing Directories........................................................4 Configuring the Basic FTP ACL......................................8-14 Issue 04 (2009-12-20) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co......................................................8-4 8....................................................................8-1 8......8-5 8.............8-2 8....................8-13 8.................................8 Managing Files......................... ............................................8-26 ii Huawei Proprietary and Confidential Copyright © Huawei Technologies Co...................................................................................8 Configuration Examples........................7.........8-17 8..................................................................................6 Limiting the Access to the TFTP Server........5..................8-18 8...................................................................................7........................................................................................................8...................2 Configuring the source address of TFTP Client.......................8-18 8.......................................8-15 8............8................................................................................................................................6........8.....................................................................................2 Getting a File Through XModem....................................8-14 8.....8-18 8...3 Configuring the Basic TFTP ACL...8-16 8...............................4 Example for Configuring TFTP .....................8-17 8.............Contents Quidway NetEngine80 Configuration Guide .............................8-16 8.................................................Basic Configurations 8.................8-15 8................................................... Ltd...........1 Example for Configuring the FTP Server ......3 Downloading Files Through TFTP ........3 Example for Configuring the FTP Client ........8-24 8...................................................1 Establishing the Configuration Task ........................2 Example for Configuring FTP ACL............................. Issue 04 (2009-12-20) ..................................1 Establishing the Configuration Task ...........................................................................5........8-16 8......................................................................2 Configuring the Basic ACL...6.....................7 Configuring XModem .....................6.....................8......................4 Uploading Files Through TFTP .....................8-21 8.....................................8-15 8......5............................................8.....................................................................................................5 Example for Configuring XModem ..........5...............1 Establishing the Configuration Task ......8-17 8..........................................8-23 8..................................................... ...........8-26 Issue 04 (2009-12-20) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co...................................8-24 Figure 8-5 Setting the Base Directory of the TFTP server ..............8-23 Figure 8-4 Networking diagram of configuring TFTP ....................................................................................................................... Ltd.......................Basic Configurations Figures Figures Figure 8-1 Networking diagram with FTP server basic functions.................................................................................................................................................8-21 Figure 8-3 Configuring the FTP client .8-19 Figure 8-2 Networking diagram of configuring FTP ACL.........8-25 Figure 8-6 Specifying the file to be sent............ iii ....................................Quidway NetEngine80 Configuration Guide ............................................................................................................................... TFTP.6 Limiting the Access to the TFTP Server This section describes how to limit the client to log in to the TFTP router. 8.Quidway NetEngine80 Configuration Guide . and XModem. See Example for Configuring the FTP Server 8. 8. TFTP and XModem FTP. 8. TFTP and XModem About This Chapter The following table shows the contents of this chapter.5 Configuring TFTP This section describes how to configure TFTP to log in to the server.8 Configuration Examples This section provides examples for configuring FTP.7 Configuring XModem This section describes how to transfer files through XModem. 8-1 .Basic Configurations 8 8 FTP. Ltd..3 Configuring FTP ACL This section describes how to configure the specified client to log in to the router. TFTP and XModem.1 Introduction This section describes basic concepts of FTP.2 Configuring the Router to be the FTP Server This section describes how to configure the basic functions of the FTP server. 8. Issue 04 (2009-12-20) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co.4 Configuring the Router to Be the FTP Client This section describes how to configure a router to be a FTP client and log in to the FTP server. 8. Section Description 8. 8. Users can establish a connection with the router by running a terminal emulation program or a Telnet program on a PC. It supports packets of 128 bytes and 1K bytes. TFTP is implemented based on UDP. The receiving program first sends the negotiation character to negotiate the check mode. 8.Basic Configurations 8 FTP. Users can run the FTP client program to log in to the router and access the files on the router. common checksum and CRC. z When the receiving program receives a complete packet. XModem transfers files through serial interfaces. Issue 04 (2009-12-20) . It implements file transfer between remote hosts based on related file systems. and sends acknowledgement to the server.3 XModem XModem is a file transfer protocol and is widely used due to its simplicity and performance.. To upload files. The FTP protocol is implemented based on corresponding file system.1. it checks the packet according to the negotiated mode: Huawei Proprietary and Confidential Copyright © Huawei Technologies Co. the client sends a read request packet to the TFTP server. the sending program begins to send packets.Quidway NetEngine80 Configuration Guide . and retransmission for several times (usually 10 times) when packet error occurs. Compared with FTP. To download files. The router provides the following FTP services: z FTP server service. TFTP is applicable in an environment where there is no complex interaction between the client and the server. The client initiates the TFTP transfer. Ltd. TFTP transfers the files in two formats: z The binary format: transfers program files. TFTP does not have a complex interactive access interface and authentication control. receives packets from the server. TFTP and XModem 8. the client sends a write request packet to the TFTP server. For example. z After the negotiation succeeds. z FTP client service. TFTP is used to obtain the memory image of the system when the system starts up. and receives acknowledgement from the server.1. 8.2 TFTP The Trivial File Transfer Protocol (TFTP) is a simple file transfer protocol. sends packets to the server.1 FTP File Transfer Protocol (FTP) is an application layer protocol in the TCP/IP protocol suite. The NE80 can serve as the TFTP client only and thus can be used only to transfer files in the binary format. z The ASCII format: transfers text files.1 Introduction 8. Enter an FTP command to connect with the remote FTP server and access the files on the remote host. 8-2 z XModem file transfer consists of the receiving program and the sending program.1. the receiving program sends the deny character and the sending program retransmits the packet. Pre-configuration Tasks Before configuring the FTP server. you need to take following steps. 8-3 . TFTP and XModem z The receiving program sends the acknowledgement character after the check passes.. Ltd. which can be applied to the AUX port and supports 128-byte packets and CRC. Data 1 The timeout time of the FTP server 2 FTP username and password 3 The file directory authorized to the FTP user Configuration Procedures To configure an FTP server. No. z XModem does not support simultaneous operations of multiple users. after the client logs in to the router through FTP. you need the following data. No.Quidway NetEngine80 Configuration Guide . The sending program then sends the next packet. 8.1 Establishing the Configuration Task Applicable Environment When the router serves as the FTP server.2. z The XModem function is supported only by the AUX port.2 Configuring the Router to be the FTP Server 8. z If the check fails. Procedure 1 Configuring the source address of FTP server 2 Enabling the FTP Server Issue 04 (2009-12-20) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co. complete the following tasks: z Powering on the router z Connecting the FTP client with the server Data Preparation To configure FTP. The function of XModem sending program is automatically included in the HyperTerminal. NE80 provides the function of XModem receiving program.Basic Configurations 8 FTP. the user can transport files between the client and the server. 2.3 Enabling the FTP Server Do as follows on the router that serves as the FTP server: Step 1 Run: system-view The system view is displayed. Step 2 Run: ftp server-source {-a source-ip-address | -i { interface-name | interface-type interface-num } } The source address of FTP server is started.Basic Configurations 8 FTP. Issue 04 (2009-12-20) .2. ----End 8.2. Ltd. ----End 8.2 Configuring the source address of FTP server Do as follows on the router that serves as the FTP server: Step 1 Run: system-view The system view is displayed.Quidway NetEngine80 Configuration Guide . TFTP and XModem No.. Step 2 Run: ftp server enable The FTP server is started. Procedure 3 Configuring the Timeout Period 4 Configuring the Local Username and the Password 5 Configuring Service Types and Authorization Information 6 Checking the Configuration 8.4 Configuring the Timeout Period Do as follows on the router that serves as the FTP server: Step 1 Run: system-view The system view is displayed. Step 2 Run: 8-4 Huawei Proprietary and Confidential Copyright © Huawei Technologies Co. Quidway NetEngine80 Configuration Guide . Step 3 Run: local-user user-name service-type ftp The FTP service type is configured. ----End 8.2. ----End 8.2.. Step 2 Run: aaa The AAA view is displayed. Step 3 Run: local-user user-name password { simple | cipher } password The local username and the password are configured. ----End Issue 04 (2009-12-20) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co. Ltd.Basic Configurations 8 FTP. 8-5 .5 Configuring the Local Username and the Password Do as follows on the router that serves as the FTP server: Step 1 Run: system-view The system view is displayed.6 Configuring Service Types and Authorization Information Do as follows on the router that serves as the FTP server: Step 1 Run: system-view The system view is displayed. Step 4 Run: local-user user-name ftp-directory directory The authorized directory of the FTP user is configured. TFTP and XModem ftp timeout minutes The timeout time of the FTP server is configured. Step 2 Run: aaa The AAA view is displayed. You can view that the FTP server is working. Issue 04 (2009-12-20) .1 Run the display ftp-users command to view the user name. port number.. <Quidway> display ftp-users Username host port idle topdir huawei 100.Quidway NetEngine80 Configuration Guide .2. complete the following tasks: z Powering on the router z Connecting the FTP client with the server Data Preparation To configure the FTP ACL.7 Checking the Configuration Run the following commands to check the preceding configuration. authorization directory of the FTP user configured currently. Ltd.211 4641 0 flash: 8. TFTP and XModem 8. 8-6 Huawei Proprietary and Confidential Copyright © Huawei Technologies Co.1. Action Command Check the configuration and running information of the FTP server. <Quidway> display ftp-server FTP server is running Max user number 5 User count 1 Timeout value(in minute) 30 Acl number 0 The source address of the FTP server is 1. Pre-configuration Tasks Before configuring the FTP ACL. for security.1. display ftp-users After configuring the FTP server.3. you can configure the router by ACL to be accessed by only those clients that satisfy the matching conditions.150.2. you need the following data.Basic Configurations 8 FTP. run the display ftp-server command.1 Establishing the Configuration Task Applicable Environment When the router serves as the FTP server.3 Configuring FTP ACL 8. display ftp-server Check the login FTP user. 3 Configuring the Basic ACL Do as follows on the router that serves as the FTP server: Step 1 Run: system-view The system view is displayed.. you need to take following steps. 8-7 . Step 3 Run: Issue 04 (2009-12-20) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co.3. No. TFTP and XModem Configuration Procedures To configure an FTP ACL.Basic Configurations No. Step 2 Run: ftp server enable The FTP server is started. ----End 8. Step 2 Run: acl acl-number The ACL view is displayed.2 Enabling the FTP Server Do as follows on the router that serves as the FTP server: Step 1 Run: system-view The system view is displayed.Quidway NetEngine80 Configuration Guide . Data 1 FTP username and password 2 The file directory authorized to the FTP user 3 The timeout time of the FTP server 8 FTP.3. Procedure 1 Enabling the FTP Server 2 Configuring the Basic ACL 3 Configuring the Basic FTP ACL 8. Ltd. TFTP and XModem rule [ rule-id ] { deny | permit } [ source { host-name { source-wildcard | 0 } | source-ip-address { source-wildcard | 0 } | any } | time-range time-name | logging | fragment ]* The ACL rule is configured. run the display ftp-server command. 8.3.Quidway NetEngine80 Configuration Guide .5 Checking the Configuration Run the following commands to check the preceding configuration. Action Command Check the configuration and running information about the FTP server. display ftp-server After configuring the FTP server. You can view that the FTP ACL is 2345.Basic Configurations 8 FTP. <Quidway> display ftp-server FTP server is running 8-8 Max user number 5 User count 1 Timeout value(in minute) 30 Acl Number 2345 Huawei Proprietary and Confidential Copyright © Huawei Technologies Co. Step 2 Run: ftp acl acl-number The basic FTP ACL is configured. ----End FTP supports only the basic ACL. ----End 8. Issue 04 (2009-12-20) .4 Configuring the Basic FTP ACL Do as follows on the router that serves as the FTP server: Step 1 Run: system-view The system view is displayed. Ltd..3. 4.4 Configuring the Router to Be the FTP Client 8.1 Establishing the Configuration Task Applicable Environment When a router serves as the FTP client. Data 1 Host name or IP address of the FTP server 2 Port number of connecting FTP 3 Login username and password Configuration Procedures To configure a router as an FTP client. TFTP and XModem 8.Quidway NetEngine80 Configuration Guide . 8-9 . Procedure 1 Configuring the source address of FTP Client 2 Logging In to the FTP Server 3 Configuring 4 Viewing Online Help of the FTP Command 5 Uploading or Downloading Files 6 Managing Directories 7 Managing Files 8 Changing Login Users 9 Disconnecting from the FTP Issue 04 (2009-12-20) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co. No. you need the following data.. Pre-configuration Tasks Before configuring a router as an FTP client.Basic Configurations 8 FTP. complete the following tasks: z Powering on the router z Connecting the FTP client with the server Data Preparation To configure the router as an FTP client. No. Ltd. you can log in to the FTP server through the router and then transmit files or manage server directory. you need to take following steps. 4.4. Step 3 Run: passive 8-10 Huawei Proprietary and Confidential Copyright © Huawei Technologies Co. run: open host [ port-number ] [ vpn-instance vpn-instance-name ] The router is connected to the FTP server. Ltd. ----End 8. z the router that serves as the client can be connected to the FTP server in In the user view.2 Configuring the source address of FTP Client Do as follows on the router that serves as the FTP server: Step 1 Run: system-view The system view is displayed. and the FTP client view is displayed. z In the FTP view. Step 2 Run: ftp client-source {-a source-ip-address | -i { interface-name | interface-type interface-num }} The source address of FTP client is started.Quidway NetEngine80 Configuration Guide . run: ftp [-a source-ip-address | -i { interface-name | interface-type interface-num } ] [ host [ port-number ] ] [ vpn-instance vpn-instance-name ] The router is connected to the FTP server.3 Logging In to the FTP Server Do as follows on the router that serves as the client: Step 1 In different views.. Step 2 Run: ascii | binary The data type of the file to be transmitted is ASCII code or binary. TFTP and XModem 8.4 Configuring Data Type and Transmission Mode for the File Do as follows on the router that serves as the client: Step 1 Run: ftp [-a source-ip-address | -i { interface-name | interface-type interface-num } ] [ host [ port-number ] ] [ vpn-instance vpn-instance-name ] The router is connected to the FTP server. ----End 8. different ways.4.Basic Configurations 8 FTP. Issue 04 (2009-12-20) . Quidway NetEngine80 Configuration Guide - Basic Configurations 8 FTP, TFTP and XModem The passive file transfer mode is configured. ----End 8.4.5 Viewing Online Help of the FTP Command Do as follows on the router that serves as the client: Step 1 Run: ftp [-a source-ip-address | -i { interface-name | interface-type interface-num } ] [ host [ port-number ] ] [ vpn-instance vpn-instance-name ] The router is connected to the FTP server, and the FTP client view is displayed. Step 2 Run: remotehelp [ command ] The online help of the FTP command is displayed. ----End 8.4.6 Uploading or Downloading Files Do as follows on the router that serves as the client: Step 1 Run: ftp [-a source-ip-address | -i { interface-name | interface-type interface-num } ] [ host [ port-number ] ] [ vpn-instance vpn-instance-name ] The router is connected to the FTP server, and the FTP client view is displayed. Step 2 Upload or download files. z Run: put local-filename [ remote-filename ] The local file is uploaded to the remote FTP server. z Run: get remote-filename [ local-filename ] The FTP file is downloaded from the FTP server and saved to the local file. ----End 8.4.7 Managing Directories Do as follows on the router that serves as the client: Step 1 Run: ftp [-a source-ip-address | -i { interface-name | interface-type interface-num } ] [ host [ port-number ] ] [ vpn-instance vpn-instance-name ] The router is connected to the FTP server. Issue 04 (2009-12-20) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. 8-11 Quidway NetEngine80 Configuration Guide - Basic Configurations 8 FTP, TFTP and XModem Step 2 Run one or more commands in the following to manage directories. z Run: cd pathname The working path of the remote FTP server is specified. z Run: cdup The working path of the FTP server is switched to the upper-level directory. z Run: pwd The specified directory of the FTP server is displayed. z Run: lcd The specified directory of the FTP client is displayed. z Run: mkdir remote-directory A directory is created on the FTP server. z Run: rmdir remote-directory A directory is deleted on the FTP server. z The directory to be created can comprise letters and digits, rather than such special characters as <, >, ?, \ and :. z When running the mkdir /abc command, you create a sub-directory named "abc". ----End 8.4.8 Managing Files Do as follows on the router that serves as the client: Step 1 Run: ftp [-a source-ip-address | -i { interface-name | interface-type interface-num } ] [ host [ port-number ] ] [ vpn-instance vpn-instance-name ] The router is connected to the FTP server. Step 2 Run one or more commands in the following to manage directories. z Run: ls [ remote-filename ] [ local-filename ] The specified directory or file on the remote FTP server is displayed. z Run: dir [ remote-filename ] [ local-filename ] 8-12 Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. Issue 04 (2009-12-20) Quidway NetEngine80 Configuration Guide - Basic Configurations 8 FTP, TFTP and XModem The specified directory or file on the local FTP server is displayed. z Run: delete remote-filename The specified file on the FTP server is deleted. ----End 8.4.9 Changing Login Users Do as follows on the router that serves as the client: Step 1 Run: ftp [-a source-ip-address | -i { interface-name | interface-type interface-num } ] [ host [ port-number ] ] [ vpn-instance vpn-instance-name ] The router is connected to the FTP server. Step 2 Run: user user-name [ password ] The current login user is changed and the user logs in again. ----End 8.4.10 Disconnecting from the FTP Server Do as follows on the router that serves as the client: Step 1 Run the following commands according to different configurations. z Run: bye Or quit The client router is disconnected from the FTP server. Return to the user view. z Run: close Or quit The client router is disconnected from the FTP server. Return to the FTP view. ----End Issue 04 (2009-12-20) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. 8-13 Quidway NetEngine80 Configuration Guide - Basic Configurations 8 FTP, TFTP and XModem The previous configurations can be executed only in the FTP client view. 8.4.11 Checking the Configuration Run the following commands to check the preceding configuration. Action Command Check the login FTP user. display ftp-users Run the display ftp-users command to view the user name, port number, authorization directory of the FTP user configured currently. <Quidway> display ftp-users username zll host 100.2.150.226 port 2320 idle 0 topdir cfcard: 8.5 Configuring TFTP 8.5.1 Establishing the Configuration Task Applicable Environment You can transfer files through TFTP between the server and the client in a simple interaction environment. Pre-configuration Tasks Before configuring TFTP, complete the following tasks: z Powering on the router z Connecting the TFTP client with the server Data Preparation To configure TFTP, you need the following data. 8-14 No. Data 1 IP address of the TFTP server 2 Name of the specific file in the TFTP server 3 File directory 4 ACL number Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. Issue 04 (2009-12-20) Quidway NetEngine80 Configuration Guide - Basic Configurations 8 FTP, TFTP and XModem Configuration Procedures No. Procedure 1 Configuring the source address of TFTP Client 2 Downloading Files Through TFTP 3 Uploading Files Through TFTP 8.5.2 Configuring the source address of TFTP Client Do as follows on the router that serves as the TFTP server: Step 1 Run: system-view The system view is displayed. Step 2 Run: tftp client-source {-a source-ip-address | -i { interface-name | interface-type interface-num }} The source address of TFTP client is started. ----End 8.5.3 Downloading Files Through TFTP Do as follows on the router that serves as the TFTP client: Step 1 Run: tftp [-a source-ip-address | -i { interface-name | interface-type interface-num } ] tftp-server get source-filename [ destination-filename ] The router is configured to download files through TFTP. ----End 8.5.4 Uploading Files Through TFTP Do as follows on the router that serves as the TFTP client: Step 1 Run : tftp [-a source-ip-address | -i { interface-name | interface-type interface-num } ] tftp-server put source-filename [ destination-filename ] The router is configured to upload files through TFTP. ----End Issue 04 (2009-12-20) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. 8-15 you need the following data.6 Limiting the Access to the TFTP Server 8. Data 1 IP address of the TFTP server 2 ACL number Configuration Procedures To configure a limit to access to TFTP server.. Pre-configuration Tasks Before configuring a limit to access the TFTP server. No. No. Ltd. complete the following tasks: z Powering on the router z Connecting the TFTP client with the server Data Preparation To configure a limit to accesss to TFTP server.Basic Configurations 8 FTP. Issue 04 (2009-12-20) .2 Configuring the Basic ACL Do as follows on the router that serves as the TFTP client: Step 1 Run: system-view The system view is displayed. you need to take following steps. Step 2 Run: acl acl-number The ACL view is displayed. you can configure the ACL on the router.6.6. 8-16 Huawei Proprietary and Confidential Copyright © Huawei Technologies Co. After the configuration.1 Establishing the Configuration Task Applicable Environment When the router serves as the TFTP client. you can control to which TFTP server that this device can log in by TFTP. TFTP and XModem 8. Procedure 1 Configuring the Basic ACL 2 Configuring the Basic TFTP ACL 8.Quidway NetEngine80 Configuration Guide . 6.1 Establishing the Configuration Task Applicable Environment Configure XModem to transfer files through serial interfaces. you need the following data. Pre-configuration Tasks Before configuring XModem. ----End 8.3 Configuring the Basic TFTP ACL Do as follows on the router that serves as the TFTP client: Step 1 Run: system-view The system view is displayed.Basic Configurations 8 FTP.7. TFTP and XModem Step 3 Run: rule [ rule-id ] { deny | permit } [ source { host-name { source-wildcard | 0 } | source-ip-address { source-wildcard | 0 } | any } | time-range time-name | logging | fragment ] The ACL rule is configured.7 Configuring XModem 8. 8-17 . Step 2 Run: tftp-server acl acl-number ACL is used to limit the access to the TFTP server. 