Professional Documents
Culture Documents
V300R005
04
Date
2009-12-20
Part Number
00407347
Huawei Technologies Co., Ltd. provides customers with comprehensive technical support and service. For
any assistance, please contact our local office or company headquarters.
Website:
http://www.huawei.com
Email:
support@huawei.com
Notice
The information in this document is subject to change without notice. Every effort has been made in the
preparation of this document to ensure accuracy of the contents, but all statements, information, and
recommendations in this document do not constitute the warranty of any kind, express or implied.
Quidway NetEngine80
Configuration Guide - Basic Configurations
Contents
Contents
About This Document.....................................................................................................................1
1 NE80 Core Router Overview....................................................................................................1-1
1.1 Introduction .................................................................................................................................................1-2
1.1.1 Overview ...........................................................................................................................................1-2
1.1.2 Hardware Architecture ......................................................................................................................1-2
1.1.3 Software Architecture........................................................................................................................1-3
1.2 Characteristics of the NE80.........................................................................................................................1-5
1.2.1 Support for Flattened Network Architecture .....................................................................................1-5
1.2.2 Line-Speed Forwarding.....................................................................................................................1-6
1.2.3 Multiple Interfaces ............................................................................................................................1-6
1.2.4 Carrier-Class Availability ..................................................................................................................1-6
1.2.5 Rich Services.....................................................................................................................................1-6
1.2.6 Perfect Diff-Serv/QoS .......................................................................................................................1-6
1.2.7 Excellent Security Mechanism ..........................................................................................................1-7
1.2.8 Practical NMS ...................................................................................................................................1-7
1.2.9 Flexible Networking Capabilities......................................................................................................1-8
1.3 Features List of the NE80............................................................................................................................1-8
Issue 04 (2009-12-20)
Contents
Quidway NetEngine80
Configuration Guide - Basic Configurations
2.3.4 Logging In from the Telnet Client.....................................................................................................2-5
3 CLI Overview..............................................................................................................................3-1
3.1 Introduction .................................................................................................................................................3-2
3.1.1 Command Line Interface...................................................................................................................3-2
3.1.2 Command Levels...............................................................................................................................3-2
3.1.3 Command Line Views .......................................................................................................................3-3
3.2 Online Help .................................................................................................................................................3-6
3.2.1 Full Help............................................................................................................................................3-6
3.2.2 Partial help ........................................................................................................................................3-6
3.2.3 Error Messages of the Command Line Interface...............................................................................3-7
3.3 Features of Command Line Interface ..........................................................................................................3-7
3.3.1 Editing ...............................................................................................................................................3-7
3.3.2 Displaying .........................................................................................................................................3-8
3.3.3 Regular Expressions ..........................................................................................................................3-8
3.3.4 History Commands..........................................................................................................................3-10
3.4 Shortcut Keys ............................................................................................................................................ 3-11
3.4.1 Classifying Shortcut Keys ............................................................................................................... 3-11
3.4.2 Defining Shortcut Keys ...................................................................................................................3-12
3.4.3 Use of Shortcut Keys.......................................................................................................................3-13
3.5 Configuration Examples............................................................................................................................3-13
3.5.1 Example for Using Shortcut Keys...................................................................................................3-13
3.5.2 Copying Commands Using Shortcut Keys......................................................................................3-14
3.5.3 Example for Using Tab....................................................................................................................3-14
ii
Issue 04 (2009-12-20)
Quidway NetEngine80
Configuration Guide - Basic Configurations
Contents
Issue 04 (2009-12-20)
iii
Contents
Quidway NetEngine80
Configuration Guide - Basic Configurations
5.5.4 Checking the Configuration ............................................................................................................5-22
iv
Issue 04 (2009-12-20)
Quidway NetEngine80
Configuration Guide - Basic Configurations
Contents
Issue 04 (2009-12-20)
Contents
Quidway NetEngine80
Configuration Guide - Basic Configurations
8.4.2 Configuring the source address of FTP Client.................................................................................8-10
8.4.3 Logging In to the FTP Server ..........................................................................................................8-10
8.4.4 Configuring Data Type and Transmission Mode for the File ..........................................................8-10
8.4.5 Viewing Online Help of the FTP Command ...................................................................................8-11
8.4.6 Uploading or Downloading Files .................................................................................................... 8-11
8.4.7 Managing Directories ...................................................................................................................... 8-11
8.4.8 Managing Files................................................................................................................................8-12
8.4.9 Changing Login Users.....................................................................................................................8-13
8.4.10 Disconnecting from the FTP Server ..............................................................................................8-13
8.4.11 Checking the Configuration...........................................................................................................8-14
vi
Issue 04 (2009-12-20)
Quidway NetEngine80
Configuration Guide - Basic Configurations
Contents
Issue 04 (2009-12-20)
vii
Contents
Quidway NetEngine80
Configuration Guide - Basic Configurations
viii
Issue 04 (2009-12-20)
Quidway NetEngine80
Configuration Guide - Basic Configurations
Contents
12 Patch Management.................................................................................................................12-1
12.1 Introduction .............................................................................................................................................12-2
12.2 Checking the Running of Patch in the System ........................................................................................12-3
12.2.1 Establishing the Configuration Task..............................................................................................12-3
12.2.2 Checking the Running of Patch on the MPU ................................................................................12-4
12.2.3 Checking the Running of Patch on the LPU..................................................................................12-5
12.3 Loading a Patch .......................................................................................................................................12-5
12.3.1 Establishing the Configuration Task..............................................................................................12-5
12.3.2 Uploading a Patch to the Root Directory of the Master MPU.......................................................12-6
12.3.3 Copying a Patch to the Root Directory of the Slave MPU ............................................................12-6
12.4 Installing a Patch on the MPU.................................................................................................................12-7
12.4.1 Establishing the Configuration Task..............................................................................................12-7
12.4.2 Uploading the MPU Patch.............................................................................................................12-7
12.4.3 Activating the MPU Patch.............................................................................................................12-8
12.4.4 Running the MPU Patch................................................................................................................12-8
12.5 Stop Running the MPU Patch..................................................................................................................12-9
12.5.1 Establishing the Configuration Task..............................................................................................12-9
12.5.2 Deactivating the MPU Patch .........................................................................................................12-9
12.6 Unloading the MPU Patch.....................................................................................................................12-10
12.6.1 Establishing the Configuration Task............................................................................................12-10
12.6.2 Deleting the MPU Patch..............................................................................................................12-10
12.7 Installing a Patch on the LPU ................................................................................................................ 12-11
12.7.1 Establishing the Configuration Task............................................................................................ 12-11
12.7.2 Uploading the LPU Patch............................................................................................................ 12-11
12.7.3 Activating the LPU Patch ............................................................................................................12-12
12.7.4 Running the LPU Patch...............................................................................................................12-12
12.8 Stop Running the LPU Patch.................................................................................................................12-13
12.8.1 Establishing the Configuration Task............................................................................................12-13
12.8.2 Deactivating the LPU Patch ........................................................................................................12-13
12.9 Unloading the LPU Patch......................................................................................................................12-13
12.9.1 Establishing the Configuration Task............................................................................................12-13
12.9.2 Deleting the LPU Patch...............................................................................................................12-14
Issue 04 (2009-12-20)
ix
Quidway NetEngine80
Configuration Guide - Basic Configurations
Figures
Figures
Figure 1-1 Software architecture of the NE80-8...............................................................................................1-4
Figure 2-1 Networking diagram of logging in through the console port ..........................................................2-7
Figure 2-2 New connection ..............................................................................................................................2-8
Figure 2-3 Setting the port................................................................................................................................2-8
Figure 2-4 Setting the port communication parameters....................................................................................2-9
Figure 2-5 Establishing the configuration environment through Telnet .........................................................2-10
Figure 2-6 Running the Telnet program on the PC......................................................................................... 2-11
Figure 2-7 Establishing the remote configuration environment through AUX............................................... 2-11
Figure 8-1 Networking diagram with FTP server basic functions ..................................................................8-19
Figure 8-2 Networking diagram of configuring FTP ACL .............................................................................8-21
Figure 8-3 Configuring the FTP client............................................................................................................8-23
Figure 8-4 Networking diagram of configuring TFTP ...................................................................................8-24
Figure 8-5 Setting the Base Directory of the TFTP server .............................................................................8-25
Figure 8-6 Specifying the file to be sent.........................................................................................................8-26
Figure 9-1 Telnet client services .......................................................................................................................9-2
Figure 9-2 Telnet redirection services...............................................................................................................9-3
Figure 9-3 Usage of Telnet shortcut keys .........................................................................................................9-3
Figure 9-4 Establishing an SSH channel in a LAN ..........................................................................................9-5
Figure 9-5 Establishing an SSH channel in a WAN..........................................................................................9-5
Figure 9-6 Networking diagram of the Telnet terminal services mode...........................................................9-29
Figure 9-7 Networking diagram of connecting the STelnet client to the SSH server .....................................9-31
Figure 9-8 Networking diagram of connecting the SFTP client to the SSH server ........................................9-37
Figure 9-9 Networking diagram of accessing the SSH server through other port numbers............................9-43
Figure 9-10 Networking diagram of authenticating the SSH through RADIUS ............................................9-49
Figure 12-1 Conversion between the statuses of a patch ................................................................................12-2
Issue 04 (2009-12-20)
xi
Quidway NetEngine80
Configuration Guide - Basic Configurations
Tables
Tables
Table 1-1 Features list of the NE80 Series USR ...............................................................................................1-8
Table 3-1 Command line views ........................................................................................................................3-4
Table 3-2 Common error messages of the command line .................................................................................3-7
Table 3-3 Keys for editing ................................................................................................................................3-7
Table 3-4 Keys for displaying...........................................................................................................................3-8
Table 3-5 Describes metacharacters..................................................................................................................3-9
Table 3-6 Access the history commands .........................................................................................................3-10
Table 3-7 System-defined shortcut keys ......................................................................................................... 3-11
Table 5-1 Example for the absolute numbering ................................................................................................5-3
Issue 04 (2009-12-20)
xiii
Quidway NetEngine80
Configuration Guide - Basic Configurations
Contents
Contents
About This Document.....................................................................................................................1
Issue 04 (2009-12-20)
Quidway NetEngine80
Configuration Guide - Basic Configurations
Related Versions
The following table lists the product versions related to this document.
Product Name
Version
V300R005
Intended Audience
This document is intended for:
z
Commissioning engineer
Organization
This document consists of twelve chapters and is organized as follows.
Chapter
Content
Issue 04 (2009-12-20)
Quidway NetEngine80
Configuration Guide - Basic Configurations
Chapter
Content
3 CLI Overview
4 Basic Configurtion
5 User Management
6 File System
7 Management of Configuration
Files
10 Router Maintenance
12 Patch Management
Index
Conventions
Symbol Conventions
The symbols that may be found in this document are defined as follows.
Issue 04 (2009-12-20)
Quidway NetEngine80
Configuration Guide - Basic Configurations
Symbol
Description
Indicates a hazard with a high level of risk, which if not
avoided, will result in death or serious injury.
Indicates a hazard with a medium or low level of risk, which if
not avoided, could result in minor or moderate injury.
Indicates a potentially hazardous situation, which if not
avoided, could result in equipment damage, data loss,
performance degradation, or unexpected results.
Indicates a tip that may help you solve a problem or save time.
Provides additional information to emphasize or supplement
important points of the main text.
General Conventions
The general conventions that may be found in this document are defined as follows.
Convention
Description
Boldface
Italic
Courier New
Command Conventions
The command conventions that may be found in this document are defined as follows.
Convention
Description
Boldface
Italic
[]
{ x | y | ... }
[ x | y | ... ]
Issue 04 (2009-12-20)
Quidway NetEngine80
Configuration Guide - Basic Configurations
Convention
Description
{ x | y | ... } *
[ x | y | ... ] *
&<1-n>
GUI Conventions
The GUI conventions that may be found in this document are defined as follows.
Convention
Description
Boldface
>
Keyboard Operations
The keyboard operations that may be found in this document are defined as follows.
Format
Description
Key
Press the key. For example, press Enter and press Tab.
Key 1+Key 2
Key 1, Key 2
Mouse Operations
The mouse operations that may be found in this document are defined as follows.
Action
Description
Click
Issue 04 (2009-12-20)
Quidway NetEngine80
Configuration Guide - Basic Configurations
Action
Description
Double-click
Drag
Press and hold the primary mouse button and move the
pointer to a certain position.
Update History
Updates between document issues are cumulative. Therefore, the latest document issue
contains all updates made in previous issues.
Issue 04 (2009-12-20)
Quidway NetEngine80
Configuration Guide - Basic Configurations
Contents
Contents
1 NE80 Core Router Overview....................................................................................................1-1
1.1 Introduction ...................................................................................................................................................1-2
1.1.1 Overview..............................................................................................................................................1-2
1.1.2 Hardware Architecture .........................................................................................................................1-2
1.1.3 Software Architecture ..........................................................................................................................1-3
1.2 Characteristics of the NE80...........................................................................................................................1-5
1.2.1 Support for Flattened Network Architecture........................................................................................1-5
1.2.2 Line-Speed Forwarding........................................................................................................................1-6
1.2.3 Multiple Interfaces ...............................................................................................................................1-6
1.2.4 Carrier-Class Availability.....................................................................................................................1-6
1.2.5 Rich Services .......................................................................................................................................1-6
1.2.6 Perfect Diff-Serv/QoS..........................................................................................................................1-6
1.2.7 Excellent Security Mechanism.............................................................................................................1-7
1.2.8 Practical NMS......................................................................................................................................1-7
1.2.9 Flexible Networking Capabilities ........................................................................................................1-8
1.3 Features List of the NE80..............................................................................................................................1-8
Issue 04 (2009-12-20)
Quidway NetEngine80
Configuration Guide - Basic Configurations
Figures
Figures
Figure 1-1 Software architecture of the NE80-8 ................................................................................................1-4
Issue 04 (2009-12-20)
iii
Quidway NetEngine80
Configuration Guide - Basic Configurations
Tables
Tables
Table 1-1 Features list of the NE80 Series USR.................................................................................................1-8
Issue 04 (2009-12-20)
Quidway NetEngine80
Configuration Guide - Basic Configurations
Describes
1.1 Introduction
Issue 04 (2009-12-20)
1-1
Quidway NetEngine80
Configuration Guide - Basic Configurations
1.1 Introduction
This section describes the basic knowledge of the NE80 Series USR, including:
z
Overview
Hardware Architecture
Software Architecture
1.1.1 Overview
Nowadays the IP Metropolitan Area Network (MAN) has developed into a new stage. It is no
longer limited to merely supplying individual broadband internet access services, but covers
all-around services including enterprise interconnection, virtual leased line, IP telephone/
videoconferencing, content service, and security service. All these raise higher requirements
to MAN devices.
According to the development of IP MANs, Huawei launches the NE80 Series USR. The
NE80 has the following features: large capacity, high performance, high reliability, and
abundant service capability required by MANs, such as line-speed forwarding on high-speed
interface, Ethernet switching, Multi-Protocol Label Switching Virtual Private Network
(MPLS VPN), perfect Quality of Service (QoS) mechanism and carrier-class reliability, which
provide abundant service processing capabilities and flexible networking capability.
The NE80 incorporates the powerful IP service processing capability of routers and the
low-cost Ethernet switching capability of Layer 3 Ethernet switches, and serves as a powerful
core router or a Layer 3 Ethernet switch. Therefore, the NE80 is an optimal choice for new
MANs.
The NE80 is the fifth-generation router, oriented to the carrier's backbone edge networks, the
core and the convergence layer of MANs, and networks of various industries and enterprises.
The NE80 enriches and perfects the high-end router series of Huawei, for it provides
cost-effective network solutions, and offers more choices.
MPU
The MPU completes such functions as system management, route control, data exchange, and
stratum-3 clock.
The NE80 have two MPUs for 1 + 1 redundancy. When one MPU fails, the service will be
automatically switched to the other MPU.
LPU
LPUs implement the interconnection and data forwarding with other devices. The NE80
supports the following LPUs:
z
1-2
Ethernet LPU
Issue 04 (2009-12-20)
Quidway NetEngine80
Configuration Guide - Basic Configurations
z
POS LPU
cPOS LPU
ATM LPU
RPR LPU
E1 LPU
LPUF
LPUFs are LPUs whose PIM cards can be replaced. Each LPUF can hold two PIM cards. The
following PIM cards are supported:
z
Service Board
The NE80 provides Network Address Translation (NAT) service board. The NAT board
features large capacity and high performance, and can support the translation between private
and public network addresses. The NAT board is used to solve the problems like the shortage
of public network addresses and ensure the network security on the Internet.
For more information about the NE80 hardware system, refer to the Quidway NetEngiNE80
Core Router Installation Manual.
Issue 04 (2009-12-20)
1-3
Quidway NetEngine80
Configuration Guide - Basic Configurations
Highway
Highway
FSU
Highway
Highway
FSU
Highway
FSU
Switch Fabric
Monitoring module
Highway
RPS
Highway
Highway
Highway
Switch Fabric
Monitoring module
EFU
EFU
EFU
LPU1
LPU2
LPU8
As the control and management unit of the system, the RPS runs on the active and standby
MPUs and performs the following tasks:
z
Route control
The RPS calculates and maintains the routes. In addition, it generates the Forward
Information Base (FIB) table and delivers it to each LPU for IP forwarding.
z
Label control
The RPS distributes labels, sets up and maintains the Label Switch Paths (LSPs). In addition,
it generates the FIB table and delivers it to each LPU for MPLS forwarding.
z
Traffic control
The RPS defines the traffic classification rules, configures the traffic parameters, configures
the queue resources and flow control parameters for Diff-Serv QoS.
z
The RPS maintains the devices, manages the network and devices, monitors the whole system,
diagnoses faults, and collects statistics for services.
Running on the CPU of the LPU, the FSU manages the service interfaces (configuring and
monitoring them), forwards data, controls the links, and negotiates the link parameters. In
addition, the FSU can maintain and manage local devices for LPUs and provide some system
monitoring and diagnosis services.
In addition to fast forwarding of IP packets, the EFU can provide such QoS functions as
traffic classifying, traffic measuring, traffic policing, traffic shaping, traffic scheduling, and
congestion avoiding and controlling. It can implement Diff-Serv, firewall, and Class of
Service (CoS) features according to different configuration requirements.
The Switch Fabric monitoring module monitors the internal switching network in the NE80
Series USR.
Implemented on the Huawei integrated network management platform, the NMS maintains
and controls devices uniformly.
1-4
Issue 04 (2009-12-20)
Quidway NetEngine80
Configuration Guide - Basic Configurations
The NE80 applies the Versatile Routing Platform (VRP) software system. As a versatile
operating system platform for Huawei's data communications products, the VRP realizes a
modular architecture with IP services as the core. In addition to abundant functions and
features, the VRP provides some application-based capabilities such as scalability and
flexibility.
With the TCP/IP protocol stack as the core, the VRP integrates multiple crucial technologies
for data communications such as routing, QoS, VPN, and security, thus providing excellent
data forwarding capability for the routing device.
The VRP provides consistent network, user, and management interfaces for various hardware
platforms and flexible solutions for users. The VRP is open to sustainable development, which
can protect carriers' investment to its maximum extent.
Line-Speed Forwarding
Multiple Interfaces
Carrier-Class Availability
Rich Services
Perfect Diff-Serv/QoS
Practical NMS
Issue 04 (2009-12-20)
1-5
Quidway NetEngine80
Configuration Guide - Basic Configurations
In this case, the NE80 may reduce the levels of the network construction to achieve the
flattened network, which improves the service quality and optimizes the network architecture.
1-6
Traffic classification
Traffic policing
Issue 04 (2009-12-20)
Quidway NetEngine80
Configuration Guide - Basic Configurations
z
Traffic shaping
Queue management
Queue Scheduling
Therefore, the NE80 can implement six groups of Per-Hop Behaviors (PHBs) defined in the
standard such as EF, AF1 to AF4 and BE as well as the other services.
The NE80 enables the network carriers to provide users with different QoS guarantee and
makes the Internet become the integrated network that carries data, voice and video services
simultaneously.
