Huawei Quidway NetEngine 20 series Page 189 Configuration Manual Download

Page: 189 / 237

9 Telnet and SSH

Quidway NetEngine20/20E

Configuration Guide - Basic Configurations

9-40

Huawei Proprietary and Confidential

Issue 05 (2010-01-30)

010001

[client]

# Send the RSA public key generated on the client software to the server.

[Quidway]

rsa peer-public-key RsaKey001

Enter "RSA public key" view, return system view with "peer-public-key end".

[Quidway-rsa-public-key]

public-key-code begin

Enter "RSA key code" view, return last view with "public-key-code end".

[Quidway-rsa-key-code]

3047

[Quidway-rsa-key-code]

0240

[Quidway-rsa-key-code]

BFF35E4B C61BD786 F907B5DE 7D6770C3 E5FD17AB

[Quidway-rsa-key-code]

203C8FCB BBC8FDF2 F7CB674E 519E8419 0F6B97A8

[Quidway-rsa-key-code]

EA91FC4B B9E18836 5E74BFD5 4C687767 A89C6B43

[Quidway-rsa-key-code]

1D7E3E1B

[Quidway-rsa-key-code]

0203

[Quidway-rsa-key-code]

010001

[Quidway-rsa-key-code]

public-key-code end

[Quidway-rsa-public-key]

peer-public-key end

Step 6

Create an SSH user on the server.

The SSH client can be authenticated in four modes: password, RSA, password-RSA, and all.

If the password and password-RSA authentication is used, configure a local user of the same user
name.

If the RSA, password-RSA, and all authentication is used, the server must save the RSA public key
of the SSH client.

# Configure the VTY user interface.

[Quidway]

user-interface vty 0 4

[Quidway-ui-vty0-4]

authentication-mode aaa

[Quidway-ui-vty0-4]

protocol inbound ssh

[Quidway-ui-vty0-4]

quit

Create an SSH user Client001.

# Configure the password authentication for the SSH user Client001.

[Quidway]

ssh user client001

[Quidway]

ssh user client001 authentication-type password

# Set the password of the SSH user Client001 to huawei.

[Quidway]

aaa

[Quidway-aaa]

local-user client001 password simple huawei

[Quidway-aaa]

local-user client001 service-type ssh

[Quidway-aaa]

quit

# Set the service type of Client001 to STelnet.

[Quidway]

ssh user client001 service-type stelnet

Create an SSH user Client002 set the authentication mode to RSA, and bind Client002 to
the RSA public key of the SSH client.

[Quidway]

ssh user client002

[Quidway]

ssh user client002 authentication-type rsa

[Quidway]

ssh user client002 assign rsa-key RsaKey001

Summary of Contents for Quidway NetEngine 20 series

Page 1: ...wei Proprietary and Confidential Copyright Huawei Technologies Co Ltd Quidway NetEngine20 20E Series Routers V200R005 Configuration Guide Basic Configurations Issue 05 Date 2010 01 30 Part Number 31501234 ...

Page 2: ... reserved No part of this document may be reproduced or transmitted in any form or by any means without prior written consent of Huawei Technologies Co Ltd Trademarks and Permissions and other Huawei trademarks are trademarks of Huawei Technologies Co Ltd All other trademarks and trade names mentioned in this document are the property of their respective holders Notice The information in this docu...

Page 3: ...12 1 3 7 IP Services 1 13 1 3 8 Unicast Routing Protocols 1 13 1 3 9 Multicast Routing Protocols 1 14 1 3 10 MPLS Features 1 14 1 3 11 VPN Services 1 15 1 3 12 QoS 1 15 1 3 13 Security Features 1 17 2 Establishment of the Configuration Environment 2 1 2 1 Introduction 2 2 2 1 1 Establishing the Configuration Environment by the Console Port 2 2 2 1 2 Configuring the Router Through Telnet 2 2 2 1 3 ...