8.Quidway NetEngine80 Configuration Guide . complete the following tasks: z Powering on the router z Connecting the router and the PC through an AUX port or a console port z Logging in to the router through the terminal emulation program and specifying the file path in the terminal emulation program Data Preparation To configure XModem. ----End TFTP supports only the basic ACL rules.. Issue 04 (2009-12-20) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co. Ltd. 16.2 Getting a File Through XModem Do as follows on the router that performed: Step 1 Run: xmodem get filename XModem is used to get the file. an absolute path name is required.8. Ltd. Issue 04 (2009-12-20) .1 Example for Configuring the FTP Server Networking Requirements As shown in Figure 8-1.Basic Configurations 8 FTP. z For the filename.104. the system sends a prompt asking you whether to overwrite or not. 8-18 Huawei Proprietary and Confidential Copyright © Huawei Technologies Co. ----End z Before getting the file. the IP address of the FTP server is 172.8 Configuration Examples 8. z If the filename is similar to an existing one. confirm the path and the name of the file that are to be sent..Quidway NetEngine80 Configuration Guide . Data 1 Name of a specific file 2 Absolute path of the file Configuration Procedures No. 8.110/24. TFTP and XModem No.7. Log in to the router from the HyperTerminal and then download files from the FTP server. Procedure 1 Getting a File Through XModem 8. 16.0 [server-Ethernet2/0/0] quit Step 4 Log in to the router from the PC through the HyperTerminal. Issue 04 (2009-12-20) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co.104.16. Use the correct username and password to log in to the FTP server to download the files on the memory of the router.110 255. Data Preparation To complete the configuration.104..255.Quidway NetEngine80 Configuration Guide . and connect to the FTP server using the correct username and password to obtain system host software.110/24 console cable Configuration Roadmap The configuration roadmap is as follows: 1. Ltd.255. <Quidway> system-view [Quidway] sysname server [server] ftp server enable [server] ftp timeout 30 [server] aaa [server -aaa] local-user quidway password simple huawei Step 2 Configure the authorization mode and directory of the FTP user on the FTP server [server -aaa] local-user quidway service-type ftp [server -aaa] local-user quidway ftp-directory flash: [server -aaa] quit Step 3 Configure the IP address of the FTP server. 2. TFTP and XModem Figure 8-1 Networking diagram with FTP server basic functions Server 172. you need the following data: z FTP username as quidway and password as huawei on the server z The correct path of the original files on the FTP server z The destination file name and its position in the router Configuration Procedure Step 1 Enable FTP on the FTP server and configure the authentication information about the FTP user. Run the HyperTerminal on the PC and log in to the router. 8-19 . [server] interface Ethernet2/0/0 [server-Ethernet2/0/0] undo shutdown [server-Ethernet2/0/0] ip address 172.Basic Configurations 8 FTP. 220 FTP service ready.1.Apr 30 2007 14:35:36 3 -rw- 852 May 25 2007 16:55:08 vrp. TFTP and XModem # Log in to the FTP server to obtain system host software and save it in the root directory of the Flash Memory of the router. Ltd.87Kbyte(s)/sec. [ftp] dir 200 Port command okay. [ftp] binary 200 Type set to I.bin The file vrp.255.110 255.16.1. Press CTRL+K to abort Connected to 100. 0 -rw- 5805100 May 25 2007 18:02:30 1 -rw- 354 Apr 30 2007 14:35:15 2 drw- .bin vrpcfg.1.1. Issue 04 (2009-12-20) .255. # sysname Server # FTP server enable # interface Ethernet2/0/0 undo shutdown ip address 172.74Kbyte(s)/sec. <Router> cd flash: <Router> pwd flash:<Router> ftp 172.104.110 Trying 100. FTP: 402 byte(s) received in 0.Quidway NetEngine80 Configuration Guide ..898 second(s) 291.201.1. 150 Opening ASCII mode data connection for *.201:(none)): quidway 331 Password required for quidway. [ftp] get vrp.. overwrite it? [Y/N]:y 200 PORT command okay 150 Opening BINARY mode data connection for vrp.201 .104. Password: 230 User logged in.140 second(s) 2.cc is already existing.Basic Configurations 8 FTP. User(100. [ftp] bye ----End Configuration Files Configuration file of the FTP server. FTP: 5805100 byte(s) received in 19.cfg lam vrpcfg.0 # aaa local-user quidway password simple Huawei local-user quidway service-type ftp local-user quidway ftp-directory flash:/ftp/system authentication-scheme default # authorization-scheme default # 8-20 Huawei Proprietary and Confidential Copyright © Huawei Technologies Co.bin 226 Transfer complete.1..zip 226 Transfer complete.16. Configure the basic FTP functions.16.110 GE1/0/0 PC1 172. Figure 8-2 Networking diagram of configuring FTP ACL GE2/0/0 PC2 172. See "Configuring the Router to be the FTP Server".104.16.111/24 IP Network Server 172. 8-21 .111 to download and upload files in the FTP mode.110/24.105.0..16.Quidway NetEngine80 Configuration Guide . <Quidway> system-view [Quidway] acl number 2001 [Quidway-acl-basic-2001]rule permit source 172.104.8.111/24 Configuration Roadmap The configuration roadmap is as follows: 1. Data Preparation To complete the configuration.104. 2. you need the following data: z ACL number Configuration Procedure Step 1 Configure the basic FTP functions.2 Example for Configuring FTP ACL Networking Requirements As shown in Figure 8-2. the IP address of the FTP server is 172.255 [Quidway-acl-basic-2001]quit Issue 04 (2009-12-20) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co. Configure ACL on the FTP server.16. PC2 and the FTP server are reachable. TFTP and XModem accounting-scheme default # domain default # Return 8.111 0. At the client side. Ltd. After configuring ACL. the router that serves as the FTP server allows only PC1 with the host address of 172.Basic Configurations 8 FTP.104.16.0. PC2 cannot be connected to the FTP server.104. PC1.16. Step 2 Configure the basic ACL. 150. Info:Connection was denied by remote host according to ACL! Connection closed by remote host. User (100.110 220 FTP service ready.104.104. c:\ ftp 172.0. Ltd.110 Connected to ftp 172.0 # aaa local-user quidway password simple Huawei local-user quidway service-type ftp local-user quidway ftp-directory flash:/ftp/system authentication-scheme default # authorization-scheme default # accounting-scheme default # domain default # Return 8-22 Huawei Proprietary and Confidential Copyright © Huawei Technologies Co.16.104. Issue 04 (2009-12-20) . [Quidway]ftp acl 2001 Step 4 Connect to the FTP server from PC1.104.16.255 # interface Ethernet2/0/0 undo shutdown ip address 172.104.16.255.16.110 Connected to 172.40:(none)):quidway 331 Password required for quidway Password: 230 User logged in.16. ----End Configuration Files Configuration file of the FTP server.16. c:\ ftp 172. # sysname Server # Ftp server enable FTP acl 2001 acl number 2001 rule 5 permit source 172.110.255.Basic Configurations 8 FTP.. ftp> Step 5 Connect to the FTP server from PC2. TFTP and XModem Step 3 Configure the basic FTP ACL.111 0.104.0.2.Quidway NetEngine80 Configuration Guide .110 255. 8-23 .111/24 Configuration Roadmap Log in to the FTP server to the FTP client and download system files form the server to the storage devices on the client side.110 Trying ftp 172. [ftp] binary 200 Type set to I.105.3 Example for Configuring the FTP Client Networking Requirements As shown in Figure 8-3. Step 2 Configure the transmission mode to the binary format and configure the directory of the Flash memory on the router. the router that serves as the FTP client are connected to the FTP server.16. <Quidway> ftp 172. Data Preparation To complete the configuration. you need the following data: z IP address of the FTP server z The destination file name and its position in the router Configuration Procedure Step 1 Log in to the FTP server from the router..110 172. Figure 8-3 Configuring the FTP client GE2/0/0 IP Network Router Server 172.110:(none)):huawei 331 Password required for huawei Password: 230 User logged in. [ftp] lcd flash:/ % Local directory now flash: Step 3 Download the newest system software from the remote FTP server on the router.16.104.104. TFTP and XModem 8.104.16.Basic Configurations 8 FTP. and download system software and configuration software from the FTP server to the client side.16.16.110 220 FTP service ready.110 Press CTRL+K to abort Connected to ftp 172.8.Quidway NetEngine80 Configuration Guide .16. Issue 04 (2009-12-20) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co. User(ftp 172.104. Ltd.104. . Log in to the router from the HyperTerminal and then download the file vrp.16.160/24 Quidw ay PC Configuration Roadmap The configuration roadmap is as follows: 1.cc file resides.Basic Configurations 8 FTP.16.4 Example for Configuring TFTP Networking Requirements As shown in Figure 8-4.cc [ftp] quit ----End 8. the IP address of the TFTP server is 10. z The path of the source file on the TFTP server. Run the TFTP software on the TFTP server 2. Ltd. you need the following data: z The TFTP software installed on the TFTP server. TFTP and XModem [ftp] get vrpv5r3d031. Figure 8-5 shows the interface.160/24.111.Quidway NetEngine80 Configuration Guide . Issue 04 (2009-12-20) . Configuration Procedure Step 1 Start the TFTP server. Set the position of the source file on the server 3. Use the TFTP command on the Quidway router to download the files Data Preparation To complete the configuration.8.cc from the TFTP server.111. 8-24 Huawei Proprietary and Confidential Copyright © Huawei Technologies Co. z The destination file name and its path on the Quidway router. Figure 8-4 Networking diagram of configuring TFTP TFTP Server 10. set its Base Directory as the directory where the vrp. txt 6 -rw- 1004 Feb 05 2001 09:51:22 vrp1.. \ TFTP: 86235884 bytes received in 42734 second. 8-25 .160 get vrp. File downloaded successfully.Quidway NetEngine80 Configuration Guide . Now begin to download file from remote tftp server. Run the dir command to view whether the downloaded target file resides in the specified directory of the router.bin 2 -rw- 396 May 19 2006 15:00:10 rsahostkey..txt 1.zip 7 -rw- 6247 May 19 2006 15:00:10 license. Ltd.111.10014764 Jun 20 2005 15:00:28 1 -rw- 40 Jun 24 2006 09:30:40 vrp.cc flash:/vrp. TFTP and XModem Figure 8-5 Setting the Base Directory of the TFTP server The display may be different depending on different TFTP server software used by the computer.16. Step 2 Log in to the router through the computer HyperTerminal and enter the following command to download files.cfg 15875 KB total (5032 KB free) ----End Issue 04 (2009-12-20) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co. Step 3 Check the configuration.Basic Configurations 8 FTP. <Quidway> dir flash: Directory of flash:/ 0 -rw.txt. <Quidway> tftp 10.bak private-data.txt 8 -rw- 14343 May 16 2006 14:13:42 paf. please wait for a while.cc Transfer file in binary mode..dat 4 -rw- 2718 Jun 21 2006 17:46:46 5 -rw- 14343 May 19 2006 15:00:10 paf.dat 3 -rw- 540 May 19 2006 15:00:10 rsaserverkey. The received file is saved on theFlash memory of the router and the file name is test.Quidway NetEngine80 Configuration Guide .txt.Basic Configurations 8 FTP. TFTP and XModem 8. Use the xmodem command to download the files on the router. <Quidway> xmodem get flash:/test.5 Example for Configuring XModem Networking Requirements The router is connected with PC through the AUX port. you need the following data: z Files that are copied to the PC z The path of the file in PC Configuration Procedure Step 1 Log in to the router through the AUX port. click Send to send the file. Log in to the router through the AUX port. 2.8. Data Preparation To complete the configuration. Issue 04 (2009-12-20) . Run the HyperTerminal on the PC and log in to the router. Specify the file path on the HyperTerminal. Refer to "02 Establishment of Configuration Environments. Configuration Roadmap The configuration roadmap is as follows: 1. Figure 8-6 Specifying the file to be sent After the configuration.. Ltd." Step 2 Specify the file to be sent on the HyperTerminal.txt **** WARNING **** xmodem is a slow transfer protocol limited to the current speed 8-26 Huawei Proprietary and Confidential Copyright © Huawei Technologies Co. to receive files from the AUX port and save the received packets to the Flash Memory. Step 3 Use the XModem protocol to receive the file form the AUX port. 3. cfg 3844 Jul 14 2004 11:51:45 exception.txt vrpcfg.dat private-data.txt 1515 Jul 19 2005 17:39:55 vrpcfg.01.bin matnlog. Ltd.10014764 Jun 20 2005 15:00:28 1 -rw- 2 -rw- 28 Jul 27 2005 09:34:39 3 -rw- 480 May 10 2003 11:25:18 4 -rw. you can view the directory of the Flash Memory.bin test. <Quidway> Download successful! <Quidway> Download successful! <Quidway> dir flash:/ Directory of flash:/ 0 -rw. 8-27 . TFTP and XModem settings of the auxiliary ports.Quidway NetEngine80 Configuration Guide .txt 15875 KB total (5015 KB free) ----End Issue 04 (2009-12-20) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co.Basic Configurations 8 FTP.******* ---Proceed?[Y/N]y Destination filename [flash:/ test..zip date. During the course of the download no exec input/output will be available! ---. CCCCC After the system prompts that the file transmission succeeds.txt]? Before press ENTER you must choose 'YES' or 'NO'[Y/N]:y Download with XMODEM protocol.dat 8628372 Jun 01 2005 10:14:34 45 Jul 27 2005 10:51:26 vrp330-0521...10103172 Jul 22 2005 16:40:37 5 -rw- 6 -rw- 7 8 -rw-rw- 98776 Jul 27 2005 09:36:12 vrp.. .............3....................2 Configuring Telnet Terminal Services........................................9-2 9...........................................................................................3...............................................4............................................................................................................................................ 9-11 9..........1 Establishing the Configuration Task ........................9-10 9..9-10 9................................................................................................................. 9-11 9....................................2 Creating an SSH User ...................................................3....2........................................................................................................................9-18 9.....................9-17 9..............................................................................................................4.................................................3 Configuring SSH Users............2...........5 Checking the Configuration ....................9-8 9............................................................6 (Optional) Enabling the Trap Function ..............9-15 9.................4.....................................................................1 Overview of User Login .............................................................................9-12 9........................9-20 Issue 04 (2009-12-20) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co........9-2 9..................9-12 9...........4 Configuring the SSH Server...............2...........................9-14 9..6 (Optional)Configuring the Basic Authentication Information for SSH Users...............................................................................7 (Optional)Configuring the Interval for Updating the Key Pair on the SSH Server....................................................................4.1 Establishing the Configuration Task ...............Basic Configurations Contents Contents 9 Telnet and SSH.........................10 Checking the Configuration ...................................................3............................................8 Configuring the Service Type of SSH Users.................................................9-16 9.................................9-19 9...9-14 9.................................2 Establishing a Telnet Connection..2...............................................................................................................1................................................3.....7 (Optional)Authorizing SSH Users Through the Command Line .............................................1 Establishing the Configuration Task ..................3 Configuring SSH for the VTY User Interface..9-7 9...5 Configuring the STelnet Client Function ........................9-9 9.. i .........9-8 9...............2 Telnet Terminal Services ...........................................................................................................................9-18 9...........................9-9 9...4 (Optional)Enabling the Earlier Version-Compatible Function.............................5 Configuring the Authentication Mode for SSH Users.......9-7 9............. Ltd.............................3................3 Establishing a Telnet Redirection Connection ...................................................................9-17 9.......................9-15 9...........................9-17 9..1....................9-2 9........................................................4 Generating a Local RSA Key Pair ......................4 Scheduled Telnet Disconnection ..................9-19 9................................4.............8 Checking the Configuration ........................3................4..........................................................................9-4 9...................3..............1...4............................................................................3............9-16 9.........................................4.........2 Enabling the STelnet Service ...............................................................3........................................................................................5 (Optional)Configuring the Number of the Port Monitored by the SSH Server............9 (Optional)Configuring the Authorized Directory of SFTP Service for SSH Users.......1 Introduction .........................................3 SSH Terminal Services ..................9-1 9.......2............................................9-15 9......Quidway NetEngine80 Configuration Guide ............3 Enabling the SFTP Service ........... .......................4 Enabling the SFTP Client.................9-29 9..........................8...............9-27 9......6............................8.............9-28 9....9-21 9.............................................................6................................................................2 Configuring the First-Time Authentication on the SSH Client ............................................................9-23 9....................................................................................................9-22 9............5 (Optional) Managing the Directory..............................................................9-25 9..........................................Contents Quidway NetEngine80 Configuration Guide ....................................5 Example for Authenticating SSH Through RADIUS....................................................................................3 Example for Connecting the SFTP Client to the SSH Server ..............................................7 Maintaining Telnet and SSH .2 Debugging SSH Terminal Services..............................7...........5.........9-28 9.8...............................................................................6 (Optional) Managing the File................1 Example for Configuring Telnet Terminal Services...............................................................3 (Optional) Configuring the SSH Client to Assign the RSA Public Key to the SSH Server ..................1 Establishing the Configuration Task .............5.............................9-25 9................8......................................................9-21 9........................................................................ Issue 04 (2009-12-20) .............................................................9-42 9......................................7 (Optional)Displaying the SFTP Client Command Help...................9-20 9.......5 Checking the Configuration ...................................................................9-26 9..5......................................8 Configuration Examples......................9-27 9............................9-49 ii Huawei Proprietary and Confidential Copyright © Huawei Technologies Co................................................2 Example for Connecting the STelnet Client to the SSH Server ..............................................6.9-37 9..............4 Enabling the STelnet Client ....1 Establishing the Configuration Task ...8 Checking the Configuration ................4 Example for Accessing the SSH Server Through Other Port Numbers ....................................9-28 9..............................8..............................9-23 9............................................................. Ltd..............7.5....5..............................6.........................3 Configuring the SSH Client to Assign the RSA Public Key to the SSH Server........9-24 9.....Basic Configurations 9..........2 Enabling the First-Time Authentication on the SSH Client .........1 Debugging Telnet Terminal Services .....................6......9-24 9..............6.6 Configuring the SFTP Client Function............................9-29 9....................................9-22 9.6...........................................6.................9-31 9........................................ ...............................................................................................................................................9-43 Figure 9-10 Networking diagram of authenticating the SSH through RADIUS .......................................Quidway NetEngine80 Configuration Guide .....................................................................9-5 Figure 9-5 Establishing an SSH channel in a WAN .........Basic Configurations Figures Figures Figure 9-1 Telnet client services.......................................................................9-2 Figure 9-2 Telnet redirection services ........................................................................9-3 Figure 9-3 Usage of Telnet shortcut keys ................................................9-5 Figure 9-6 Networking diagram of the Telnet terminal services mode ..........................9-31 Figure 9-8 Networking diagram of connecting the SFTP client to the SSH server ......................... iii ........................9-3 Figure 9-4 Establishing an SSH channel in a LAN .................................................................................9-49 Issue 04 (2009-12-20) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co.......................................................................9-37 Figure 9-9 Networking diagram of accessing the SSH server through other port numbers ..9-29 Figure 9-7 Networking diagram of connecting the STelnet client to the SSH server............................................................. Ltd... 9.Basic Configurations 9 Telnet and SSH 9 Telnet and SSH About This Chapter The following table shows the contents of this chapter.8 Configuration Examples This section provides examples for configuring Telnet and SSH. 9.. Ltd.3 Configuring SSH Users This section describes how to configure SSH users.5 Configuring the STelnet Client Function This section describes how to configure the STelnet client. Section Description 9. 9-1 . 9.1 Introduction This section describes the basic concepts of user login: Telnet and SSH.Quidway NetEngine80 Configuration Guide .6 Configuring the SFTP Client Function This section describes how to configure the SFTP client. 9. Issue 04 (2009-12-20) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co.2 Configuring Telnet Terminal Services This section describes how to log in to a router through Telnet and configure the router. 9.4 Configuring the SSH Server This section describes how to configure the SSH server. 9. 9.7 Maintaining Telnet and SSH This section describes how to debug the Telnet and SSH terminal services. as shown in Figure 9-2. you can log in to other routers to configure and mange them. The user interface provides the login plane.1.1 Introduction 9. Figure 9-1 Telnet client services Telnet Session 1 Telnet Session 2 Telnet Server PC z 9-2 RouterA RouterB Redirection terminal services: You can run the Telnet client program on a PC to log in to the router through a specified interface. As shown in Figure 9-1. It provides remote login and a virtual terminal service through the network. Huawei Proprietary and Confidential Copyright © Huawei Technologies Co. Then connect with the serial interface devices that are connected to the asynchronous interface of the router. the user management and the terminal service. The typical application is to connect the 8/16-port asynchronous interface of the router with multiple devices for their remote configuration and maintenance. monitor and maintain the local or remote devices. Router A serves as both the Telnet server and the Telnet client. Issue 04 (2009-12-20) .. The user management guarantees the login security and the terminal service provides the login protocol. With the telnet command. configure and manage it.1 Overview of User Login To configure.2 Telnet Terminal Services Telnet Services Telnet is an application layer protocol in the TCP/IP protocol suite. The router provides the following Telnet services: z Telnet server: You can run the Telnet client program on a PC to log in to the router. Ltd. The router acts as a Telnet server. configure the user interface. z Telnet client: You can run the terminal emulation program or the Telnet client program on a PC to connect with the router.Basic Configurations 9 Telnet and SSH 9. The product supports the following login methods: z Login through the console port z Local or remote login through the AUX port z Local or remote login through Telnet or SSH 9.1.Quidway NetEngine80 Configuration Guide . Note: The max number of VTY users is 5.. The connection was closed by the remote host! <RouterA> Issue 04 (2009-12-20) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co. and the current number of VTY users on line is 0. If the network connection is normal. As shown in Figure 9-2. when you press Ctrl+]. Figure 9-3 Usage of Telnet shortcut keys Telnet Session 1 Telnet Session 2 Telnet Client RouterA Telnet Server RouterB RouterC Ctrl_]: The server interrupts the connection. z Interruption of Telnet services In Telnet connection. a cascade network is formed. and the current number of VTY users on line is 0. For example: <RouterC> (Press <Ctrl_]> to return to the prompt of RouterB. Router A is the client of Router B and Router B is the client of Router C. and Router B logs in to Router C through Telnet. Thus. you can use two types of shortcut keys to interrupt the connection. 