Issue 04 (2009-12-20)
1-7
Quidway NetEngine80
Configuration Guide - Basic Configurations
Description
Network
interconnection
LAN protocol
Ethernet_II
VLAN (802.1Q)
Link layer
protocol
PPP and MP
HDLC
FR
IP over ATM
RPR
STP/RSTP/MSTP
Q-in-Q
VLANIF
Layer 2 VLAN
VLAN sub-interface
Network protocol
IP service
ARP
DHCP Relay
DHCP Server
IP Unnumbered
Policy routing
1-8
Issue 04 (2009-12-20)
Quidway NetEngine80
Configuration Guide - Basic Configurations
Attribute
Description
IPv4
MPLS
MPLS
LDP
Basic forwarding
LSPM
VPLS/HVPLS
MPLS TE
RSVP TE
VPN
VPN
Network security
AAA service
CHAP authentication
PAP authentication
RADIUS
Other security
features
NAT
Port mirroring
Port traffic sampling
Flow control on the service LC and the
MPU
IP packet filtering
URPF
MAC address learning limit
HWTACAS+
SSH V1.5
Hot standby
for redundancy
Issue 04 (2009-12-20)
1-9
Quidway NetEngine80
Configuration Guide - Basic Configurations
Attribute
Description
Other features
QoS
Configuration
management
Traffic
classification
Traffic
policing and
shaping
CAR
Policy-based
routing
IP route redirection
MPLS QoS
Command line
interface
Time service
On-line
service
1-10
On-line loading
On-line upgrading
Issue 04 (2009-12-20)
Quidway NetEngine80
Configuration Guide - Basic Configurations
Attribute
Description
Information
processing
center
Network
Management
SNMP V1/V2c/V3
others
NQA
RMON
NOTE
HDLC = High-level Data Link Control
RPR = Resilient Packet Ring
URPF = Unicast Reverse Path Forwarding
AAA = Authorization, Authentication and Accounting
VRRP = Virtual Router Redundancy Protocol
CAR = Committed Access Rate
srTCM = Single Rate Three Color Marker
trTCM = Two Rate Three Color Marker
Issue 04 (2009-12-20)
1-11
Quidway NetEngine80
Configuration Guide - Basic Configurations
Contents
Contents
2 Establishment of the Configuration Environment..............................................................2-1
2.1 Introduction ...................................................................................................................................................2-2
2.1.1 Login Through the Console .................................................................................................................2-2
2.1.2 Login Through Telnet ..........................................................................................................................2-2
2.1.3 Login Through AUX Port ....................................................................................................................2-2
2.2 Logging In to the Router Through the Console Port .....................................................................................2-2
2.2.1 Establishing the Configuration Task ....................................................................................................2-2
2.2.2 Establishing the Physical Connection ..................................................................................................2-3
2.2.3 Configuring Terminals .........................................................................................................................2-3
2.2.4 Logging In to the Router......................................................................................................................2-3
2.3 Logging In to Router Through Telnet............................................................................................................2-4
2.3.1 Establishing the Configuration Task ....................................................................................................2-4
2.3.2 Establishing the Physical Connection ..................................................................................................2-5
2.3.3 Configuring Login User Parameters ....................................................................................................2-5
2.3.4 Logging In from the Telnet Client........................................................................................................2-5
2.4 Logging In to the Router Through the AUX Port..........................................................................................2-5
2.4.1 Establishing the Configuration Task ....................................................................................................2-5
2.4.2 Establishing the Physical Connection ..................................................................................................2-6
2.4.3 Initializing and Configuring the Modem on the Interface....................................................................2-6
2.4.4 Configuring the Connection Between the Remote Terminal and the Router .......................................2-6
2.4.5 Logging In to the Router......................................................................................................................2-7
2.5 Configuration Examples................................................................................................................................2-7
2.5.1 Example for Logging In Through the Console Port.............................................................................2-7
2.5.2 Example for Logging In Through Telnet..............................................................................................2-9
2.5.3 Example for Logging In Through the AUX Port ............................................................................... 2-11
Issue 04 (2009-12-20)
Quidway NetEngine80
Configuration Guide - Basic Configurations
Figures
Figures
Figure 2-1 Networking diagram of logging in through the console port ............................................................2-7
Figure 2-2 New connection ................................................................................................................................2-8
Figure 2-3 Setting the port..................................................................................................................................2-8
Figure 2-4 Setting the port communication parameters......................................................................................2-9
Figure 2-5 Establishing the configuration environment through Telnet ...........................................................2-10
Figure 2-6 Running the Telnet program on the PC........................................................................................... 2-11
Figure 2-7 Establishing the remote configuration environment through AUX ................................................ 2-11
Issue 04 (2009-12-20)
iii
Quidway NetEngine80
Configuration Guide - Basic Configurations
Description
2.1 Introduction
Issue 04 (2009-12-20)
2-1
Quidway NetEngine80
Configuration Guide - Basic Configurations
2.1 Introduction
2.1.1 Login Through the Console
In the following cases, use only the console port to configure the router:
z
The configuration environment cannot be established through Telnet or the AUX port.
Password authentication: indicates the login user should enter the correct password.
AAA local authentication: indicates the login user should enter the correct user name and
password.
Non-authentication: indicates the login user need not enter the user name or password.
If the login succeeds, a command line prompt such as <Quidway> appears on the Telnet client
interface.
Enter the command to check the running status of the router or to configure the router.
Enter "?" for help.
Do not modify the IP address of the router when you configure the router through Telnet because the
modification may disconnect Telnet. If necessary, set up the connection again after entering a new IP
address.
2-2
Issue 04 (2009-12-20)
Quidway NetEngine80
Configuration Guide - Basic Configurations
Pre-configuration Tasks
Before configuring the router through the console port, complete the following tasks:
z
Data Preparation
To configure the router through the Console port, you need the following data.
No.
Data
Terminal communication parameters (including baud rate, data bit, parity, stop
bit and flow control)
Configuration Procedures
To configure the router through the Console port, complete the following configuration
procedures.
No.
Procedure
Configuring Terminals
Issue 04 (2009-12-20)
2-3
Quidway NetEngine80
Configuration Guide - Basic Configurations
Step 1 Press Enter until a command line prompt such as Quidway appears. Now enter the
configuration environment in the user view.
----End
Pre-configuration Tasks
Before configuring the router through Telnet, complete the following tasks:
z
Preparing the PC (including the serial port and Ethernet crossover/direct network cable
Data Preparation
To log in to the router through Telnet, you need the following data.
No.
Data
IP address of the PC
User information accessed through Telnet (including user name, password and
authentication mode)
Configuration Procedures
To configure the router through Telnet, complete the following procedures.
2-4
No.
Procedure
Issue 04 (2009-12-20)
Quidway NetEngine80
Configuration Guide - Basic Configurations
Pre-configuration Tasks
Before configuring the router through the AUX port dialup, complete the following tasks:
z
Preparing the PC/terminal (including the serial port and RS-232 cable)
Data Preparation
To configure the router, you need the following data.
Issue 04 (2009-12-20)
2-5
No.
Data
Type of terminals
Quidway NetEngine80
Configuration Guide - Basic Configurations
Configuration Procedures
To configure the router by dialup through the AUX port, complete the following procedures.
No.
Procedure
Configuring the Connection Between the Remote Terminal and the Router
For details, refer to the Quidway NetEngine80 Core Router Configuration Guide - Security.
2-6
Issue 04 (2009-12-20)
Quidway NetEngine80
Configuration Guide - Basic Configurations
Router
PC
Configuration Roadmap
The configuration roadmap is as follows:
1.
2.
3.
Data Preparation
To complete the configuration, you need the terminal communication parameters (including
baud bit, data bit, parity, stop bit and flow control).
Issue 04 (2009-12-20)
2-7
Quidway NetEngine80
Configuration Guide - Basic Configurations
Configuration Procedure
Step 1 Connect the serial port of the PC (or terminal) to the console port of the router through
standard RS-232 configuration cable. The local configuration environment is established.
Step 2 Run the terminal emulation program on the PC. Set the terminal communication parameters to
be 9600 bps, data bit to be 8, stop bit to be 1. Specify no parity and no flow control as shown
from Figure 2-2 to Figure 2-4.
Figure 2-2 New connection
2-8
Issue 04 (2009-12-20)
Quidway NetEngine80
Configuration Guide - Basic Configurations
Power on the router to perform a self-check and the system performs automatic configuration.
When the self-check ends, you are prompted to press Enter until a command line prompt
such as Quidway appears.
Enter the command to check the running status of the router or configure the router.
Enter "?" for help.
For details, refer to the following chapters.
----End
Issue 04 (2009-12-20)
2-9
Quidway NetEngine80
Configuration Guide - Basic Configurations
WAN
PC
Router
Target
Router
Configuration Roadmap
The configuration roadmap is as follows:
1.
2.
3.
Data Preparation
To complete the configuration, you need the following data
z
IP address of the PC
User information accessed through Telnet (including the user name, password and
authentication mode)
Configuration Procedure
Step 1 Connect the PC and the router respectively to the network.
Step 2 Configure login user parameters.
# Configure the login address
<Quidway> system-view
[Quidway] interface GigabitEthernet 1/0/0
[Quidway-GigabitEthernet1/0/0] ip address 202.38.160.92 255.255.0.0
[Quidway-GigabitEthernet1/0/0] quit
2-10
Issue 04 (2009-12-20)
Quidway NetEngine80
Configuration Guide - Basic Configurations
Click OK.
Enter the user name and password in the login window. After authentication, a command line
prompt such as <Quidway> appears. Now enter the configuration environment in the user
view.
----End
Modem
Modem
PSTN
AUX
Router
COM
PC
Configuration Roadmap
The configuration roadmap is as follows:
1.
2.
3.
Issue 04 (2009-12-20)
2-11
Quidway NetEngine80
Configuration Guide - Basic Configurations
Data Preparation
To complete the configuration, you need the following data:
z
Type of terminals
Configuration Procedure
Step 1 Establish the physical connection as shown in Figure 2-7.
Step 2 Configure the AUX port to support the Modem dialup.
<Quidway> system-view
[Quidway] aaa
[Quidway-local-aaa-server] local-user huawei password cipher test1
[Quidway-local-aaa-server] local-user huawei service-type terminal
[Quidway-local-aaa-server] local-user huawei level 3
[Quidway-local-aaa-server] quit
[Quidway] user-interface aux 0
[Quidway-ui-aux0] authentication-mode aaa
[Quidway-ui-aux0] modem both
2-12
Issue 04 (2009-12-20)
Quidway NetEngine80
Configuration Guide - Basic Configurations
Contents
Contents
3 CLI Overview..............................................................................................................................3-1
3.1 Introduction ...................................................................................................................................................3-2
3.1.1 Command Line Interface .....................................................................................................................3-2
3.1.2 Command Levels .................................................................................................................................3-2
3.1.3 Command Line Views..........................................................................................................................3-3
3.2 Online Help ...................................................................................................................................................3-6
3.2.1 Full Help ..............................................................................................................................................3-6
3.2.2 Partial help ...........................................................................................................................................3-6
3.2.3 Error Messages of the Command Line Interface..................................................................................3-7
3.3 Features of Command Line Interface ............................................................................................................3-7
3.3.1 Editing..................................................................................................................................................3-7
3.3.2 Displaying............................................................................................................................................3-8
3.3.3 Regular Expressions.............................................................................................................................3-8
3.3.4 History Commands ............................................................................................................................3-10
3.4 Shortcut Keys .............................................................................................................................................. 3-11
3.4.1 Classifying Shortcut Keys.................................................................................................................. 3-11
3.4.2 Defining Shortcut Keys......................................................................................................................3-12
3.4.3 Use of Shortcut Keys .........................................................................................................................3-13
3.5 Configuration Examples..............................................................................................................................3-13
3.5.1 Example for Using Shortcut Keys......................................................................................................3-13
3.5.2 Copying Commands Using Shortcut Keys.........................................................................................3-14
3.5.3 Example for Using Tab ......................................................................................................................3-14
Issue 04 (2009-12-20)
Quidway NetEngine80
Configuration Guide - Basic Configurations
Tables
Tables
Table 3-1 Command line views ..........................................................................................................................3-4
Table 3-2 Common error messages of the command line...................................................................................3-7
Table 3-3 Keys for editing ..................................................................................................................................3-7
Table 3-4 Keys for displaying.............................................................................................................................3-8
Table 3-5 Describes metacharacters ...................................................................................................................3-9
Table 3-6 Access the history commands...........................................................................................................3-10
Table 3-7 System-defined shortcut keys ........................................................................................................... 3-11
Issue 04 (2009-12-20)
iii
Quidway NetEngine80
Configuration Guide - Basic Configurations
3 CLI Overview
CLI Overview
Description
3.1 Introduction
Issue 04 (2009-12-20)
3-1
Quidway NetEngine80
Configuration Guide - Basic Configurations
3 CLI Overview
3.1 Introduction
3.1.1 Command Line Interface
When a prompt appears, you enter the command line interface (CLI) and interact with routers
through CLI.
The system provides a series of configuration commands. You can configure and manage the
router by entering commands on CLI.
A CLI features as follows:
z
Hierarchical command protection for users of different levels, that is running the
commands based on the corresponding level.
Network testing commands such as tracert and ping for rapidly diagnosing a network.
The telnet command for directly logging in to and manage other routers.
The system supports the command with 255 characters at most. The command can be in an
incomplete form.
The system saves the incomplete command to the configuration files in the complete form; therefore,
the command may have more than 255 characters. However, when the system is restarted, the
incomplete command cannot be restored. So, pay attention to the length of the incomplete command.
3-2
Level 0-Visit level: Commands of this level include commands of network diagnosis tool
(such as ping and tracert) and commands that start from the local device and visit
external device (including Telnet client side, SSH client side and Rlogin) and so on.
Issue 04 (2009-12-20)
Quidway NetEngine80
Configuration Guide - Basic Configurations
3 CLI Overview
Level 1-Monitoring level: Commands of this level, including the display commands and
the debugging commands, are used for system maintenance, service fault diagnosis, and
so on.
Level 3-Management level: Commands of this level are commands that influence basis
operation of the system and provide support to the service. They include file system
commands, FTP commands, TFTP commands, XModem downloading commands,
configuration file switching commands, power supply control commands, backup board
control commands, user management commands, level setting commands, system
internal parameter setting commands, and so on.
To implement the refined management, you can increase the command levels to 0-15. For the
increase in the command levels, refer to Chapter 4 "Basic Configuration" in the Quidway
NetEngine80 Configuration Guide - Basic Configurations.
The default command level may be higher than the command level defined according to the
command rules in application.
Login users have the same 16 levels as the command levels. The login users can use only the
command of the levels that are equal to or lower than their own levels. For details of login user
levels, refer to section 5.1.2 "User Management" in Chapter 5 "User Login."
# Type aaa in the system view, and you can enter the AAA view.
[Quidway] aaa
[Quidway-aaa]
The prompt <Quidway> indicates the default router name. The prompt <> indicates the user view and
the prompt [ ] indicates other views.
Some commands that are implemented in the system view can also be implemented in the
other views. But the function implemented associate with the command view. For example,
the mpls command (for starting MPLS) can be run in the system view to enable the MPLS
capability globally. It can also be run in the interface view to enable the MPLS capability on
this interface.
Different command line views are shown in Table 3-1.
Issue 04 (2009-12-20)
3-3
Quidway NetEngine80
Configuration Guide - Basic Configurations
3 CLI Overview
3-4
View
Description
aaa
AAA view
aaa-accounting
aaa-authen
aaa-author
aaa-domain
aaa-recording
acl-adv
acl-basic
acl-if
Atm-pvc
aux
bgp
BGP view
bgp-af-l2vpn
bgp-af-vpnv4
bgp-af-vpn-instance
vpls-family
cpos
dhcp
e1
E1 interface view
e3
E3 interface view
ethernet
explicit-path
fr-class
ftp-client
GigabitEthernet
GE interface view
hwtacacs
HWTACACS view
ike-proposal
IKE view
ipsec-policy-isakmp
ipsec-policy-manual
ipsec-policy-template
Issue 04 (2009-12-20)
Quidway NetEngine80
Configuration Guide - Basic Configurations
3 CLI Overview
View
Description
ipsec-proposal
IPSEC view
isis
IS-IS view
l2tp
L2TP view
loopback
mp-group
mpls
MPLS view
mpls-l2vpn
MPLS-L2VPN view
mpls-ldp
MPLS-LDP view
null
ospf
OSPF view
ospf-area
policy-based-route
pos
radius
RADIUS view
rip
RIP view
rip-af-vpn-instance
ripng
RIPng view
route-policy
rsa-key-code
rsa-public-key
serial
shell
Shell view
system
System view
t1
T1 interface view
t3
T3 interface view
tunnel
tunnel-policy
user-interface
virtual-ethernet
virtual-template
vpn-instance
Issue 04 (2009-12-20)
3-5
Quidway NetEngine80
Configuration Guide - Basic Configurations
3 CLI Overview
View
Description
aaa
AAA view
aaa-accounting
aaa-authen
Full help
Partial help
Enter "?" in any command line view to display all the commands and their simple
descriptions.
<Quidway> ?
z
Enter a command and "?" separated by a space. If the key word is at this position, all
key words and their simple descriptions are displayed. For example:
<Quidway> language-mode ?
Chinese Chinese environment
English English environment
Chinese and English are keywords; Chinese environment and English environment describe
the keywords respectively.
z
Enter a command and "?" separated by a space, and if a parameter is at this position, the
related parameter names and parameter descriptions are displayed. For example:
In the preceding display, INTEGER<1-35791> describes the parameter value; Specify FTP
timeout minutes is a simple description of the parameter usage; <cr> indicates that no
parameter is at this position. The command is repeated in the next command line. You can
press Enter to run the command.
Enter a character string and "?" separated by a space to display all commands that begin
with this character string.
<Quidway> d?
debugging
3-6
delete
dir
display downlpu
Issue 04 (2009-12-20)
Quidway NetEngine80
Configuration Guide - Basic Configurations
z
3 CLI Overview
Enter a command with "?" closely following it to display all the key words that begin
with this character string.
<Quidway> display v?
version
virtual-access
version
vlan
vpls
vlan
vpn-group
vlan-group
vrrp
voltage
vpls
vrrp
vsi
vsi
Enter the first several letters of a key word in the command and then press Tab to display
the complete key word on the condition that the letters uniquely identify the key word.
Otherwise, if you continue to press Tab, different key words are displayed. You can
select the needed key word.
Unrecognized command
Wrong parameter
Incomplete command
Ambiguous command
Function
Common key
Issue 04 (2009-12-20)
3-7
Quidway NetEngine80
Configuration Guide - Basic Configurations
3 CLI Overview
Key
Function
Backspace
Deletes the character on the left of the cursor and the cursor
moves leftward.
When the cursor reaches the head of the command, an alarm
is generated.
Tab
Press Tab after typing the incomplete key word and the
system runs the partial help:
z
3.3.2 Displaying
You can control to display on CLI as follows:
z
When the information displayed exceeds a full screen, it provides the pause function. In
this case, the user has three choices as shown in Table 3-4.
Function
Ctrl+C
Space
Enter
3-8
Issue 04 (2009-12-20)
Quidway NetEngine80
Configuration Guide - Basic Configurations
3 CLI Overview
The regular expression is a tool for matching and replacing modes. Users should construct the
matching mode based on certain rules, and then match the mode with the target object.
To help users construct the matching mode flexibly, regular expressions provide some special
characters that are called metacharacters. Metacharacters are used to define the modes of
other characters in the target object.
Metacharacters are described in Table 3-5.
Table 3-5 Describes metacharacters
Metacharacter
Connotation
Escape character
[xyz]
[^xyz]
[a-z]
[^a-z]
{n}
{n,}
{n,m}
For example:
^ip: matches the target object that begins with the character string "ip".
ip$: matches the target object that ends with the character string "ip".
The simplest regular expressions do not contain any metacharacter. For example, when a
regular expression is defined as "hello", it matches only the character string "hello".
NE80 supports two ways of applying regular expression in filtering.
Issue 04 (2009-12-20)
3-9
Quidway NetEngine80
Configuration Guide - Basic Configurations
3 CLI Overview
| begin regular-expression: displays the information that begins with the line that
matches regular expression.
| exclude regular-expression: displays the information that excludes the lines that match
regular expression.
| include regular-expression: displays the information that includes the lines that match
regular expression.
/regular-expression: displays the information that begins with the line that matches
regular expression.
-regular-expression: displays the information that excludes lines that match regular
expression.
+regular-expression: displays the information that includes lines that match regular
expression.
Regular expressions are used to filter the output, such as the metacharacter {}. If the number
of matching times exceeds the scope specified in {}, the matching times out and the
information cannot be displayed normally. Thus, ensure to avoid repeating regular expressions.
Different products have different scopes.
3-10
Action
Key or Command
Result
Display the
history
commands.
display
history-command
Up cursor key
or Ctrl+P
Issue 04 (2009-12-20)
Quidway NetEngine80
Configuration Guide - Basic Configurations
3 CLI Overview
Action
Key or Command
Result
Access the
next history
command.
On the HyperTerminal of Windows 9X, cursor key is invalid. Because the HyperTerminals of
Windows 9X define the keys differently. In this case, you can replace the cursor key with Ctrl+P.
The saved history commands are the same as that those input by users. For example, if
the user inputs an incomplete command, the saved command also is incomplete.
If the user runs the same command for several times, the earliest command is saved. If
the command is input in different forms, they are considered as different commands.
For example, if the display ip routing-table command is run for several times, only one
history command is saved. If the disp ip routing command and the display ip
routing-table command are run, two history commands are saved.
User-oriented and user-defined shortcut keys: CTRL_G, CTRL_L, and CTRL_O. The
user can correlate these shortcut keys with any commands. When the shortcut keys are
pressed, the system automatically runs the corresponding command. For the details of
defining the shortcut keys, see Defining Shortcut Keys.
System-defined shortcut keys: These shortcut keys with fixed functions are defined by
the system. Table 3-7 lists the system-defined shortcut keys.
Different terminal software defines these keys differently. Therefore, the shortcut keys on the terminal
may be different from those listed in this section.
Function
CTRL_A
CTRL_B
CTRL_C
CTRL_D
CTRL_E
Issue 04 (2009-12-20)
3-11
Quidway NetEngine80
Configuration Guide - Basic Configurations
3 CLI Overview
Key
Function
CTRL_F
CTRL_H
CTRL_K
CTRL_N
CTRL_P
CTRL_R
CTRL_SHIFT_V
CTRL_T
CTRL_U
CTRL_W
CTRL_X
CTRL_Y
CTRL_Z
CTRL_]
ESC_B
ESC_D
ESC_F
ESC_N
ESC_P
ESC_SHIFT_<
ESC_SHIFT_>
3-12
Action
Command
Define shortcut
keys.
Issue 04 (2009-12-20)
Quidway NetEngine80
Configuration Guide - Basic Configurations
3 CLI Overview
You can press the shortcut keys wherever you can type a command. Then the system
displays the full corresponding command.
If you have typed part of a command and have not pressed Enter, you can press the
shortcut keys to clear the input and display the full corresponding command. This
operation has the same effect with that deleting all commands and then re-entering the
complete command.
The shortcut keys are run as the commands, the syntax is recorded to the command
buffer and log for fault location and querying.