Page 4: ...ple for Login Through the Console Port 2 7 2 5 2 Example for Login Through Telnet 2 10 2 5 3 Example for Login Through the AUX Port 2 11 3 CLI Overview 3 1 3 1 Introduction 3 2 3 1 1 Characteristics of the CLI 3 2 3 1 2 Command Levels 3 3 3 1 3 Command Line Views 3 3 3 1 4 Regular Expressions 3 3 3 2 Configuring the Command Line View 3 4 3 3 Online Help of the Command Line 3 7 3 4 Error Messages o...

Page 5: ...5 6 5 2 4 Setting Terminal Attributes 5 7 5 2 5 Configuring the User Interface Priority 5 8 5 2 6 Configuring Modem Attributes 5 8 5 2 7 Configuring an Auto executed Command 5 9 5 2 8 Configuring the Redirection Function 5 9 5 2 9 Configuring the Call in or Call out Restrictions of the VTY User Interface 5 10 5 2 10 Configuring the Maximum Number of VTY User Interfaces 5 10 5 2 11 Configuring the ...

Page 6: ...wing the Current Directory 6 3 6 2 3 Switching the Directory 6 3 6 2 4 Displaying the Directory of File 6 4 6 2 5 Creating a Directory 6 4 6 2 6 Deleting a Directory 6 4 6 3 Managing Files 6 5 6 3 1 Displaying Contents of a File 6 6 6 3 2 Copying a File 6 6 6 3 3 Moving a File 6 6 6 3 4 Renaming a File 6 7 6 3 5 Deleting a File 6 7 6 3 6 Deleting Files in the Recycle Bin 6 7 6 3 7 Undeleting Files...

Page 7: ...he FTP Server 8 6 8 3 3 Configuring the Basic ACL 8 7 8 3 4 Configuring the Basic FTP ACL 8 7 8 4 Configuring the Router to Be the FTP Client 8 8 8 4 1 Establishing the Configuration Task 8 8 8 4 2 Logging In to the FTP Server 8 8 8 4 3 Configuring File Transmission Mode 8 9 8 4 4 Viewing Online Help of the FTP Command 8 9 8 4 5 Uploading or Downloading Files 8 9 8 4 6 Managing Directories 8 10 8 ...

Page 8: ...ir 9 10 9 3 5 Configuring the Authentication Mode for SSH Users 9 11 9 3 6 Configuring the Basic Authentication Information for SSH Users 9 12 9 3 7 Authorizing SSH Users Through the Command Line 9 12 9 3 8 Configuring the Service Type of SSH Users 9 13 9 3 9 Configuring the Authorized Directory of SFTP Service for SSH Users 9 13 9 3 10 Checking the Configuration 9 13 9 4 Configuring the SSH Serve...

Page 9: ...ple for Connecting the SFTP Client to the SSH Server 9 33 9 8 4 Example for Accessing the SSH Server Through Other Port Numbers 9 37 9 8 5 Example for Authenticating SSH Through RADIUS 9 43 10 Router Maintenance 10 1 10 1 Introduction 10 2 10 1 1 Device Operation Management 10 2 10 1 2 Electronic Label 10 2 10 2 Powering off the FIC HIC 10 2 10 2 1 Establishing the Configuration Task 10 2 10 2 2 P...

Page 10: ...Slave RPU 11 6 11 3 4 Checking the Configuration 11 6 12 Patch Management 12 1 12 1 Introduction 12 2 12 2 Checking the Running of Patch in the System 12 3 12 2 1 Establishing the Configuration Task 12 3 12 2 2 Checking the Running of Patch on the RPU 12 3 12 3 Loading a Patch 12 4 12 3 1 Establishing the Configuration Task 12 4 12 3 2 Uploading a Patch to the Root Directory of the Flash of the Ma...