9-3 .Basic Configurations 9 Telnet and SSH Figure 9-2 Telnet redirection services PC Ethernet Router Async0 Router1 Async1 Lan Switch Async2 Modem Async8/16 Router2 Only the devices that provide the asynchronous interface support the Telnet redirection service. In this case.Quidway NetEngine80 Configuration Guide . Router A logs in to Router B through Telnet. Ltd. the Telnet server interrupts the current Telnet connection actively.) Note: The max number of VTY users is 5. Figure 9-3 illustrates the usage of the two types of shortcut keys. The connection was closed by the remote host! <RouterB> (Press <Ctrl_]> to return to the prompt of RouterA. Quidway NetEngine80 Configuration Guide - Basic Configurations 9 Telnet and SSH If the network disconnects, the shortcut keys become invalid. The instruction cannot be sent to the server. Ctrl_K: The client interrupts the connection. When the server fails and the client is unaware of the failure, the server does not respond to the input of the client. In this case, if you press Ctrl+K, the Telnet client interrupts the connection actively and quits the Telnet connection. For example: <RouterC> (Press <Ctrl_K> to directly interrupt the connection and quit Telnet connection. <RouterA> When the number of remote login users reaches to the maximum number of VTY user interfaces, the system prompts that all user interfaces are in use and you cannot use Telnet to log in. 9.1.3 SSH Terminal Services Overview of SSH When users on an insecure network log in to the router through Telnet, the Secure Shell (SSH) feature offers security guarantee and powerful authentication. It protects the router from attacks such as IP address spoofing and interception of plain text password. The router can be connected with multiple SSH users. The SSH client function allow users to establish SSH connections with a router that supports SSH server or a UNIX host. As shown in Figure 9-4 and Figure 9-5, an SSH channel is set up for the local connection and the Wide Area Network (WAN) connection. 9-4 Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. Issue 04 (2009-12-20) Quidway NetEngine80 Configuration Guide - Basic Configurations 9 Telnet and SSH Figure 9-4 Establishing an SSH channel in a LAN WorkStation Router Ethernet Server 100BASE-TX LapTop PC PC running SSH client Figure 9-5 Establishing an SSH channel in a WAN Local LAN Remote LAN WAN Router SSH router PC run SSH client PC Advantages of SSH The product provides the functions of SFTP and STelnet client. z STelnet client The Telnet protocol does not provide secure authentication. The contents that are transmitted through the TCP are in plain text. This leads to security problems. The system also faces serious threats from DOS attacks, the host IP address spoofing and routing spoofing. Telnet services are prone to network attacks. SSH implements secure remote access on insecure networks and it has the following advantages compared to Telnet: z Issue 04 (2009-12-20) − SSH supports RSA authentication mode. In RSA authentication, SSH implements secure key exchange by generating public and private keys. These keys are generated according to the encryption principle of the asymmetric encryption system. This implements the secure process of sessions. − SSH supports Data Encryption Standard (DES), 3DES and AES. − The username and the password are both encrypted in the communication between the client and the server of SSH. This is to prevent the password from being intercepted. − SSH provides encryption to the transmitted data to guarantee security and reliability. SFTP client Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. 9-5 Quidway NetEngine80 Configuration Guide - Basic Configurations 9 Telnet and SSH SFTP is short for Secure FTP. You can log in to the device from the secure remote end to manage the files. This improves the security of data transmission for the remote end to update its system. Meanwhile, the client function enables you to log in to the remote device through SFTP for the secure file transmission. Process to Set Up SSH Connections The following are procedures to set up SSH connections. z Negotiating versions The SSK client sends a request packet to the server for setting up a TCP connection. After the TCP connection is set up, the server and the client begin to negotiate the SSH version number. If the version numbers are matched, continue to negotiate the shared key. If the version numbers are not matched, the server interrupts the TCP connection. z Negotiating key algorithm This procedure covers two actions: negotiating the key and accounting the session key. The detailed procedures are as follows: − The server generates the RAS key randomly and sends the public key to the client. − The client calculates the key based on the received RSA public key and the local key generated randomly − The client then encrypts the randomly local-generated key with the RAS public key, and sends it to the server. − The server decrypts the received packets with its private key and gets the random key generated on the client. It then calculates the session key. In this way, the server and the client have the same session keys to guarantee the session security. z Negotiating authentication mode After the session key is calculated, the server needs to authenticate the client. The client sends the identity information to the server. If the non-authentication mode is configured on the server, a session request is performed. If the authentication mode is configured on the server, the client is authenticated sends the authentication request to the server. The result can be that the authentication succeeds or the connection is interrupted because of timeout. The SSH server provides the following authentication modes: z − Password authentication: The server compares the configured password and that from the client; if they match, authentication succeeds. − RSA authentication: Configure the RSA public key of the client on the server and the client sends all the member modules to the server. The server then authenticates the modulo, generates a number randomly, encrypts the number with the RSA public key of the client and sends the encrypted number to the client. The server and the client both calculate the key based on the number randomly generated. The client calculates the number used by the server to authenticate the client and sends the result to the server. The server then compares the received result with that locally calculated. If they are the same, the authentication succeeds. Sending session request After the authentication succeeds, the client sends the session request to the server. The server then processes this request and the interactive session is performed. z 9-6 Performing the interactive session Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. Issue 04 (2009-12-20) Quidway NetEngine80 Configuration Guide - Basic Configurations 9 Telnet and SSH In the interactive session, the server and the client encrypt and decrypt the data with the session key. 9.2 Configuring Telnet Terminal Services 9.2.1 Establishing the Configuration Task Applicable Environment When you log in to a router through Telnet to manage or maintain the router, configure the Telnet terminal services. Pre-configuration Tasks Before configuring Telnet terminal services, complete the following tasks: z Powering on the router z Configuring the IP addresses for interfaces of the router correctly z Configuring users, authentication modes and call-in or call-out restrictions z Configuring a reachable route between the terminal and the router Data Preparation To configure Telnet terminal services, you need the following data. No. Data 1 IP address of the router 2 VPN instance name 3 IP address or host name of the remote router 4 Number of the TCP port that provides Telnet services on the remote router 5 Timeout period of the user interface Configuration Procedures No. Procedure 1 Establishing a Telnet Connection 2 Establishing a Telnet Redirection Connection 3 Scheduled Telnet Disconnection 4 Checking the Configuration Issue 04 (2009-12-20) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. 9-7 Quidway NetEngine80 Configuration Guide - Basic Configurations 9 Telnet and SSH 9.2.2 Establishing a Telnet Connection Do as follows on the login router logged in to from the client: Step 1 Run: telnet [ vpn-instance vpn-instance-name ] [-a source-ip-address] host-name [ port-number ] Log in to the router and manage other routers. ----End 9.2.3 Establishing a Telnet Redirection Connection Perform the Telnet operation on the client to set up a connection with the router. Do as follows the router logged in to from the client: Step 1 Run: system-view The system view is displayed. Step 2 Run: interface aux interface-number The interface view is displayed. Step 3 Run: async mode flow The asynchronous interface of the router connected with external devices is configured to the interactive mode. Step 4 Run: redirect The Telnet redirection function of the user interface is enabled. Step 5 Run: return Return to the user view. Step 6 Run: telnet [ vpn-instance vpn-instance-name ] [-a source-ip-address ] host-name [ port-number ] Log in to the router through the specified interface and connect with the asynchronous interface of the specified interface. ----End 9-8 Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. Issue 04 (2009-12-20) 99:23 0.Basic Configurations 9 Telnet and SSH 9. ----End 9. display users Check the connection status of all user-interfaces.13:1147 14849 Listening 0 Established Issue 04 (2009-12-20) Tid/Soid Local Add:port Huawei Proprietary and Confidential Copyright © Huawei Technologies Co.0.0. Action Command Check the connection status of the current user-interface.0:0 10.0:0 0 Closed 32af9074 59 /1 34042c80 73 /17 0. When ESTAB indicates that the TCP connection is established.0. Step 2 Run: user-interface [ ui-type ] first-ui-number [ last-ui-number ] The user interface view is displayed.. Step 3 Run: idle-timeout minutes [ seconds ] The scheduled Telnet disconnection is enabled.0. <Quidway> display tcp status TCPCB Foreign Add:port VPNID State 39952df8 36 /1509 0.164.164.0:0 0.4 Scheduled Telnet Disconnection Do as follows on the router: Step 1 Run: system-view The system view is displayed.2.39.0.0.0:21 10.5 Checking the Configuration Run the following commands to check the previous configuration. display tcp status Run the display tcp status command to view TCP connection status. display users all Check the status of all the established TCP connections.0.Quidway NetEngine80 Configuration Guide .0. Ltd. 9-9 .6.2. Issue 04 (2009-12-20) .1 Establishing the Configuration Task Applicable Environment The STelnet or SFTP client can log in to the SSH server to perform operations only after SSH users are correctly configured on the SSH server. No. you need to take the following steps. Pre-configuration Tasks Before configuring SSH users.. 9-10 No.3 Configuring SSH Users 9.Quidway NetEngine80 Configuration Guide . Ltd.Basic Configurations 9 Telnet and SSH 9. Procedure 1 Creating an SSH User 2 Configuring SSH for the VTY User Interface 3 Generating a Local RSA Key Pair 4 Configuring the Authentication Mode for SSH Users 5 (Optional)Configuring the Basic Authentication Information for SSH Users 6 (Optional)Authorizing SSH Users Through the Command Line 7 Configuring the Service Type of SSH Users 8 (Optional)Configuring the Authorized Directory of SFTP Service for SSH Users Huawei Proprietary and Confidential Copyright © Huawei Technologies Co. Data 1 Name and password of SSH users 2 Authentication mode of SSH users 3 Service type of SSH users 4 Name of the peer RSA public key assigned to SSH users 5 Operating directory of the SFTP service for SSH users Configuration Procedures To configure the SSH user. you need the following data. complete the following tasks: z Creating the local user z Configuring the RSA key of the client on the SSH server Data Preparation To configure SSH users.3. Run: local-user username password {cipher| simple } password The local user is created. you can create the SSH user when performing the following configurations: z Configuring the Authentication Mode for SSH Users z Configuring the Service Type of SSH Users 9. you need to create a local user that has the same name in the AAA view. Ltd. If the SSH user that has the authentication mode of password or password-rsa is created.3. 2. 9-11 .. 1. Step 2 Run: ssh user user-name The SSH user is created.2 Creating an SSH User Do as follows on the router: Step 1 Run: system-view The system view is displayed.3 Configuring SSH for the VTY User Interface Do as follows on the router: Step 1 Run: system-view The system view is displayed. ----End If the SSH user is not created separately. Procedure 9 Checking the Configuration 9 Telnet and SSH 9. Run: aaa The AAA view is displayed.Basic Configurations No.Quidway NetEngine80 Configuration Guide . Step 3 Run: Issue 04 (2009-12-20) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co.3. Step 2 Run: user-interface [ vty ] first-ui-number [ last-ui-number ] The VTY user interface is displayed. 3. the local RSA key pair must be configured and generated first. 9.Quidway NetEngine80 Configuration Guide . Run: ssh user user-name authentication-type password 9-12 Huawei Proprietary and Confidential Copyright © Huawei Technologies Co.5 Configuring the Authentication Mode for SSH Users Do as follows on the router: Step 1 Run: system-view The system view is displayed..4 Generating a Local RSA Key Pair Do as follows on the router that serves as the client and the server separately: Step 1 Run: system-view The system view is displayed. 9. Otherwise. ----End The authentication mode of the VTY user interface must be configured to AAA. Issue 04 (2009-12-20) . 1. Ltd. Step 2 Run: rsa local-key-pair create A local RSA key pair is generated. Step 4 Run: protocol inbound ssh The VTY is configured to support SSH. Before the other configurations of SSH. you must configure the rsa local-key-pair create command to generate a local key pair.3. ----End To log in to the SSH server. the protocol inbound ssh command cannot be configured successfully.Basic Configurations 9 Telnet and SSH authentication-mode aaa The AAA authentication mode is configured. Perform the following as required: z Authenticate the SSH user through the password. Step 2 Run: ssh user username authentication-type { password | rsa | password-rsa | all } The authentication mode for SSH users is configured. if the number of SSH users is small. Ltd. 3. 2. 5.. Run: ssh user user-name authentication-type rsa The RSA authentication is configured for the SSH client. the RSA public key generated on the client software can be sent to the server. Huawei Proprietary and Confidential Copyright © Huawei Technologies Co. Run: hex-data The public key is edited. 1. ----End Issue 04 (2009-12-20) z After the public key editing view is displayed. 6.Basic Configurations 9 Telnet and SSH The password authentication is configured for the SSH client. Run: ssh authentication-type default password The default password authentication is configured for the SSH client. 9-13 . z Authenticate the SSH client through RSA. When the local authentication or HWTACACS authentication is adopted. the SSH server must be configured and the peer RSA public key must be the RSA public key of the SSH client. configure the password authentication. Run: public-key-code begin The public key editing view is displayed. 7. Copy the RSA public key to the router that serves as the SSH server. configure the default password authentication for the SSH client. Run: peer-public-key end Quit the public key view and return to the system view. If the number of SSH users is great. z Before the peer RSA public key is assigned to the SSH client. 4. Run: public-key-code end Quit the public key editing view.Quidway NetEngine80 Configuration Guide . Run: rsa peer-public-key key-name The public key view is displayed. 2. Run: ssh user user-name assign rsa-key key-name The public key is assigned to the SSH users. password-rsa. Step 2 Run: ssh server rekey-interval hours The interval for updating the server key pair is configured. Do as follows on the router: Step 1 Run: system-view The system view is displayed. the command line authorization does not become valid for the SSH client. password.3. rsa.Basic Configurations 9 Telnet and SSH 9. and all.. ----End 9. refer to the chapter "AAA and User Management" in the Quidway NetEngine80 Core Router Configuration Guide . Step 4 Run: ssh server authentication-retries times The number of retry times of the SSH authentication is set. For the configuration of the command line authorization in password mode.Quidway NetEngine80 Configuration Guide .6 (Optional)Configuring the Basic Authentication Information for SSH Users Do as follows on the router: Step 1 Run: system-view The system view is displayed. Issue 04 (2009-12-20) .Security. ----End 9-14 Huawei Proprietary and Confidential Copyright © Huawei Technologies Co. namely. otherwise. you must perform the AAA configuration.3.7 (Optional)Authorizing SSH Users Through the Command Line There are four authentication modes for an SSH user. This section describes how to configure the command line authorization in RSA mode. Ltd. Step 3 Run: ssh server timeout seconds The timeout period of the SSH authentication is set. Step 2 Run: ssh user user-name authorization-cmd aaa The command line authorization is configured for the specified SSH client. After the command line authorization is configured for the SSH client through the RSA authentication. Step 2 Run: ssh user username service-type { sftp | stelnet | all } The service type for the SSH client is configured.9 (Optional)Configuring the Authorized Directory of SFTP Service for SSH Users Do as follows on the router: Step 1 Run: system-view The system view is displayed. ----End 9.Basic Configurations 9 Telnet and SSH 9.3.3. Step 2 Run: ssh user username sftp-directory directoryname The authorized directory of SFTP service for SSH users is configured. ----End 9.. Action Command Check the information of the SSH client on the SSH server. [Quidway] display ssh user-information client001 User Name : client001 Authentication-type : password User-public-key-name : - Issue 04 (2009-12-20) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co.8 Configuring the Service Type of SSH Users Do as follows on the router: Step 1 Run: system-view The system view is displayed.Quidway NetEngine80 Configuration Guide . display ssh user-information username Run the display ssh user-information username command. It shows that the SSH user named clinet001 is authenticated by password. Ltd. display ssh user-information Check the information of the specified SSH client on the SSH server. and its serve mode is sftp.3.10 Checking the Configuration Run the following commands to check the previous configuration. 9-15 . complete the following tasks: z Connecting the SSH client and the SSH server correctly z Configuring reachable routes between the SSH client and the SSH server z Configuring the VTY user interface on the SSH server to support SSH z Configuring the SSH client on the SSH server z Creating the local RSA key pair on the SSH server Data Preparation To configure SSH servers. You can set the number of the port monitored by the SSH server to other port numbers so that the attacker does not know the change of the monitored port number.Basic Configurations 9 Telnet and SSH Sftp-directory : - Service-type : sftp Authorization-cmd : No 9.Quidway NetEngine80 Configuration Guide . Pre-configuration Tasks Before configuring SSH servers. No. you need the following data. you need to take following steps. 9-16 No. This can prevent the consumption of the bandwidth and system resources caused by the attacker's access to the standard port of the SSH server.4.4 Configuring the SSH Server 9. Issue 04 (2009-12-20) . The SSH server also supports setting the number of the monitored port.. Ltd.1 Establishing the Configuration Task Applicable Environment You must enable STelnet or SFTP on the SSH server to perform the operation. Data 1 Number of the port monitored by the SSH server Configuration Procedures To configure an SSH server. Procedure 1 Enabling the STelnet Service 2 Enabling the SFTP Service 3 (Optional)Enabling the Earlier Version-Compatible Function 4 (Optional)Configuring the Number of the Port Monitored by the SSH Server 5 (Optional) Enabling the Trap Function Huawei Proprietary and Confidential Copyright © Huawei Technologies Co. 9-17 .3 Enabling the SFTP Service Do as follows on the router that serves as an SSH server: Step 1 Run: system-view The system view is displayed. ----End 9.4 (Optional)Enabling the Earlier Version-Compatible Function Do as follows on the router that serves as the SSH server: Step 1 Run: system-view The system view is displayed. Step 2 Run: ssh server compatible-ssh1x enable The earlier version-compatible function is enabled.Basic Configurations 9 Telnet and SSH No. Step 2 Run: sftp server enable The SFTP service is enabled.4. ----End 9. Procedure 6 (Optional)Configuring the Interval for Updating the Key Pair on the SSH Server 7 Checking the Configuration 9. Step 2 Run: stelnet server enable The STelnet service is enabled. Ltd.2 Enabling the STelnet Service Do as follows on the router that serves as an SSH server: Step 1 Run: system-view The system view is displayed. Issue 04 (2009-12-20) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co..Quidway NetEngine80 Configuration Guide .4.4. 5 (Optional)Configuring the Number of the Port Monitored by the SSH Server Do as follows on the router that serves as an SSH server: Step 1 Run: system-view The system view is displayed.X server.Quidway NetEngine80 Configuration Guide .3 to SSH 1.99 should not be allowed to log in. ----End If a new number of the monitored port is configured. Step 2 Run: ssh server port port-number The number of the port monitored by the SSH server is configured.Basic Configurations 9 Telnet and SSH ----End By default. the SSH server interrupts all the STelnet and SFTP connections and monitors the port of the new number. Ltd. After that.3 and 1. you must run the undo ssh server compatible-ssh1x enable command to disable the earlier version-compatible function.99. including 1..3 and 2. z Compared with SSH1. the service capability of SSH2. SSH2. the SSH2. ----End 9-18 Huawei Proprietary and Confidential Copyright © Huawei Technologies Co. By default.0 is improved to support functions such as SFTP. In addition. 9. Step 2 Run: snmp-agent trap enable ssh The trap function is enabled. the SSH client that has the version number greater than 1.4.0.3 to 2.6 (Optional) Enabling the Trap Function Do as follows on the login router: Step 1 Run: system-view The system view is displayed. Issue 04 (2009-12-20) .X.0 server is compatible with the SSH1. If the client of SSH1. including 1.3 and smaller than 1.99 cannot log in to the router. the number of the port monitored by the SSH server is 22. 9.0.4.0 extends the structure to support more authentication methods and key exchange methods. z This product supports the SSH versions that range from 1. you can view that the version of the protocol that the SSH session connects to is 1.Quidway NetEngine80 Configuration Guide .4. and the times for the SSH session to retry connecting is 5.Basic Configurations 9 Telnet and SSH 9. Issue 04 (2009-12-20) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co.4. <Quidway> display ssh server status SSH version : 1. information about the currently monitored port is not displayed. Step 2 Run: ssh server rekey-interval interval The interval for updating the key pair is set.7 (Optional)Configuring the Interval for Updating the Key Pair on the SSH Server Do as follows on the router that serves as an SSH server: Step 1 Run: system-view The system view is displayed. Ltd.99 SSH connection timeout : 60 seconds SSH server key generating interval : 2 hours SSH Authentication retries : 5 times SFTP server: Enable STelnet server: Enable SSH server port: 55535 If the default number of the monitored port is adopted.8 Checking the Configuration Run the following command to check the previous configuration. display ssh server status When running the display ssh server status command. ----End 9.99. 9-19 .. Action Command Check the global configuration of the SSH server. Basic Configurations 9 Telnet and SSH 9. Procedure 1 Enabling the First-Time Authentication on the SSH Client 2 (Optional) Configuring the SSH Client to Assign the RSA Public Key to the SSH Server Huawei Proprietary and Confidential Copyright © Huawei Technologies Co. Issue 04 (2009-12-20) . The SSH user can use the STelnet service as the Telnet service. you need the following data: No. Data 1 Name of the SSH server 2 Number of the port monitored by the SSH server 3 Preferred encrypted algorithm from the STelnet client to the SSH server 4 Preferred encrypted algorithm from the STelnet server to the SSH client 5 Preferred HMAC algorithm from the STelnet client to the SSH server 6 Preferred HMAC algorithm from the STelnet server to the SSH client 7 Preferred algorithm of key exchange 8 Name of the egress 9 Source address Configuration Procedures To configure the functions for STelnet client server. Ltd.5 Configuring the STelnet Client Function 9. 