The terminal in use may affect the functions of the shortcut keys. For example, if the customized
shortcut keys of the terminal conflict with those of the router, the input shortcut keys are captured by the
terminal program and hence the shortcut keys do not function.
Run the following command in any view to display the use of shortcut keys.
Action
Command
display hotkey
51.51.51.9/32 Direct 0
Issue 04 (2009-12-20)
Routes : 5
NextHop
D 127.0.0.1
Interface
InLoopBack0
3-13
Quidway NetEngine80
Configuration Guide - Basic Configurations
3 CLI Overview
100.2.0.0/16 Direct
D 100.2.150.51
100.2.150.51/32 Direct
D 127.0.0.1
100.2.255.255/32 Direct 0
127.0.0.0/8
Direct
GigabitEthernet0/0/0
InLoopBack0
D 127.0.0.1
InLoopBack0
D 127.0.0.1
InLoopBack0
----End
Step 2 Run the display clipboard command to view the contents on the clipboard.
<Quidway> display clipboard
---------------- CLIPBOARD----------------display ip routing-table
----End
The matching key word is unique after the incomplete key word is typed in.
The system replaces the typed one with the complete key word and displays it in a new line
with the cursor a space behind
----End
z
There are several matches or no match at all after the incomplete key word is typed in.
# info-center can be followed by three key words.
logfile
loghost
3-14
Issue 04 (2009-12-20)
Quidway NetEngine80
Configuration Guide - Basic Configurations
3 CLI Overview
The system displays the prefix first. The prefix in this example is "log".
Step 2 Continue to press Tab. The cursor is closely following the word end.
[Quidway] info-center loghost
[Quidway] info-center logbuffer
[Quidway] info-center logfile
Stop pressing Tab after the key word logfile that you need is displayed.
Step 3 Type a space to enter the next word "channel".
[Quidway] info-center logfile channel
----End
z
Issue 04 (2009-12-20)
3-15
Quidway NetEngine80
Configuration Guide - Basic Configurations
Contents
Contents
4 Basic Configuration ...................................................................................................................4-1
4.1 Introduction ...................................................................................................................................................4-2
4.2 Configuring the Basic System Environment .................................................................................................4-2
4.2.1 Establishing the Configuration Task ....................................................................................................4-2
4.2.2 Switching the Language Mode.............................................................................................................4-3
4.2.3 Configuring the Equipment Name .......................................................................................................4-3
4.2.4 Configuring the System Clock .............................................................................................................4-3
4.2.5 Configuring the Header Text................................................................................................................4-4
4.2.6 Configuring Command Levels.............................................................................................................4-4
4.3 Configuring Basic User Environment ...........................................................................................................4-5
4.3.1 Establishing the Configuration Task ....................................................................................................4-5
4.3.2 Configuring the Password for Switching User Levels .........................................................................4-6
4.3.3 Switching User Levels .........................................................................................................................4-6
4.3.4 Locking User Interfaces .......................................................................................................................4-7
4.4 Displaying System Status Messages .............................................................................................................4-7
4.4.1 Displaying System Configuration ........................................................................................................4-8
4.4.2 Displaying System Status.....................................................................................................................4-8
4.4.3 Collecting System Diagostic Information ............................................................................................4-8
Issue 04 (2009-12-20)
Quidway NetEngine80
Configuration Guide - Basic Configurations
4 Basic Configuration
Basic Configuration
Description
4.1 Introduction
Issue 04 (2009-12-20)
4-1
Quidway NetEngine80
Configuration Guide - Basic Configurations
4 Basic Configuration
4.1 Introduction
Before configuring the services, users often need to perform basic configurations for actual
operation and maintenance.
The product provides configurations of two kinds of basic environments:
z
Basic system environment: mainly includes the language mode, host name, system name,
system time, header text, command level for actual environment.
Basic user environment: mainly includes password for changing levels and the terminal
lock.
Pre-configuration Tasks
Before configuring basic system environment, power on the router.
Data Preparation
To configure basic system environment, you need the following data.
4-2
No.
Data
Language mode
System time
Host name
Login information
Command level
Issue 04 (2009-12-20)
Quidway NetEngine80
Configuration Guide - Basic Configurations
4 Basic Configuration
Configuration Procedures
No.
Procedure
Issue 04 (2009-12-20)
4-3
Quidway NetEngine80
Configuration Guide - Basic Configurations
4 Basic Configuration
Or:
clock daylight-saving-time time-zone-name repeating start-time { start-year month
{ first | second | third | fourth | fifth | last } weekday | start-date } end-time { end-year
month { first | second | third | fourth | fifth | last } weekday | end-date } offset
4-4
Issue 04 (2009-12-20)
Quidway NetEngine80
Configuration Guide - Basic Configurations
4 Basic Configuration
The command level is configured. With the command, you can specify the level and view for
multiple commands at one time (command-key)..
----End
If the user does not adjust a command level separately, after the command level is updated, all
originally-registered command lines adjust automatically according to following rules:
z
The command Level 2 is updated to Level 10 and Level 3 is updated to Level 15.
No command lines exist in Level 2 to Level 9 and Level 11 to Level 14.The user can
adjust the command lines to these levels separately to refine the management of
privilege.
From Level 2 to Level 10 and from Level 3 to Level 15, this is not a two-step process, but one-step by
batch.
Pre-configuration Tasks
Before configuring the basic environment for the user, complete the following task:
z
Issue 04 (2009-12-20)
4-5
Quidway NetEngine80
Configuration Guide - Basic Configurations
4 Basic Configuration
Data Preparation
To configure the basic environment for the user, you need the following data:
No.
Data
Configuration Procedures
No.
Procedure
When simple is used, the password is saved in the configuration files in simple text. Login
users with lower level can get the password by viewing the configuration. This may cause
security problems. Therefore, cipher is used to save the password in encrypted text.
Do as follows on the router:
Step 1 Run:
system-view
4-6
Issue 04 (2009-12-20)
Quidway NetEngine80
Configuration Guide - Basic Configurations
4 Basic Configuration
Step 1 Run:
super [ level ]
When the login user of lower levels is switched to the user of higher level through super, the system
automatically sends trap messages records the switchover in the log. When the switched level is lower
than that of the current level, the system only records the switchover in the log.
Issue 04 (2009-12-20)
4-7
Quidway NetEngine80
Configuration Guide - Basic Configurations
4 Basic Configuration
z
See the related sections for display commands about protocols and interfaces. The following
only shows the system display commands.
Run the following commands in all views.
Run the display users [ all ] command to display the terminal user.
Run the display this command to display the configuration of the current view.
4-8
Issue 04 (2009-12-20)
Quidway NetEngine80
Configuration Guide - Basic Configurations
Contents
Contents
5 User Management ......................................................................................................................5-1
5.1 Introduction ...................................................................................................................................................5-2
5.1.1 User Interface View .............................................................................................................................5-2
5.1.2 User Management ................................................................................................................................5-3
5.2 Configuring Console User Interface..............................................................................................................5-5
5.2.1 Establishing the Configuration Task ....................................................................................................5-5
5.2.2 Configuring Console Interface Attributes ............................................................................................5-6
5.2.3 Setting Console Terminal Attributes ....................................................................................................5-7
5.2.4 Configuring the User Interface Priority ...............................................................................................5-7
5.2.5 Configuring User Authentication .........................................................................................................5-8
5.2.6 Checking the Configuration ...............................................................................................................5-10
5.3 Configuring AUX User Interface ................................................................................................................5-10
5.3.1 Establishing the Configuration Task ..................................................................................................5-10
5.3.2 Configuring AUX Interface Attributes............................................................................................... 5-11
5.3.3 Configuring AUX Terminal Attributes...............................................................................................5-12
5.3.4 Configuring User Priority ..................................................................................................................5-13
5.3.5 Configuring Modem Attributes ..........................................................................................................5-13
5.3.6 Configuring User Authentication .......................................................................................................5-14
5.3.7 Checking the Configuration ...............................................................................................................5-15
5.4 Configuring VTY User Interface.................................................................................................................5-16
5.4.1 Establishing the Configuration Task ..................................................................................................5-16
5.4.2 Configuring Maximum VTY User Interfaces ....................................................................................5-17
5.4.3 Configuring Limits for Incoming Calls and Outgoing Calls..............................................................5-17
5.4.4 Configuring Timeout of VTY User Authorization .............................................................................5-18
5.4.5 Configuring VTY Terminal Attributes ...............................................................................................5-18
5.4.6 Configuring User Authentication .......................................................................................................5-19
5.4.7 Checking the Configuration ...............................................................................................................5-21
5.5 Managing User Interfaces ...........................................................................................................................5-21
5.5.1 Establishing the Configuration Task ..................................................................................................5-21
5.5.2 Sending Messages to Other User Interfaces.......................................................................................5-22
5.5.3 Clearing Online User .........................................................................................................................5-22
5.5.4 Checking the Configuration ...............................................................................................................5-22
Issue 04 (2009-12-20)
Contents
Quidway NetEngine80
Configuration Guide - Basic Configurations
ii
Issue 04 (2009-12-20)
Quidway NetEngine80
Configuration Guide - Basic Configurations
Tables
Tables
Table 5-1 Example for the absolute numbering ..................................................................................................5-3
Issue 04 (2009-12-20)
iii
Quidway NetEngine80
Configuration Guide - Basic Configurations
5 User Management
User Management
Description
5.1 Introduction
Issue 04 (2009-12-20)
5-1
Quidway NetEngine80
Configuration Guide - Basic Configurations
5 User Management
5.1 Introduction
5.1.1 User Interface View
The user interface view is a command line view provided by the system. It is used to
configure and manage all the physical and logical interfaces in the asynchronous mode.
The console port is a serial port provided by the main control unit of the router provides the
console port.
The main control unit provides one EIA/TIA-232 DCE console port for local configuration by
directly connecting a terminal to a router.
z
The main control unit of a router provides the auxiliary port that is a line device port. The
main control unit has one EIA/TIA-232 DTE AUX port, and is used by a terminal to access
the router through the Modem.
z
The virtual port is a logical terminal line. A virtual type line (VTY) is the Telnet connection
with the router through a terminal. It is used for local or remote access to the router.
Relative numbering
Number of the VTY: VTY 0 for the first line, VTY 1 for the second line and so on.
Absolute numbering
5-2
Issue 04 (2009-12-20)
Quidway NetEngine80
Configuration Guide - Basic Configurations
5 User Management
User-interface
CON0
33
AUX0
34
35
36
37
38
For different types of devices, the absolute numbers of the AUX interface and the VTY interface may be
different.
The numbers from 1 to 32 are reserved for the TTY user interfaces.
Run the display user-interface command to view the absolute number of user interfaces.
User Classification
Based on the services obtained, users of a router are classified as follows:
z
HyperTerminal users: They access the router through the console port or the AUX port.
File Transfer Protocol (FTP) users: They establish FTP connections with the router to
transfer files.
Point-to-Point Protocol (PPP) users: They establish PPP connections (such as dialing
and PPPoA) with the router to access the network.
Secure Shell (SSH) users: They establish SSH connections with the router to access the
network.
Issue 04 (2009-12-20)
5-3
Quidway NetEngine80
Configuration Guide - Basic Configurations
5 User Management
User Level
The system provides hierarchical management to HyperTerminal users and Telnet users.
The login user has the same 16 levels like the command. They are Visit, Monitoring,
Configure and Management, and are marked from 0 to15. The higher the mark is, the higher
the priority is.
A user can access a command depending on the user level.
z
In the case of AAA authentication, the level of the command that can be accessed by the
login user depends on the level of the local user in the AAA configuration.
The user can access the commands with the level equal to or smaller than the user level. For
example, if the user level is 2, the user can access the commands with level 0, 1, or 2. The
user with the level 3 can access all the commands.
For details of command level, refer to section 3.1.2 "Command Level" in Chapter 3 "Command Line
Introduction."
User Authentication
After the user configuration, the system authenticates users when they access the router.
The four types of user authentication are as follows:
z
Non-authentication: In this type, a user accesses the router without the username and
password. This is not recommended due to security reasons
Password authentication: In this type, a user accesses the router only with the password
rather than the username. This is safer when compared to non-authentication.
Authentication, Authorization and Accounting (AAA) local: This scheme needs both the
username and the password.
AAA authentication scheme: This scheme cooperates with AAA server, which
authenticates PPP users.
User Planning
The network administrator provides the user plan based on the actual requirements.
5-4
Issue 04 (2009-12-20)
Quidway NetEngine80
Configuration Guide - Basic Configurations
5 User Management
For the configuration of FTP user, refer to the Chapter 8 "FTP, TFTP and XModem."
For the configuration of PPP user, refer to Quidway NetEngine80 Core Router Configuration Guide
- Security.
Pre-configuration Tasks
Before configuring console user interface, complete the following tasks:
z
Data Preparation
To configure console user-interface, you need the following data.
No.
Data
Transmission rate, flow-control mode, checksum mode, stop bit, and data bit
Idle timeout period for user, screen length of terminal, and the size of history
command buffer
User priority
All the default values of the data are stored on the router and does not need additional configuration.
Configuration Procedures
To configure a console interface, complete the following procedures.
No.
Procedure
Issue 04 (2009-12-20)
5-5
Quidway NetEngine80
Configuration Guide - Basic Configurations
5 User Management
No.
Procedure
You can configure one or more user interfaces simultaneously in any view.
The flow control mode is set. By default, the flow-control mode is none.
Step 5 (Optional) Run:
parity { even | mark | none | odd | space }
Issue 04 (2009-12-20)
Quidway NetEngine80
Configuration Guide - Basic Configurations
5 User Management
When the user logs in to a router through a console interface, the configured attributes for the
console interface on the super terminal should accord with the attributes of the interface on
the router. Otherwise, the user cannot log in to the router.
Issue 04 (2009-12-20)
5-7
Quidway NetEngine80
Configuration Guide - Basic Configurations
5 User Management
Step 3 Run:
user privilege level level
Password authentication: needs no user name but a password. Otherwise, the user cannot
log in to the router through the console interface.
5-8
Issue 04 (2009-12-20)
Quidway NetEngine80
Configuration Guide - Basic Configurations
5 User Management
Configuring Non-Authentication
Do as follows on the router:
Step 1 Run:
system-view
Issue 04 (2009-12-20)
5-9
Quidway NetEngine80
Configuration Guide - Basic Configurations
5 User Management
Command
display local-user
display access-user
Pre-configuration Tasks
Before configuring AUX user interface, complete the following tasks:
z
Data Preparation
Before configuring AUX user interface, you need the following data.
5-10
No.
Data
Transmission rate, flow-control mode, checksum mode, stop bit, and data bit
Idle timeout period for user, screen length of terminal, and the size of history
command buffer
User priority
Modem attributes
Issue 04 (2009-12-20)
Quidway NetEngine80
Configuration Guide - Basic Configurations
5 User Management
All data above have default values on the router, and generally you do not need to specify them.
Configuration Procedures
To configure an AUX user interface, complete the following procedures.
No.
Procedure
Issue 04 (2009-12-20)
5-11
Quidway NetEngine80
Configuration Guide - Basic Configurations
5 User Management
5-12
Issue 04 (2009-12-20)
Quidway NetEngine80
Configuration Guide - Basic Configurations
5 User Management
Set the period since the system receives the ring signal until waits for CD_UP, that is, the time
since the establishment of calling, from picking up to detecting carrier.
Step 4 Run:
modem auto-answer
Issue 04 (2009-12-20)
5-13
Quidway NetEngine80
Configuration Guide - Basic Configurations
5 User Management
Password authentication: requires no user name but a password must be set. Otherwise,
the user cannot log in to the router through the console interface.
None: requires neither user name nor password. No authentication is needed when the
user logs in to the router.
5-14
Issue 04 (2009-12-20)
Quidway NetEngine80
Configuration Guide - Basic Configurations
5 User Management
Step 1 Run:
system-view
Configuring Non-Authentication
Do as follows on the router:
Step 1 Run:
system-view
Command
Issue 04 (2009-12-20)
5-15
Quidway NetEngine80
Configuration Guide - Basic Configurations
5 User Management
Action
Command
display local-user
display access-user
Pre-configuration Tasks
Before configuring VTY user interface, complete the following tasks:
z
Data Preparation
To configure the VTY user interface, you need the following data.
No.
Data
(Optional) ACL code to limit VTY user interface to call in and out
Idle timeout period for user, screen length of terminal, and the size of history
command buffer
Configuration Procedures
To configure a VTY user interface, complete the following procedures.
5-16
No.
Procedure
Issue 04 (2009-12-20)
Quidway NetEngine80
Configuration Guide - Basic Configurations
No.
Procedure
5 User Management
Set the maximum VTY user interfaces that can log in to the router at the same time.
----End
If the number of maximum VTY user interfaces to be configured is smaller than the number
of current maximum interfaces, this parameter needs not be configured if.
If the number of maximum VTY user interfaces to be configured is larger than the number of
current maximum interfaces, the authentication mode and password need to be configured for
newly added user interfaces.
For newly added user interfaces, the system applies password authentication by default. The
prompt is shown as follows:
Warning:Login password has not been set!
For example, a maximum of five users are allowed online. To allow 15 VTY users online at
the same time, you need to run the authentication-mode command and the set
authentication password command to configure authentication modes and passwords for
VTY user interface 5 to interface 14, shown as follows:
<Quidway> system-view
[Quidway] user-interface maximum-vty 15
[Quidway] user-interface vty 5 14
[Quidway-ui-vty5-14] authentication-mode password
[Quidway-ui-vty5-14] set authentication password cipher huawei
Issue 04 (2009-12-20)
5-17
Quidway NetEngine80
Configuration Guide - Basic Configurations
5 User Management
Issue 04 (2009-12-20)
Quidway NetEngine80
Configuration Guide - Basic Configurations
5 User Management
Password authentication: requires no user name but a password must be set. Otherwise,
the user cannot log in to the router through console interface.)
None: requires neither user name nor password. No authentication is needed when the
user logs in to the router.
Issue 04 (2009-12-20)
5-19
Quidway NetEngine80
Configuration Guide - Basic Configurations
5 User Management
Step 4 Run:
quit
Configuring Non-Authentication
Do as follows on the router:
Step 1 Run:
system-view
5-20
Issue 04 (2009-12-20)
Quidway NetEngine80
Configuration Guide - Basic Configurations
5 User Management
Command
display user-interface
[ ui-typeui-number | number| summary ]
Pre-configuration Tasks
Before managing the user interface, complete the following tasks:
z
Data Preparation
To manage the user interface, you need the following data:
No.
Data
Issue 04 (2009-12-20)
5-21
Quidway NetEngine80
Configuration Guide - Basic Configurations
5 User Management
Configuration Procedures
To configure a user interface, complete the following procedures.
No.
Procedure
5-22
Action
Command
display access-user
Issue 04 (2009-12-20)
Quidway NetEngine80
Configuration Guide - Basic Configurations
5 User Management
Pre-configuration Tasks
Before configuring a user interface, complete the following tasks:
z
Data Preparation
To configure a user, you need the following data.
No.
Data
Authentication mode
User priority
Configuration Procedures
To configure user management, complete the following procedures.
No.
Procedure
Configuring Non-Authentication
Issue 04 (2009-12-20)
5-23
Quidway NetEngine80
Configuration Guide - Basic Configurations
5 User Management
5-24
Issue 04 (2009-12-20)
Quidway NetEngine80
Configuration Guide - Basic Configurations
5 User Management
Step 4 Run:
aaa
Issue 04 (2009-12-20)
5-25
Quidway NetEngine80
Configuration Guide - Basic Configurations
5 User Management
If the authentication mode needs the username and the password, the priority of the user determines
the command level that the users can access.
Command
display local-user
display access-user
Pre-configuration Tasks
Before configuring local user management, complete the following tasks:
z
Data Preparation
To configure the local user management, you need the following data.
5-26
No.
Data
Issue 04 (2009-12-20)
Quidway NetEngine80
Configuration Guide - Basic Configurations
No.
Data
5 User Management
Configuration Procedures
To configure local user management, complete the following procedures.
No.
Procedure
Issue 04 (2009-12-20)
5-27
Quidway NetEngine80
Configuration Guide - Basic Configurations
5 User Management
By configuring the service type of the local user, you can manage the user based on service types.
5-28
Issue 04 (2009-12-20)
Quidway NetEngine80
Configuration Guide - Basic Configurations
5 User Management
Issue 04 (2009-12-20)
5-29
Quidway NetEngine80
Configuration Guide - Basic Configurations
5 User Management
Action
Command
Run the display local-user command. You can view the status and type of the local user.
<Quidway> display local-user
---------------------------------------------------------------User-name
State Type
---------------------------------------------------------------aaa@163
Active All
aaa
Active All
Dft
Dft
1
No
0
0
Run the display local-user username user-name command. You can view details of the AAA
local user, such as the user level, FTP authorization directory.
<Quidway> display local-user username aaa
-------------------------------------------------------------User-name
: aaa
Password
:huawei
State
: Active
Service-type
: All
ACL-number
: -
User-CAR
: -
Idle-cut
: No
Access-limit
: No
Online-number
: 0
MAC-address
: -
User-level
: 0
FTP-directory
: -
Call-number
: -
Callback-check
: Yes
Callback-number
: -
------------------------------------------------------------
After the following two configuration examples are completed, the current user VTY0 cannot
run commands at levels higher than two. Ensure that you can log in to the router through other
methods to delete the configuration.
5-30
Issue 04 (2009-12-20)
Quidway NetEngine80
Configuration Guide - Basic Configurations
5 User Management
Configuration Roadmap
The configuration roadmap is as follows:
1.
2.
3.