9-20 No. complete the following tasks: z Generating the local RSA key pair on the SSH server z Configuring the SSH user on the SSH server z Enabling the STelnet service on the SSH server Data Preparation To connect the STelnet client to the SSH2 server. Pre-configuration Tasks Before connecting the STelnet client to the SSH2 server. It protects the router form attacks such as IP address spoofing and interception of plain text password.5.1 Establishing the Configuration Task Applicable Environment The SSH2 feature offers security guarantee and powerful authentication.. you need to take the following steps.Quidway NetEngine80 Configuration Guide . Quidway NetEngine80 Configuration Guide .2 Enabling the First-Time Authentication on the SSH Client Do as follows on the router that serves as an SSH client: Step 1 Run: system-view The system view is displayed. Procedure 3 Enabling the STelnet Client 4 Checking the Configuration 9 Telnet and SSH 9.Basic Configurations No. when the STelnet or SFTP client logs in to the SSH server for the first time. 9-21 .3 (Optional) Configuring the SSH Client to Assign the RSA Public Key to the SSH Server Do as follows on the router that serves as the SSH client: Step 1 Run: system-view The system view is displayed..5. 9.5. Step 2 Run: ssh client servername assign rsa-key keyname The RSA public key is assigned to the SSH server. Except for enabling the first-time authentication on the SSH client. the STelnet or SFTP client can assign the RSA public key in advance to the SSH server on the SSH client to log in to the server successfully for the first time. z If the first-time authentication is not enabled on the SSH client. ----End Issue 04 (2009-12-20) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co. the STelnet or SFTP client fails to pass the check on the RSA public key validity and cannot log in to the server. ----End z The purpose of enabling the first-time authentication on the SSH client is to skip checking whether the RSA public key of the SSH server is valid when the STelnet or SFTP client logs in to the SSH server for the first time. The check is skipped because the STelnet or SFTP server has not saved the RSA public key of the SSH server at this time. Ltd. Step 2 Run: ssh client first-time enable The first-time authentication on the SSH client is enabled. 4 Enabling the STelnet Client Do as follows on the router that serves as the SSH client: Step 1 Run: system-view The system view is displayed. 9. the STelnet or SFTP client can pass the validity check on the RSA public key of the SSH server. the SSH client must be configured and the assigned RSA public key must be the RSA public key of the SSH server. with stelent service by password authentication.0 State : started Username : client001 Retry : 1 CTOS Cipher 9-22 : aes128-cbc STOC Cipher : aes128-cbc CTOS Hmac : hmac-sha1-96 STOC Hmac : hmac-sha1-96 Huawei Proprietary and Confidential Copyright © Huawei Technologies Co. ----End When accessing the SSH server.. and HMAC algorithm. Step 2 Run: stelnet [ -a source-address ] host-ipv4 [ port ] [ [ prefer_kex { dh_group1 | dh_exchange_group } ] | [ prefer_ctos_cipher { des | 3des | aes128 } ] | [ prefer_stoc_cipher { des | 3des | aes128 } ] | [ prefer_ctos_hmac { sha1 | sha1_96 | md5 | md5_96 } ] | [ prefer_stoc_hmac { sha1 | sha1_96 | md5 | md5_96 } ] | [ -vpn-instance vpn-instance-name ] ] command. encrypted algorithm. the STelnet client can carry the source address and the name of the VPN instance and choose the key exchange algorithm. Issue 04 (2009-12-20) .5. Action Command Check the mapping between the RSA public key and the SSH client on the SSH client.Quidway NetEngine80 Configuration Guide .Basic Configurations 9 Telnet and SSH Before the peer RSA public key is assigned to the SSH server. You can log in to the SSH server through STELNET.5 Checking the Configuration Run the following commands to check the previous configuration. you can view that the client logs in from VTY3. <Quidway> display ssh server session Session 1: Conn : VTY 3 Version : 2.5. display ssh server session When running the display ssh server session command. Thus. 9. display ssh server-info Check the session of the SSH client on the SSH server. Ltd. . Data 1 Name of the SSH server 2 Number of the port monitored by the SSH server 3 Preferred encrypted algorithm from the SFTP client to the SSH server 4 Preferred encrypted algorithm from the SFTP server to the SSH client 5 Preferred HMAC algorithm from the SFTP client to the SSH server 6 Preferred HMAC algorithm from the SFTP server to the SSH client 7 Preferred algorithm of key exchange 8 Name of the egress 9 Source address 10 Directory name 11 File name Issue 04 (2009-12-20) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co. Meanwhile. 9-23 . Ltd. complete the following tasks: z Creating the local RSA key pair on the SSH server z Configuring the SSH client on the SSH server z Enabling the SFTP service on the SSH server Data Preparation To connect the SFTP client to the SSH2 server.6.6 Configuring the SFTP Client Function 9. the client function enables you to log in to the remote device through SFTP for the secure file transmission. Pre-configuration Tasks Before connecting the SFTP client to the SSH2 server.Basic Configurations Kex Service Type 9 Telnet and SSH : diffie-hellman-group1-sha1 : stelnet Authentication Type : password 9.1 Establishing the Configuration Task Applicable Environment SFTP enables users to log in to the device from the secure remote end to manage the file. This improves the security of data transmission for the remote end to update its system. No. you need the following data.Quidway NetEngine80 Configuration Guide . ssh client first-time enable Enable the first authentication of the SSH client. Issue 04 (2009-12-20) .6.Quidway NetEngine80 Configuration Guide .Basic Configurations 9 Telnet and SSH Configuration Procedures To configure the function of SFTP client. ----End 9-24 Huawei Proprietary and Confidential Copyright © Huawei Technologies Co. Procedure 1 Configuring the First-Time Authentication on the SSH Client 2 Configuring the SSH Client to Assign the RSA Public Key to the SSH Server 3 Enabling the SFTP Client 4 (Optional) Managing the Directory 5 (Optional) Managing the File 6 (Optional)Displaying the SFTP Client Command Help 7 Checking the Configuration 9.. you need to take the following steps.2 Configuring the First-Time Authentication on the SSH Client Do as follows on the router that serves as an SSH client: Step 1 Run: system-view The system view is displayed. No. ----End 9.3 Configuring the SSH Client to Assign the RSA Public Key to the SSH Server Do as follows on the router that serves as an SSH client: Step 1 Run: system-view The system view is displayed. Ltd.6. Step 2 Run: ssh client servername assign rsa-key keyname Assign a public key to the SSH server. the SFTP can carry the source address and the name of the VPN instance and choose the key exchange algorithm. z Run: cd remote-directory The current operating directory of users is changed. ----End The command of enabling the SFTP client is similar to that of the STelnet.Quidway NetEngine80 Configuration Guide . select and perform one or more configurations below. 9-25 .6. z Run: pwd Issue 04 (2009-12-20) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co.5 (Optional) Managing the Directory Do as follows on the router that serves as the SSH client: Step 1 Run: system-view The system view is displayed. 9. z Run: cdup The operating directory of users is switched to the upper-level directory. Step 3 According to the requirement. Step 2 Run: sftp [ -a source-address ] host-ipv4 [ port ] [ [ prefer_kex { dh_group1 | dh_exchange_group } ] | [ prefer_ctos_cipher { des | 3des | aes128 } ] | [ prefer_stoc_cipher { des | 3des | aes128 } ] | [ prefer_ctos_hmac { sha1 | sha1_96 | md5 | md5_96 } ] | [ prefer_stoc_hmac { sha1 | sha1_96 | md5 | md5_96 } ] | [ -vpn-instance vpn-instance-name ] ] You can log in to the SSH server through SFTP. Ltd.. When accessing the SSH server.6.Basic Configurations 9 Telnet and SSH 9.4 Enabling the SFTP Client Do as follows on the router that serves as the SSH client: Step 1 Run: system-view The system view is displayed. Step 2 Run: sftp { [ -a source-address ] host-ipv4 [ port ] [ prefer_kex { dh_group1 | dh_exchange_group } ] [ prefer_ctos_cipher { des | 3des | aes128 } ] [ prefer_stoc_cipher { des | 3des | aes128 } ] [ prefer_ctos_hmac { sha1 | sha1_96 | md5 | md5_96 } ] [ prefer_stoc_hmac { sha1 | sha1_96 | md5 | md5_96 } ] [-vpn-instance vpn-instance-name ] You can log in to the SSH server through SFTP. encrypted algorithm and HMAC algorithm. 6 (Optional) Managing the File Do as follows on the login router: Step 1 Run: system-view The system view is displayed.. z Run: get remote-file [local-file] The file on the remote server is downloaded. Step 2 Run: sftp { [ -a source-address ] host-ipv4 [ port ] [ prefer_kex { dh_group1 | dh_exchange_group } ] [ prefer_ctos_cipher { des | 3des | aes128 } ] [ prefer_stoc_cipher { des | 3des | aes128 } ] [ prefer_ctos_hmac { sha1 | sha1_96 | md5 | md5_96 } ] [ prefer_stoc_hmac { sha1 | sha1_96 | md5 | md5_96 } ] [-vpn-instance vpn-instance-name ] You can log in to the SSH server through SFTP. Run: z mkdir remote-directory A directory is created on the server.6. display the current operating directory and the file or information of the specified directory on the SFTP client side.Basic Configurations 9 Telnet and SSH The current operating directory of users is displayed. z Run: put local-file [remote-file] The local file is uploaded to the remote server. Run: z dir/ls [ remote-directory ] The file list in the specified directory is displayed. z Run: remove remote-file 9-26 Huawei Proprietary and Confidential Copyright © Huawei Technologies Co. Step 3 According to the requirement. Run: z rmdir remote-directory The directory on the server is deleted. select and perform one or more configurations below. you can create and delete the directory on the SSH server. 9. z Run: rename old-name new-name The name of the specified file on the server is changed.Quidway NetEngine80 Configuration Guide . ----End After the SFTP client logs in to the SSH server. Issue 04 (2009-12-20) . Ltd. The information is displayed that the client logs in from VTY4 through sftp service in rsa authentication mode.. ----End 9.0 State : started Username Issue 04 (2009-12-20) : VTY 4 Version : client002 Huawei Proprietary and Confidential Copyright © Huawei Technologies Co.8 Checking the Configuration Run the following commands to check the previous configuration.6. Ltd. [Quidway] display ssh server session Session 2: Conn : 2. you can change the file name. delete the file. Step 2 Run: sftp { [ -a source-address ] host-ipv4 [ port ] [ prefer_kex { dh_group1 | dh_exchange_group } ] [ prefer_ctos_cipher { des | 3des | aes128 } ] [ prefer_stoc_cipher { des | 3des | aes128 } ] [ prefer_ctos_hmac { sha1 | sha1_96 | md5 | md5_96 } ] [ prefer_stoc_hmac { sha1 | sha1_96 | md5 | md5_96 } ] [-vpn-instance vpn-instance-name ] You can log in to the SSH server through SFTP. Step 3 Run: help [all | command-name] The SFTP client command help is displayed. upload and download the file on the SFTP client side.6.7 (Optional)Displaying the SFTP Client Command Help Do as follows on the router: Step 1 Run: system-view The system view is displayed.Quidway NetEngine80 Configuration Guide .Basic Configurations 9 Telnet and SSH The file on the server is removed. display the file list. display ssh server session Run the display ssh server session command. ----End After the SFTP client logs in to the SSH server. display ssh server-info Check the session of the SSH client on the SSH server. 9-27 . 9. Action Command Check the mapping between the SSH server and the RSA public key on the SSH client side. Basic Configurations 9 Telnet and SSH Retry : 1 CTOS Cipher : aes128-cbc STOC Cipher : aes128-cbc CTOS Hmac : hmac-sha1-96 STOC Hmac Kex Service Type : hmac-sha1-96 : diffie-hellman-group1-sha1 : sftp Authentication Type : rsa 9.. 9-28 Action Command Delete the specified SSH user. undo ssh user Huawei Proprietary and Confidential Copyright © Huawei Technologies Co. run the undo debugging all command to disable it immediately.7. Ltd. Issue 04 (2009-12-20) .Quidway NetEngine80 Configuration Guide .2 Debugging SSH Terminal Services This section coves the following topics: z Deleting the SSH User z Debugging SSH Deleting the SSH User Delete the SSH user using the following commands in the system view. So. debugging telnet 9. run the following debugging command in the user view to locate the fault. after debugging.7. Debugging affects the performance of the system. undo ssh user user-name Delete all the SSH users.1 Debugging Telnet Terminal Services When a Telnet fault occurs.7 Maintaining Telnet and SSH This section covers the following topics: z Debugging Telnet Terminal Services z Debugging SSH Terminal Services 9. Action Command Enable Telnet debugging. 1 Example for Configuring Telnet Terminal Services Networking Requirements As shown in Figure 9-6. Configure the authentication mode and the password of the user interface VTY0 to VTY4 on Router B. you need the following data: Issue 04 (2009-12-20) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co. Users can log in to Router B from Router A through Telnet. run the debugging command in the user view to locate the fault. refer to the Configuration Guide . run the undo debugging all command to disable it immediately..Quidway NetEngine80 Configuration Guide . after debugging.8 Configuration Examples 9. 9-29 . Ltd.8. When a fault occurs. Router A and Router B can ping through each other.1. Data Preparation To complete the configuration. Action Command Enable the debugging of the SSH function. 2. Users need to input the password when they log in to Router B from Router A through Telnet.1.System Management.Basic Configurations 9 Telnet and SSH Debugging SSH Debugging affects the performance of the system.2/24 RouterB Configuration Roadmap The configuration roadmap is as follows: 1. Figure 9-6 Networking diagram of the Telnet terminal services mode GE1/0/0 1.1. debugging ssh server { vty index | all }{ message | event | packet | all } 9. So.1/24 RouterA GE1/0/0 1. For the procedure of displaying the debugging information.1. 1...) z Configuration file of Router B # 9-30 Huawei Proprietary and Confidential Copyright © Huawei Technologies Co.1. <RouterB> system-view [RouterB] interface gigabitethernet1/0/0 [RouterB-GigabitEthernet1/0/0] undo shutdown [RouterB-GigabitEthernet1/0/0] ip address 1. <RouterA> system-view [RouterA] interface gigabitethernet1/0/0 [RouterA-GigabitEthernet1/0/0] undo shutdown [RouterA-GigabitEthernet1/0/0] ip address 1. Issue 04 (2009-12-20) .1. Unauthorized access or use may lead to prosecution. # Configure Router A.2 .1.1 24 # Configure Router B. <RouterB> ----End Configuration Files z Configuration file of Router A (It is not mentioned here.1.1.1.2 24 Step 2 Configure the authentication mode and the password of Telnet on Router B.2 Trying 1. and the current number of VTY users on line is 1.Quidway NetEngine80 Configuration Guide . * * Notice: * * * * This is a private communication system. <RouterB> system-view [RouterB] user-interface vty 0 4 [RouterB-ui-vty0-4] authentication-mode password [RouterB-ui-vty0-4] set authentication password simple 123456 [RouterB-ui-vty0-4] quit Step 3 Log in to Router B from Router A through Telnet. * *********************************************************** Login authentication Password: Note: The max number of VTY users is 5.2 . <RouterA> telnet 1. Ltd.Basic Configurations 9 Telnet and SSH z The host address of Router B z The authentication mode and the password Configuration Procedure Step 1 Configure the IP address..1.1. *********************************************************** * All rights reserved (2000-2005) * Without the owner's prior written consent..1. * * * no decompiling or reverse-engineering shall be allowed.. Press CTRL+K to abort Connected to 1. Basic Configurations 9 Telnet and SSH sysname RouterB # user-interface vty 0 4 set authentication password simple 123456 # return undo shutdown 9. Users Client001 and Client002 log in to the SSH server through STelnet. Generate the RSA public key on SSH server and bind the RSA public key of SSH client to Client002. z Configure Client002. Generate the local key pairs on the STelnet client and the SSH server respectively. Ltd.Quidway NetEngine80 Configuration Guide . after the STelnet service is enabled on the SSH server. Configure two login clients: z Configure Client001 with the password as huawei and adopt the password authentication. Configure both Client001 and Client002 on the SSH server. The user interface supports only SSH. Figure 9-7 Networking diagram of connecting the STelnet client to the SSH server SSH Server STelnet Client Configuration Roadmap The configuration roadmap is as follows: 1. 2. Data Preparation To complete the configuration. the STelnet client can log in to the SSH server through the password or RSA authentication.8. 3.2 Example for Connecting the STelnet Client to the SSH Server Networking Requirements As shown in Figure 9-7.. Enable STelnet service on the SSH server. 5. adopt the RSA authentication and assign the public key RsaKey001 to Client002. 9-31 . you need the following data: z Name and the authentication mode of the SSH user z Password or the RSA public key of the SSH user z Name of the SSH server Issue 04 (2009-12-20) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co. 4. ..... .++++++++ If the local key pair is generated before. # Generate the RSA public key on the client software.++++++++ . It will take a few minutes.. [Quidway] user-interface vty 0 4 [Quidway-ui-vty0-4] authentication-mode aaa [Quidway-ui-vty0-4] protocol inbound ssh [Quidway-ui-vty0-4] quit z Create an SSH user Client001.. Ltd.. The SSH client can be authenticated in four modes: password. Issue 04 (2009-12-20) . # Configure the RSA authentication for the SSH user Client002.... configure a local user of the same user name.... <Quidway> system-view [Quidway] rsa local-key-pair create The key name will be: Quidway_Host The range of public key size is (512 ~ 2048).... Input the bits in the modulus[default = 512]: Generating keys.... password-RSA. 9-32 Huawei Proprietary and Confidential Copyright © Huawei Technologies Co.++++++++++++ ........ NOTES: If the key modulus is greater than 512.++++++++++++ ....Basic Configurations 9 Telnet and SSH Configuration Procedure Step 1 Generate a local key pair on the server. password-RSA.. z If the RSA....... [Quidway] ssh user client002 [Quidway] ssh user client002 authentication-type rsa Step 3 Configure the RSA public key on the server. and all authentication is used...Quidway NetEngine80 Configuration Guide .. the server must save the RSA public key of the SSH client. # Configure the VTY user interface... Step 2 Create an SSH user on the server....... this step can be ignored. [Quidway] aaa [Quidway-aaa]local-user client001 password simple huawei [Quidway-aaa]local-user client001 service-type ssh [Quidway-aaa] quit z Create an SSH user Client002...... z If the password and password-RSA authentication is used. [Quidway] ssh user client001 [Quidway] ssh user client001 authentication-type password # Set the password of the SSH user Client001 to huawei.. and all. # Set the password authentication for the SSH user Client001... RSA.. Basic Configurations 9 Telnet and SSH For the detailed configuration procedures. # Generate the local key pair on the client.END SSH2 PUBLIC KEY ---Public key code for pasting into OpenSSH authorized_keys file : ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAQQC/815LxhvXhvkHtd59Z3DD5f0XqyA8j8u7yP3y98tn TlGehBkPa5eo6pH8S7nhiDZedL/VTGh3Z6ica0Mdfj4b rsa-key ===================================================== Time of Key pair created: 16:38:51 2007/5/25 Key name: Quidway_Server Key type: RSA encryption Key ===================================================== Key code: 3067 0260 BCFAC085 49A2E70E 1284F901 937D7B63 D7A077AB D2797280 4BCA86C0 4CD18B70 5DFAC9D3 9A3F3E74 9B2AF4CB 69FA6483 E87DA590 7B47721A 16391E27 1C76ABAB 743C568B 1B35EC7A 8572A096 BCA9DF0E BC89D3DB 5A83698C 9063DB39 A279DD89 0203 010001 [client002] # Send the RSA public key generated on the client software to the server. [Quidway]rsa peer-public-key RsaKey001 Enter "RSA public key" view. [Quidway-rsa-public-key]public-key-code begin Issue 04 (2009-12-20) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co. 9-33 .Quidway NetEngine80 Configuration Guide . [client002] display rsa local-key-pair public ===================================================== Time of Key pair created: 16:38:51 2007/5/25 Key name: Quidway_Host Key type: RSA encryption Key ===================================================== Key code: 3047 0240 BFF35E4B C61BD786 F907B5DE 7D6770C3 E5FD17AB 203C8FCB BBC8FDF2 F7CB674E 519E8419 0F6B97A8 EA91FC4B B9E18836 5E74BFD5 4C687767 A89C6B43 1D7E3E1B 0203 010001 Host public key for PEM format code: ---.. refer to the related operations of the client software. return system view with "peer-public-key end". Ltd. This is not mentioned here.BEGIN SSH2 PUBLIC KEY ---AAAAB3NzaC1yc2EAAAADAQABAAAAQQC/815LxhvXhvkHtd59Z3DD5f0XqyA8j8u7 yP3y98tnTlGehBkPa5eo6pH8S7nhiDZedL/VTGh3Z6ica0Mdfj4b ---. <Quidway> system-view [Quidway] sysname client [client002] rsa local-key-pair create # Generate the RSA public key on the client. 222. * * no decompiling or reverse-engineering shall be allowed. [Quidway-rsa-key-code] 3047 [Quidway-rsa-key-code] 0240 [Quidway-rsa-key-code] BFF35E4B C61BD786 F907B5DE 7D6770C3 E5FD17AB [Quidway-rsa-key-code] 203C8FCB BBC8FDF2 F7CB674E 519E8419 0F6B97A8 [Quidway-rsa-key-code] EA91FC4B B9E18836 5E74BFD5 4C687767 A89C6B43 [Quidway-rsa-key-code] 1D7E3E1B [Quidway-rsa-key-code] 0203 [Quidway-rsa-key-code] 010001 [Quidway-rsa-key-code] public-key-code end [Quidway-rsa-public-key] peer-public-key end Step 4 Bind the SSH user Client002 to the RSA public key of the SSH client.s Enter password: Enter the password "huawei"..164.39. Please wait.39.222 . Enter the user name and password.222 .164..39.222 Please input the username:client001 Trying 10. <client001> system-view [client001] stelnet 10... Do you continue to access it?(Y/N):y Do you want to save the server's public key?(Y/N):y he server's public key will be saved with the name: 10. [client001] ssh client first-time enable [client002] ssh client first-time enable # Client001 of the STelnet connects to SSH server through the password authentication mode. Issue 04 (2009-12-20) .39... # For the first login. Unauthorized access or use may lead to prosecution. and the following output is displayed after successful login: *********************************************************** * * All rights reserved (2000-2007) * Without the owner's prior written consent.Quidway NetEngine80 Configuration Guide . you need to enable the first authentication on SSH client. [Quidway] ssh user client002 assign rsa-key RsaKey001 Step 5 Enable the STelnet service on the SSH server.Basic Configurations 9 Telnet and SSH Enter "RSA key code" view. [Quidway] stelnet server enable Step 6 Configure the STelnet service for the SSH users Client001 and Client002. # Enable the STelnet service.. return last view with "public-key-code end". * * Notice: * * * This is a private communication system.164.164. * * *********************************************************** 9-34 Huawei Proprietary and Confidential Copyright © Huawei Technologies Co. Press CTRL+K to abort Connected to 10. The server is not authenticated.. <Quidway> system-view [Quidway] ssh user client001 service-type stelnet [Quidway] ssh user client002 service-type stelnet Step 7 Connect the STelnet client to the SSH server. Ltd. # Display the SSH status.164. Press CTRL+K to abort Connected to 10. and the current number of VTY users on line is 1. * * Notice: * * * This is a private communication system.39.39.. [Quidway] display ssh server status STelnet server: Enable SSH version : 1..Quidway NetEngine80 Configuration Guide .. *********************************************************** * * All rights reserved (2000-2007) * Without the owner's prior written consent. Unauthorized access or use may lead to prosecution.Basic Configurations 9 Telnet and SSH Note: The max number of VTY users is 10.222 Please input the username: client002 Trying 10.164. Ltd.. <Quidway> # Connect the STelnet client002 to the SSH server in the RSA authentication.164.99 SSH connection timeout : 60 seconds SSH server key generating interval : 6 hours SSH Authentication retries : 3 times SFTP server: STELNET server: Disable Enable # Display the connection of the SSH server. run the display ssh server status and display ssh server session commands. <Quidway> Step 8 Verify the configuration. [Quidway] display ssh server session Session 1: Conn : VTY 3 Version : 2. * * no decompiling or reverse-engineering shall be allowed. <client002> system-view [client002] stelnet 10. You can view that the STelnet service is enabled and the STelnet client is connected to the SSH server successfully.39. 9-35 . After the configuration.222 . and the current number of VTY users on line is 1.0 State : started Username : client001 Retry : 1 CTOS Cipher : aes128-cbc CTOS Hmac : hmac-sha1-96 STOC Hmac Kex : hmac-sha1-96 : diffie-hellman-group1-sha1 Service Type Issue 04 (2009-12-20) : aes128-cbc STOC Cipher : stelnet Huawei Proprietary and Confidential Copyright © Huawei Technologies Co. * * *********************************************************** Note: The max number of VTY users is 10..222 . 0 State : started Username : client002 Retry : 1 CTOS Cipher : aes128-cbc STOC Cipher : aes128-cbc CTOS Hmac : hmac-sha1-96 STOC Hmac Kex : hmac-sha1-96 : diffie-hellman-group1-sha1 Service Type : stelnet Authentication Type : rsa # Display the information of the SSH user. Ltd. [Quidway]display ssh user-information User 1: User Name : client001 Authentication-type : password User-public-key-name : Sftp-directory : - Service-type : stelnet Authorization-cmd : No User 2: User Name : client002 Authentication-type : rsa User-public-key-name : RsaKey001 Sftp-directory : - Service-type : stelnet Authorization-cmd : No ----End Configuration Files # sysname Quidway # rsa peer-public-key rsakey001 public-key-code begin 3047 0240 BFF35E4B C61BD786 F907B5DE 7D6770C3 E5FD17AB 203C8FCB BBC8FDF2 F7CB674E 519E8419 0F6B97A8 EA91FC4B B9E18836 5E74BFD5 4C687767 A89C6B43 1D7E3E1B 0203 010001 public-key-code end peer-public-key end # aaa local-user client001 password simple huawei local-user client001 service-type ssh # ssh user client002 assign rsa-key rsakey001 ssh user client001 authentication-type password 9-36 Huawei Proprietary and Confidential Copyright © Huawei Technologies Co.Quidway NetEngine80 Configuration Guide . Issue 04 (2009-12-20) .Basic Configurations 9 Telnet and SSH Authentication Type : password Session 2: Conn : VTY 4 Version : 2.. 8. 3. 4.Quidway NetEngine80 Configuration Guide . you need the following data: z Name and the authentication mode of the SSH user z Password or the RSA public key of the SSH user z Name of the SSH server Issue 04 (2009-12-20) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co.3 Example for Connecting the SFTP Client to the SSH Server Networking Requirements As shown in Figure 9-8. Configure Clinet001 and Client002 on the router. Enable the STelnet service on the SSH server.Basic Configurations 9 Telnet and SSH ssh user client002 authentication-type RSA ssh user client001 service-type stelnet ssh user client002 service-type stelnet stelnet server enable ssh user client001 ssh user clietn002 ssh user client002 # user-interface vty 0 4 authentication-mode aaa protocol inbound ssh # return 9. 5. Ltd. Password-RSA. 6. Data Preparation To complete the configuration. RSA. the SFTP client can log in to the SSH server in the authentication mode: password. Configure the service type and authorized directory of the SSH user. 9-37 .. 2. Figure 9-8 Networking diagram of connecting the SFTP client to the SSH server SSH Server SFTP Client Configuration Roadmap The configuration roadmap is as follows: 1. after the SFTP service is enabled on the SSH server. Generate the local key pair on the STelnet client and the SSH server respectively. Generate the RSA public key on the SSH server and bind the RSA public key of SSH client to Client002. Users Client001 and Client002 log in to the SSH server through SFTP. and all. .............. [client002] display rsa local-key-pair public ===================================================== 9-38 Huawei Proprietary and Confidential Copyright © Huawei Technologies Co.++++++++ Step 2 Create an SSH user on the server...Basic Configurations 9 Telnet and SSH Configuration Procedure Step 1 Generate a local key pair on the server. Input the bits in the modulus[default = 512]: Generating keys. # Create an SSH user with the name Client001.. password.. # Generate a local key pair on the client.++++++++++++ ......++++++++++++ . <Quidway> system-view [Quidway] rsa local-key-pair create The key name will be: Quidway_Host The range of public key size is (512 ~ 2048). namely.. [Quidway] ssh user client001 [Quidway] ssh user client001 authentication-type password # Set huawei as the password for the Client001 of the SSH user.... z When the SSH adopts the password or password-rsa authentication.. [Quidway] user-interface vty 0 4 [Quidway-ui-vty0-4] authentication-mode aaa [Quidway-ui-vty0-4] protocol inbound ssh [Quidway-ui-vty0-4] quit z Create Client001 for the SSH user. It will take a few minutes. The SSH user has four authentication modes...... [Quidway] aaa [Quidway-aaa] local-user client001 password simple huawei [Quidway-aaa] local-user client001 service-type ssh z Create an SSH user with user name Client002 and RSA authentication. and all.... # Configure the VTY user Interface.. password-rsa. password-rsa. [Quidway] ssh user client002 [Quidway] ssh user client002 authentication-type rsa Step 3 Configure the RSA public key of the server. The authentication mode is password. NOTES: If the key modulus is greater than 512.. configure a local user at the same name..Quidway NetEngine80 Configuration Guide .. RSA.... <Quidway> system-view [Quidway] sysname client002 [client002] rsa local-key-pair create # View the RSA public key generated on the client. . Ltd.. Issue 04 (2009-12-20) . the server should save the RSA public key for the SSH client.... or all authentication.... z When the SSH user adopts the RSA... BEGIN SSH2 PUBLIC KEY ---AAAAB3NzaC1yc2EAAAADAQABAAAAQQC/815LxhvXhvkHtd59Z3DD5f0XqyA8j8u7 yP3y98tnTlGehBkPa5eo6pH8S7nhiDZedL/VTGh3Z6ica0Mdfj4b ---. [Quidway-rsa-key-code] 3047 [Quidway-rsa-key-code] 0240 [Quidway-rsa-key-code] BFF35E4B C61BD786 F907B5DE 7D6770C3 E5FD17AB [Quidway-rsa-key-code] 203C8FCB BBC8FDF2 F7CB674E 519E8419 0F6B97A8 [Quidway-rsa-key-code] EA91FC4B B9E18836 5E74BFD5 4C687767 A89C6B43 [Quidway-rsa-key-code] 1D7E3E1B [Quidway-rsa-key-code] 0203 [Quidway-rsa-key-code] 010001 [Quidway-rsa-key-code] public-key-code end [Quidway-rsa-public-key] peer-public-key end Issue 04 (2009-12-20) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co. Ltd.Basic Configurations 9 Telnet and SSH Time of Key pair created: 16:38:51 2007/5/25 Key name: client002_Host Key type: RSA encryption Key ===================================================== Key code: 3047 0240 BFF35E4B C61BD786 F907B5DE 7D6770C3 E5FD17AB 203C8FCB BBC8FDF2 F7CB674E 519E8419 0F6B97A8 EA91FC4B B9E18836 5E74BFD5 4C687767 A89C6B43 1D7E3E1B 0203 010001 Host public key for PEM format code: ---.END SSH2 PUBLIC KEY ---Public key code for pasting into OpenSSH authorized_keys file : ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAQQC/815LxhvXhvkHtd59Z3DD5f0XqyA8j8u7yP3y98tn TlGehBkPa5eo6pH8S7nhiDZedL/VTGh3Z6ica0Mdfj4b rsa-key ===================================================== Time of Key pair created: 16:38:51 2007/5/25 Key name: client002_Server Key type: RSA encryption Key ===================================================== Key code: 3067 0260 BCFAC085 49A2E70E 1284F901 937D7B63 D7A077AB D2797280 4BCA86C0 4CD18B70 5DFAC9D3 9A3F3E74 9B2AF4CB 69FA6483 E87DA590 7B47721A 16391E27 1C76ABAB 743C568B 1B35EC7A 8572A096 BCA9DF0E BC89D3DB 5A83698C 9063DB39 A279DD89 0203 010001 [client002] # Send the RSA public key generated on the client to the server. 9-39 . return last view with "public-key-code end". return system view with "peer-public-key end".Quidway NetEngine80 Configuration Guide .. [Quidway] rsa peer-public-key RsaKey001 Enter "RSA public key" view. [Quidway-rsa-public-key] public-key-code begin Enter "RSA key code" view. 222 Please input the username: client002 Trying 10.39. Issue 04 (2009-12-20) . [Quidway] display ssh server status SSH version : 1. # Enable the STelnet service..222 .39. After the configuration.164. Press CTRL+K to abort Connected to 10. <Quidway> system-view [Quidway] ssh user client001 service-type sftp [Quidway] ssh user client001 sftp-directory cfcard: [Quidway] ssh user client002 service-type sftp [Quidway] ssh user client002 sftp-directory cfcard: Step 7 Connect the STelnet client to the SSH server.39.164..222 .222 .39.99 SSH connection timeout : 60 seconds SSH server key generating interval : 0 hours 9-40 Huawei Proprietary and Confidential Copyright © Huawei Technologies Co.164. [Quidway] ssh user client002 assign rsa-key RsaKey001 Step 5 Enable the STelnet service on the SSH server. <client001> system-view [client001] sftp 10.. sftp-client> Step 8 Verify the configuration.164..39.39. [client] ssh client first-time enable # Connect the STelnet client001 to the SSH server in the password authentication. Two SSH users are configured on the SSH server: Client001 and Client002.222 .. Press CTRL+K to abort Connected to 10. [Quidway] sftp server enable Step 6 Configure the service type and authorized directory of the SSH user. Enter password: sftp-client>s # Connect the STelnet client002 to the SSH server in the RSA authentication.. You can view that the STelnet service is enabled and the SFTP client is connected to the SSH server successfully..222 Please input the username:client001 Trying 10..Basic Configurations 9 Telnet and SSH Step 4 Bind the RSA public key of the SSH client to Client002. Ltd.164. The password authentication is configured for Client001 and the RSA authentication is configured for Client002. <client002> system-view [client002] sftp 10.164. # When you log in for the first time.. run the display ssh server status and display ssh server session commands.Quidway NetEngine80 Configuration Guide . # Display the SSH status. enable the first-time authentication for the SSH client. Basic Configurations 9 Telnet and SSH SSH Authentication retries: SFTP server: 3 times Enable STELNET server: Disable # Display the connection of the SSH server.0 State :started Username :client002 Retry :1 CTOS Cipher :aes128-cbc STOC Cipher :aes128-cbc CTOS Hmac :hmac-sha1-96 STOC Hmac :hmac-sha1-96 Kex :diffie-hellman-group1-sha1 Service Type :sftp Authentication Type : rsa # Display the information of the SSH user.0 State :started Username :client001 Retry :1 CTOS Cipher :aes128-cbc STOC Cipher :aes128-cbc CTOS Hmac :hmac-sha1-96 STOC Hmac :hmac-sha1-96 Kex :diffie-hellman-group1-sha1 Service Type :sftp Authentication Type :password Session 2: Conn :VTY 4 Version :2.. [Quidway]display ssh user-information User 1: User Name :client001 Authentication-type :password User-public-key-name :Sftp-directory :flash : Service-type :sftp Authorization-cmd :No User 2: User Name :client002 Authentication-type :rsa User-public-key-name :RsaKey001 Sftp-directory :Service-type :sftp Authorization-cmd :No ----End Issue 04 (2009-12-20) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co. Ltd. 9-41 . [Quidway] display ssh server session Session 1: Conn :VTY 3 Version :2.Quidway NetEngine80 Configuration Guide . After detecting that the number of the port that requests the connection is not the number of the monitored port. and follow the procedure of negotiating the SSH version number. only the valid user can set up the socket connection through the non-standard monitored port set by the SSH server. Issue 04 (2009-12-20) . If the attacker accesses the standard port continuously. ssh user client001 ssh user client002 # user-interface vty 0 4 authentication-mode aaa protocol inbound ssh # return 9. and other users cannot access the standard port.. 9-42 Huawei Proprietary and Confidential Copyright © Huawei Technologies Co.Quidway NetEngine80 Configuration Guide . After the number of the port monitored by the SSH server is set to the other port numbers. ssh user client002 sftp-directory flash :. Ltd. the bandwidth is consumed and the performance of the server is affected. the SSH does not set up the socket connection.4 Example for Accessing the SSH Server Through Other Port Numbers Networking Requirements The standard monitored port number of the SSH protocol is 22. the attacker does not know the change of the number of the monitored port and keeps sending the socket connection with the standard port number as 22. Thus.Basic Configurations 9 Telnet and SSH Configuration Files # sysname Quidway # rsa peer-public-key rsakey001 public-key-code begin 3047 0240 C4989BF0 416DA8F2 2675910D 7F2997E8 5573A35D 0163FD4A FAC39A6E 0F45F325 A4E3AA1D 54692B04 C6A28D3D C58DE2E8 E0D58D65 7A25CF92 A74D21F9 E917182B 0203 010001 public-key-code end peer-public-key end # aaa local-user client001 password simple huawei local-user client001 service-type ssh # ssh user client002 assign rsa-key rsakey001 ssh user client001 authentication-type password ssh user client002 authentication-type RSA ssh user client001 service-type sftp ssh user client002 service-type sftp sftp server enable ssh user client001 sftp-directory flash :.8. Generate the local key pair on client and SSH server respectively. authenticating.. Configure both Client001 and Client002 on the SSH server. 2. 6. The SSH server monitors the port number. Figure 9-9 Networking diagram of accessing the SSH server through other port numbers SSH Client legal user SSH Client setting port Netw ork SSH Server SSH Client attacher Configuration Roadmap The configuration roadmap is as follows: 1. 9-43 . Client001 and Client002 log in to the SSH server through STelnet and SFTP respectively. Enable STelnet and SFTP service on the SSH server. The networking diagram is shown in Figure 9-9. sending session request and performing the interactive session. Generate the local key pair on STelnet client and SSH server respectively. you need the following data: z Name and the authentication mode of SSH users z Password or the RSA public key of the SSH user z Name of the SSH server z Number of the port monitored by the SSH server Configuration Procedure Step 1 Generate a local key pair on the server. 3. 7. 4. Ltd. Configure service mode and authorization directory of the SSH user.Quidway NetEngine80 Configuration Guide . generating the session key. Data Preparation To complete the configuration. <Quidway> system-view Issue 04 (2009-12-20) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co. 5. Generate the RSA public key on SSH server and bind the RSA public key of SSH client to Client002.Basic Configurations 9 Telnet and SSH negotiating the algorithm. NOTES: If the key modulus is greater than 512....++++++++ Step 2 Create an SSH user on the server... <Quidway> system-view [Quidway] sysname client002 [client002] rsa local-key-pair create # View the RSA public key generated on the client............ Ltd....... Input the bits in the modulus[default = 512]: Generating keys.. It will take a few minutes.......END SSH2 PUBLIC KEY ---Public key code for pasting into OpenSSH authorized_keys file : ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAQQC/815LxhvXhvkHtd59Z3DD5f0XqyA8j8u7yP3y98tn TlGehBkPa5eo6pH8S7nhiDZedL/VTGh3Z6ica0Mdfj4b rsa-key ===================================================== Time of Key pair created: 16:38:51 2007/5/25 Key name: client002_Server Key type: RSA encryption Key ===================================================== Key code: 3067 0260 BCFAC085 49A2E70E 1284F901 937D7B63 D7A077AB D2797280 4BCA86C0 4CD18B70 5DFAC9D3 9A3F3E74 9B2AF4CB 69FA6483 E87DA590 7B47721A 16391E27 1C76ABAB 743C568B 1B35EC7A 8572A096 BCA9DF0E 9-44 Huawei Proprietary and Confidential Copyright © Huawei Technologies Co..Basic Configurations 9 Telnet and SSH [Quidway] rsa local-key-pair create The key name will be: Quidway_Host The range of public key size is (512 ~ 2048).. [client002] display rsa local-key-pair public ===================================================== Time of Key pair created: 16:38:51 2007/5/25 Key name: client002_Host Key type: RSA encryption Key ===================================================== Key code: 3047 0240 BFF35E4B C61BD786 F907B5DE 7D6770C3 E5FD17AB 203C8FCB BBC8FDF2 F7CB674E 519E8419 0F6B97A8 EA91FC4B B9E18836 5E74BFD5 4C687767 A89C6B43 1D7E3E1B 0203 010001 Host public key for PEM format code: ---.BEGIN SSH2 PUBLIC KEY ---AAAAB3NzaC1yc2EAAAADAQABAAAAQQC/815LxhvXhvkHtd59Z3DD5f0XqyA8j8u7 yP3y98tnTlGehBkPa5eo6pH8S7nhiDZedL/VTGh3Z6ica0Mdfj4b ---...... # Generate a local key pair of client on the client...Quidway NetEngine80 Configuration Guide . ..++++++++++++ ..++++++++++++ ........... Issue 04 (2009-12-20) ... [Quidway] ssh user client001 service-type stelnet z Create an SSH user with the name of Client002 and RSA authentication. return system view with "peer-public-key end". # Create an SSH user with the name Client001. [Quidway] user-interface vty 0 4 [Quidway-ui-vty0-4] authentication-mode aaa [Quidway-ui-vty0-4] protocol inbound ssh [Quidway-ui-vty0-4] quit z Create Client001 for the SSH user. [Quidway] rsa peer-public-key RsaKey001 Enter "RSA public key" view. the server should save the RSA public key for the SSH client. z When the SSH adopts the password or password-rsa authentication. The authentication mode is password. [Quidway] ssh user client001 [Quidway] ssh user client001 authentication-type password # Set huawei as the password for the Client001 of the SSH user. or all authentication. Ltd. The SSH user has four authentication modes. and all. bound to RSA public key of the SSH client. z When the SSH user adopts the RSA. password.Quidway NetEngine80 Configuration Guide . 9-45 . RSA. [Quidway-rsa-public-key] public-key-code begin Enter "RSA key code" view. it requires you to configure a local user with the same name.Basic Configurations 9 Telnet and SSH BC89D3DB 5A83698C 9063DB39 A279DD89 0203 010001 [client] # Send the RSA public key generated on the client to the server. password-rsa. password-rsa. return last view with "public-key-code end". namely.. [Quidway-rsa-key-code] 3047 [Quidway-rsa-key-code] 0240 [Quidway-rsa-key-code] BFF35E4B C61BD786 F907B5DE 7D6770C3 E5FD17AB [Quidway-rsa-key-code] 203C8FCB BBC8FDF2 F7CB674E 519E8419 0F6B97A8 [Quidway-rsa-key-code] EA91FC4B B9E18836 5E74BFD5 4C687767 A89C6B43 [Quidway-rsa-key-code] 1D7E3E1B [Quidway-rsa-key-code] 0203 [Quidway-rsa-key-code] 010001 [Quidway-rsa-key-code] public-key-code end [Quidway-rsa-public-key] peer-public-key end Step 3 Create an SSH user on the server. [Quidway] ssh user client002 [Quidway] ssh user client002 authentication-type rsa Issue 04 (2009-12-20) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co. [Quidway] aaa [Quidway-aaa] local-user client001 password simple huawei [Quidway-aaa] local-user client001 service-type ssh [Quidway-aaa] quit # Configure service type of Client001 as STelnet. # Configure the VTY user Interface. Basic Configurations 9 Telnet and SSH [Quidway] ssh user client002 assign rsa-key RsaKey001 # Configure the service type of Client002 as SFTP and the authorization directory.. you need to enable the first authentication on SSH client. # For the first login. [Quidway] ssh user client002 service-type sftp [Quidway] ssh user client002 sftp-directory hda1: Step 4 Enable the STelnet service and the SFTP service on the SSH server. # Enable the STelnet service and the SFTP service.2. Enter password: Enter the password Huawei and view as follows: *********************************************************** * * All rights reserved (2000-2007) * Without the owner's prior written consent.Quidway NetEngine80 Configuration Guide ..2. [client001] ssh client first-time enable [client002] ssh client first-time enable # Connect the STelnet client to the SSH server through the new port number.164.222. Do you continue to access it?(Y/N):y Do you want to save the server's public key?(Y/N):y he server's public key will be saved with the name: 10. [client001] stelnet 10.13 . [Quidway] stelnet server enable [Quidway] sftp server enable Step 5 Configure a new number of the port monitored by the SSH server. [client002]sftp 10. and the current number of VTY users on line is 1.2.. Do you continue to access it?(Y/N):y Do you want to update the server's public key we cached?(Y/N):y 9-46 Huawei Proprietary and Confidential Copyright © Huawei Technologies Co..222 1025 Please input the username:client001 Trying 100. * * *********************************************************** Note: The max number of VTY users is 10. Unauthorized access or use may lead to prosecution.13 . Press CTRL+K to abort Connected to 100.222 1025 Input Username:client002 Trying 100. Please wait. <Quidway> # Connect the SFTP client to the SSH server through the new port number.13 ..150. Press CTRL+K to abort The server's public key does not match the one we cached. * * no decompiling or reverse-engineering shall be allowed.150. [Quidway] ssh server port 1025 Step 6 Connect the STelnet client to the SSH server. The server is not authenticated.164.. he server is not authenticated. Ltd.39.39. Issue 04 (2009-12-20) ...164..150. * * Notice: * * * This is a private communication system.39. 164.39. The attacker fails to access the SSH server through port 22. [Quidway] display ssh server session Session 1: Conn : VTY 3 Version : 2..164.0 State : started Username : client002 Retry : 1 CTOS Cipher : aes128-cbc STOC Cipher : aes128-cbc CTOS Hmac : hmac-sha1-96 STOC Hmac Kex : hmac-sha1-96 : diffie-hellman-group1-sha1 Service Type : sftp Authentication Type : rsa ----End Issue 04 (2009-12-20) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co.0 State : started Username : client001 Retry : 1 CTOS Cipher : aes128-cbc STOC Cipher : aes128-cbc CTOS Hmac : hmac-sha1-96 STOC Hmac Kex : hmac-sha1-96 : diffie-hellman-group1-sha1 Service Type : stelnet Authentication Type : password Session 2: Conn : VTY 4 Version : 2. [Quidway] display ssh server status SSH version : 1. 9-47 .Basic Configurations 9 Telnet and SSH sftp-client> Step 7 Verify the configuration.39..222 .. You can view the number of the port monitored by the SSH server and that the STelnet client or SFTP client is connected to the SSH server successfully. [client002] sftp 10. run the display ssh server status and display ssh server session commands.Quidway NetEngine80 Configuration Guide . Ltd.99 SSH connection timeout : 60 seconds SSH server key generating interval : 0 hours SSH Authentication retries : 3 times SFTP server: Enable STELNET server: Enable SSH server port: 1025 # Display the connection of the SSH server. Press CTRL+K to abort Can't establish tcp connection to server After the configuration. # Display the SSH status.222 Input Username:client002 Trying 10. Basic Configurations 9 Telnet and SSH Configuration Files Configuration file of the SSH server Quidway.220 255.Quidway NetEngine80 Configuration Guide .221 255.255.0 9-48 Huawei Proprietary and Confidential Copyright © Huawei Technologies Co.255.39.255. Ltd.255.164.164.0 # ssh client first-time enable # return z Configuration file of Client002 on the SSH client # sysname client002 # interface GigabitEthernet1/0/0 ip address 10.39. # user-interface vty 0 4 authentication-mode aaa protocol inbound ssh # return z Configuration file of Client001 on the SSH client # sysname client001 # interface GigabitEthernet1/0/0 ip address 10. Issue 04 (2009-12-20) .. z # sysname Quidway # rsa peer-public-key rsakey001 public-key-code begin 3047 0240 C4989BF0 416DA8F2 2675910D 7F2997E8 5573A35D 0163FD4A FAC39A6E 0F45F325 A4E3AA1D 54692B04 C6A28D3D C58DE2E8 E0D58D65 7A25CF92 A74D21F9 E917182B 0203 010001 public-key-code end peer-public-key end # aaa local-user client001 password simple huawei local-user client001 service-type ssh # sftp server enable stelnet server enable ssh server port 1025 ssh user client001 ssh user client002 ssh user client001 authentication-type password ssh user client002 authentication-type RSA ssh user client002 assign rsa-key RsaKey001 ssh user client001 service-type stelnet ssh user client002 service-type sftp ssh user client002 sftp-directory flash :. z RADIUS authentication z Name of the RADIUS template Issue 04 (2009-12-20) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co. 2. Users ssh1@ssh. Configure a domain on the SSH server. Configure service mode and authorization directory of the SSH user.8. If the authentication is passed. 6. 8. 5. Ltd. the user level is included in the result. 9-49 . Generate the local key pair on the client and SSH server respectively. Generate the local key pair on STelnet client and SSH server respectively.com. you need the following data: z Configure the password authentications for the two SSH users respectively. Configure the RADIUS template on the SSH server. The RADIUS server authenticates the user and sends the result (passed or failed) back to the SSH server. Create a user on the RADIUS server. Generate the RSA public key on SSH server and bind the RSA public key of the SSH client to ssh2@ssh.. 9.com and [email protected] Example for Authenticating SSH Through RADIUS Networking Requirements When the RADIUS user is connected to the server. 4. the SSH server sends the authentication information about the SSH client. Figure 9-10 Networking diagram of authenticating the SSH through RADIUS SSH Client SSH Server RADIUS Server Configuration Roadmap The configuration roadmap is as follows: 1. 3. including the user name and password to the RADIUS server that is compatible with the TACACS server for authentication.Basic Configurations 9 Telnet and SSH # ssh client first-time enable # 9. Enable STelnet and SFTP services on the SSH server. 7. The SSH server monitors the port number. The networking diagram is shown in Figure 9-10. The SSH server determines whether the SSH client is allowed to set up a connection according to the authentication result.com log in to the SSH server through STelnet and SFTP respectively. Data Preparation To complete the configuration.Quidway NetEngine80 Configuration Guide . ....... It will take a few minutes... Input the bits in the modulus[default = 512]: Generating keys.++++++++s Step 2 Generate the RSA public key on the server........ [client] display rsa local-key-pair public ===================================================== Time of Key pair created: 16:38:51 2007/5/25 Key name: Quidway_Host Key type: RSA encryption Key ===================================================== Key code: 3047 0240 BFF35E4B C61BD786 F907B5DE 7D6770C3 E5FD17AB 203C8FCB BBC8FDF2 F7CB674E 519E8419 0F6B97A8 EA91FC4B B9E18836 5E74BFD5 4C687767 A89C6B43 1D7E3E1B 0203 010001 Host public key for PEM format code: ---... Ltd..Quidway NetEngine80 Configuration Guide ..END SSH2 PUBLIC KEY ---Public key code for pasting into OpenSSH authorized_keys file : ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAQQC/815LxhvXhvkHtd59Z3DD5f0XqyA8j8u7yP3y98tn TlGehBkPa5eo6pH8S7nhiDZedL/VTGh3Z6ica0Mdfj4b rsa-key ===================================================== Time of Key pair created: 16:38:51 2007/5/25 Key name: Quidway_Server Key type: RSA encryption Key 9-50 Huawei Proprietary and Confidential Copyright © Huawei Technologies Co....Basic Configurations 9 Telnet and SSH z Name of the RADIUS domain z Name and password of the RADIUS user Configuration Procedure Step 1 Generate a local key pair on the SSH server. <Quidway> system-view [Quidway] rsa local-key-pair create The key name will be: Quidway_Host The range of public key size is (512 ~ 2048)..... NOTES: If the key modulus is greater than 512... ..... <Quidway> system-view [Quidway] sysname client [client] rsa local-key-pair create # Generate the RSA public key on the client......++++++++++++ ...BEGIN SSH2 PUBLIC KEY ---AAAAB3NzaC1yc2EAAAADAQABAAAAQQC/815LxhvXhvkHtd59Z3DD5f0XqyA8j8u7 yP3y98tnTlGehBkPa5eo6pH8S7nhiDZedL/VTGh3Z6ica0Mdfj4b ---.. Issue 04 (2009-12-20) .....