Data Preparation
To complete the configuration, you need the following data:
z
Configuration Procedure
<Quidway> system-view
[Quidway] user-interface vty 0
[Quidway-ui-vty0] user privilege level 2
[Quidway-ui-vty0] authentication-mode password
[Quidway-ui-vty0] set authentication password simple huawei
[Quidway-ui-vty0] idle-timeout 30
Issue 04 (2009-12-20)
5-31
Quidway NetEngine80
Configuration Guide - Basic Configurations
5 User Management
#
user-interface con 0
user-interface aux 0
user-interface vty 0
user privilege level 2
set authentication password simple huawei
idle-timeout 30 0
user-interface vty 1 4
#
return
Configuration Files
#
sysname Quidway
#
interface GigabitEthernet6/0/0
#
interface NULL0
#
aaa
authentication-scheme default
#
authorization-scheme default
#
accounting-scheme default
#
domain default
#
#
user-interface con 0
user-interface vty 0
user privilege level 2
set authentication password simple huawei
idle-timeout 30 0
user-interface vty 1 4
#
return
Configuration Roadmap
The configuration roadmap is as follows:
5-32
Issue 04 (2009-12-20)
Quidway NetEngine80
Configuration Guide - Basic Configurations
5 User Management
1.
Enter the user interface view to configure the priority of VTY0 to be 2 and the
disconnection time.
2.
Enter the AAA view to configure the username, the password and the user level.
3.
Switch on the idle timeout for the local user in the AAA view.
Data Preparation
To complete the configuration, you need the following data:
z
Disconnection time
Configuration Procedure
<Quidway> system-view
[Quidway] user-interface vty 0
[Quidway-ui-vty0] user privilege level 2
[Quidway-ui-vty0] authentication-mode aaa
[Quidway-ui-vty0] idle-timeout 30
[Quidway-ui-vty0] quit
[Quidway] aaa
[Quidway -aaa] local-user huawei password cipher huawei
[Quidway -aaa] local-user huawei level 2
[Quidway-aaa] local-user huawei idle-cut
Configuration Files
#
sysname Quidway
#
aaa
local-user huawei password cipher N`C55QK<`=/Q=^Q`MAF4<1!!
local-user huawei level 2
local-user huawei idle-cut
#
authorization-scheme default
#
accounting-scheme default
#
domain default
#
user-interface vty 0
authentication-mode aaa
user privilege level 2
idle-timeout 30 0
#
return
Issue 04 (2009-12-20)
5-33
Quidway NetEngine80
Configuration Guide - Basic Configurations
Contents
Contents
6 File System ..................................................................................................................................6-1
6.1 Introduction ...................................................................................................................................................6-2
6.1.1 File System ..........................................................................................................................................6-2
6.1.2 Storage Devices ...................................................................................................................................6-2
6.1.3 Files......................................................................................................................................................6-2
6.1.4 Directories............................................................................................................................................6-2
6.2 Managing Storage Devices............................................................................................................................6-2
6.2.1 Establishing the Configuration Task ....................................................................................................6-2
6.2.2 Restoring Storage Devices with File System Troubles ........................................................................6-3
6.2.3 Formatting Storage Devices.................................................................................................................6-3
6.3 Managing the Directory ................................................................................................................................6-4
6.3.1 Establishing the Configuration Task ....................................................................................................6-4
6.3.2 Viewing the Current Directory.............................................................................................................6-5
6.3.3 Switching the Directory .......................................................................................................................6-5
6.3.4 Displaying the Directory of File ..........................................................................................................6-5
6.3.5 Creating a Directory.............................................................................................................................6-6
6.3.6 Deleting a Directory.............................................................................................................................6-6
6.4 Managing Files..............................................................................................................................................6-6
6.4.1 Displaying Contents of Files................................................................................................................6-7
6.4.2 Copying Files .......................................................................................................................................6-7
6.4.3 Moving Files ........................................................................................................................................6-8
6.4.4 Renaming Files ....................................................................................................................................6-8
6.4.5 Deleting Files .......................................................................................................................................6-9
6.4.6 Deleting Files in the Recycle Bin.........................................................................................................6-9
6.4.7 Undeleting Files ...................................................................................................................................6-9
6.5 Running Files in Batch................................................................................................................................6-10
6.6 Configuring Prompt Modes.........................................................................................................................6-10
6.7 Example of Configuration........................................................................................................................... 6-11
Issue 04 (2009-12-20)
Quidway NetEngine80
Configuration Guide - Basic Configurations
6 File System
File System
Description
6.1 Introduction
Issue 04 (2009-12-20)
6-1
Quidway NetEngine80
Configuration Guide - Basic Configurations
6 File System
6.1 Introduction
This section covers the topics that you need to know before you configure a file system.
Functions
The file system has two functions: managing the storage devices and managing the files that
are stored in those storage devices.
6.1.3 Files
The file is a mechanism in which the system stores and manages messages.
6.1.4 Directories
The directory is a mechanism in which the system integrates and organizes the file. It is the
logical container of the file.
Pre-configuration Tasks
Before managing the storage devices, complete the following tasks:
6-2
Issue 04 (2009-12-20)
Quidway NetEngine80
Configuration Guide - Basic Configurations
6 File System
Data Preparation
Before managing the storage devices, you need the following data.
No.
Data
Device name
Configuration Procedures
You can perform Step 1 and Step 2 in a random order.
No.
Procedure
6-3
Quidway NetEngine80
Configuration Guide - Basic Configurations
6 File System
user-view
If the storage device cannot work after you running the format device-name command, the reason may
lie on the hardware.
Pre-configuration Tasks
Before configuring the management directory, complete the following tasks:
z
Data Preparation
To configure a management directory, you need the following data.
No.
Data
Configuration Procedures
To complete the configuration, perform the following procedures.
6-4
No.
Procedure
Switching
Issue 04 (2009-12-20)
Quidway NetEngine80
Configuration Guide - Basic Configurations
No.
Procedure
Displaying
Creating
Deleting
6 File System
Issue 04 (2009-12-20)
6-5
Quidway NetEngine80
Configuration Guide - Basic Configurations
6 File System
----End
Pre-configuration Tasks
Before configuring the file system, complete the following tasks:
6-6
Issue 04 (2009-12-20)
Quidway NetEngine80
Configuration Guide - Basic Configurations
z
6 File System
Data Preparation
To configure a file system, you need the following data.
No.
Data
Configuration Procedures
No.
Procedure
Copying Files
Moving Files
Renaming Files
Deleting Files
Undeleting Files
Issue 04 (2009-12-20)
6-7
Quidway NetEngine80
Configuration Guide - Basic Configurations
6 File System
The length of the file must exceed zero bytes; otherwise, the file cannot be copied.
6-8
Issue 04 (2009-12-20)
Quidway NetEngine80
Configuration Guide - Basic Configurations
6 File System
Running this command deletes only the files in the recycle bin of the master MPU.
If the current directory is not the parent directory, you must operate the file using the absolute path.
Issue 04 (2009-12-20)
6-9
Quidway NetEngine80
Configuration Guide - Basic Configurations
6 File System
Pre-configuration Tasks
Before configuring the batch process, complete the following tasks:
z
Data Preparation
To configure the batch process, you need the following data.
No.
Data
Configuration Procedures
Do as follows on the router:
Step 1 Run:
system-view
If quiet is selected as the prompt mode of the file system, no prompt is displayed when
mis-operation such as deleting a file, which results in data loss, is performed.
6-10
Issue 04 (2009-12-20)
Quidway NetEngine80
Configuration Guide - Basic Configurations
6 File System
Applicable Environment
The data may be lost or damaged during process, and the prompt is required.
Pre-configuration Tasks
Before configuring a file system, complete the following tasks:
z
Data Preparation
None
Configuration Procedures
Do as follows on the router:
Step 1 Enter the user view.
Step 2 Run:
system-view
Configuration Roadmap
The configuration roadmap is as follows:
1.
2.
3.
Check this directory and view that the file is copied successfully to the specified
directory.
Issue 04 (2009-12-20)
6-11
Quidway NetEngine80
Configuration Guide - Basic Configurations
6 File System
Data Preparation
To complete the configuration, you need the following data:
z
Configuration Procedures
Step 1 Display the file information in the current directory.
<Quidway> dirflash:
Directory of flash:/
0
-rw-
-rw-
private-data.txt
vrpcfg.zip
-rw-
license.txt
-rw-
paf.txt
-rw-
log.txt
Step 3 Display the file information in the current directory, and you can view that the file is copied to
the specified directory.
<Quidway> dir slave#flash
Directory of slave#flash:/
0
-rw-
-rw-
vrpcfg.zip
-rw-
license.txt
-rw-
paf.txt
-rw-
log.txt
-rw-
-rw-
-rw-
-rw-
hostkey
-rw-
serverkey
-rw-
-rw-
drw-
private-data.txt
vrpcfg.cfg
vrp5.cc
matnlog.dat
snmpboots
header-file.txt
log.txt
----End
6-12
Issue 04 (2009-12-20)
Quidway NetEngine80
Configuration Guide - Basic Configurations
Contents
Contents
7 Management of Configuration Files ......................................................................................7-1
7.1 Introduction ...................................................................................................................................................7-2
7.1.1 Definitions ...........................................................................................................................................7-2
7.1.2 Configuration Files and Current Configurations..................................................................................7-2
7.2 Managing Configuration Files.......................................................................................................................7-2
7.2.1 Establishing the Configuration Task ....................................................................................................7-2
7.2.2 Configuring System Software for a Router to Load.............................................................................7-3
7.2.3 Configuring the Configuration File for Router to Load .......................................................................7-3
7.2.4 Saving Configuration File....................................................................................................................7-4
7.2.5 Clearing Configuration Files................................................................................................................7-4
7.2.6 Comparing Configuration Files............................................................................................................7-5
7.2.7 Checking the Configuration .................................................................................................................7-5
Issue 04 (2009-12-20)
Quidway NetEngine80
Configuration Guide - Basic Configurations
Description
7.1 Introduction
Issue 04 (2009-12-20)
7-1
Quidway NetEngine80
Configuration Guide - Basic Configurations
7.1 Introduction
7.1.1 Definitions
The configuration file is the add-in configuration item when restarting the router this time or
next time.
The configuration file is a text file in the following formats:
z
To save space, default parameters are not saved. For the default values of the
configuration parameters, see the following sections.
Commands are organized on the basis of the command view. All commands of the
identical command view are grouped into a section. Every two command sections are
separated by one or several blank lines or comment lines (beginning with "#").
The system can run the command with the maximum length of 255 characters, including the
command in the incomplete form.
If the configuration is in the incomplete form, the command is saved in complete form. Therefore,
the command length in the configuration file may exceed 255 characters. When the system restarts,
those commands cannot be restored.
Initial configurations: On powering on, the router retrieves the configuration files from
the default save path to initiate itself. If no configuration file exists in the default save
path, the router uses the default parameters.
Users can modify the current configuration s of the router through the command line
interface. Use the save command to save the current configuration to the configuration
file of the default storage devices, and the current configuration become the initial
configuration of the router when the router is powered on next time.
7-2
Issue 04 (2009-12-20)
Quidway NetEngine80
Configuration Guide - Basic Configurations
Pre-configuration Tasks
Before managing the configuration files, install the router and start it properly.
Data Preparation
To manage configuration files, you need the following data.
No.
Data
The number of start line from which ling the comparison of the configuration
file begins
Configuration Procedures
You can perform Procedure 1 to Procedure 5 in a random order.
No.
Procedure
The system software for the router to load next time when it starts is configured.
The parameter slave-board is valid only on the router with dual main control boards.
----End
Issue 04 (2009-12-20)
7-3
Quidway NetEngine80
Configuration Guide - Basic Configurations
Configuration file for the router to load next time when it starts is saved.
----End
When the router turns on, it initiates by reading the configuration file from the flash memory
by default. Thus, the configuration in this configuration file is called initial configuration. If
there is no configuration file in the flash, the router initiates with default parameters.
The effective configuration when a router is working is called current configuration.
After the software of the router is upgraded, the software does not match the
configuration file.
The configuration file is found damaged or the router is load with incorrect configuration
files.
7-4
Issue 04 (2009-12-20)
Quidway NetEngine80
Configuration Guide - Basic Configurations
Command
display current-configuration
display saved-configuration
display startup
After the configurations succeed, run the preceding commands, and you can find the
following results:
z
The current configuration of the router is correct without any redundant configuration.
The system software and configuration file that are to be loaded on the router next time
are correct and they are saved in the root directory of the storage device.
Issue 04 (2009-12-20)
7-5
Quidway NetEngine80
Configuration Guide - Basic Configurations
Contents
Contents
8 FTP, TFTP and XModem ..........................................................................................................8-1
8.1 Introduction ...................................................................................................................................................8-2
8.1.1 FTP ......................................................................................................................................................8-2
8.1.2 TFTP ....................................................................................................................................................8-2
8.1.3 XModem ..............................................................................................................................................8-2
8.2 Configuring the Router to be the FTP Server................................................................................................8-3
8.2.1 Establishing the Configuration Task ....................................................................................................8-3
8.2.2 Configuring the source address of FTP server .....................................................................................8-4
8.2.3 Enabling the FTP Server ......................................................................................................................8-4
8.2.4 Configuring the Timeout Period...........................................................................................................8-4
8.2.5 Configuring the Local Username and the Password ............................................................................8-5
8.2.6 Configuring Service Types and Authorization Information .................................................................8-5
8.2.7 Checking the Configuration .................................................................................................................8-6
8.3 Configuring FTP ACL...................................................................................................................................8-6
8.3.1 Establishing the Configuration Task ....................................................................................................8-6
8.3.2 Enabling the FTP Server ......................................................................................................................8-7
8.3.3 Configuring the Basic ACL..................................................................................................................8-7
8.3.4 Configuring the Basic FTP ACL..........................................................................................................8-8
8.3.5 Checking the Configuration .................................................................................................................8-8
8.4 Configuring the Router to Be the FTP Client................................................................................................8-9
8.4.1 Establishing the Configuration Task ....................................................................................................8-9
8.4.2 Configuring the source address of FTP Client ...................................................................................8-10
8.4.3 Logging In to the FTP Server.............................................................................................................8-10
8.4.4 Configuring Data Type and Transmission Mode for the File.............................................................8-10
8.4.5 Viewing Online Help of the FTP Command ...................................................................................... 8-11
8.4.6 Uploading or Downloading Files ....................................................................................................... 8-11
8.4.7 Managing Directories......................................................................................................................... 8-11
8.4.8 Managing Files...................................................................................................................................8-12
8.4.9 Changing Login Users .......................................................................................................................8-13
8.4.10 Disconnecting from the FTP Server.................................................................................................8-13
8.4.11 Checking the Configuration .............................................................................................................8-14
8.5 Configuring TFTP .......................................................................................................................................8-14
Issue 04 (2009-12-20)
Contents
Quidway NetEngine80
Configuration Guide - Basic Configurations
8.5.1 Establishing the Configuration Task ..................................................................................................8-14
8.5.2 Configuring the source address of TFTP Client.................................................................................8-15
8.5.3 Downloading Files Through TFTP ....................................................................................................8-15
8.5.4 Uploading Files Through TFTP .........................................................................................................8-15
ii
Issue 04 (2009-12-20)
Quidway NetEngine80
Configuration Guide - Basic Configurations
Figures
Figures
Figure 8-1 Networking diagram with FTP server basic functions....................................................................8-19
Figure 8-2 Networking diagram of configuring FTP ACL...............................................................................8-21
Figure 8-3 Configuring the FTP client .............................................................................................................8-23
Figure 8-4 Networking diagram of configuring TFTP .....................................................................................8-24
Figure 8-5 Setting the Base Directory of the TFTP server ...............................................................................8-25
Figure 8-6 Specifying the file to be sent...........................................................................................................8-26
Issue 04 (2009-12-20)
iii
Quidway NetEngine80
Configuration Guide - Basic Configurations
Description
8.1 Introduction
Issue 04 (2009-12-20)
8-1
Quidway NetEngine80
Configuration Guide - Basic Configurations
8.1 Introduction
8.1.1 FTP
File Transfer Protocol (FTP) is an application layer protocol in the TCP/IP protocol suite. It
implements file transfer between remote hosts based on related file systems. The FTP protocol
is implemented based on corresponding file system.
The router provides the following FTP services:
z
FTP server service. Users can run the FTP client program to log in to the router and
access the files on the router.
FTP client service. Users can establish a connection with the router by running a terminal
emulation program or a Telnet program on a PC. Enter an FTP command to connect with
the remote FTP server and access the files on the remote host.
8.1.2 TFTP
The Trivial File Transfer Protocol (TFTP) is a simple file transfer protocol.
Compared with FTP, TFTP does not have a complex interactive access interface and
authentication control. TFTP is applicable in an environment where there is no complex
interaction between the client and the server. For example, TFTP is used to obtain the memory
image of the system when the system starts up.
TFTP is implemented based on UDP.
The client initiates the TFTP transfer. To download files, the client sends a read request packet
to the TFTP server, receives packets from the server, and sends acknowledgement to the
server. To upload files, the client sends a write request packet to the TFTP server, sends
packets to the server, and receives acknowledgement from the server.
TFTP transfers the files in two formats:
z
The NE80 can serve as the TFTP client only and thus can be used only to transfer files in the
binary format.
8.1.3 XModem
XModem is a file transfer protocol and is widely used due to its simplicity and performance.
XModem transfers files through serial interfaces. It supports packets of 128 bytes and 1K
bytes, common checksum and CRC, and retransmission for several times (usually 10 times)
when packet error occurs.
8-2
XModem file transfer consists of the receiving program and the sending program. The
receiving program first sends the negotiation character to negotiate the check mode.
After the negotiation succeeds, the sending program begins to send packets.
When the receiving program receives a complete packet, it checks the packet according
to the negotiated mode:
Issue 04 (2009-12-20)
Quidway NetEngine80
Configuration Guide - Basic Configurations
The receiving program sends the acknowledgement character after the check passes. The
sending program then sends the next packet.
If the check fails, the receiving program sends the deny character and the sending
program retransmits the packet.
NE80 provides the function of XModem receiving program, which can be applied to the AUX
port and supports 128-byte packets and CRC. The function of XModem sending program is
automatically included in the HyperTerminal.
Pre-configuration Tasks
Before configuring the FTP server, complete the following tasks:
z
Data Preparation
To configure FTP, you need the following data.
No.
Data
Configuration Procedures
To configure an FTP server, you need to take following steps.
No.
Procedure
Issue 04 (2009-12-20)
8-3
Quidway NetEngine80
Configuration Guide - Basic Configurations
No.
Procedure
8-4
Issue 04 (2009-12-20)
Quidway NetEngine80
Configuration Guide - Basic Configurations
Issue 04 (2009-12-20)
8-5
Quidway NetEngine80
Configuration Guide - Basic Configurations
Command
display ftp-server
display ftp-users
After configuring the FTP server, run the display ftp-server command. You can view that the
FTP server is working.
<Quidway> display ftp-server
FTP server is running
Max user number
User count
30
Acl number
Run the display ftp-users command to view the user name, port number, authorization
directory of the FTP user configured currently.
<Quidway> display ftp-users
Username
host
port
idle
topdir
huawei
100.2.150.211
4641
flash:
Pre-configuration Tasks
Before configuring the FTP ACL, complete the following tasks:
z
Data Preparation
To configure the FTP ACL, you need the following data.
8-6
Issue 04 (2009-12-20)
Quidway NetEngine80
Configuration Guide - Basic Configurations
No.
Data
Configuration Procedures
To configure an FTP ACL, you need to take following steps.
No.
Procedure
Issue 04 (2009-12-20)
8-7
Quidway NetEngine80
Configuration Guide - Basic Configurations
Command
display ftp-server
After configuring the FTP server, run the display ftp-server command. You can view that the
FTP ACL is 2345.
<Quidway> display ftp-server
FTP server is running
8-8
User count
30
Acl Number
2345
Issue 04 (2009-12-20)
Quidway NetEngine80
Configuration Guide - Basic Configurations
Pre-configuration Tasks
Before configuring a router as an FTP client, complete the following tasks:
z
Data Preparation
To configure the router as an FTP client, you need the following data.
No.
Data
Configuration Procedures
To configure a router as an FTP client, you need to take following steps.
No.
Procedure
Configuring
Managing Directories
Managing Files
Issue 04 (2009-12-20)
8-9
Quidway NetEngine80
Configuration Guide - Basic Configurations
the router that serves as the client can be connected to the FTP server in
8.4.4 Configuring Data Type and Transmission Mode for the File
Do as follows on the router that serves as the client:
Step 1 Run:
ftp [-a source-ip-address | -i { interface-name | interface-type interface-num } ] [ host
[ port-number ] ] [ vpn-instance vpn-instance-name ]
The router is connected to the FTP server, and the FTP client view is displayed.
Step 2 Run:
ascii | binary
8-10
Issue 04 (2009-12-20)
Quidway NetEngine80
Configuration Guide - Basic Configurations
The router is connected to the FTP server, and the FTP client view is displayed.
Step 2 Run:
remotehelp [ command ]
The router is connected to the FTP server, and the FTP client view is displayed.
Step 2 Upload or download files.
z
Run:
Run:
The FTP file is downloaded from the FTP server and saved to the local file.
----End
Issue 04 (2009-12-20)
8-11
Quidway NetEngine80
Configuration Guide - Basic Configurations
Run:
cd pathname
Run:
cdup
The working path of the FTP server is switched to the upper-level directory.
z
Run:
pwd
Run:
lcd
Run:
mkdir remote-directory
Run:
rmdir remote-directory
The directory to be created can comprise letters and digits, rather than such special characters as <,
>, ?, \ and :.
When running the mkdir /abc command, you create a sub-directory named "abc".
----End
Run:
ls [ remote-filename ] [ local-filename ]
Run:
8-12
Issue 04 (2009-12-20)
Quidway NetEngine80
Configuration Guide - Basic Configurations
Run:
delete remote-filename
The current login user is changed and the user logs in again.