++++++++++++ .... # Generate the local key pair on the client..... [Quidway] ssh user ssh1@ssh. Issue 04 (2009-12-20) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co. return system view with "peer-public-key end". return last view with "public-key-code end".com and ssh2@ssh. On the RADIUS server.com [Quidway] ssh user ssh2@ssh. The NAS address refers to the address of SSH server that connects to the RADIUS server.. # Configure the VTY user Interface on SSH server.164. Ltd. [Quidway-rsa-key-code] 3047 [Quidway-rsa-key-code] 0240 [Quidway-rsa-key-code] BFF35E4B C61BD786 F907B5DE 7D6770C3 E5FD17AB [Quidway-rsa-key-code] 203C8FCB BBC8FDF2 F7CB674E 519E8419 0F6B97A8 [Quidway-rsa-key-code] EA91FC4B B9E18836 5E74BFD5 4C687767 A89C6B43 [Quidway-rsa-key-code] 1D7E3E1B [Quidway-rsa-key-code] 0203 [Quidway-rsa-key-code] 010001 [Quidway-rsa-key-code] public-key-code end [Quidway-rsa-public-key] peer-public-key end Step 3 Create the SSH user. [Quidway] rsa peer-public-key RsaKey001 Enter "RSA public key" view. add two users named ssh1@ssh. designate the NAS address 10.Basic Configurations 9 Telnet and SSH ===================================================== Key code: 3067 0260 BCFAC085 49A2E70E 1284F901 937D7B63 D7A077AB D2797280 4BCA86C0 4CD18B70 5DFAC9D3 9A3F3E74 9B2AF4CB 69FA6483 E87DA590 7B47721A 16391E27 1C76ABAB 743C568B 1B35EC7A 8572A096 BCA9DF0E BC89D3DB 5A83698C 9063DB39 A279DD89 0203 010001 [client] # Send the RSA public key generated on the client software to the server. [Quidway-rsa-public-key] public-key-code begin Enter "RSA key code" view. in addition.com on the SSH server.com service-type stelnet [Quidway] ssh user [email protected] respectively.222 and the key huawei. [Quidway] user-interface vty 0 4 [Quidway-ui-vty0-4] authentication-mode aaa [Quidway-ui-vty0-4] protocol inbound ssh [Quidway-ui-vty0-4] quit # Create SSH users with their name [email protected] [Quidway] ssh user [email protected] authentication-type password [Quidway] ssh user [email protected] sftp-directory cfcard: # Bind the client public key to [email protected] authentication-type password [Quidway] ssh user ssh2@ssh. 9-51 . [Quidway] ssh user [email protected] assign rsa-key RsaKey001 Step 4 Configure the RADIUS template.com and [email protected] NetEngine80 Configuration Guide .com service-type sftp [Quidway] ssh user ssh2@ssh. . # Enable STelnet and SFTP services on the SSH server. # Configure the RADIUS domain of SSH server as ssh.222.164.Basic Configurations 9 Telnet and SSH # Configure the authentication scheme Test and authentication mode RADIUS. * Issue 04 (2009-12-20) ..39. The server is not authenticated. [Quidway-radius-ssh] radius-server shared-key huawei [Quidway-radius-ssh] quit Step 5 Configure RADIUS domain name.Quidway NetEngine80 Configuration Guide .164.. Do you continue to access it?(Y/N):y Do you want to save the server's public key?(Y/N):y The server's public key will be saved with the name: 10.164. [client] ssh client first-time enable [client] quit # Connect the STelnet client to the SSH server in the RADIUS authentication. Enter password: Enter the password Huawei and view as follows: *********************************************************** * 9-52 All rights reserved (2000-2007) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co.222 .com] authentication-scheme test [Quidway-aaa-domain-ssh.. Please wait. <Quidway> system-view [Quidway] stelnet server enable [Quidway] sftp server enable # For the first login.222 .222 Please input the username: ssh@ssh. applying authentication scheme Test and RADIUS template ssh. Ltd.39.com.49 1812 # Configure the key of RADIUS server as huawei.39.com] quit [Quidway-aaa] quit Step 6 Connect the SSH client and the SSH server. <client> system-view [client] stelnet 10. [Quidway] radius-server template ssh # Configure the IP address and port of the RADIUS authentication server..39.. [Quidway] aaa [Quidway-aaa] domain ssh.com Trying 10. you need to enable the first authentication on SSH client.16. [Quidway-radius-ssh] radius-server authentication 10.com] radius-server ssh [Quidway-aaa-domain-ssh.164.164. [Quidway] aaa [Quidway-aaa] authentication-scheme test [Quidway-aaa-authen-test] authentication-mode radius [Quidway-aaa-authen-test] quit # Configure the RADIUS template of SSH server as ssh. Press CTRL+K to abort Connected to 10.com [Quidway-aaa-domain-ssh.. com Retry : 1 CTOS Cipher Issue 04 (2009-12-20) : aes128-cbc Huawei Proprietary and Confidential Copyright © Huawei Technologies Co. Enter password: sftp-client> Step 7 Verify the configuration. and the current number of VTY users on line is 2.0:0:LoopBack0 Secondary-authentication-server : 0. * *********************************************************** Note: The max number of VTY users is 10.0. * * Notice: * * This is a private communication system. 9-53 .0.164.164.com Trying 10.Quidway NetEngine80 Configuration Guide ..39. * * no decompiling or reverse-engineering shall be allowed.222 .0 State : started Username : ssh1@ssh. You can also view that the STelnet or SFTP client is connected to the SSH server successfully in the RADIUS authentication.. # Display the configuration of the RADIUS server.. * * Unauthorized access or use may lead to prosecution. Press CTRL+K to abort Connected to 10.Basic Configurations * 9 Telnet and SSH Without the owner's prior written consent. Ltd.0.164.164.0. You can view the configuration of the RADIUS server on the SSH server.39. <client> system-view [client] sftp 10.0.0:0:LoopBack0 Secondary-accounting-server : 0.222 . [Quidway-aaa] display radius-server configuration ------------------------------------------------------------------Server-template-name : ssh Protocol-version : standard Traffic-unit : B Shared-secret-key : huawei Timeout-interval(in second) : 5 Primary-authentication-server : 10..222 Please input the username: ssh@ssh. [Quidway] display ssh server session Session 1: Conn : VTY 0 Version : 2. <Quidway> # Connect the SFTP client to the SSH server in the RADIUS authentication.16. run the display radius-server configuration and display ssh server session commands on the SSH server.39..49:1812:LoopBack-1 Primary-accounting-server : 0.0:0:LoopBack0 Retransmission : 3 Domain-included : YES ------------------------------------------------------------------- # Display the connection of the SSH server.0. After the configuration. Issue 04 (2009-12-20) .com ssh user [email protected] ssh user [email protected] State : started Username : ssh2@ssh. Ltd.com authentication-type password 9-54 Huawei Proprietary and Confidential Copyright © Huawei Technologies Co.16.49 1812 # rsa peer-public-key rsakey001 public-key-code begin 3047 0240 C4989BF0 416DA8F2 2675910D 7F2997E8 5573A35D 0163FD4A FAC39A6E 0F45F325 A4E3AA1D 54692B04 C6A28D3D C58DE2E8 E0D58D65 7A25CF92 A74D21F9 E917182B 0203 010001 public-key-code end peer-public-key end # aaa authentication-scheme test authentication-mode radius # domain ssh.com Retry : 1 CTOS Cipher : aes128-cbc STOC Cipher : aes128-cbc CTOS Hmac : hmac-sha1-96 STOC Hmac Kex : hmac-sha1-96 : diffie-hellman-group1-sha1 Service Type : sftp Authentication Type : password ----End Configuration Files # sysname Quidway # radius-server template ssh radius-server authentication 10.Quidway NetEngine80 Configuration Guide ..Basic Configurations 9 Telnet and SSH STOC Cipher : aes128-cbc CTOS Hmac : hmac-sha1-96 STOC Hmac Kex : hmac-sha1-96 : diffie-hellman-group1-sha1 Service Type : stelnet Authentication Type : password Session 2: Conn : VTY 1 Version : 2.164.com authentication-scheme test radius-server ssh # # sftp server enable stelnet server enable ssh user ssh1@ssh. com assign rsa-key RsaKey001 ssh user [email protected] service-type stelnet ssh user ssh2@ssh. Ltd.Basic Configurations 9 Telnet and SSH ssh user ssh2@ssh. 9-55 .com authentication-type password ssh user [email protected] NetEngine80 Configuration Guide .com sftp-directory flash : # user-interface vty 0 4 authentication-mode aaa protocol inbound ssh # Return Issue 04 (2009-12-20) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co..com service-type sftp ssh user ssh2@ssh. ........Basic Configurations Contents Contents 10 Router Maintenance ............................................................................10-1 10...............................................5 Resetting the Board...1...........................2 Configuring a Checking of the Air Filter based on the Device Temperature .............................10-4 10..................10-2 10........5.......................1 Establishing the Configuration Task ...10-7 10..........................10-3 10.......................................................................3...................10-5 10..............................10-2 10...2 Device Operation Management.........2............................................................1 Online Upgrade introduction ....3 Resetting the Device and Switching over the Channel ...................10-8 10...........................................................................10-8 10..........5.................................................10-7 10....4 Configuring the Electronic Labelelectronic ...........10-4 10...10-3 10..................5...........3...............4.................................3 Online Loading the Board Software ...............................3 Managing the Device Operation........................................................................................................................................... i ....................4..........3 Configuring a Cleaning Cycle for the Air Filter............2...................2.......3................3................10-4 10......................10-9 10...........................10-2 10..................................10-7 10.........................................4..................................................................10-9 Issue 04 (2009-12-20) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co................................................1 Introduction .........3 Backing Up the Electronic Label ...5 Configuring a Cleaning Cycle for the Air Filter.........................2......10-6 10............Quidway NetEngine80 Configuration Guide ......................................................................................................... Ltd........................10-7 10..............................................1 Establishing the Configuration Task ................10-2 10..........................3 Electronic Label ........................10-9 10.............................2 Querying the Electronic Label ....................5.....................................................................................................4 Upgrading the Stratum 3 Clock Board.......................................4 Displaying the Device Information..................................5 Checking the Configuration ....5............10-8 10.......10-4 10......................6 Checking the Configuration ..................................10-2 10.................10-6 10.......................................4 Remonitoring the Cleaning Cycle of the Air Filter...................................................................10-5 10................................................................................................................................................................................2..2 Downloading the Board Software.....................................................................................................10-5 10.....2............................1..............................................................................1 Setting the Temperature Warning Threshold Upgrading the Board ...................................................................................................................................................................2 Upgrading the Board .................................................2 Disabling or Re-enabling the DASL Port of the LPU ........................................................1 Establishing the Configuration Task ......................................1......................... Issue 04 (2009-12-20) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co. Ltd.Basic Configurations 10 Router Maintenance 10 Router Maintenance About This Chapter The following table lists the contents of this chapter. 10. 10..1 Introduction This section describes the principle and concepts of the router maintenance.Quidway NetEngine80 Configuration Guide .2 Upgrading the Board This section describes how to upgrade the board software 10. Section Describes 10.3 Managing the Device Operation This section describes how to manage the device operation.4 Configuring the Electronic Label This section describes how to configure the electronic label. 10-1 . . The route provides online software download and upgrade for the MPU and the LPU. If the system fails after the software upgrade. including: z Online Upgrade z Device Operation Management z Electronic Label 10. 10. reset the upgraded board only. When upgrading the software of the LPU board. The online download of software has no impact on the operation of the system.1. After the software upgrade.1 Online Upgrade introduction The routerNE80 provides online upgrade for the system software.2 Upgrading the Board 10-2 Huawei Proprietary and Confidential Copyright © Huawei Technologies Co.3 Electronic Label Electronic label is used to query about or back up the manufacturing information of the device.1. At the same time. the router is restarted and the system switches back to the previous software version for operation. Ltd. The manufacturing information of the boards and optical modules can be backed up at the FTP server or the Flash card of the router. The router series USR can upgrade each board respectively.1 Introduction This section describes what you need to learn before maintaining the system. The functions fall into the following types: z Displaying device information z Setting the device parameters and threshold z Disabling or re-enabling the DASL port on the LPU z Resetting the device and switching over the channel 10.1. you can upgrade multiple LPU boards at the same time. Through the electronic label. When upgrading the MPU or LPU board.Quidway NetEngine80 Configuration Guide . Other boards do not need to be reset. The information is of the boards and optical modules on the whole chassis or on a specified slot number. 10. You can upgrade only the features that need to be improved.2 Device Operation Management The device operation management is responsible for monitoring the running status of the device and the setting of the parameters of the device.Basic Configurations 10 Router Maintenance 10. the previous software version is backed up in the router.The electronic label supports hierarchical query and backup of manufacturing information. Issue 04 (2009-12-20) . the router provides online patching for the system software. you can query or back up the manufacturing information of the board and the optical module of the router. you need the following data.2. you can perform online software upgrade for this board only to save the software download time.2. No. TFTP.1 Establishing the Configuration Task Applicable Environments When only one board needs software upgrade. Data 1 Board software of the new version 2 Directory to store the software Configuration Procedures No. upgrade the board software with caution. For detailed upgrade procedure. 10-3 . Preconfigured Tasks Before upgrading the board software." Issue 04 (2009-12-20) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co. Procedure 1 Downloading the Board Software 2 Online Loading the Board Software 3 Upgrading the Stratum 3 Clock Board 4 Resetting the Board 5 Checking the Configuration 10. TFTP and XModem. refer to the description of FTP.2 Downloading the Board Software For detailed procedures of downloading files. refer to the router release notes. Ltd. 10. complete the following tasks: z Powering on the router normally z Connecting the router with PC correctly through the console port Data Preparations To upgrade the board software.Basic Configurations 10 Router Maintenance To ensure the normal running of the router.Quidway NetEngine80 Configuration Guide . and XModem in Chapter "FTP. Upgrade the software under the guidance of the technical support personnel from Huawei.. 2. Ltd. 10. you need to upload the software for the BootROM and the BootLoad again.6 Checking the Configuration Run the following commands to check the previous configuration. Step 1 Run: upgrade clock slot-id { file-name | startup } { bootrom | software } The BootROM of the stratum 3 clock board is upgraded. 10. ----End When the system software packet is being upgraded or the stratum 3 clock board runs abnormally.2. run: upgrade lpu bootrom slot-id filename z To load the LPU program online. z To load the MPU BootROM online. To upgrade the small system or basic BootROM program. the BootROM chip need be changed. display version View the status of the device. z To reset the board. run: upgrade lpu software { all | slot-id } filename The preceding operation is performed for the upgrade of extended BootROM program.5 Resetting the Board Perform the following on the router where the board needs to be reset. display device Huawei Proprietary and Confidential Copyright © Huawei Technologies Co.Basic Configurations 10 Router Maintenance 10. If the stratum 3 clock board runs normally. Perform the following as required. run: reset slot { hub_a | hub_b } You can use this command to reset boards including the LPU and the MPU by specifying the slot number. Issue 04 (2009-12-20) .3 Online Loading the Board Software Do as follows on the router to be upgraded..4 Upgrading the Stratum 3 Clock Board Do as follows on the router to be upgraded. run: reset slot slot-id z To reset the hub of the MPU. 10-4 Action Command View the system version. this step is not required.Quidway NetEngine80 Configuration Guide .2. 10.2. run: upgrade { mpu | slavempu } bootrom filename z To load the slave MPU BootROM online. Therefore. Step 2 Run: lpu temperature-limit slot-id temperature The temperature threshold for the LPU is set. ----End The temperature threshold can be set for the LPU of the router. 10-5 . 10. The system will send the alarm information if the temperature exceeds the threshold. Ltd.Basic Configurations 10 Router Maintenance 10. After inserting the LPU. this may cause reboot of other LPUs with a probability less than 1%.3. you can shut down the DASL port that connects the LPU with the Switching Fabric Unit (SFU) by using the downlpu command before plugging out the LPU.Quidway NetEngine80 Configuration Guide . Step 1 Run: system-view The system view is displayed. Step 1 Run: downlpu slot-id system-view The DASL port on the LPU is disabled.3. Step 3 Run: undo downlpu slot-id The DASL port of the LPU is re-enabled ----End Issue 04 (2009-12-20) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co. Do as follows on the router to be configured in the user view. you can re-enable the DASL port by using the undo downlpu command.3 Managing the Device Operation This section covers the following topics: z Setting the Temperature Warning Threshold z Disabling or Re-enabling the DASL Port of the LPU z Resetting the Device and Switching over the Channel z Displaying the Device Information 10..2 Disabling or Re-enabling the DASL Port of the LPU If an LPU is directly plugged out for resetting. Step 2 Plug out the LPU.1 Setting the Temperature Warning Threshold Upgrading the Board Do as follows on the router to be configured. 3 Resetting the Device and Switching over the Channel Run one of the following commands to enter a view as you need: z To reset the device at the specified slot.. display selftest [ slot-id ] Display the version of the device.3. Ltd. display cpu-usage [ slave | slot slot-id ] display cpu-usage { entry-number [ offset ] [ verbose ] | slave | slot slot-id } display cpu-usage configuration [ slave ] 10-6 Display the communication-channel information. run: reboot whole router z To switch over the communication channel. Action Command Display the basic information of the device. Issue 04 (2009-12-20) . run: switch communication-channel { ipc [ slot-id ] } { a | b } 10.3. run: reset slot slot-id z To reset the router. display version [ slot-id ] Display the environment information.Quidway NetEngine80 Configuration Guide . display lpu { slot-id | all } startup Huawei Proprietary and Confidential Copyright © Huawei Technologies Co. display alarm record { slot-id | all } Display the information on the CPU usage. display communication-channel [ { ipc { state | statistic } | dem { link-status | state | statistic }} [ slot-id ] ] Display the startup type and time of the LPU.Basic Configurations 10 Router Maintenance 10. run the following display commands in any view to view the operation status of the device. display environment Display the alarm or status information. display device [ pic-status | slot-id ] Display the self-test information of the device.4 Displaying the Device Information After the configuration. 4. Procedure 1 Querying the Electronic Label 2 Backing Up the Electronic Label 10.4. Step 2 Run: backup elabel filename [ slot-id ] The electronic label is backed up to the default FLash Memory. Step 1 Run: system-view The system view is displayed.Quidway NetEngine80 Configuration Guide . ----End 10. Data Preparation None. Configuration Procedures No.Basic Configurations 10 Router Maintenance 10. ----End Issue 04 (2009-12-20) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co. Pre-configuration Tasks None.2 Querying the Electronic Label Step 1 Run: display elabel [ slot-id ] The electronic label is queried..4. Ltd. or backing up the electronic label information to a specified FTP server. you need to configure the electronic label function.4 Configuring the Electronic Labelelectronic 10.3 Backing Up the Electronic Label Do as follows on the router whose electronic label to be backed up. 10-7 .1 Establishing the Configuration Task Applicable Environment When querying for the electronic label information of all boards including the optical module and individual entity on the chassis. Preconfigured Tasks None. you need the following data.5 Configuring a Cleaning Cycle for the Air Filter 10. Data Preparations To configure a cleaning cycle for the air filter.5. No.. Data 1 Cleaning cycle of the air filter Configuration Procedures No.5. Issue 04 (2009-12-20) .Quidway NetEngine80 Configuration Guide .Basic Configurations 10 Router Maintenance If the electronic label should be backed up to a specified FTP server. 10.2 Configuring a Checking of the Air Filter based on the Device Temperature Do as follows on the router: Step 1 Run: system-view The system view is displayed. run the backup elabel ftp host filename username password [ slot-id ] command. Step 2 Run: dustproof check-auto 10-8 Huawei Proprietary and Confidential Copyright © Huawei Technologies Co. Ltd.1 Establishing the Configuration Task Applicable Environments You need to clean the air filter after the air filter has been running for a period of time. Procedure 1 Configuring a Checking of the Air Filter based on the Device Temperature 2 Configuring a Cleaning Cycle for the Air Filter 3 Remonitoring the Cleaning Cycle of the Air Filter 4 Checking the Configuration 10. ----End 10. 10-9 . ----End 10. Therefore.3 Configuring a Cleaning Cycle for the Air Filter Do as follows on the router: Step 1 Run: system-view The system view is displayed. Do as follows on the router: Step 1 Run: reset dustproof run-time The alarm is cleared.5. which may be inserted.4 Remonitoring the Cleaning Cycle of the Air Filter The system generates an alarm about cleaning the air filter. All the monitored information is saved on the MPU. Ltd. the monitoring cycle may differ from the set cycle.Basic Configurations 10 Router Maintenance The checking of the air filter based on the device temperature is configured. or replaced during usage. By default.5. The cleaning cycle of the air filter is monitored. Action Command View the information about the air filter. Step 2 Run: dustproof check-timer day INTEGER The cleaning cycle for the air filtered is configured. display dustproof <Quidway> display dustproof Clean Dustproof-Net cycle : 365(days) Last clean date Issue 04 (2009-12-20) : 2009/02/07 Huawei Proprietary and Confidential Copyright © Huawei Technologies Co. switched. you need to clear the alarm and remonitor the cleaning cycle of the air filter. After ensuring that the air filter is cleaned or does not need to be cleaned.5 Checking the Configuration Run the following commands to check the previous configuration.. but this does not affect the monitoring function.5. removed. the checking of the air filter based on the device temperature is enabled. The air filter is a component without memory. ----End 10.Quidway NetEngine80 Configuration Guide . Issue 04 (2009-12-20) ..Basic Configurations 10 Router Maintenance Up to last clean days : 1(day) Clean alarm existence days: 0(day) 10-10 Huawei Proprietary and Confidential Copyright © Huawei Technologies Co.Quidway NetEngine80 Configuration Guide . Ltd. ................2 Uploading the System Software and License to the Master MPU ...2......................................3 (Optional) Configuring PAF Files ...................................... 11-2 11................. 11-5 11..................................................................................3..2............................11-1 11............................. 11-6 11...............................................................................................................................2 Uploading the System Software and License Files .....................................................3........... 11-2 11..................................................................3.2.....1.............................4 Checking the Configuration .................Quidway NetEngine80 Configuration Guide .......................................... 11-3 11........................................... 11-5 11................................................2............ 11-3 11......................................4 (Optional) Configuring Patch Packages .....................................................................................................1 System Software Upgrade.......... 11-6 11....................................................................................................................................................2 Specifying the System Software for the Next Startup............................ 11-3 11................................. 