----End
Run:
bye
Or
quit
Run:
close
Or
quit
Issue 04 (2009-12-20)
8-13
Quidway NetEngine80
Configuration Guide - Basic Configurations
The previous configurations can be executed only in the FTP client view.
Command
display ftp-users
Run the display ftp-users command to view the user name, port number, authorization
directory of the FTP user configured currently.
<Quidway> display ftp-users
username
zll
host
100.2.150.226
port
2320
idle
0
topdir
cfcard:
Pre-configuration Tasks
Before configuring TFTP, complete the following tasks:
z
Data Preparation
To configure TFTP, you need the following data.
8-14
No.
Data
File directory
ACL number
Issue 04 (2009-12-20)
Quidway NetEngine80
Configuration Guide - Basic Configurations
Configuration Procedures
No.
Procedure
Issue 04 (2009-12-20)
8-15
Quidway NetEngine80
Configuration Guide - Basic Configurations
Pre-configuration Tasks
Before configuring a limit to access the TFTP server, complete the following tasks:
z
Data Preparation
To configure a limit to accesss to TFTP server, you need the following data.
No.
Data
ACL number
Configuration Procedures
To configure a limit to access to TFTP server, you need to take following steps.
No.
Procedure
8-16
Issue 04 (2009-12-20)
Quidway NetEngine80
Configuration Guide - Basic Configurations
Step 3 Run:
rule [ rule-id ] { deny | permit } [ source { host-name { source-wildcard | 0 } |
source-ip-address { source-wildcard | 0 } | any } | time-range time-name | logging |
fragment ]
Pre-configuration Tasks
Before configuring XModem, complete the following tasks:
z
Connecting the router and the PC through an AUX port or a console port
Logging in to the router through the terminal emulation program and specifying the file
path in the terminal emulation program
Data Preparation
To configure XModem, you need the following data.
Issue 04 (2009-12-20)
8-17
Quidway NetEngine80
Configuration Guide - Basic Configurations
No.
Data
Configuration Procedures
No.
Procedure
Before getting the file, confirm the path and the name of the file that are to be sent.
If the filename is similar to an existing one, the system sends a prompt asking you whether to
overwrite or not.
8-18
Issue 04 (2009-12-20)
Quidway NetEngine80
Configuration Guide - Basic Configurations
console cable
Configuration Roadmap
The configuration roadmap is as follows:
1.
2.
Use the correct username and password to log in to the FTP server to download the files
on the memory of the router.
Data Preparation
To complete the configuration, you need the following data:
z
Configuration Procedure
Step 1 Enable FTP on the FTP server and configure the authentication information about the FTP
user.
<Quidway> system-view
[Quidway] sysname server
[server] ftp server enable
[server] ftp timeout 30
[server] aaa
[server -aaa] local-user quidway password simple huawei
Step 2 Configure the authorization mode and directory of the FTP user on the FTP server
[server -aaa] local-user quidway service-type ftp
[server -aaa] local-user quidway ftp-directory flash:
[server -aaa] quit
Step 4 Log in to the router from the PC through the HyperTerminal, and connect to the FTP server
using the correct username and password to obtain system host software.
Issue 04 (2009-12-20)
8-19
Quidway NetEngine80
Configuration Guide - Basic Configurations
# Log in to the FTP server to obtain system host software and save it in the root directory of
the Flash Memory of the router.
<Router> cd flash:
<Router> pwd
flash:<Router> ftp 172.16.104.110
Trying 100.1.1.201 ...
Press CTRL+K to abort
Connected to 100.1.1.201.
220 FTP service ready.
User(100.1.1.201:(none)): quidway
331 Password required for quidway.
Password:
230 User logged in.
[ftp] binary
200 Type set to I.
[ftp] get vrp.bin
The file vrp.cc is already existing, overwrite it? [Y/N]:y
200 PORT command okay
150 Opening BINARY mode data connection for vrp.bin
226 Transfer complete.
FTP: 5805100 byte(s) received in 19.898 second(s) 291.74Kbyte(s)/sec.
[ftp] dir
200 Port command okay.
150 Opening ASCII mode data connection for *.
0
-rw-
-rw-
drw-
-rw-
vrp.bin
vrpcfg.cfg
lam
vrpcfg.zip
----End
Configuration Files
Configuration file of the FTP server.
#
sysname Server
#
FTP server enable
#
interface Ethernet2/0/0
undo shutdown
ip address 172.16.104.110 255.255.255.0
#
aaa
local-user quidway password simple Huawei
local-user quidway service-type ftp
local-user quidway ftp-directory flash:/ftp/system
authentication-scheme default
#
authorization-scheme default
#
8-20
Issue 04 (2009-12-20)
Quidway NetEngine80
Configuration Guide - Basic Configurations
accounting-scheme default
#
domain default
#
Return
PC2
172.16.105.111/24
IP Network
Server
172.16.104.110
GE1/0/0
PC1
172.16.104.111/24
Configuration Roadmap
The configuration roadmap is as follows:
1.
2.
Data Preparation
To complete the configuration, you need the following data:
z
ACL number
Configuration Procedure
Step 1 Configure the basic FTP functions.
See "Configuring the Router to be the FTP Server".
Step 2 Configure the basic ACL.
<Quidway> system-view
[Quidway] acl number 2001
[Quidway-acl-basic-2001]rule permit source 172.16.104.111 0.0.0.255
[Quidway-acl-basic-2001]quit
Issue 04 (2009-12-20)
8-21
Quidway NetEngine80
Configuration Guide - Basic Configurations
----End
Configuration Files
Configuration file of the FTP server.
#
sysname Server
#
Ftp server enable
FTP acl 2001
acl number 2001
rule 5 permit source 172.16.104.111 0.0.0.255
#
interface Ethernet2/0/0
undo shutdown
ip address 172.16.104.110 255.255.255.0
#
aaa
local-user quidway password simple Huawei
local-user quidway service-type ftp
local-user quidway ftp-directory flash:/ftp/system
authentication-scheme default
#
authorization-scheme default
#
accounting-scheme default
#
domain default
#
Return
8-22
Issue 04 (2009-12-20)
Quidway NetEngine80
Configuration Guide - Basic Configurations
GE2/0/0
IP Network
Router
Server
172.16.104.110
172.16.105.111/24
Configuration Roadmap
Log in to the FTP server to the FTP client and download system files form the server to the
storage devices on the client side.
Data Preparation
To complete the configuration, you need the following data:
z
Configuration Procedure
Step 1 Log in to the FTP server from the router.
<Quidway> ftp 172.16.104.110
Trying ftp 172.16.104.110
Press CTRL+K to abort
Connected to ftp 172.16.104.110
220 FTP service ready.
User(ftp 172.16.104.110:(none)):huawei
331 Password required for huawei
Password:
230 User logged in.
Step 2 Configure the transmission mode to the binary format and configure the directory of the
Flash memory on the router.
[ftp] binary
200 Type set to I.
[ftp] lcd flash:/
% Local directory now flash:
Step 3 Download the newest system software from the remote FTP server on the router.
Issue 04 (2009-12-20)
8-23
Quidway NetEngine80
Configuration Guide - Basic Configurations
----End
TFTP Server
10.111.16.160/24
Quidw ay
PC
Configuration Roadmap
The configuration roadmap is as follows:
1.
2.
3.
Use the TFTP command on the Quidway router to download the files
Data Preparation
To complete the configuration, you need the following data:
z
The destination file name and its path on the Quidway router.
Configuration Procedure
Step 1 Start the TFTP server, set its Base Directory as the directory where the vrp.cc file resides.
Figure 8-5 shows the interface.
8-24
Issue 04 (2009-12-20)
Quidway NetEngine80
Configuration Guide - Basic Configurations
The display may be different depending on different TFTP server software used by the computer.
Step 2 Log in to the router through the computer HyperTerminal and enter the following command
to download files.
<Quidway> tftp 10.111.16.160 get vrp.cc flash:/vrp.cc
Transfer file in binary mode.
Now begin to download file from remote tftp server, please wait for a while...
\
TFTP:
Step 3 Check the configuration. Run the dir command to view whether the downloaded target file
resides in the specified directory of the router.
<Quidway> dir flash:
Directory of flash:/
0
-rw-
vrp.bin
-rw-
rsahostkey.dat
-rw-
rsaserverkey.dat
-rw-
-rw-
paf.txt
-rw-
vrp1.zip
-rw-
license.txt
-rw-
paf.txt.bak
private-data.txt
1.cfg
----End
Issue 04 (2009-12-20)
8-25
Quidway NetEngine80
Configuration Guide - Basic Configurations
Configuration Roadmap
The configuration roadmap is as follows:
1.
2.
3.
Data Preparation
To complete the configuration, you need the following data:
z
Configuration Procedure
Step 1 Log in to the router through the AUX port.
Refer to "02 Establishment of Configuration Environments."
Step 2 Specify the file to be sent on the HyperTerminal.
Figure 8-6 Specifying the file to be sent
8-26
Issue 04 (2009-12-20)
Quidway NetEngine80
Configuration Guide - Basic Configurations
After the system prompts that the file transmission succeeds, you can view the directory of the
Flash Memory.
<Quidway>
Download successful!
<Quidway>
Download successful!
<Quidway> dir flash:/
Directory of flash:/
0
-rw-
-rw-
-rw-
-rw-
-rw-
7
8
-rw-rw-
vrp.bin
matnlog.dat
private-data.txt
vrpcfg.zip
date.txt
vrpcfg.cfg
exception.dat
vrp330-0521.01.bin
test.txt
----End
Issue 04 (2009-12-20)
8-27
Quidway NetEngine80
Configuration Guide - Basic Configurations
Contents
Contents
9 Telnet and SSH...........................................................................................................................9-1
9.1 Introduction ...................................................................................................................................................9-2
9.1.1 Overview of User Login ......................................................................................................................9-2
9.1.2 Telnet Terminal Services ......................................................................................................................9-2
9.1.3 SSH Terminal Services ........................................................................................................................9-4
9.2 Configuring Telnet Terminal Services...........................................................................................................9-7
9.2.1 Establishing the Configuration Task ....................................................................................................9-7
9.2.2 Establishing a Telnet Connection.........................................................................................................9-8
9.2.3 Establishing a Telnet Redirection Connection .....................................................................................9-8
9.2.4 Scheduled Telnet Disconnection ..........................................................................................................9-9
9.2.5 Checking the Configuration .................................................................................................................9-9
9.3 Configuring SSH Users...............................................................................................................................9-10
9.3.1 Establishing the Configuration Task ..................................................................................................9-10
9.3.2 Creating an SSH User ........................................................................................................................ 9-11
9.3.3 Configuring SSH for the VTY User Interface.................................................................................... 9-11
9.3.4 Generating a Local RSA Key Pair .....................................................................................................9-12
9.3.5 Configuring the Authentication Mode for SSH Users........................................................................9-12
9.3.6 (Optional)Configuring the Basic Authentication Information for SSH Users....................................9-14
9.3.7 (Optional)Authorizing SSH Users Through the Command Line .......................................................9-14
9.3.8 Configuring the Service Type of SSH Users......................................................................................9-15
9.3.9 (Optional)Configuring the Authorized Directory of SFTP Service for SSH Users............................9-15
9.3.10 Checking the Configuration .............................................................................................................9-15
9.4 Configuring the SSH Server........................................................................................................................9-16
9.4.1 Establishing the Configuration Task ..................................................................................................9-16
9.4.2 Enabling the STelnet Service .............................................................................................................9-17
9.4.3 Enabling the SFTP Service ................................................................................................................9-17
9.4.4 (Optional)Enabling the Earlier Version-Compatible Function...........................................................9-17
9.4.5 (Optional)Configuring the Number of the Port Monitored by the SSH Server..................................9-18
9.4.6 (Optional) Enabling the Trap Function ..............................................................................................9-18
9.4.7 (Optional)Configuring the Interval for Updating the Key Pair on the SSH Server............................9-19
9.4.8 Checking the Configuration ...............................................................................................................9-19
9.5 Configuring the STelnet Client Function ....................................................................................................9-20
Issue 04 (2009-12-20)
Contents
Quidway NetEngine80
Configuration Guide - Basic Configurations
9.5.1 Establishing the Configuration Task ..................................................................................................9-20
9.5.2 Enabling the First-Time Authentication on the SSH Client ...............................................................9-21
9.5.3 (Optional) Configuring the SSH Client to Assign the RSA Public Key to the SSH Server ...............9-21
9.5.4 Enabling the STelnet Client ...............................................................................................................9-22
9.5.5 Checking the Configuration ...............................................................................................................9-22
ii
Issue 04 (2009-12-20)
Quidway NetEngine80
Configuration Guide - Basic Configurations
Figures
Figures
Figure 9-1 Telnet client services.........................................................................................................................9-2
Figure 9-2 Telnet redirection services ................................................................................................................9-3
Figure 9-3 Usage of Telnet shortcut keys ...........................................................................................................9-3
Figure 9-4 Establishing an SSH channel in a LAN ............................................................................................9-5
Figure 9-5 Establishing an SSH channel in a WAN ...........................................................................................9-5
Figure 9-6 Networking diagram of the Telnet terminal services mode ............................................................9-29
Figure 9-7 Networking diagram of connecting the STelnet client to the SSH server.......................................9-31
Figure 9-8 Networking diagram of connecting the SFTP client to the SSH server ..........................................9-37
Figure 9-9 Networking diagram of accessing the SSH server through other port numbers .............................9-43
Figure 9-10 Networking diagram of authenticating the SSH through RADIUS ..............................................9-49
Issue 04 (2009-12-20)
iii
Quidway NetEngine80
Configuration Guide - Basic Configurations
Description
9.1 Introduction
Issue 04 (2009-12-20)
9-1
Quidway NetEngine80
Configuration Guide - Basic Configurations
9.1 Introduction
9.1.1 Overview of User Login
To configure, monitor and maintain the local or remote devices, configure the user interface,
the user management and the terminal service.
The user interface provides the login plane. The user management guarantees the login
security and the terminal service provides the login protocol.
The product supports the following login methods:
z
Telnet server: You can run the Telnet client program on a PC to log in to the router,
configure and manage it. The router acts as a Telnet server.
Telnet client: You can run the terminal emulation program or the Telnet client program
on a PC to connect with the router. With the telnet command, you can log in to other
routers to configure and mange them. As shown in Figure 9-1, Router A serves as both
the Telnet server and the Telnet client.
Telnet Session 2
Telnet Server
PC
9-2
RouterA
RouterB
Redirection terminal services: You can run the Telnet client program on a PC to log in to
the router through a specified interface. Then connect with the serial interface devices
that are connected to the asynchronous interface of the router, as shown in Figure 9-2.
The typical application is to connect the 8/16-port asynchronous interface of the router
with multiple devices for their remote configuration and maintenance.
Issue 04 (2009-12-20)
Quidway NetEngine80
Configuration Guide - Basic Configurations
Ethernet
Router
Async0
Router1
Async1
Lan Switch
Async2
Modem
Async8/16
Router2
Only the devices that provide the asynchronous interface support the Telnet redirection service.
z
Telnet Session 2
Telnet Client
RouterA
Telnet Server
RouterB
RouterC
Issue 04 (2009-12-20)
9-3
Quidway NetEngine80
Configuration Guide - Basic Configurations
If the network disconnects, the shortcut keys become invalid. The instruction cannot be sent to the
server.
When the number of remote login users reaches to the maximum number of VTY user
interfaces, the system prompts that all user interfaces are in use and you cannot use Telnet to
log in.
9-4
Issue 04 (2009-12-20)
Quidway NetEngine80
Configuration Guide - Basic Configurations
Router
Ethernet
Server
100BASE-TX
LapTop
PC
PC running SSH client
Remote LAN
WAN
Router
SSH router
PC
Advantages of SSH
The product provides the functions of SFTP and STelnet client.
z
STelnet client
The Telnet protocol does not provide secure authentication. The contents that are
transmitted through the TCP are in plain text. This leads to security problems. The
system also faces serious threats from DOS attacks, the host IP address spoofing and
routing spoofing. Telnet services are prone to network attacks.
SSH implements secure remote access on insecure networks and it has the following
advantages compared to Telnet:
Issue 04 (2009-12-20)
The username and the password are both encrypted in the communication between
the client and the server of SSH. This is to prevent the password from being
intercepted.
SSH provides encryption to the transmitted data to guarantee security and reliability.
SFTP client
9-5
Quidway NetEngine80
Configuration Guide - Basic Configurations
SFTP is short for Secure FTP. You can log in to the device from the secure remote end to
manage the files. This improves the security of data transmission for the remote end to
update its system. Meanwhile, the client function enables you to log in to the remote
device through SFTP for the secure file transmission.
Negotiating versions
The SSK client sends a request packet to the server for setting up a TCP connection.
After the TCP connection is set up, the server and the client begin to negotiate the SSH
version number. If the version numbers are matched, continue to negotiate the shared key.
If the version numbers are not matched, the server interrupts the TCP connection.
The server generates the RAS key randomly and sends the public key to the client.
The client calculates the key based on the received RSA public key and the local key
generated randomly
The client then encrypts the randomly local-generated key with the RAS public key,
and sends it to the server.
The server decrypts the received packets with its private key and gets the random key
generated on the client. It then calculates the session key.
In this way, the server and the client have the same session keys to guarantee the
session security.
Password authentication: The server compares the configured password and that from
the client; if they match, authentication succeeds.
RSA authentication: Configure the RSA public key of the client on the server and the
client sends all the member modules to the server. The server then authenticates the
modulo, generates a number randomly, encrypts the number with the RSA public key
of the client and sends the encrypted number to the client. The server and the client
both calculate the key based on the number randomly generated. The client calculates
the number used by the server to authenticate the client and sends the result to the
server. The server then compares the received result with that locally calculated. If
they are the same, the authentication succeeds.
9-6
Issue 04 (2009-12-20)
Quidway NetEngine80
Configuration Guide - Basic Configurations
In the interactive session, the server and the client encrypt and decrypt the data with the
session key.
Pre-configuration Tasks
Before configuring Telnet terminal services, complete the following tasks:
z
Data Preparation
To configure Telnet terminal services, you need the following data.
No.
Data
Number of the TCP port that provides Telnet services on the remote router
Configuration Procedures
No.
Procedure
Issue 04 (2009-12-20)
9-7
Quidway NetEngine80
Configuration Guide - Basic Configurations
The asynchronous interface of the router connected with external devices is configured to the
interactive mode.
Step 4 Run:
redirect
Log in to the router through the specified interface and connect with the asynchronous
interface of the specified interface.
----End
9-8
Issue 04 (2009-12-20)
Quidway NetEngine80
Configuration Guide - Basic Configurations
Command
display users
Run the display tcp status command to view TCP connection status. When ESTAB indicates
that the TCP connection is established.
<Quidway> display tcp status
TCPCB
Foreign Add:port
VPNID
State
39952df8 36 /1509
0.0.0.0:0
0.0.0.0:0
Closed
32af9074 59 /1
34042c80 73 /17
0.0.0.0:21
10.164.39.99:23
0.0.0.0:0
10.164.6.13:1147
14849 Listening
0
Established
Issue 04 (2009-12-20)
Tid/Soid
Local Add:port
9-9
Quidway NetEngine80
Configuration Guide - Basic Configurations
Pre-configuration Tasks
Before configuring SSH users, complete the following tasks:
z
Data Preparation
To configure SSH users, you need the following data.
No.
Data
Configuration Procedures
To configure the SSH user, you need to take the following steps.
9-10
No.
Procedure
Issue 04 (2009-12-20)
Quidway NetEngine80
Configuration Guide - Basic Configurations
No.
Procedure
Run:
aaa
Run:
If the SSH user is not created separately, you can create the SSH user when performing the following
configurations:
z
9-11
Quidway NetEngine80
Configuration Guide - Basic Configurations
The authentication mode of the VTY user interface must be configured to AAA. Otherwise, the protocol
inbound ssh command cannot be configured successfully.
To log in to the SSH server, the local RSA key pair must be configured and generated first. Before the
other configurations of SSH, you must configure the rsa local-key-pair create command to generate a
local key pair.
1.
Run:
9-12
Issue 04 (2009-12-20)
Quidway NetEngine80
Configuration Guide - Basic Configurations
Run:
1.
Run:
Run:
Run:
public-key-code begin
Run:
hex-data
Run:
public-key-code end
Run:
peer-public-key end
Quit the public key view and return to the system view.
7.
Run:
Issue 04 (2009-12-20)
After the public key editing view is displayed, the RSA public key generated on the client software
can be sent to the server. Copy the RSA public key to the router that serves as the SSH server.
Before the peer RSA public key is assigned to the SSH client, the SSH server must be configured
and the peer RSA public key must be the RSA public key of the SSH client.
9-13
Quidway NetEngine80
Configuration Guide - Basic Configurations
The command line authorization is configured for the specified SSH client.
After the command line authorization is configured for the SSH client through the RSA
authentication, you must perform the AAA configuration; otherwise, the command line
authorization does not become valid for the SSH client.
----End
9-14
Issue 04 (2009-12-20)
Quidway NetEngine80
Configuration Guide - Basic Configurations
Command
Run the display ssh user-information username command. It shows that the SSH user
named clinet001 is authenticated by password, and its serve mode is sftp.
[Quidway] display ssh user-information client001
User Name
: client001
Authentication-type : password
User-public-key-name : -
Issue 04 (2009-12-20)
9-15
Quidway NetEngine80
Configuration Guide - Basic Configurations
: -
Service-type
: sftp
Authorization-cmd
: No
Pre-configuration Tasks
Before configuring SSH servers, complete the following tasks:
z
Configuring reachable routes between the SSH client and the SSH server
Configuring the VTY user interface on the SSH server to support SSH
Data Preparation
To configure SSH servers, you need the following data.