11-4 11...................................Basic Configurations Contents Contents 11 System Software Upgrade ........2 License ...... 11-5 11...............3 Copying the System Software and License to the Slave MPU...........1......................1 Establishing the Configuration Task ...........1 Introduction ............................................ 11-2 11.................. 11-4 11........3 Specifying the System Software for the Next Startup of the Router ..............................................3.............................5 Checking the Configuration ........................ 11-7 Issue 04 (2009-12-20) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co...............................................3..... i .... Ltd.........1 Establishing the Configuration Task ...................................... 11. 11-1 . Section Description 11. 11..Quidway NetEngine80 Configuration Guide . Issue 04 (2009-12-20) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co.Basic Configurations 11 11 System Software Upgrade System Software Upgrade About This Chapter The following table shows the contents of this chapter.3 Specifying the System Software for the Next Startup of the Router This section describes how to specify the system software for the next startup of the router.1 Introduction This section describes the principle and concepts of the system software upgrade. Ltd.2 Uploading the System Software and License Files This section describes how to upload the system software and license files. When the upgrade fails.1 Introduction This section covers the following topics that you need to know before upgrading the system software: z System Software Upgrade z License 11. the license mechanism controls the maximum resources that users can use. The license contains two files: paf.txt. This does not affect the current features or functions. CR-LSPs and VPN instances. When the features are required later. Before upgrading the system software. After the upgrade is complete.1 System Software Upgrade z When upgrading the system software. z Upgrade the system software and license under the guidance of technical support engineers. the system software can restore to the previous version. Therefore. z Check the existing system software version before the upgrade. At the same time. related commands and interfaces are not displayed. users can flexibly decide the required features according to the service demands without making great investment at the time of purchase. Ltd.1. The license file should be placed at the root directory of the Flash.. Suppose a user does not want certain features or functions at the beginning. 11-2 Huawei Proprietary and Confidential Copyright © Huawei Technologies Co. and the system file should be placed at the hardware disk. In general.1. 11.Basic Configurations 11 System Software Upgrade 11. you must upgrade the license that is integrated with the system software. do not delete the previous system software. the price of a product is in direct proportion to its features and functions. These features can be disabled through the license file.2 License The license can be used to control the availability of some product features on a dynamic basis. If a feature is specified as unavailable in the license file. The license mechanism can flexibly add or reduce features as required to protect and save the investment of users. you can realize the addition through upgrading the system software. When certain features are required on the current router. the user can buy the license of these features to enable them. LSPs.txt and license. you need to obtain the system software and license from Huawei. such as the number of routes. For example if the license file indicates that a particular feature is available. Issue 04 (2009-12-20) .Quidway NetEngine80 Configuration Guide . you can see all related commands and functions after the system is started. 2 Uploading the System Software and License to the Master MPU Upload the system software and license files to the Flash Memory of the master MPU..Quidway NetEngine80 Configuration Guide . When the existing system software of a router does not meet the existing requirements. you need to upgrade the system software. Procedure 1 Uploading the System Software and License to the Master 2 Copying the System Software and License to the Slave 3 Checking the Configuration 11. TFTP and Xmodem. Pre-configuration Tasks Before uploading the system software and license. you need the following data: z System software of the new version z License files of the new version Configuration Procedures No.Basic Configurations 11 System Software Upgrade 11. 11-3 . Ltd.2.1 Establishing the Configuration Task Applicable Environment The license files should be placed at the root directory of the Flash Memory of the master and slave MPUs.2 Uploading the System Software and License Files 11. The router supports the uploading of files through FTP.2. Choose an uploading method based on the requirements. Issue 04 (2009-12-20) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co. complete the following tasks: z Ensuring that the router works normally z Ensuring that the router can be logged in to Data Preparation To upload the system software and license. <Quidway> dir flash Directory of flash:/ 0 drw- 1 -rw- 4333 Aug 31 2006 09:35:12 . run the preceding commands and you can view the information of the uploaded files.Dec 13 2005 14:09:50 2 -rw- 972 Dec 24 2005 16:34:58 3 -rw- 14490 Aug 30 2006 03:36:02 4 -rw- 6165 Aug 30 2006 03:36:24 5 -rw- 817148 Aug 30 2006 11:04:12 log private-data. check the file information on the Flash Memory of the master MPU.4 Checking the Configuration Run the following commands to check the previous configuration..zip paf. repeat the preceding steps. ----End If you need to copy multiple files to the Flash Memory of the slave MPU. dir flash: dir : Check the file information on the dir flash: of the slave MPU. Step 2 Run: copy source-filename slave#hd:/destination-filename The system software is copied to the hardware of the slave MPU. Issue 04 (2009-12-20) . Step 1 Run: copy source-filename slave#flash:/destination-filename The system license is copied to the Flash Memory of the slave MPU.txt license. Ltd. Action Command Check the file information on the of the master MPU.3 Copying the System Software and License to the Slave MPU Do as follows on the router to be upgraded.2.txt vrpcfg.txt NE.Basic Configurations 11 System Software Upgrade 11.bin 15875 KB total (5032 KB free) The vrpcfg. For example.zip is the default configuration file of the system. 11-4 Huawei Proprietary and Confidential Copyright © Huawei Technologies Co.2. dir slave#: After uploading the files.Quidway NetEngine80 Configuration Guide . 11. After the files are uploaded.3.2 Specifying the System Software for the Next Startup Do as follows on the router to be upgraded: Step 1 Run: startup system-software file-name The system software is specified for starting the master MPU the next time.Quidway NetEngine80 Configuration Guide . Issue 04 (2009-12-20) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co. It is recommended to use the absolute paths to specify system software of the same version to the master and slave MPUs. After the system software is specified. 11-5 .3 Specifying the System Software for the Next Startup of the Router 11. the system is broken down. Configuration Procedures No. the system uploads the software at the specified path when the router is restarted next time. Pre-configuration Tasks None. you need to specify the system to use the newly loaded system software when the router is restarted next time..1 Establishing the Configuration Task Applicable Environment Specify the same system software to the master and slave MPUs.3. Otherwise. Procedure 1 Specifying the System Software for the Next Startup 2 (Optional) Configuring PAF Files 3 (Optional) Configuring Patch Packages 4 Checking the Configuration 11. you need to prepare the absolute path of the system software. Data Preparation Before specifying the system software for the next startup of the router. Ltd.Basic Configurations 11 System Software Upgrade 11. 3.Quidway NetEngine80 Configuration Guide . Step 3 Run: startup license file-name The License file is specified for the main MPU after the next startup.3 (Optional) Configuring PAF Files Do as follows on the router to be upgraded: Step 1 Run: startup paf file-name The PAF file is specified for the main MPU after the next startup. Step 2 Run: startup patch file-name slave-board Specify the patch files for the slave MPU after next startup. Ltd.4 (Optional) Configuring Patch Packages To upgrade the version of the system software.Basic Configurations 11 System Software Upgrade Step 2 Run: startup system-software file-name slave-board The system software is specified for starting the slave MPU the next time. ----End 11. Do as follows on the router to be upgraded: Step 1 Run: startup patch file-name Specify the patch files for the main MPU after next startup. you need to perform the following steps to specify the patch files.3. Step 2 Run: startup paf file-name slave-board The PAF file is specified for the slave MPU after the next startup. Step 3 Run: patch-state run { all | slot slot-id } 11-6 Huawei Proprietary and Confidential Copyright © Huawei Technologies Co. Issue 04 (2009-12-20) . Step 4 Run: startup license file-name slave-board The License file is specified for the slave MPU after the next startup.. ----End 11. you can learn that the system software in the next startup of the router is the system software specified in the upgrading operation.txt Startup patch package: NULL Next startup patch package: NULL Issue 04 (2009-12-20) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co.bin Startup system software: hd:/V300R005C01B323SPC001.bin Startup system software: hd:/V300R005C01B323SPC001.txt Next startup paf file: flash:/paf_v300r005c01. display startup Running the display startup command. <Quidway> display startup MainBoard: Configed startup system software: hd:/V300R005C01B323SPC001.txt Next startup license file: flash:/license_v300r005c01.txt Startup license file: flash:/license_v300r005c01. 11-7 .bin Next startup system software: hd:/V300R005C01B323SPC001.zip Startup paf file: flash:/paf_v300r005c01.bin Next startup system software: hd:/V300R005C01B323SPC001.3. The system software is the same for the master and slave MPU s.txt Next startup license file: flash:/license_v300r005c01.Basic Configurations 11 System Software Upgrade The patch status of the board after the next startup is specified as Run.bin Startup saved-configuration file: flash:/vrpcfg.txt Startup license file: flash:/license_v300r005c01.zip Next startup saved-configuration file: flash:/vrpcfg.bin Startup saved-configuration file: flash:/vrpcfg. Ltd.txt Next startup paf file: flash:/paf_v300r005c01.txt Startup patch package: NULL Next startup patch package: NULL SlaveBoard: Configed startup system software: hd:/V300R005C01B323SPC001.zip Startup paf file: flash:/paf_v300r005c01.Quidway NetEngine80 Configuration Guide .5 Checking the Configuration Run the following commands to check the previous configuration.. ----End 11.zip Next startup saved-configuration file: flash:/vrpcfg. Action Command Display the information of startup system software. .................1 Establishing the Configuration Task ................................................................................................1 Establishing the Configuration Task ............................................12-5 12......................................................................8..........12-5 12................ i ..........12-12 12.............................4 Running the LPU Patch...................................................4.........................1 Establishing the Configuration Task ...........................................................................................5...........................................1 Introduction .................................12-10 12.....................................................2 Uploading a Patch to the Root Directory of the Master MPU ...............................................3 Activating the LPU Patch..........................................1 Establishing the Configuration Task ...........................7...............................................8........................................................6 Unloading the MPU Patch...........................12-12 12.......................................4........................................................................................................12-8 12...7........................................................................................12-9 12........................12-13 12............................................................................. 12-11 12............4..................1 Establishing the Configuration Task .....................................3 Checking the Running of Patch on the LPU .................6................................................................................................................................1 Establishing the Configuration Task ..........................................12-9 12............................12-1 12...............5 Stop Running the MPU Patch .12-6 12....12-3 12.......4...........9...........................12-3 12...........................2 Checking the Running of Patch in the System ........12-14 Issue 04 (2009-12-20) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co......................................7 Installing a Patch on the LPU...................................2 Uploading the LPU Patch ....................................Quidway NetEngine80 Configuration Guide .....................3...2........................12-10 12.12-13 12..........................................................3..........................Basic Configurations Contents Contents 12 Patch Management.................2 Deleting the MPU Patch ............................................................................................ 12-11 12.........3 Copying a Patch to the Root Directory of the Slave MPU.............12-9 12.........................................12-13 12...........................................................................................................................................................................................................................................................................3 Activating the MPU Patch........12-7 12............2 Deactivating the LPU Patch......2 Uploading the MPU Patch .....................................................................................12-8 12..............................................7....2............12-6 12................................................12-7 12........................... 12-11 12...8 Stop Running the LPU Patch...............................1 Establishing the Configuration Task ..................................4 Installing a Patch on the MPU.............................................................2 Deleting the LPU Patch....................................3.......9 Unloading the LPU Patch.......... Ltd.............12-2 12.................................2 Checking the Running of Patch on the MPU .................................................................1 Establishing the Configuration Task ...........12-10 12........2.12-5 12...................................................................................12-7 12......6...................9............................................................................................................................4 Running the MPU Patch ....5...............12-4 12......................................................................................................................................................................................7......................12-13 12....3 Loading a Patch..................................................2 Deactivating the MPU Patch.......................12-13 12.......................................................................... .......... iii ............................12-2 Issue 04 (2009-12-20) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co........................Quidway NetEngine80 Configuration Guide . Ltd........Basic Configurations Figures Figures Figure 12-1 Conversion between the statuses of a patch................ 8 Stop Running the LPU Patch This section describes how to stop running the LPU patch.7 Installing a Patch on the LPU This section describes how to install a patch on the LPU. 12.3 Loading a Patch This section describes how to load a patch.5 Stop Running the MPU Patch This section describes how to stop running the MPU patch. Issue 04 (2009-12-20) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co.1 Introduction This section describes the principle and concepts of patch management. Section Description 12. Ltd. 12.6 Unloading the MPU Patch This section describes how to unload the MPU patch.Basic Configurations 12 Patch Management 12 Patch Management About This Chapter The following table shows the contents of this chapter.9 Unloading the LPU Patch This section describes how to unload the LPU patch. 12-1 . 12. 12..2 Checking the Running of Patch in the System This section describes how to check the running of patch in the system. 12. 12. 12.Quidway NetEngine80 Configuration Guide . 12.4 Installing a Patch on the This section describes how to install a patch on the MPU. As a result. deactivated and running. Ltd. the patch remains invalid after restart. and you can use the patch program released by Huawei to upgrade the system software.1 Introduction After the patch runs successfully. delete the patch before installing the new patch.Basic Configurations 12 Patch Management 12. otherwise. you need to confirm no patch is running in the current system before installing a patch. At the same time. obtain the correct patch files based on the type of boards. Figure 12-1 shows the conversion between the three statuses. the patch is classified as: z The MPU patch z The LPU patch Before running a patch. The upgrade and maintenance of the router can be realized through installing patches. a "patchstate. This does not break the operation of the router.dat" file is created at the root directory of the Flash Memory. The NE80 provides the patch function. Figure 12-1 Conversion between the statuses of a patch Load patch No patch Deactivated Delete patch Deactive patch Delete patch Active patch Delete patch Running Run patch Activated You can operate a patch program as follows: 12-2 Huawei Proprietary and Confidential Copyright © Huawei Technologies Co. Issue 04 (2009-12-20) . If a patch runs in the system. the system allows the running of only one MPU patch and one LPU patch. Based on the type of boards..Quidway NetEngine80 Configuration Guide . Do not delete the file. Patch Status A patch program has three statuses: activated. The service of carriers features long-term operation and non-interruption. the system allows the running of only one MPU patch and one LPU patch. delete the patch before installing the new patch. check whether a patch runs on the master and slave MPUs first. If the patch status after the next startup is not set.1 Establishing the Configuration Task Applicable Environment Based on the type of boards. z If the patch status after the next startup is set. complete the following tasks: z Ensuring that the router is started normally after power-on z Ensuring that the router can be logged in to Data Preparation None. 12-3 . At the same time. The patch status file is used only to restore the patch status on the board after the next startup. If a patch runs in the system. the patch status on this board in the patch status file is still Active. If you need to install an LPU patch. Ltd. in the patch status file. check whether a patch runs on all the LPUs. next startup patch status file. Pre-configuration Tasks Before checking the running of patch in the system. Viewing the current patch status file does not mean viewing the current patch status. the patch status of a board is Active. For example. however.2. the system saves the patch status after the next startup in the patch status file. You can run the display patch-information configure-file command to view information about the patch in the patch status file. the patch status of the board turns to Deactive. Issue 04 (2009-12-20) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co. If you need to install an MPU patch.Quidway NetEngine80 Configuration Guide . the system saves the changed patch status in the current patch status file and. the patch status is the same with current patch status. a patch is classified as the MPU patch and the LPU patch..Basic Configurations z Loading a patch z Activating or deactivating a patch z Running a patch 12 Patch Management Deleting a patch Patch Status File The current patch status and the patch status after the next startup are saved in the patch status files respectively. you need to confirm no patch is running in the current system before installing a patch. As a result. z If the current patch status changes. 12.2 Checking the Running of Patch in the System 12. After the next startup. 1 Active Patch Unit : no patch Deactive Patch Unit : no patch ----------The patch information of slot 10---------Total Patch Unit : 1 Running Patch Unit : 1 .Quidway NetEngine80 Configuration Guide .Basic Configurations 12 Patch Management Configuration Procedures No.2 Checking the Running of Patch on the MPU Do as follows on the to be upgraded: Step 1 Run: display patch-information The running of patch on the master MPU is checked. For example: <Quidway> display patch-information Service pack Version: V300R005C01SPH007 Pack file name : hd:/v300r005c01sph007.1 Active Patch Unit : no patch Deactive Patch Unit : no patch ----------The patch information of slot 9---------Total Patch Unit : 1 Running Patch Unit : 1 . Issue 04 (2009-12-20) . This indicates that no patch runs in the current system.2. ----End Before installing a patch on the MPU.. Procedure 1 Checking the Running of Patch on the MPU 2 Checking the Running of Patch on the LPU 12. you need to check the running of patch on the master and slave MPU s.pat ----------The patch information of slot 5---------Total Patch Unit : 1 Running Patch Unit : 1 .1 Active Patch Unit : no patch Deactive Patch Unit : no patch The value of the bolded part in the preceding output is 0. Ltd. 12-4 Huawei Proprietary and Confidential Copyright © Huawei Technologies Co. Step 2 Run: display patch-information history slave The running of patch on the slave MPU is checked. Before installing a patch on the LPU.. see:Uploading the MPU Patch. ----End Before installing a patch on the LPU. Upload the patch to the root directory of the Flash Memory or cfcard of the master MPU. see:Uploading the LPU Patch. For details on the operation. 12-5 . For details on the operation. Issue 04 (2009-12-20) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co. it should be uploaded to the root directory of the Flash Memory or cfcard of the master and slave MPUs.2.3. copy the patch to the root directory of the Flash Memory or cfcard of the MPU.Quidway NetEngine80 Configuration Guide . Repeat the preceding command to check all LPUs. For example: <Quidway> display patch-information history slot 3 Current patch state: --------------------------------------------------------------------------Type Slot ID State From To --------------------------------------------------------------------------C 3 1-200 NP 3 1 idle idle - - --------------------------------------------------------------------------Patch history: --------------------------------------------------------------------------Type Slot ID State From To ----------------------------------------------------------------------------------------------------------------------------------------------------Info: No patch operation history information.3 Checking the Running of Patch on the LPU Do as follows on the to be upgraded: Step 1 Run: display patch-information history slot slot-id The running of patch on the LPU is checked. 12. Ltd.3 Loading a Patch 12. you must unload them before loading new patches. you must unload them before loading new patches.Basic Configurations 12 Patch Management If there are patches running. This indicates that no patch runs in the current system. Then. 12. you need to check the running of patch on all LPUs.1 Establishing the Configuration Task Applicable Environment Before a patch is installed. check that no patch runs on all LPUs. If there are patches running. 12. Configuration Procedures No. Issue 04 (2009-12-20) .3 Copying a Patch to the Root Directory of the Slave MPU Do as follows on the router to be upgraded. The NE80 supports the uploading of files through FTP.Quidway NetEngine80 Configuration Guide . 12-6 Huawei Proprietary and Confidential Copyright © Huawei Technologies Co. TFTP and XModem. Step 1 Run: copy source-filename slave#flash:/destination-filename The patch is copied to the root directory of the Flash Memory of the slave MPU. complete the following tasks: z Ensuring that the router is started normally after power-on z Ensuring that the router can be logged in to Data Preparation Before running a patch. Procedure 1 Uploading a Patch to the Root Directory of the Master 2 Copying a Patch to the Root Directory of the Slave 12.. Pre-configuration Tasks Before loading a patch.Basic Configurations 12 Patch Management The three methods to upload a patch are FTP. you need to obtain a patch that is consistent with the board. ----End If you need to copy multiple files to the Flash Memory of the slave MPU. repeat the preceding step.3. Ltd. Choose an uploading method based on the requirements.3. TFTP and Xmodem.2 Uploading a Patch to the Root Directory of the Master MPU Upload a patch to the root directory of the Flash Memory of the master MPU. Step 2 Run: patch load file-name The MPU patch is uploaded. you can install a patch on the MPU. Pre-configuration Tasks Before installing a patch on the MPU.. Through installing a patch. you need to check the running of patch on the master and slave MPU s. Data Preparation None. upload the patch to the root directory of the Flash Memory of the master and slave MPUs. 12-7 . the system prompts that the patch uploading fails. the system checks that the patch version is the same as the system version. When a patch is uploaded. Procedure 1 Uploading the MPU Patch 2 Activating the MPU Patch 3 Running the MPU Patch 12.4. Configuration Procedures No. Step 1 Run: system-view The system view is displayed. If the two versions are not the same.Basic Configurations 12 Patch Management 12. Ltd. you can upgrade the system without upgrading the system software. Step 3 Run: patch load file-name slave Issue 04 (2009-12-20) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co.Quidway NetEngine80 Configuration Guide .4 Installing a Patch on the MPU 12.2 Uploading the MPU Patch Do as follows on the router to be upgraded. Before installing a patch on the MPU.1 Establishing the Configuration Task Applicable Environment When required to make up the defects of the MPU.4. Otherwise. the patch becomes invalid after the master/slave switchover. After the board is reset. ----End z When a patch is uploaded.. Step 1 Run: system-view The system view is displayed. 12-8 Huawei Proprietary and Confidential Copyright © Huawei Technologies Co. Step 3 Run: patch active slave The slave MPU patch is activated. After a patch is activated.4. Issue 04 (2009-12-20) . you need to run the patch. ----End A patch can be activated only when it is correctly uploaded and is in the deactivated state. Ltd. and all the interface boards. If the patch becomes valid. the patch does not remain valid. 12. the system checks that the patch version is the same as the system version. the slave control board. you need to stop running the patch. Step 1 Run: system-view The system view is displayed. it becomes valid immediately. This operation takes effect on all the boards. Step 2 Run: patch active The MPU patch is activated. Step 2 Run: patch run The MPU patch is run. If the patch does not become valid. the system prompts that the patch uploading fails. When a patch is activated.Quidway NetEngine80 Configuration Guide . however. 12. z The patch load file-name all run command allows you to load and run all the patches in the patch package on the corresponding boards.4. If the two versions are not the same. The patch turns to the Run state after being loaded. you need to judge that the patch has achieved the expected effect.3 Activating the MPU Patch Do as follows on the router to be upgraded.4 Running the MPU Patch Do as follows on the router to be upgraded. including the main control board.Basic Configurations 12 Patch Management The slave MPU patch is uploaded. 2 Deactivating the MPU Patch Do as follows on the router to be upgraded.Basic Configurations 12 Patch Management Step 3 Run: patch run slave The slave MPU patch is run.Quidway NetEngine80 Configuration Guide . 12-9 .1 Establishing the Configuration Task Applicable Environment After a patch is activated. Ltd. Step 1 Run: system-view The system view is displayed. A patch can be deactivated only after it is activated. Data Preparation None. Step 2 Run: patch deactive The MPU patch is deactivated.5.5. Running a patch means that the patch is activated permanently and the patch remains valid after the board is reset. If the patch does not become valid. Configuration Procedures No. you need to judge that the patch has achieved the expected effect. you need to activate the patch. Procedure 1 Deactivating the MPU Patch 12. Pre-configuration Tasks None. ----End A patch can be run only after it is activated.. 12. Step 3 Run: Issue 04 (2009-12-20) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co.5 Stop Running the MPU Patch 12. you need to delete the running patch. ----End 12. Ltd. ----End 12-10 Huawei Proprietary and Confidential Copyright © Huawei Technologies Co.1 Establishing the Configuration Task Applicable Environment When upgrading the system software or installing a new patch. Run: patch delete The MPU patch is deleted. You can delete a patch of any status.6.Basic Configurations 12 Patch Management patch deactive The MPU patch is deactivated. Issue 04 (2009-12-20) .6 Unloading the MPU Patch 12.Quidway NetEngine80 Configuration Guide . Configuration Procedures No.6. Pre-configuration Tasks None. Step 3 Run: patch delete slave The slave MPU patch is deleted. Step 2 Do as follows on the router to be upgraded. Procedure 1 Deleting the MPU Patch 12.2 Deleting the MPU Patch Step 1 Run: system-view The system view is displayed.. Data Preparation None. Configuration Procedures No.7 Installing a Patch on the LPU 12. you need to delete the running patch. Through installing a patch. Step 1 Run: system-view The system view is displayed. you can upgrade the system without upgrading the system software. When a patch is uploaded. Data Preparation None. When installing a patch on the LPU. If the two versions are not the same.2 Uploading the LPU Patch Do as follows on the router to be upgraded. Step 2 Run: patch load file-name slot slot-id The LPU patch is uploaded. Pre-configuration Tasks Before installing a patch on the LPU. the system prompts that the patch uploading fails. ----End Issue 04 (2009-12-20) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co.7. Procedure 1 Uploading the LPU Patch 2 Activating the LPU Patch 3 Running the LPU Patch 12. 12-11 .Basic Configurations 12 Patch Management 12.Quidway NetEngine80 Configuration Guide . upload the patch to the root directory of the of the master and slave MPU s.1 Establishing the Configuration Task Applicable Environment When required to make up the defects of the LPU. the system checks that the patch version is the same as the system version.7.. you can install a patch on the LPU. Ltd. 4 Running the LPU Patch Do as follows on the router to be upgraded. however. you need to run the patch. After the board is reset.3 Activating the LPU Patch Do as follows on the router to be upgraded.. When a patch is activated. the system prompts that the patch uploading fails.7. Ltd. you need to judge that the patch has achieved the expected effect. 12. If the patch becomes valid. it becomes valid immediately. Step 1 Run: system-view The system view is displayed. 12.Basic Configurations 12 Patch Management When a patch is uploaded.Quidway NetEngine80 Configuration Guide . If the patch does not become valid. Issue 04 (2009-12-20) . Step 2 Run: patch active slot slot-id The LPU patch is activated. ----End A patch can be activated only when it is correctly uploaded and is in the deactivated state. Running a patch means that the patch is activated permanently and the patch remains valid after the board is reset. the patch does not remain valid. If the two versions are not the same. After a patch is activated. Step 2 Run: patch run slot slot-id The LPU patch is run. ----End A patch can be run only after it is activated. the system checks that the patch version is the same as the system version. Step 1 Run: system-view The system view is displayed. you need to stop running the patch.7. 12-12 Huawei Proprietary and Confidential Copyright © Huawei Technologies Co. ----End 12. If the patch does not become valid.1 Establishing the Configuration Task Applicable Environment After a patch is activated. you need to delete the running patch.2 Deactivating the LPU Patch Do as follows on the router to be upgraded.1 Establishing the Configuration Task Applicable Environment When upgrading the system software or installing a new patch. 12-13 .Basic Configurations 12 Patch Management 12. Ltd.8.. A patch can be deactivated only after it is activated. you need to activate the patch. Configuration Procedures No. Issue 04 (2009-12-20) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co.Quidway NetEngine80 Configuration Guide . you need to judge that the patch has achieved the expected effect.9.9 Unloading the LPU Patch 12.8. Procedure 1 Deactivating the LPU Patch 12. Data Preparation None. Pre-configuration Tasks None. Step 1 Run: system-view The system view is displayed.8 Stop Running the LPU Patch 12. Step 2 Run: patch deactive slot slot-id The LPU patch is deactivated. 9.Basic Configurations 12 Patch Management You can delete a patch that is in any status.. Ltd. Step 1 Run: system-view The system view is displayed. Data Preparation None.2 Deleting the LPU Patch Do as follows on the router to be upgraded. Step 2 Run: patch delete slot slot-id The LPU patch is deleted. Procedure 1 Deleting the LPU Patch 12.Quidway NetEngine80 Configuration Guide . Configuration Procedures No. Issue 04 (2009-12-20) . Pre-configuration Tasks None. ----End 12-14 Huawei Proprietary and Confidential Copyright © Huawei Technologies Co. ..........................................................B-1 Issue 04 (2009-12-20) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co........................................Quidway NetEngine80 Configuration Guide ............................................................... i ... Ltd..................Basic Configurations Contents Contents A Glossary ................................................ A-1 B Acronyms and Abbreviations ... BFD Bidirectional Forwarding Detection. Agent A process that resides in all managed devices. the backup center provides a backup interface to undertake the service. A connection oriented network technology that uses the fixed cell (53 bytes) to transfer services of multiple types such as text. Ltd. If an interface is Down. Compared with the ACL. AH Authentication Header. A-1 . SONET and T3. ATM takes full advantage of high-speed media such as E3. B Backup center A mechanism in which the interface on a device backs up each other and traces the status of the interface. ATM Asynchronous transfer mode. An error tolerance protocol that provides the interface backup in the multiple access. A unified detection mechanism that is used to detect and monitor the link or IP routes forwarding at a fast pace. The fixed length of the ATM cells enables the hardware processing of the cells and thus shortens the forwarding delay. Black list A filtering mode that is used to filter the packet according to the source IP address. audio or video data.Quidway NetEngine80 Configuration Guide . Issue 04 (2009-12-20) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co. Authorization A method used to prove identity of users to use the service.Basic Configurations A Glossary A Glossary A Accounting A network security service that records the user's access to the network.. Authentication A method used to prove user identity. multicast and broadcast in LAN (such as Ethernet). the black list can filter the packet at a high speed because its matching region is simple. A security protocol that provides data authentication and integrity for IP packets. ASSP Analogue Sensor Signal Processes. It receives request packets from the NM Station and performs the Read or Write operation on managed variables according to packet types and generates response packets and sends them to the NM Station. It can shield the packet from the specified IP address. AH is used in the transmission mode and in the tunneling mode. . Ethernet_II that contains a 16-bit protocol type field is the standard ARPA Ethernet Version 2. When the congestion occurs and becomes worse. Ethernet_SNAP An encapsulation format of the Ethernet frame. Issue 04 (2009-12-20) . Ethernet_II An encapsulation format of the Ethernet frame. Intel. deleting. centralized management and remote maintenance are implemented on Layer 2 devices of a cluster that are connected with the router. When the network congestion occurs. File system A way in which files and directories in the storage devices are managed. An application protocol in the TCP/IP stack. I A-2 Huawei Proprietary and Confidential Copyright © Huawei Technologies Co. and Digital Equipment Corporation (DEC). E Ethernet A baseband LAN specification created by Xerox and developed by Xerox. Command line level The priority of the system command that is divided into 4 levels. H HGMPv2 Huawei Group Management Protocol Version 2. An interface that allows the user to interact with the operating system. the packet is discarded by monitoring the network resource. Ltd. A queuing scheme in which the first data into the network is also the fist data out of the network. FTP is implemented based on the file system. This specification is similar to IEEE802.A Glossary Quidway NetEngine80 Configuration Guide . Congestion avoidance A flow control mechanism by which the network overload is relieved by adjusting the network traffic. such as creating a file system.Basic Configurations C CLI Command Line Interface.3. modifying and renaming a file or directory or displaying the contents of the file. Users of a level can run the command only of the same or lower level. creating. it puts the packet into the queue for buffer and determines the order of forwarding the packet.0 encapsulation. Users can configure and manage the NE80 by entering commands through the CLI. FTP File Transfer Protocol. The frame format complies with RFC 1042 and enables the transmission of the Ethernet frame on the IEEE 802.2 media. A protocol in which the discovery. used for transferring files between remote hosts. topology collection. F FIFO First In First Out. Congestion management A flow control measure to solve the problem of network resource competition. Multicast A process of transmitting packets of data from one source to many destinations.. A protocol that is used to discover the information of the neighboring Huawei device that is connected with the local device. When the user accesses the Internet through the ISP.0 to 239. (For the information of IS-IS.0.255. Issue 04 (2009-12-20) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co. A-3 . M MIB Management Information Base. Ltd.Quidway NetEngine80 Configuration Guide . IP unnumbered A mechanism in which the interface that is not configured with an IP address can borrow the IP address of the interface that is configured with an IP address to save the IP address resource. refer to B Acronyms and Abbreviations) L LAN interface Local Area Network interface. IP negotiated An attribute of the interface. virtual Ethernet interface. A system that sends various query packets and receives the response packet and trap packet form the managed devices and displays all the information. License Permission of some features that dynamically control the product. the IP address is usually allocated by the peer server. virtual-template interface. ISIS-TE Traffic engineering of IS-IS. A logical interface can be a sub-interface. Interface mirroring A method of copying the packet of the mirrored interface to the other mirroring interfaces to forward the packet.255. A database of variables of the monitored network device. It can uniquely define a managed object. Each multicast address represents a multicast group rather than a host. Null interface and Tunnel interface. Loopback interface. Logical interface A configured interface that can exchange data but does not exist physically. Modem Modulator-demodulator. that is.Basic Configurations A Glossary Information center The information hinge in the MA5200G that can classify and filter the output information. the IP address ranges from 224. NMS Network Management System. Device that converts digital and analog signals. The destination address of the multicast packet uses Class D address. NTDP A protocol that is used to collect the information of the adjacency and the backup switch of each device in the network. N NDP Neighbor Discovery Protocol. The PPP packet must be encapsulated and the IP address negotiated attribute must be configured on the interface so that the local interface accepts the IP address allocated by the peer end through the PPP negotiation. Often an Ethernet interface through which the router can exchange data with the network device in a LAN.255.0. it can prevent the broadcast storm caused by the data loop. Static ARP A protocol that binds some IP addresses to a specified gateway. SSH Secure Shell.A Glossary NTP Quidway NetEngine80 Configuration Guide . A MIB agent specification defined by the IETF that defines functions for the remote monitoring of the data flow of a network segment or the whole network. language mode and system time. O OSPF-TE Traffic engineering of OSPF. refer to B Acronyms and Abbreviations) S Service tracing A method of service debugging. the system environment can meet the requirements of the actual environment. When a link is disconnected on an Ethernet ring. it can rapidly restore the communication link between the nodes on the ring network. System environment Basic parameters for running the MA5200G such as host name. The service tracing can output the status change and the result of the protocol processing of the specified user during the access to the terminal or the server for the reference and analysis of the service personnel. (For the information of OSPF.Basic Configurations Network Time Protocol. you can filter the unnecessary contents out with regular expressions and display the necessary contents. Issue 04 (2009-12-20) . RSVP-TE Traffic engineering of RSVP. diagnosis and error detection that is mainly used for service personnel to locate the fault in user access. After configuration.. A protocol that is applied on the data link layer. When the Ethernet ring is complete. refer to B Acronyms and Abbreviations) P Policy-based routing A routing scheme that forwards packets to specific interfaces based on user-configured policies. RRPP Rapid Ring Protection Protocol. R Regular expression When a lot of information is output. A-4 Huawei Proprietary and Confidential Copyright © Huawei Technologies Co. Ltd. Router A device on the network layer that selects routes in the network. RMON Remote monitoring. An application protocol that is used to synchronize the distributed server and the client side. The router selects the optimal route according to the destination address of the received packet through a network and forwards the packet to the next router. A protocol that provides a secure connection to a router through a TCP application. The last router is responsible for sending the packet to the destination host. (For the information of RSVP. The packet of these IP addresses must be forwarded through this gateway. The keyboard and the display have no disk drives. The VRP realizes rich functions and provides tailorability and scalability based on applications. With the IP service as its core. It is often used to control the flow in regular amounts to ensure that the traffic fits within the traffic for the downstream router and avoids unnecessary discard and congestion. When the traffic exceeds the agreed upon flow.. the VRP adopts the componentized architecture. some restrictions or penalties are taken to protect the benefit and the network resource of the operator. Ltd. T1/CT1 interface. A new technology developed with the Internet to provide an apparent single private network over a public network. "Virtual" means that the network is a logical network. VPN Virtual Private Network. An interface that can be a serial interface. XModem A transmission protocol in the format of the binary code. VTY Virtual type terminal. VRP Versatile Routing Platform. A terminal line that is used to access a router through Telnet.25 A protocol applied on the data link layer that defines how connections between DTE and DCE are maintained for remote terminal access and computer communications in PDNs. Terminal A device that is connected with other devices through the serial port. X X.Quidway NetEngine80 Configuration Guide . E1/CE1 interface. VRRP Virtual Router Redundancy Protocol.Basic Configurations A Glossary T Telnet An application protocol of the TCP/IP stack that provides virtual terminal services for a wide variety of remote systems. E2/CE3 interface. T3 interface. The router can exchange data with the network device in the external network through the WAN interface. Tunnel Secure communication path between two peers in the VPN that protect the internal information of the VPN from the interruption. Traffic policing A process used to measure the actual traffic flow across a given connection and compare it to the total admissible traffic flow for that connection. POS interface or ATM interface. It forms a backup group for a group of routers in a LAN that functions as a virtual router. CPOS interface. An error tolerant protocol defined in RFC 2338. Traffic shaping A flow control measure to shape the flow rate. W WAN interface Wide Area Network interface. A-5 . Issue 04 (2009-12-20) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co. E3 interface. T3/CT3 interface. A versatile routing operating system platform developed for all data communication products of Huawei. V VPLS Virtual Private LAN Segment. Basic Configurations X.25 over TCP.25 networks through the TCP packet bearing X. A protocol that implements the interconnection between two X.A Glossary XOT A-6 Quidway NetEngine80 Configuration Guide .25 frames.. Huawei Proprietary and Confidential Copyright © Huawei Technologies Co. Ltd. Issue 04 (2009-12-20) . Ltd. Authorization and Accounting ACL Access Control List ARP Address Resolution Protocol ASPF Application Specific Packet Filter ATM Asynchronous Transfer Mode AUX Auxiliary port B BGP Border Gateway Protocol C CBQ Class-based Queue CHAP Challenge Handshake Authentication Protocol CQ Custom Queuing CR-LDP Constrain-based Routing LDP D DHCP Dynamic Host Configuration Protocol DNS Domain Name System Issue 04 (2009-12-20) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co..Quidway NetEngine80 Configuration Guide . B-1 .Basic Configurations B B Acronyms and Abbreviations Acronyms and Abbreviations Numerics A AAA Authentication. . Ltd.Basic Configurations B Acronyms and Abbreviations E ESP Encapsulating Security Payload F FR Frame Relay G GRE Generic Routing Encapsulation H HDLC High Level Data Link Control I IETF Internet Engineering Task Force IKE Internet Key Exchange IPSec IP Security IS-IS Intermediate System-to-Intermediate System intra-domain routing information exchange protocol ITU-T International Telecommunication Union Telecommunications Standardization Sector L L2TP Layer Two Tunneling Protocol LAPB Link Access Procedure Balanced LDP Label Distribution Protocol M MAC Medium Access Control MBGP Multiprotocol Extensions for BGP-4 MFR Multiple Frame Relay MP MultiLink PPP MPLS Multiprotocol Label Switching MSDP Multicast Source Discovery Protocol B-2 Huawei Proprietary and Confidential Copyright © Huawei Technologies Co.Quidway NetEngine80 Configuration Guide . Issue 04 (2009-12-20) . Administration and Maintenance OSPF Open Shortest Path First P PAP Password Authentication Protocol PE Provider Edge Ping Ping (Packet Internet Groper) PPP Point-to-Point Protocol PPPoA PPP over AAL5 PPPoE Point-to-Point Protocol over Ethernet PPPoEoA PPPoE on AAL5 PQ Priority Queuing Q QoS Quality of Service R RADIUS Remote Authentication Dial In User Service RIP Routing Information Protocol RPR Resilient Packet Ring RSVP Resource Reservation Protocol T TE Traffic Engineering TCP Transmission Control Protocol TFTP Trivial File Transfer Protocol Issue 04 (2009-12-20) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co.Protocol Translation O OAM Operation. B-3 .. Ltd.Quidway NetEngine80 Configuration Guide .Basic Configurations MTU B Acronyms and Abbreviations Maximum Transmission Unit N NAT Network Address Translation NAT-PT Network Address Translation . 25 Over TCP Huawei Proprietary and Confidential Copyright © Huawei Technologies Co..Quidway NetEngine80 Configuration Guide .Basic Configurations B Acronyms and Abbreviations V VLAN Virtual Local Area Network VPLS Virtual Private LAN Service VPN Virtual Private Network VRP Versatile Routing Platform VRRP Virtual Router Redundancy Protocol W WAN Wide Area Network WFQ Weighted Fair Queuing WRED Weighted Random Early Detection X XOT B-4 X. Issue 04 (2009-12-20) . Ltd. ...............................................Quidway NetEngine80 Configuration Guide .............................. i ...................................... Ltd.Basic Configurations Contents Contents Index ................ i-1 Issue 04 (2009-12-20) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co................. 4-7 hot keys classification. 1-5 features list. 4-7 user level.Basic Configurations Index Index B H basic configuration command privilege level. 10-5 displaying system status. 8-3 configuring telnet terminal services. 12-10 product overview characteristics. 8-14 configuring Xmodem. 1-8 hardware architecture. 10-7 mantainence electronic label backup. 5-7 SSH overview. 3-7 history command. 1-3 R regular expression begin. 3-11 use. 8-17 D device management setting the temperature threshold. 3-3 configuration file overview. 4-7 F File System overview. 12-9 unloading. 5-24 configuring command privilege level.Quidway NetEngine80 Configuration Guide . 9-7 configuring TFTP. 3-10 S setting terminal attributes. 3-8 editing. 3-2 command level. 3-6 views. 3-10 include. 6-2 FTP configuration. 4-6 system status. 4-4 super password. 3-7 error message. 12-7 introduction. 3-10 exclude. 10-7 P patch management checking. 8-18 overview. 1-2 software architecture. 12-3 install. 12-2 stop running. 8-2 Issue 04 (2009-12-20) maintenance electronic label. 10-2 introduction. 3-13 M C command line characteristics. 3-2 displaying. 10-2 online device management.. i-1 . 10-2 online upgrade. 7-2 configuring authentication mode. 9-4 Huawei Proprietary and Confidential Copyright © Huawei Technologies Co. 3-10 on-line help. 8-3 example. 4-4 configuring FTP. Ltd. 10-2 maintenance configure electronic elabel. i-2 Huawei Proprietary and Confidential Copyright © Huawei Technologies Co.. 9-7 overview. 11-2 T Telnet configuration. 10-3 user-interface configuration. 8-2 i. Ltd. 11-3 system software upgrade. 5-2 terminal attribute. 5-16. Issue 04 (2009-12-20) . 5-23 X XModem configuration. 5-7 user-management configuration. 5-5 numbering. 8-26 overview. 8-17 example. 8-24 overview. 9-2 TFTP configuration. 11-2 upgrade. 8-14 example. 8-2 U upgrading the board.Basic Configurations Index system software license.Quidway NetEngine80 Configuration Guide .