No.
Data
Configuration Procedures
To configure an SSH server, you need to take following steps.
9-16
No.
Procedure
Issue 04 (2009-12-20)
Quidway NetEngine80
Configuration Guide - Basic Configurations
No.
Procedure
(Optional)Configuring the Interval for Updating the Key Pair on the SSH Server
Issue 04 (2009-12-20)
9-17
Quidway NetEngine80
Configuration Guide - Basic Configurations
----End
By default, the SSH2.0 server is compatible with the SSH1.X server. If the client of SSH1.3
to SSH 1.99 should not be allowed to log in, you must run the undo ssh server
compatible-ssh1x enable command to disable the earlier version-compatible function. After
that, the SSH client that has the version number greater than 1.3 and smaller than 1.99,
including 1.3 and 1.99 cannot log in to the router.
z
Compared with SSH1.X, SSH2.0 extends the structure to support more authentication methods and
key exchange methods. In addition, the service capability of SSH2.0 is improved to support
functions such as SFTP.
This product supports the SSH versions that range from 1.3 to 2.0, including 1.3 and 2.0.
If a new number of the monitored port is configured, the SSH server interrupts all the STelnet and SFTP
connections and monitors the port of the new number. By default, the number of the port monitored by
the SSH server is 22.
9-18
Issue 04 (2009-12-20)
Quidway NetEngine80
Configuration Guide - Basic Configurations
Command
When running the display ssh server status command, you can view that the version of the
protocol that the SSH session connects to is 1.99, and the times for the SSH session to retry
connecting is 5.
<Quidway> display ssh server status
SSH version :
1.99
60 seconds
5 times
SFTP server:
Enable
STelnet server:
Enable
55535
If the default number of the monitored port is adopted, information about the currently monitored port is
not displayed.
Issue 04 (2009-12-20)
9-19
Quidway NetEngine80
Configuration Guide - Basic Configurations
Pre-configuration Tasks
Before connecting the STelnet client to the SSH2 server, complete the following tasks:
z
Data Preparation
To connect the STelnet client to the SSH2 server, you need the following data:
No.
Data
Preferred encrypted algorithm from the STelnet client to the SSH server
Preferred encrypted algorithm from the STelnet server to the SSH client
Preferred HMAC algorithm from the STelnet client to the SSH server
Preferred HMAC algorithm from the STelnet server to the SSH client
Source address
Configuration Procedures
To configure the functions for STelnet client server, you need to take the following steps.
9-20
No.
Procedure
(Optional) Configuring the SSH Client to Assign the RSA Public Key to the SSH
Server
Issue 04 (2009-12-20)
Quidway NetEngine80
Configuration Guide - Basic Configurations
No.
Procedure
The purpose of enabling the first-time authentication on the SSH client is to skip checking whether
the RSA public key of the SSH server is valid when the STelnet or SFTP client logs in to the SSH
server for the first time. The check is skipped because the STelnet or SFTP server has not saved the
RSA public key of the SSH server at this time.
If the first-time authentication is not enabled on the SSH client, when the STelnet or SFTP client
logs in to the SSH server for the first time, the STelnet or SFTP client fails to pass the check on the
RSA public key validity and cannot log in to the server.
Except for enabling the first-time authentication on the SSH client, the STelnet or SFTP client can assign
the RSA public key in advance to the SSH server on the SSH client to log in to the server successfully
for the first time.
Issue 04 (2009-12-20)
9-21
Quidway NetEngine80
Configuration Guide - Basic Configurations
Before the peer RSA public key is assigned to the SSH server, the SSH client must be configured and the
assigned RSA public key must be the RSA public key of the SSH server. Thus, the STelnet or SFTP
client can pass the validity check on the RSA public key of the SSH server.
When accessing the SSH server, the STelnet client can carry the source address and the name of the
VPN instance and choose the key exchange algorithm, encrypted algorithm, and HMAC algorithm.
Command
When running the display ssh server session command, you can view that the client logs in
from VTY3, with stelent service by password authentication.
<Quidway> display ssh server session
Session 1:
Conn
: VTY 3
Version
: 2.0
State
: started
Username
: client001
Retry
: 1
CTOS Cipher
9-22
: aes128-cbc
STOC Cipher
: aes128-cbc
CTOS Hmac
: hmac-sha1-96
STOC Hmac
: hmac-sha1-96
Issue 04 (2009-12-20)
Quidway NetEngine80
Configuration Guide - Basic Configurations
Kex
Service Type
Pre-configuration Tasks
Before connecting the SFTP client to the SSH2 server, complete the following tasks:
z
Data Preparation
To connect the SFTP client to the SSH2 server, you need the following data.
No.
Data
Preferred encrypted algorithm from the SFTP client to the SSH server
Preferred encrypted algorithm from the SFTP server to the SSH client
Preferred HMAC algorithm from the SFTP client to the SSH server
Preferred HMAC algorithm from the SFTP server to the SSH client
Source address
10
Directory name
11
File name
Issue 04 (2009-12-20)
9-23
Quidway NetEngine80
Configuration Guide - Basic Configurations
Configuration Procedures
To configure the function of SFTP client, you need to take the following steps.
No.
Procedure
Configuring the SSH Client to Assign the RSA Public Key to the SSH Server
9.6.3 Configuring the SSH Client to Assign the RSA Public Key to
the SSH Server
Do as follows on the router that serves as an SSH client:
Step 1 Run:
system-view
9-24
Issue 04 (2009-12-20)
Quidway NetEngine80
Configuration Guide - Basic Configurations
The command of enabling the SFTP client is similar to that of the STelnet. When accessing the SSH
server, the SFTP can carry the source address and the name of the VPN instance and choose the key
exchange algorithm, encrypted algorithm and HMAC algorithm.
Run:
cd remote-directory
Run:
cdup
Run:
pwd
Issue 04 (2009-12-20)
9-25
Quidway NetEngine80
Configuration Guide - Basic Configurations
dir/ls [ remote-directory ]
rmdir remote-directory
mkdir remote-directory
After the SFTP client logs in to the SSH server, you can create and delete the directory on the SSH
server, display the current operating directory and the file or information of the specified directory on
the SFTP client side.
Run:
rename old-name new-name
Run:
get remote-file [local-file]
Run:
put local-file [remote-file]
Run:
remove remote-file
9-26
Issue 04 (2009-12-20)
Quidway NetEngine80
Configuration Guide - Basic Configurations
After the SFTP client logs in to the SSH server, you can change the file name, delete the file, display the
file list, upload and download the file on the SFTP client side.
Command
Run the display ssh server session command. The information is displayed that the client
logs in from VTY4 through sftp service in rsa authentication mode.
[Quidway] display ssh server session
Session 2:
Conn
: 2.0
State
: started
Username
Issue 04 (2009-12-20)
: VTY 4
Version
: client002
9-27
Quidway NetEngine80
Configuration Guide - Basic Configurations
: 1
CTOS Cipher
: aes128-cbc
STOC Cipher
: aes128-cbc
CTOS Hmac
: hmac-sha1-96
STOC Hmac
Kex
Service Type
: hmac-sha1-96
: diffie-hellman-group1-sha1
: sftp
Debugging affects the performance of the system. So, after debugging, run the undo
debugging all command to disable it immediately.
Action
Command
debugging telnet
Debugging SSH
9-28
Action
Command
Issue 04 (2009-12-20)
Quidway NetEngine80
Configuration Guide - Basic Configurations
Debugging SSH
Debugging affects the performance of the system. So, after debugging, run the undo
debugging all command to disable it immediately.
When a fault occurs, run the debugging command in the user view to locate the fault. For the
procedure of displaying the debugging information, refer to the Configuration Guide - System
Management.
Action
Command
RouterA
GE1/0/0
1.1.1.2/24
RouterB
Configuration Roadmap
The configuration roadmap is as follows:
1.
Configure the authentication mode and the password of the user interface VTY0 to
VTY4 on Router B.
2.
Users need to input the password when they log in to Router B from Router A through
Telnet.
Data Preparation
To complete the configuration, you need the following data:
Issue 04 (2009-12-20)
9-29
Quidway NetEngine80
Configuration Guide - Basic Configurations
Configuration Procedure
Step 1 Configure the IP address.
# Configure Router A.
<RouterA> system-view
[RouterA] interface gigabitethernet1/0/0
[RouterA-GigabitEthernet1/0/0] undo shutdown
[RouterA-GigabitEthernet1/0/0] ip address 1.1.1.1 24
# Configure Router B.
<RouterB> system-view
[RouterB] interface gigabitethernet1/0/0
[RouterB-GigabitEthernet1/0/0] undo shutdown
[RouterB-GigabitEthernet1/0/0] ip address 1.1.1.2 24
Step 2 Configure the authentication mode and the password of Telnet on Router B.
<RouterB> system-view
[RouterB] user-interface vty 0 4
[RouterB-ui-vty0-4] authentication-mode password
[RouterB-ui-vty0-4] set authentication password simple 123456
[RouterB-ui-vty0-4] quit
*
*
***********************************************************
Login authentication
Password:
Note: The max number of VTY users is 5, and the current number
of VTY users on line is 1.
<RouterB>
----End
Configuration Files
z
9-30
Issue 04 (2009-12-20)
Quidway NetEngine80
Configuration Guide - Basic Configurations
sysname RouterB
#
user-interface vty 0 4
set authentication password simple 123456
#
return
undo shutdown
Configure Client001 with the password as huawei and adopt the password
authentication.
Configure Client002, adopt the RSA authentication and assign the public key RsaKey001
to Client002.
SSH Server
STelnet Client
Configuration Roadmap
The configuration roadmap is as follows:
1.
2.
Generate the local key pairs on the STelnet client and the SSH server respectively.
3.
Generate the RSA public key on SSH server and bind the RSA public key of SSH client
to Client002.
4.
5.
Users Client001 and Client002 log in to the SSH server through STelnet.
Data Preparation
To complete the configuration, you need the following data:
z
Issue 04 (2009-12-20)
9-31
Quidway NetEngine80
Configuration Guide - Basic Configurations
Configuration Procedure
Step 1 Generate a local key pair on the server.
<Quidway> system-view
[Quidway] rsa local-key-pair create
The key name will be: Quidway_Host
The range of public key size is (512 ~ 2048).
NOTES: If the key modulus is greater than 512,
It will take a few minutes.
Input the bits in the modulus[default = 512]:
Generating keys...
.......++++++++++++
..........++++++++++++
...................................++++++++
......++++++++
If the local key pair is generated before, this step can be ignored.
If the password and password-RSA authentication is used, configure a local user of the same user
name.
If the RSA, password-RSA, and all authentication is used, the server must save the RSA public key
of the SSH client.
9-32
Issue 04 (2009-12-20)
Quidway NetEngine80
Configuration Guide - Basic Configurations
For the detailed configuration procedures, refer to the related operations of the client software. This is
not mentioned here.
# Send the RSA public key generated on the client software to the server.
[Quidway]rsa peer-public-key RsaKey001
Enter "RSA public key" view, return system view with "peer-public-key end".
[Quidway-rsa-public-key]public-key-code begin
Issue 04 (2009-12-20)
9-33
Quidway NetEngine80
Configuration Guide - Basic Configurations
Enter "RSA key code" view, return last view with "public-key-code end".
[Quidway-rsa-key-code] 3047
[Quidway-rsa-key-code] 0240
[Quidway-rsa-key-code] BFF35E4B C61BD786 F907B5DE 7D6770C3 E5FD17AB
[Quidway-rsa-key-code] 203C8FCB BBC8FDF2 F7CB674E 519E8419 0F6B97A8
[Quidway-rsa-key-code] EA91FC4B B9E18836 5E74BFD5 4C687767 A89C6B43
[Quidway-rsa-key-code] 1D7E3E1B
[Quidway-rsa-key-code] 0203
[Quidway-rsa-key-code] 010001
[Quidway-rsa-key-code] public-key-code end
[Quidway-rsa-public-key] peer-public-key end
Step 4 Bind the SSH user Client002 to the RSA public key of the SSH client.
[Quidway] ssh user client002 assign rsa-key RsaKey001
Step 6 Configure the STelnet service for the SSH users Client001 and Client002.
<Quidway> system-view
[Quidway] ssh user client001 service-type stelnet
[Quidway] ssh user client002 service-type stelnet
# Client001 of the STelnet connects to SSH server through the password authentication mode.
Enter the user name and password..
<client001> system-view
he server's public key will be saved with the name: 10.164.39.222. Please wait...s
Enter password:
Enter the password "huawei", and the following output is displayed after successful login:
***********************************************************
*
*
*
*
***********************************************************
9-34
Issue 04 (2009-12-20)
Quidway NetEngine80
Configuration Guide - Basic Configurations
Note: The max number of VTY users is 10, and the current number
of VTY users on line is 1.
<Quidway>
# Connect the STelnet client002 to the SSH server in the RSA authentication.
<client002> system-view
*
*
***********************************************************
Note: The max number of VTY users is 10, and the current number
of VTY users on line is 1.
<Quidway>
Enable
SSH version :
1.99
60 seconds
3 times
SFTP server:
STELNET server:
Disable
Enable
: VTY 3
Version
: 2.0
State
: started
Username
: client001
Retry
: 1
CTOS Cipher
: aes128-cbc
CTOS Hmac
: hmac-sha1-96
STOC Hmac
Kex
: hmac-sha1-96
: diffie-hellman-group1-sha1
Service Type
Issue 04 (2009-12-20)
: aes128-cbc
STOC Cipher
: stelnet
9-35
Quidway NetEngine80
Configuration Guide - Basic Configurations
: VTY 4
Version
: 2.0
State
: started
Username
: client002
Retry
: 1
CTOS Cipher
: aes128-cbc
STOC Cipher
: aes128-cbc
CTOS Hmac
: hmac-sha1-96
STOC Hmac
Kex
: hmac-sha1-96
: diffie-hellman-group1-sha1
Service Type
: stelnet
: client001
Authentication-type : password
User-public-key-name : Sftp-directory
: -
Service-type
: stelnet
Authorization-cmd
: No
User 2:
User Name
: client002
Authentication-type : rsa
User-public-key-name : RsaKey001
Sftp-directory
: -
Service-type
: stelnet
Authorization-cmd
: No
----End
Configuration Files
#
sysname Quidway
#
rsa peer-public-key rsakey001
public-key-code begin
3047
0240
BFF35E4B C61BD786 F907B5DE 7D6770C3 E5FD17AB 203C8FCB BBC8FDF2 F7CB674E
519E8419 0F6B97A8 EA91FC4B B9E18836 5E74BFD5 4C687767 A89C6B43 1D7E3E1B
0203
010001
public-key-code end
peer-public-key end
#
aaa
local-user client001 password simple huawei
local-user client001 service-type ssh
#
ssh user client002 assign rsa-key rsakey001
ssh user client001 authentication-type password
9-36
Issue 04 (2009-12-20)
Quidway NetEngine80
Configuration Guide - Basic Configurations
9.8.3 Example for Connecting the SFTP Client to the SSH Server
Networking Requirements
As shown in Figure 9-8, after the SFTP service is enabled on the SSH server, the SFTP client
can log in to the SSH server in the authentication mode: password, RSA, Password-RSA, and
all.
Figure 9-8 Networking diagram of connecting the SFTP client to the SSH server
SSH Server
SFTP Client
Configuration Roadmap
The configuration roadmap is as follows:
1.
2.
Generate the local key pair on the STelnet client and the SSH server respectively.
3.
Generate the RSA public key on the SSH server and bind the RSA public key of SSH
client to Client002.
4.
5.
Configure the service type and authorized directory of the SSH user.
6.
Users Client001 and Client002 log in to the SSH server through SFTP.
Data Preparation
To complete the configuration, you need the following data:
z
Issue 04 (2009-12-20)
9-37
Quidway NetEngine80
Configuration Guide - Basic Configurations
Configuration Procedure
Step 1 Generate a local key pair on the server.
<Quidway> system-view
[Quidway] rsa local-key-pair create
The key name will be: Quidway_Host
The range of public key size is (512 ~ 2048).
NOTES: If the key modulus is greater than 512,
It will take a few minutes.
Input the bits in the modulus[default = 512]:
Generating keys...
.......++++++++++++
..........++++++++++++
...................................++++++++
When the SSH adopts the password or password-rsa authentication, configure a local user at the
same name.
When the SSH user adopts the RSA, password-rsa, or all authentication, the server should save the
RSA public key for the SSH client.
# Create an SSH user with the name Client001. The authentication mode is password.
[Quidway] ssh user client001
[Quidway] ssh user client001 authentication-type password
# Set huawei as the password for the Client001 of the SSH user.
[Quidway] aaa
Create an SSH user with user name Client002 and RSA authentication.
9-38
Issue 04 (2009-12-20)
Quidway NetEngine80
Configuration Guide - Basic Configurations
# Send the RSA public key generated on the client to the server.
[Quidway] rsa peer-public-key RsaKey001
Enter "RSA public key" view, return system view with "peer-public-key end".
[Quidway-rsa-public-key] public-key-code begin
Enter "RSA key code" view, return last view with "public-key-code end".
[Quidway-rsa-key-code] 3047
[Quidway-rsa-key-code] 0240
[Quidway-rsa-key-code] BFF35E4B C61BD786 F907B5DE 7D6770C3 E5FD17AB
[Quidway-rsa-key-code] 203C8FCB BBC8FDF2 F7CB674E 519E8419 0F6B97A8
[Quidway-rsa-key-code] EA91FC4B B9E18836 5E74BFD5 4C687767 A89C6B43
[Quidway-rsa-key-code] 1D7E3E1B
[Quidway-rsa-key-code] 0203
[Quidway-rsa-key-code] 010001
[Quidway-rsa-key-code] public-key-code end
[Quidway-rsa-public-key] peer-public-key end
Issue 04 (2009-12-20)
9-39
Quidway NetEngine80
Configuration Guide - Basic Configurations
Step 4 Bind the RSA public key of the SSH client to Client002.
[Quidway] ssh user client002 assign rsa-key RsaKey001
Step 6 Configure the service type and authorized directory of the SSH user.
Two SSH users are configured on the SSH server: Client001 and Client002. The password
authentication is configured for Client001 and the RSA authentication is configured for
Client002.
<Quidway> system-view
[Quidway] ssh user client001 service-type sftp
[Quidway] ssh user client001 sftp-directory cfcard:
[Quidway] ssh user client002 service-type sftp
[Quidway] ssh user client002 sftp-directory cfcard:
# Connect the STelnet client001 to the SSH server in the password authentication.
<client001> system-view
sftp-client>s
# Connect the STelnet client002 to the SSH server in the RSA authentication.
<client002> system-view
sftp-client>
1.99
60 seconds
9-40
Issue 04 (2009-12-20)
Quidway NetEngine80
Configuration Guide - Basic Configurations
3 times
Enable
STELNET server:
Disable
:VTY 3
Version
:2.0
State
:started
Username
:client001
Retry
:1
CTOS Cipher
:aes128-cbc
STOC Cipher
:aes128-cbc
CTOS Hmac
:hmac-sha1-96
STOC Hmac
:hmac-sha1-96
Kex
:diffie-hellman-group1-sha1
Service Type
:sftp
:VTY 4
Version
:2.0
State
:started
Username
:client002
Retry
:1
CTOS Cipher
:aes128-cbc
STOC Cipher
:aes128-cbc
CTOS Hmac
:hmac-sha1-96
STOC Hmac
:hmac-sha1-96
Kex
:diffie-hellman-group1-sha1
Service Type
:sftp
:client001
Authentication-type :password
User-public-key-name :Sftp-directory
:flash :
Service-type
:sftp
Authorization-cmd
:No
User 2:
User Name
:client002
Authentication-type :rsa
User-public-key-name :RsaKey001
Sftp-directory
:Service-type
:sftp
Authorization-cmd
:No
----End
Issue 04 (2009-12-20)
9-41
Quidway NetEngine80
Configuration Guide - Basic Configurations
Configuration Files
#
sysname Quidway
#
rsa peer-public-key rsakey001
public-key-code begin
3047
0240
C4989BF0 416DA8F2 2675910D 7F2997E8 5573A35D 0163FD4A FAC39A6E 0F45F325
A4E3AA1D 54692B04 C6A28D3D C58DE2E8 E0D58D65 7A25CF92 A74D21F9 E917182B
0203
010001
public-key-code end
peer-public-key end
#
aaa
local-user client001 password simple huawei
local-user client001 service-type ssh
#
ssh user client002 assign rsa-key rsakey001
ssh user client001 authentication-type password
ssh user client002 authentication-type RSA
ssh user client001 service-type sftp
ssh user client002 service-type sftp
sftp server enable
ssh user client001 sftp-directory flash :.
ssh user client002 sftp-directory flash :.
ssh user client001
ssh user client002
#
user-interface vty 0 4
authentication-mode aaa
protocol inbound ssh
#
return
9.8.4 Example for Accessing the SSH Server Through Other Port
Numbers
Networking Requirements
The standard monitored port number of the SSH protocol is 22. If the attacker accesses the
standard port continuously, the bandwidth is consumed and the performance of the server is
affected, and other users cannot access the standard port.
After the number of the port monitored by the SSH server is set to the other port numbers, the
attacker does not know the change of the number of the monitored port and keeps sending the
socket connection with the standard port number as 22. After detecting that the number of the
port that requests the connection is not the number of the monitored port, the SSH does not set
up the socket connection.
Thus, only the valid user can set up the socket connection through the non-standard monitored
port set by the SSH server, and follow the procedure of negotiating the SSH version number,
9-42
Issue 04 (2009-12-20)
Quidway NetEngine80
Configuration Guide - Basic Configurations
negotiating the algorithm, generating the session key, authenticating, sending session request
and performing the interactive session.
The networking diagram is shown in Figure 9-9.
Figure 9-9 Networking diagram of accessing the SSH server through other port numbers
SSH Client
legal user
SSH Client
setting port
Netw ork
SSH Server
SSH Client
attacher
Configuration Roadmap
The configuration roadmap is as follows:
1.
2.
Generate the local key pair on STelnet client and SSH server respectively. The SSH
server monitors the port number.
3.
Generate the local key pair on client and SSH server respectively.
4.
Generate the RSA public key on SSH server and bind the RSA public key of SSH client
to Client002.
5.
6.
7.
Client001 and Client002 log in to the SSH server through STelnet and SFTP
respectively.
Data Preparation
To complete the configuration, you need the following data:
z
Configuration Procedure
Step 1 Generate a local key pair on the server.
<Quidway> system-view
Issue 04 (2009-12-20)
9-43
Quidway NetEngine80
Configuration Guide - Basic Configurations
9-44
Issue 04 (2009-12-20)
Quidway NetEngine80
Configuration Guide - Basic Configurations
# Send the RSA public key generated on the client to the server.
[Quidway] rsa peer-public-key RsaKey001
Enter "RSA public key" view, return system view with "peer-public-key end".
[Quidway-rsa-public-key] public-key-code begin
Enter "RSA key code" view, return last view with "public-key-code end".
[Quidway-rsa-key-code] 3047
[Quidway-rsa-key-code] 0240
[Quidway-rsa-key-code] BFF35E4B C61BD786 F907B5DE 7D6770C3 E5FD17AB
[Quidway-rsa-key-code] 203C8FCB BBC8FDF2 F7CB674E 519E8419 0F6B97A8
[Quidway-rsa-key-code] EA91FC4B B9E18836 5E74BFD5 4C687767 A89C6B43
[Quidway-rsa-key-code] 1D7E3E1B
[Quidway-rsa-key-code] 0203
[Quidway-rsa-key-code] 010001
[Quidway-rsa-key-code] public-key-code end
[Quidway-rsa-public-key] peer-public-key end
When the SSH adopts the password or password-rsa authentication, it requires you to configure a
local user with the same name.
When the SSH user adopts the RSA, password-rsa, or all authentication, the server should save the
RSA public key for the SSH client.
# Create an SSH user with the name Client001. The authentication mode is password.
[Quidway] ssh user client001
[Quidway] ssh user client001 authentication-type password
# Set huawei as the password for the Client001 of the SSH user.
[Quidway] aaa
Create an SSH user with the name of Client002 and RSA authentication, bound to RSA
public key of the SSH client.
Issue 04 (2009-12-20)
9-45
Quidway NetEngine80
Configuration Guide - Basic Configurations
# Configure the service type of Client002 as SFTP and the authorization directory.
[Quidway] ssh user client002 service-type sftp
[Quidway] ssh user client002 sftp-directory hda1:
Step 4 Enable the STelnet service and the SFTP service on the SSH server.
# Enable the STelnet service and the SFTP service.
[Quidway] stelnet server enable
[Quidway] sftp server enable
Step 5 Configure a new number of the port monitored by the SSH server.
[Quidway] ssh server port 1025
# Connect the STelnet client to the SSH server through the new port number.
[client001] stelnet 10.164.39.222 1025
Please input the username:client001
Trying 100.2.150.13 ...
Press CTRL+K to abort
Connected to 100.2.150.13 ...
he server is not authenticated. Do you continue to access it?(Y/N):y
Do you want to save the server's public key?(Y/N):y
he server's public key will be saved with the name: 10.164.39.222. Please wait...
Enter password:
*
*
***********************************************************
Note: The max number of VTY users is 10, and the current number
of VTY users on line is 1.
<Quidway>
# Connect the SFTP client to the SSH server through the new port number.
[client002]sftp 10.164.39.222 1025
Input Username:client002
Trying 100.2.150.13 ...
Press CTRL+K to abort
The server's public key does not match the one we cached.
The server is not authenticated. Do you continue to access it?(Y/N):y
Do you want to update the server's public key we cached?(Y/N):y
9-46
Issue 04 (2009-12-20)
Quidway NetEngine80
Configuration Guide - Basic Configurations
sftp-client>
After the configuration, run the display ssh server status and display ssh server session
commands. You can view the number of the port monitored by the SSH server and that the
STelnet client or SFTP client is connected to the SSH server successfully.
# Display the SSH status.
[Quidway] display ssh server status
SSH version :
1.99
60 seconds
0 hours
3 times
SFTP server:
Enable
STELNET server:
Enable
1025
: VTY 3
Version
: 2.0
State
: started
Username
: client001
Retry
: 1
CTOS Cipher
: aes128-cbc
STOC Cipher
: aes128-cbc
CTOS Hmac
: hmac-sha1-96
STOC Hmac
Kex
: hmac-sha1-96
: diffie-hellman-group1-sha1
Service Type
: stelnet
: VTY 4
Version
: 2.0
State
: started
Username
: client002
Retry
: 1
CTOS Cipher
: aes128-cbc
STOC Cipher
: aes128-cbc
CTOS Hmac
: hmac-sha1-96
STOC Hmac
Kex
: hmac-sha1-96
: diffie-hellman-group1-sha1
Service Type
: sftp
----End
Issue 04 (2009-12-20)
9-47
Quidway NetEngine80
Configuration Guide - Basic Configurations
Configuration Files
Configuration file of the SSH server Quidway.
z
#
sysname Quidway
#
rsa peer-public-key rsakey001
public-key-code begin
3047
0240
C4989BF0 416DA8F2 2675910D 7F2997E8 5573A35D 0163FD4A FAC39A6E 0F45F325
A4E3AA1D 54692B04 C6A28D3D C58DE2E8 E0D58D65 7A25CF92 A74D21F9 E917182B
0203
010001
public-key-code end
peer-public-key end
#
aaa
local-user client001 password simple huawei
local-user client001 service-type ssh
#
sftp server enable
stelnet server enable
ssh server port 1025
ssh user client001
ssh user client002
ssh user client001 authentication-type password
ssh user client002 authentication-type RSA
ssh user client002 assign rsa-key RsaKey001
ssh user client001 service-type stelnet
ssh user client002 service-type sftp
ssh user client002 sftp-directory flash :.
#
user-interface vty 0 4
authentication-mode aaa
protocol inbound ssh
#
return
z
#
sysname client001
#
interface GigabitEthernet1/0/0
ip address 10.164.39.220 255.255.255.0
#
ssh client first-time enable
#
return
z
#
sysname client002
#
interface GigabitEthernet1/0/0
ip address 10.164.39.221 255.255.255.0
9-48
Issue 04 (2009-12-20)
Quidway NetEngine80
Configuration Guide - Basic Configurations
#
ssh client first-time enable
#
SSH Client
SSH Server
RADIUS Server
Configuration Roadmap
The configuration roadmap is as follows:
1.
2.
3.
4.
Generate the local key pair on STelnet client and SSH server respectively. The SSH
server monitors the port number.
5.
Generate the local key pair on the client and SSH server respectively.
6.
Generate the RSA public key on SSH server and bind the RSA public key of the SSH
client to ssh2@ssh.com.
7.
8.
9.
Users ssh1@ssh.com and ssh2@ssh.com log in to the SSH server through STelnet and
SFTP respectively.
Data Preparation
To complete the configuration, you need the following data:
z
Configure the password authentications for the two SSH users respectively.
RADIUS authentication
Issue 04 (2009-12-20)
9-49
Quidway NetEngine80
Configuration Guide - Basic Configurations
Configuration Procedure
Step 1 Generate a local key pair on the SSH server.
<Quidway> system-view
[Quidway] rsa local-key-pair create
The key name will be: Quidway_Host
The range of public key size is (512 ~ 2048).
NOTES: If the key modulus is greater than 512,
It will take a few minutes.
Input the bits in the modulus[default = 512]:
Generating keys...
.......++++++++++++
..........++++++++++++
...................................++++++++s
9-50
Issue 04 (2009-12-20)
Quidway NetEngine80
Configuration Guide - Basic Configurations
=====================================================
Key code:
3067
0260
BCFAC085 49A2E70E 1284F901 937D7B63 D7A077AB
D2797280 4BCA86C0 4CD18B70 5DFAC9D3 9A3F3E74
9B2AF4CB 69FA6483 E87DA590 7B47721A 16391E27
1C76ABAB 743C568B 1B35EC7A 8572A096 BCA9DF0E
BC89D3DB 5A83698C 9063DB39 A279DD89
0203
010001
[client]
# Send the RSA public key generated on the client software to the server.
[Quidway] rsa peer-public-key RsaKey001
Enter "RSA public key" view, return system view with "peer-public-key end".
[Quidway-rsa-public-key] public-key-code begin
Enter "RSA key code" view, return last view with "public-key-code end".
[Quidway-rsa-key-code] 3047
[Quidway-rsa-key-code] 0240
[Quidway-rsa-key-code] BFF35E4B C61BD786 F907B5DE 7D6770C3 E5FD17AB
[Quidway-rsa-key-code] 203C8FCB BBC8FDF2 F7CB674E 519E8419 0F6B97A8
[Quidway-rsa-key-code] EA91FC4B B9E18836 5E74BFD5 4C687767 A89C6B43
[Quidway-rsa-key-code] 1D7E3E1B
[Quidway-rsa-key-code] 0203
[Quidway-rsa-key-code] 010001
[Quidway-rsa-key-code] public-key-code end
[Quidway-rsa-public-key] peer-public-key end
# Create SSH users with their name ssh1@ssh.com and ssh2@ssh.com on the SSH server.
[Quidway] ssh user ssh1@ssh.com
[Quidway] ssh user ssh1@ssh.com authentication-type password
[Quidway] ssh user ssh1@ssh.com service-type stelnet
[Quidway] ssh user ssh2@ssh.com
[Quidway] ssh user ssh2@ssh.com authentication-type password
[Quidway] ssh user ssh2@ssh.com service-type sftp
[Quidway] ssh user ssh2@ssh.com sftp-directory cfcard:
Issue 04 (2009-12-20)
9-51
Quidway NetEngine80
Configuration Guide - Basic Configurations
# For the first login, you need to enable the first authentication on SSH client.
[client] ssh client first-time enable
[client] quit
# Connect the STelnet client to the SSH server in the RADIUS authentication.
<client> system-view
[client] stelnet 10.164.39.222
Please input the username: ssh@ssh.com
Trying 10.164.39.222 ...
Press CTRL+K to abort
Connected to 10.164.39.222 ...
The server is not authenticated. Do you continue to access it?(Y/N):y
Do you want to save the server's public key?(Y/N):y
The server's public key will be saved with the name: 10.164.39.222. Please wait...
Enter password:
9-52
Issue 04 (2009-12-20)
Quidway NetEngine80
Configuration Guide - Basic Configurations
*
***********************************************************
Note: The max number of VTY users is 10, and the current number
of VTY users on line is 2.
<Quidway>
# Connect the SFTP client to the SSH server in the RADIUS authentication.
<client> system-view
[client] sftp 10.164.39.222
Please input the username: ssh@ssh.com
Trying 10.164.39.222 ...
Press CTRL+K to abort
Connected to 10.164.39.222 ...
Enter password:
sftp-client>
: ssh
Protocol-version
: standard
Traffic-unit
: B
Shared-secret-key
: huawei
Timeout-interval(in second)
: 5
Primary-authentication-server
: 10.164.16.49:1812:LoopBack-1
Primary-accounting-server
: 0.0.0.0:0:LoopBack0
Secondary-authentication-server : 0.0.0.0:0:LoopBack0
Secondary-accounting-server
: 0.0.0.0:0:LoopBack0
Retransmission
: 3
Domain-included
: YES
-------------------------------------------------------------------
: VTY 0
Version
: 2.0
State
: started
Username
: ssh1@ssh.com
Retry
: 1
CTOS Cipher
Issue 04 (2009-12-20)
: aes128-cbc
9-53
Quidway NetEngine80
Configuration Guide - Basic Configurations
: aes128-cbc
CTOS Hmac
: hmac-sha1-96
STOC Hmac
Kex
: hmac-sha1-96
: diffie-hellman-group1-sha1
Service Type
: stelnet
: VTY 1
Version
: 2.0
State
: started
Username
: ssh2@ssh.com
Retry
: 1
CTOS Cipher
: aes128-cbc
STOC Cipher
: aes128-cbc
CTOS Hmac
: hmac-sha1-96
STOC Hmac
Kex
: hmac-sha1-96
: diffie-hellman-group1-sha1
Service Type
: sftp
----End
Configuration Files
#
sysname Quidway
#
radius-server template ssh
radius-server authentication 10.164.16.49 1812
#
rsa peer-public-key rsakey001
public-key-code begin
3047
0240
C4989BF0 416DA8F2 2675910D 7F2997E8 5573A35D 0163FD4A FAC39A6E 0F45F325
A4E3AA1D 54692B04 C6A28D3D C58DE2E8 E0D58D65 7A25CF92 A74D21F9 E917182B
0203
010001
public-key-code end
peer-public-key end
#
aaa
authentication-scheme test
authentication-mode radius
#
domain ssh.com
authentication-scheme test
radius-server ssh
#
#
sftp server enable
stelnet server enable
ssh user ssh1@ssh.com
ssh user ssh2@ssh.com
ssh user ssh1@ssh.com authentication-type password
9-54
Issue 04 (2009-12-20)
Quidway NetEngine80
Configuration Guide - Basic Configurations
Issue 04 (2009-12-20)
9-55
Quidway NetEngine80
Configuration Guide - Basic Configurations
Contents
Contents
10 Router Maintenance ..............................................................................................................10-1
10.1 Introduction ...............................................................................................................................................10-2
10.1.1 Online Upgrade introduction ...........................................................................................................10-2
10.1.2 Device Operation Management........................................................................................................10-2
10.1.3 Electronic Label ...............................................................................................................................10-2
10.2 Upgrading the Board .................................................................................................................................10-2
10.2.1 Establishing the Configuration Task ................................................................................................10-3
10.2.2 Downloading the Board Software....................................................................................................10-3
10.2.3 Online Loading the Board Software ................................................................................................10-4
10.2.4 Upgrading the Stratum 3 Clock Board.............................................................................................10-4
10.2.5 Resetting the Board..........................................................................................................................10-4
10.2.6 Checking the Configuration .............................................................................................................10-4
10.3 Managing the Device Operation................................................................................................................10-5
10.3.1 Setting the Temperature Warning Threshold Upgrading the Board .................................................10-5
10.3.2 Disabling or Re-enabling the DASL Port of the LPU ......................................................................10-5
10.3.3 Resetting the Device and Switching over the Channel ....................................................................10-6
10.3.4 Displaying the Device Information..................................................................................................10-6
10.4 Configuring the Electronic Labelelectronic ..............................................................................................10-7
10.4.1 Establishing the Configuration Task ................................................................................................10-7
10.4.2 Querying the Electronic Label .........................................................................................................10-7
10.4.3 Backing Up the Electronic Label .....................................................................................................10-7
10.5 Configuring a Cleaning Cycle for the Air Filter........................................................................................10-8
10.5.1 Establishing the Configuration Task ................................................................................................10-8
10.5.2 Configuring a Checking of the Air Filter based on the Device Temperature ...................................10-8
10.5.3 Configuring a Cleaning Cycle for the Air Filter...............................................................................10-9
10.5.4 Remonitoring the Cleaning Cycle of the Air Filter..........................................................................10-9
10.5.5 Checking the Configuration .............................................................................................................10-9
Issue 04 (2009-12-20)
Quidway NetEngine80
Configuration Guide - Basic Configurations
10 Router Maintenance
10
Router Maintenance
Describes
10.1 Introduction
Issue 04 (2009-12-20)
10-1
Quidway NetEngine80
Configuration Guide - Basic Configurations
10 Router Maintenance
10.1 Introduction
This section describes what you need to learn before maintaining the system, including:
z
Online Upgrade
Electronic Label
10-2
Issue 04 (2009-12-20)
Quidway NetEngine80
Configuration Guide - Basic Configurations
10 Router Maintenance
To ensure the normal running of the router, upgrade the board software with caution. Upgrade
the software under the guidance of the technical support personnel from Huawei. For detailed
upgrade procedure, refer to the router release notes.
Preconfigured Tasks
Before upgrading the board software, complete the following tasks:
z
Data Preparations
To upgrade the board software, you need the following data.
No.
Data
Configuration Procedures
No.
Procedure
Issue 04 (2009-12-20)
10-3
Quidway NetEngine80
Configuration Guide - Basic Configurations
10 Router Maintenance
The preceding operation is performed for the upgrade of extended BootROM program. To upgrade the
small system or basic BootROM program, the BootROM chip need be changed.
You can use this command to reset boards including the LPU and the MPU by specifying the
slot number.
10-4
Action
Command
display version
display device
Issue 04 (2009-12-20)
Quidway NetEngine80
Configuration Guide - Basic Configurations
10 Router Maintenance
Issue 04 (2009-12-20)
10-5
Quidway NetEngine80
Configuration Guide - Basic Configurations
10 Router Maintenance
Command
display environment
10-6
Issue 04 (2009-12-20)
Quidway NetEngine80
Configuration Guide - Basic Configurations
10 Router Maintenance
Pre-configuration Tasks
None.
Data Preparation
None.
Configuration Procedures
No.
Procedure
Issue 04 (2009-12-20)
10-7
Quidway NetEngine80
Configuration Guide - Basic Configurations
10 Router Maintenance
If the electronic label should be backed up to a specified FTP server, run the backup elabel ftp host
filename username password [ slot-id ] command.
Preconfigured Tasks
None.
Data Preparations
To configure a cleaning cycle for the air filter, you need the following data.
No.
Data
Configuration Procedures
No.
Procedure
10-8
Issue 04 (2009-12-20)
Quidway NetEngine80
Configuration Guide - Basic Configurations
10 Router Maintenance
The checking of the air filter based on the device temperature is configured.
By default, the checking of the air filter based on the device temperature is enabled.
----End
----End
Command
display dustproof
Issue 04 (2009-12-20)
: 2009/02/07
10-9
Quidway NetEngine80
Configuration Guide - Basic Configurations
10 Router Maintenance
Up to last clean days
: 1(day)
10-10
Issue 04 (2009-12-20)
Quidway NetEngine80
Configuration Guide - Basic Configurations
Contents
Contents
11 System Software Upgrade ....................................................................................................11-1
11.1 Introduction ............................................................................................................................................... 11-2
11.1.1 System Software Upgrade................................................................................................................ 11-2
11.1.2 License ............................................................................................................................................. 11-2
11.2 Uploading the System Software and License Files ................................................................................... 11-3
11.2.1 Establishing the Configuration Task ................................................................................................ 11-3
11.2.2 Uploading the System Software and License to the Master MPU ................................................... 11-3
11.2.3 Copying the System Software and License to the Slave MPU......................................................... 11-4
11.2.4 Checking the Configuration ............................................................................................................. 11-4
11.3 Specifying the System Software for the Next Startup of the Router ......................................................... 11-5
11.3.1 Establishing the Configuration Task ................................................................................................ 11-5
11.3.2 Specifying the System Software for the Next Startup...................................................................... 11-5
11.3.3 (Optional) Configuring PAF Files .................................................................................................... 11-6
11.3.4 (Optional) Configuring Patch Packages ........................................................................................... 11-6
11.3.5 Checking the Configuration ............................................................................................................. 11-7
Issue 04 (2009-12-20)
Quidway NetEngine80
Configuration Guide - Basic Configurations
11
Description
11.1 Introduction
Issue 04 (2009-12-20)
11-1
Quidway NetEngine80
Configuration Guide - Basic Configurations
11.1 Introduction
This section covers the following topics that you need to know before upgrading the system
software:
z
License
When upgrading the system software, you must upgrade the license that is integrated with
the system software.
Upgrade the system software and license under the guidance of technical support
engineers.
When certain features are required on the current router, you can realize the addition through
upgrading the system software.
Before upgrading the system software, you need to obtain the system software and license
from Huawei.
The license contains two files: paf.txt and license.txt. The license file should be placed at
the root directory of the Flash, and the system file should be placed at the hardware disk.
After the upgrade is complete, do not delete the previous system software. When the upgrade
fails, the system software can restore to the previous version.
11.1.2 License
The license can be used to control the availability of some product features on a dynamic
basis. For example if the license file indicates that a particular feature is available, you can see
all related commands and functions after the system is started. If a feature is specified as
unavailable in the license file, related commands and interfaces are not displayed.
At the same time, the license mechanism controls the maximum resources that users can use,
such as the number of routes, LSPs, CR-LSPs and VPN instances.
In general, the price of a product is in direct proportion to its features and functions. The
license mechanism can flexibly add or reduce features as required to protect and save the
investment of users.
Suppose a user does not want certain features or functions at the beginning. These features
can be disabled through the license file. When the features are required later, the user can buy
the license of these features to enable them. This does not affect the current features or
functions. Therefore, users can flexibly decide the required features according to the service
demands without making great investment at the time of purchase.
11-2
Issue 04 (2009-12-20)
Quidway NetEngine80
Configuration Guide - Basic Configurations
The license files should be placed at the root directory of the Flash Memory of the master and
slave MPUs.
When the existing system software of a router does not meet the existing requirements, you
need to upgrade the system software.
Pre-configuration Tasks
Before uploading the system software and license, complete the following tasks:
z
Data Preparation
To upload the system software and license, you need the following data:
z
Configuration Procedures
No.
Procedure
Issue 04 (2009-12-20)
11-3
Quidway NetEngine80
Configuration Guide - Basic Configurations
The system license is copied to the Flash Memory of the slave MPU.
Step 2 Run:
copy source-filename slave#hd:/destination-filename
If you need to copy multiple files to the Flash Memory of the slave MPU, repeat the preceding steps.
Command
dir flash:
dir :
dir flash:
dir slave#:
After uploading the files, run the preceding commands and you can view the information of the
uploaded files. For example, check the file information on the Flash Memory of the master MPU.
<Quidway> dir flash
Directory of flash:/
0
drw-
-rw-
-rw-
-rw-
-rw-
-rw-
log
private-data.txt
vrpcfg.zip
paf.txt
license.txt
NE.bin
11-4
Issue 04 (2009-12-20)
Quidway NetEngine80
Configuration Guide - Basic Configurations
Specify the same system software to the master and slave MPUs. Otherwise, the system is
broken down.
After the files are uploaded, you need to specify the system to use the newly loaded system
software when the router is restarted next time. It is recommended to use the absolute paths to
specify system software of the same version to the master and slave MPUs.
After the system software is specified, the system uploads the software at the specified path
when the router is restarted next time.
Pre-configuration Tasks
None.
Data Preparation
Before specifying the system software for the next startup of the router, you need to prepare
the absolute path of the system software.
Configuration Procedures
No.
Procedure
The system software is specified for starting the master MPU the next time.
Issue 04 (2009-12-20)
11-5
Quidway NetEngine80
Configuration Guide - Basic Configurations
Step 2 Run:
startup system-software file-name slave-board
The system software is specified for starting the slave MPU the next time.
----End
The PAF file is specified for the main MPU after the next startup.
Step 2 Run:
startup paf file-name slave-board
The PAF file is specified for the slave MPU after the next startup.
Step 3 Run:
startup license file-name
The License file is specified for the main MPU after the next startup.
Step 4 Run:
startup license file-name slave-board
The License file is specified for the slave MPU after the next startup.
----End
Specify the patch files for the main MPU after next startup.
Step 2 Run:
startup patch file-name slave-board
Specify the patch files for the slave MPU after next startup.
Step 3 Run:
patch-state run { all | slot slot-id }
11-6
Issue 04 (2009-12-20)
Quidway NetEngine80
Configuration Guide - Basic Configurations
The patch status of the board after the next startup is specified as Run.
----End
Command
display startup
Running the display startup command, you can learn that the system software in the next
startup of the router is the system software specified in the upgrading operation. The system
software is the same for the master and slave MPU s.
<Quidway> display startup
MainBoard:
Configed startup system software:
hd:/V300R005C01B323SPC001.bin
hd:/V300R005C01B323SPC001.bin
hd:/V300R005C01B323SPC001.bin
flash:/vrpcfg.zip
flash:/vrpcfg.zip
flash:/paf_v300r005c01.txt
flash:/paf_v300r005c01.txt
flash:/license_v300r005c01.txt
flash:/license_v300r005c01.txt
NULL
NULL
SlaveBoard:
Configed startup system software:
hd:/V300R005C01B323SPC001.bin
hd:/V300R005C01B323SPC001.bin
hd:/V300R005C01B323SPC001.bin
flash:/vrpcfg.zip
flash:/vrpcfg.zip
flash:/paf_v300r005c01.txt
flash:/paf_v300r005c01.txt
flash:/license_v300r005c01.txt
flash:/license_v300r005c01.txt
NULL
NULL
Issue 04 (2009-12-20)
11-7
Quidway NetEngine80
Configuration Guide - Basic Configurations
Contents
Contents
12 Patch Management.................................................................................................................12-1
12.1 Introduction ...............................................................................................................................................12-2
12.2 Checking the Running of Patch in the System ..........................................................................................12-3
12.2.1 Establishing the Configuration Task ................................................................................................12-3
12.2.2 Checking the Running of Patch on the MPU ...................................................................................12-4
12.2.3 Checking the Running of Patch on the LPU ....................................................................................12-5
12.3 Loading a Patch.........................................................................................................................................12-5
12.3.1 Establishing the Configuration Task ................................................................................................12-5
12.3.2 Uploading a Patch to the Root Directory of the Master MPU .........................................................12-6
12.3.3 Copying a Patch to the Root Directory of the Slave MPU...............................................................12-6
12.4 Installing a Patch on the MPU...................................................................................................................12-7
12.4.1 Establishing the Configuration Task ................................................................................................12-7
12.4.2 Uploading the MPU Patch ...............................................................................................................12-7
12.4.3 Activating the MPU Patch................................................................................................................12-8
12.4.4 Running the MPU Patch ..................................................................................................................12-8
12.5 Stop Running the MPU Patch ...................................................................................................................12-9
12.5.1 Establishing the Configuration Task ................................................................................................12-9
12.5.2 Deactivating the MPU Patch............................................................................................................12-9
12.6 Unloading the MPU Patch.......................................................................................................................12-10
12.6.1 Establishing the Configuration Task ..............................................................................................12-10
12.6.2 Deleting the MPU Patch ................................................................................................................12-10
12.7 Installing a Patch on the LPU.................................................................................................................. 12-11
12.7.1 Establishing the Configuration Task .............................................................................................. 12-11
12.7.2 Uploading the LPU Patch .............................................................................................................. 12-11
12.7.3 Activating the LPU Patch...............................................................................................................12-12
12.7.4 Running the LPU Patch..................................................................................................................12-12
12.8 Stop Running the LPU Patch...................................................................................................................12-13
12.8.1 Establishing the Configuration Task ..............................................................................................12-13
12.8.2 Deactivating the LPU Patch...........................................................................................................12-13
12.9 Unloading the LPU Patch........................................................................................................................12-13
12.9.1 Establishing the Configuration Task ..............................................................................................12-13
12.9.2 Deleting the LPU Patch..................................................................................................................12-14
Issue 04 (2009-12-20)
Quidway NetEngine80
Configuration Guide - Basic Configurations
Figures
Figures
Figure 12-1 Conversion between the statuses of a patch..................................................................................12-2
Issue 04 (2009-12-20)
iii
Quidway NetEngine80
Configuration Guide - Basic Configurations
12 Patch Management
12
Patch Management
Description
12.1 Introduction
Issue 04 (2009-12-20)
12-1
Quidway NetEngine80
Configuration Guide - Basic Configurations
12 Patch Management
12.1 Introduction
After the patch runs successfully, a "patchstate.dat" file is created at the root directory of the
Flash Memory. Do not delete the file; otherwise, the patch remains invalid after restart.
The service of carriers features long-term operation and non-interruption. The upgrade and
maintenance of the router can be realized through installing patches. This does not break the
operation of the router.
Based on the type of boards, the patch is classified as:
z
Before running a patch, obtain the correct patch files based on the type of boards.
At the same time, the system allows the running of only one MPU patch and one LPU patch.
As a result, you need to confirm no patch is running in the current system before installing a
patch. If a patch runs in the system, delete the patch before installing the new patch.
The NE80 provides the patch function, and you can use the patch program released by
Huawei to upgrade the system software.
Patch Status
A patch program has three statuses: activated, deactivated and running. Figure 12-1 shows the
conversion between the three statuses.
Figure 12-1 Conversion between the statuses of a patch
Load patch
No patch
Deactivated
Delete patch
Deactive patch
Delete patch
Active patch
Delete patch
Running
Run patch
Activated
12-2
Issue 04 (2009-12-20)
Quidway NetEngine80
Configuration Guide - Basic Configurations
z
Loading a patch
Running a patch
12 Patch Management
If the current patch status changes, the system saves the changed patch status in the
current patch status file and. next startup patch status file. If the patch status after the
next startup is not set, the patch status is the same with current patch status.
If the patch status after the next startup is set, the system saves the patch status after the
next startup in the patch status file.
You can run the display patch-information configure-file command to view information
about the patch in the patch status file.
The patch status file is used only to restore the patch status on the board after the next startup. Viewing
the current patch status file does not mean viewing the current patch status. For example, in the patch
status file, the patch status of a board is Active. After the next startup, the patch status of the board turns
to Deactive; however, the patch status on this board in the patch status file is still Active.
Pre-configuration Tasks
Before checking the running of patch in the system, complete the following tasks:
z
Data Preparation
None.
Issue 04 (2009-12-20)
12-3
Quidway NetEngine80
Configuration Guide - Basic Configurations
12 Patch Management
Configuration Procedures
No.
Procedure
: hd:/v300r005c01sph007.pat
: 1
: 1 - 1
: no patch
: no patch
: 1
: 1 - 1
: no patch
: no patch
: 1
: 1 - 1
: no patch
: no patch
The value of the bolded part in the preceding output is 0. This indicates that no patch runs in
the current system.
12-4
Issue 04 (2009-12-20)
Quidway NetEngine80
Configuration Guide - Basic Configurations
12 Patch Management
If there are patches running, you must unload them before loading new patches. For details on the
operation, see:Uploading the MPU Patch.
Before installing a patch on the LPU, check that no patch runs on all LPUs. Repeat the preceding
command to check all LPUs.
Before installing a patch on the LPU, you need to check the running of patch on all LPUs. For
example:
<Quidway> display patch-information history slot 3
Current patch state:
--------------------------------------------------------------------------Type Slot
ID
State
From
To
--------------------------------------------------------------------------C
1-200
NP
idle
idle
--------------------------------------------------------------------------Patch history:
--------------------------------------------------------------------------Type Slot
ID
State
From
To
12-5
Quidway NetEngine80
Configuration Guide - Basic Configurations
12 Patch Management
The three methods to upload a patch are FTP, TFTP and XModem.
Pre-configuration Tasks
Before loading a patch, complete the following tasks:
z
Data Preparation
Before running a patch, you need to obtain a patch that is consistent with the board.
Configuration Procedures
No.
Procedure
The patch is copied to the root directory of the Flash Memory of the slave MPU.
----End
If you need to copy multiple files to the Flash Memory of the slave MPU, repeat the preceding step.
12-6
Issue 04 (2009-12-20)
Quidway NetEngine80
Configuration Guide - Basic Configurations
12 Patch Management
Pre-configuration Tasks
Before installing a patch on the MPU, upload the patch to the root directory of the Flash
Memory of the master and slave MPUs.
Data Preparation
None.
Configuration Procedures
No.
Procedure
Issue 04 (2009-12-20)
12-7
Quidway NetEngine80
Configuration Guide - Basic Configurations
12 Patch Management
When a patch is uploaded, the system checks that the patch version is the same as the system version.
If the two versions are not the same, the system prompts that the patch uploading fails.
The patch load file-name all run command allows you to load and run all the patches in the patch
package on the corresponding boards, including the main control board, the slave control board, and
all the interface boards. The patch turns to the Run state after being loaded. This operation takes
effect on all the boards.
A patch can be activated only when it is correctly uploaded and is in the deactivated state. When a patch
is activated, it becomes valid immediately. After the board is reset, however, the patch does not remain
valid.
After a patch is activated, you need to judge that the patch has achieved the expected effect. If
the patch does not become valid, you need to stop running the patch. If the patch becomes
valid, you need to run the patch.
12-8
Issue 04 (2009-12-20)
Quidway NetEngine80
Configuration Guide - Basic Configurations
12 Patch Management
Step 3 Run:
patch run slave
Pre-configuration Tasks
None.
Data Preparation
None.
Configuration Procedures
No.
Procedure
12-9
Quidway NetEngine80
Configuration Guide - Basic Configurations
12 Patch Management
patch deactive
Pre-configuration Tasks
None.
Data Preparation
None.
Configuration Procedures
No.
Procedure
12-10
Issue 04 (2009-12-20)
Quidway NetEngine80
Configuration Guide - Basic Configurations
12 Patch Management
Pre-configuration Tasks
Before installing a patch on the LPU, upload the patch to the root directory of the of the
master and slave MPU s.
Data Preparation
None.
Configuration Procedures
No.
Procedure
Issue 04 (2009-12-20)
12-11
Quidway NetEngine80
Configuration Guide - Basic Configurations
12 Patch Management
When a patch is uploaded, the system checks that the patch version is the same as the system version. If
the two versions are not the same, the system prompts that the patch uploading fails.
A patch can be activated only when it is correctly uploaded and is in the deactivated state. When a patch
is activated, it becomes valid immediately. After the board is reset, however, the patch does not remain
valid.
After a patch is activated, you need to judge that the patch has achieved the expected effect. If
the patch does not become valid, you need to stop running the patch. If the patch becomes
valid, you need to run the patch.
12-12
Issue 04 (2009-12-20)
Quidway NetEngine80
Configuration Guide - Basic Configurations
12 Patch Management
Pre-configuration Tasks
None.
Data Preparation
None.
Configuration Procedures
No.
Procedure
Issue 04 (2009-12-20)
12-13
Quidway NetEngine80
Configuration Guide - Basic Configurations
12 Patch Management
Pre-configuration Tasks
None.
Data Preparation
None.
Configuration Procedures
No.
Procedure
12-14
Issue 04 (2009-12-20)
Quidway NetEngine80
Configuration Guide - Basic Configurations
Contents
Contents
A Glossary .................................................................................................................................... A-1
B Acronyms and Abbreviations ................................................................................................B-1
Issue 04 (2009-12-20)
Quidway NetEngine80
Configuration Guide - Basic Configurations
A Glossary
Glossary
A
Accounting
A network security service that records the user's access to the network.
Agent
A process that resides in all managed devices. It receives request packets from
the NM Station and performs the Read or Write operation on managed
variables according to packet types and generates response packets and sends
them to the NM Station.
AH
ASSP
ATM
Authentication
Authorization
B
Backup center
A mechanism in which the interface on a device backs up each other and traces
the status of the interface. If an interface is Down, the backup center provides a
backup interface to undertake the service.
BFD
Black list
A filtering mode that is used to filter the packet according to the source IP
address. Compared with the ACL, the black list can filter the packet at a high
speed because its matching region is simple. It can shield the packet from the
specified IP address.
Issue 04 (2009-12-20)
A-1
A Glossary
Quidway NetEngine80
Configuration Guide - Basic Configurations
C
CLI
Command Line Interface. An interface that allows the user to interact with the
operating system. Users can configure and manage the NE80 by entering
commands through the CLI.
Congestion avoidance
Congestion management
The priority of the system command that is divided into 4 levels. Users of a
level can run the command only of the same or lower level.
E
Ethernet
Ethernet_II
Ethernet_SNAP
F
FIFO
First In First Out. A queuing scheme in which the first data into the network is
also the fist data out of the network.
File system
A way in which files and directories in the storage devices are managed, such
as creating a file system, creating, deleting, modifying and renaming a file or
directory or displaying the contents of the file.
FTP
File Transfer Protocol. An application protocol in the TCP/IP stack, used for
transferring files between remote hosts. FTP is implemented based on the file
system.
H
HGMPv2
A-2
Issue 04 (2009-12-20)
Quidway NetEngine80
Configuration Guide - Basic Configurations
A Glossary
Information center
The information hinge in the MA5200G that can classify and filter the output
information.
Interface mirroring
A method of copying the packet of the mirrored interface to the other mirroring
interfaces to forward the packet.
IP negotiated
An attribute of the interface. When the user accesses the Internet through the
ISP, the IP address is usually allocated by the peer server. The PPP packet must
be encapsulated and the IP address negotiated attribute must be configured on
the interface so that the local interface accepts the IP address allocated by the
peer end through the PPP negotiation.
IP unnumbered
ISIS-TE
L
LAN interface
Local Area Network interface. Often an Ethernet interface through which the
router can exchange data with the network device in a LAN.
License
Logical interface
A configured interface that can exchange data but does not exist physically. A
logical interface can be a sub-interface, virtual-template interface, virtual
Ethernet interface, Loopback interface, Null interface and Tunnel interface.
M
MIB
Modem
Multicast
N
NDP
NMS
Network Management System. A system that sends various query packets and
receives the response packet and trap packet form the managed devices and
displays all the information.
NTDP
A protocol that is used to collect the information of the adjacency and the
backup switch of each device in the network.
Issue 04 (2009-12-20)
A-3
A Glossary
NTP
Quidway NetEngine80
Configuration Guide - Basic Configurations
O
OSPF-TE
P
Policy-based routing
R
Regular expression
When a lot of information is output, you can filter the unnecessary contents out
with regular expressions and display the necessary contents.
RMON
Router
A device on the network layer that selects routes in the network. The router
selects the optimal route according to the destination address of the received
packet through a network and forwards the packet to the next router. The last
router is responsible for sending the packet to the destination host.
RRPP
Rapid Ring Protection Protocol. A protocol that is applied on the data link
layer. When the Ethernet ring is complete, it can prevent the broadcast storm
caused by the data loop. When a link is disconnected on an Ethernet ring, it can
rapidly restore the communication link between the nodes on the ring network.
RSVP-TE
S
Service tracing
SSH
Static ARP
System environment
Basic parameters for running the MA5200G such as host name, language mode
and system time. After configuration, the system environment can meet the
requirements of the actual environment.
A-4
Issue 04 (2009-12-20)
Quidway NetEngine80
Configuration Guide - Basic Configurations
A Glossary
T
Telnet
Terminal
A device that is connected with other devices through the serial port. The
keyboard and the display have no disk drives.
Traffic policing
A process used to measure the actual traffic flow across a given connection and
compare it to the total admissible traffic flow for that connection. When the
traffic exceeds the agreed upon flow, some restrictions or penalties are taken to
protect the benefit and the network resource of the operator.
Traffic shaping
A flow control measure to shape the flow rate. It is often used to control the
flow in regular amounts to ensure that the traffic fits within the traffic for the
downstream router and avoids unnecessary discard and congestion.
Tunnel
Secure communication path between two peers in the VPN that protect the
internal information of the VPN from the interruption.
V
VPLS
VPN
VRP
VRRP
VTY
Virtual type terminal. A terminal line that is used to access a router through
Telnet.
W
WAN interface
X
X.25
A protocol applied on the data link layer that defines how connections between
DTE and DCE are maintained for remote terminal access and computer
communications in PDNs.
XModem
Issue 04 (2009-12-20)
A-5
A Glossary
XOT
A-6
Quidway NetEngine80
Configuration Guide - Basic Configurations
X.25 over TCP. A protocol that implements the interconnection between two
X.25 networks through the TCP packet bearing X.25 frames.
Issue 04 (2009-12-20)
Quidway NetEngine80
Configuration Guide - Basic Configurations
Numerics
A
AAA
ACL
ARP
ASPF
ATM
AUX
Auxiliary port
B
BGP
C
CBQ
Class-based Queue
CHAP
CQ
Custom Queuing
CR-LDP
D
DHCP
DNS
Issue 04 (2009-12-20)
B-1
Quidway NetEngine80
Configuration Guide - Basic Configurations
E
ESP
F
FR
Frame Relay
G
GRE
H
HDLC
I
IETF
IKE
IPSec
IP Security
IS-IS
ITU-T
L
L2TP
LAPB
LDP
M
MAC
MBGP
MFR
MP
MultiLink PPP
MPLS
MSDP
B-2
Issue 04 (2009-12-20)
Quidway NetEngine80
Configuration Guide - Basic Configurations
MTU
N
NAT
NAT-PT
O
OAM
OSPF
P
PAP
PE
Provider Edge
Ping
PPP
Point-to-Point Protocol
PPPoA
PPPoE
PPPoEoA
PPPoE on AAL5
PQ
Priority Queuing
Q
QoS
Quality of Service
R
RADIUS
RIP
RPR
RSVP
T
TE
Traffic Engineering
TCP
TFTP
Issue 04 (2009-12-20)
B-3
Quidway NetEngine80
Configuration Guide - Basic Configurations
V
VLAN
VPLS
VPN
VRP
VRRP
W
WAN
WFQ
WRED
X
XOT
B-4
Issue 04 (2009-12-20)
Quidway NetEngine80
Configuration Guide - Basic Configurations
Contents
Contents
Index ................................................................................................................................................ i-1
Issue 04 (2009-12-20)
Quidway NetEngine80
Configuration Guide - Basic Configurations
Index
Index
B
basic configuration
command privilege level, 4-4
super password, 4-6
system status, 4-7
user level, 4-7
hot keys
classification, 3-11
use, 3-13
C
command line
characteristics, 3-2
command level, 3-2
displaying, 3-8
editing, 3-7
error message, 3-7
history command, 3-10
on-line help, 3-6
views, 3-3
configuration file
overview, 7-2
configuring authentication mode, 5-24
configuring command privilege level, 4-4
configuring FTP, 8-3
configuring telnet terminal services, 9-7
configuring TFTP, 8-14
configuring Xmodem, 8-17
D
device management
setting the temperature threshold, 10-5
displaying system status, 4-7
F
File System
overview, 6-2
FTP
configuration, 8-3
example, 8-18
overview, 8-2
Issue 04 (2009-12-20)
maintenance
electronic label, 10-2
introduction, 10-2
online device management, 10-2
online upgrade, 10-2
maintenance
configure electronic elabel, 10-7
mantainence
electronic label backup, 10-7
P
patch management
checking, 12-3
install, 12-7
introduction, 12-2
stop running, 12-9
unloading, 12-10
product overview
characteristics, 1-5
features list, 1-8
hardware architecture, 1-2
software architecture, 1-3
R
regular expression
begin, 3-10
exclude, 3-10
include, 3-10
S
setting terminal attributes, 5-7
SSH
overview, 9-4
i-1
Quidway NetEngine80
Configuration Guide - Basic Configurations
Index
system software
license, 11-2
upgrade, 11-3
system software upgrade, 11-2
T
Telnet
configuration, 9-7
overview, 9-2
TFTP
configuration, 8-14
example, 8-24
overview, 8-2
U
upgrading
the board, 10-3
user-interface
configuration, 5-5
numbering, 5-2
terminal attribute, 5-7
user-management
configuration, 5-16, 5-23
X
XModem
configuration, 8-17
example, 8-26
overview, 8-2
i.
i-2
Issue 04 (2009-12-20)