Page 11: ...18 Figure 8 3 Configuring the FTP client 8 20 Figure 8 4 Using TFTP to download files 8 21 Figure 8 5 Setting the Base Directory of the TFTP server 8 22 Figure 8 6 Specifying the file to be sent 8 23 Figure 9 1 Telnet client services 9 2 Figure 9 2 Usage of Telnet shortcut keys 9 3 Figure 9 3 Establishing an SSH channel in a LAN 9 4 Figure 9 4 Establishing an SSH channel in a WAN 9 4 Figure 9 5 Ne...

Page 12: ...es Table 1 1 System service features 1 4 Table 3 1 Command line views 3 5 Table 3 2 Common error messages of the command line 3 8 Table 3 3 Access the history commands 3 9 Table 3 4 Editing functions 3 9 Table 3 5 Displaying functions 3 10 Table 3 6 Metacharacter description 3 11 Table 3 7 System defined shortcut keys 3 12 Table 5 1 Example for the absolute numbering 5 3 ...

Page 13: ...Quidway NetEngine20 20E Configuration Guide Basic Configurations Contents Issue 05 2010 01 30 Huawei Proprietary and Confidential Copyright Huawei Technologies Co Ltd i Contents About This Document 1 ...

Page 14: ...s document Product Name Version Quidway NetEngine20 20E Series Routers V200R005 Intended Audience This document is intended for z Commissioning engineer z Data configuration engineer z Network monitoring engineer z System maintenance engineer Organization This document consists of six chapters and is organized as follows Chapter Content 1 Product Overview This chapter describes the architecture fu...

Page 15: ...TFTP and XModem This chapter describes how to configure the basic functions of the FTP server 9 Telnet and SSH This chapter describes how to log in to the router through Telnet and configure the router 10 Router Maintenance This chapter describes the principle and concepts of the router maintenance 11 System Software Upgrade This chapter describes the principle and concepts of the system software ...

Page 16: ...ws Convention Description Times New Roman Normal paragraphs are in Times New Roman Boldface Names of files directories folders and users are in boldface For example log in as user root Italic Book titles are in italics Courier New Examples of information displayed on the screen are in Courier New Command Conventions The command conventions that may be found in this document are defined as follows ...

Page 17: ... For example click OK Multi level menus are in boldface and separated by the signs For example choose File Create Folder Keyboard Operations The keyboard operations that may be found in this document are defined as follows Format Description Key Press the key For example press Enter and press Tab Key 1 Key 2 Press the keys concurrently For example pressing Ctrl Alt A means the three keys should be...

Page 18: ...ween document issues are cumulative Therefore the latest document issue contains all updates made in previous issues Updates in Issue 05 2010 01 30 For fifth commercial release Updates in Issue 04 2008 07 24 For fourth commercial release Updates in Issue 03 2007 07 20 For third commercial release Updates in Issue 02 2007 06 15 For second commercial release Modified the naming method of the manual ...

Page 19: ...1 1 2 Architecture 1 2 1 1 3 VRP 1 3 1 2 Functional Features 1 4 1 3 Functions 1 9 1 3 1 File System 1 10 1 3 2 SNMP Configuration 1 10 1 3 3 Terminal Services 1 11 1 3 4 High Reliability 1 11 1 3 5 Interfaces 1 12 1 3 6 Link Layer Protocols 1 12 1 3 7 IP Services 1 13 1 3 8 Unicast Routing Protocols 1 13 1 3 9 Multicast Routing Protocols 1 14 1 3 10 MPLS Features 1 14 1 3 11 VPN Services 1 15 1 3...

Page 20: ...idway NetEngine20 20E Configuration Guide Basic Configurations Figures Issue 05 2010 01 30 Huawei Proprietary and Confidential Copyright Huawei Technologies Co Ltd iii Figures Figure 1 1 architecture 1 3 ...

Page 21: ...ay NetEngine20 20E Configuration Guide Basic Configurations Tables Issue 05 2010 01 30 Huawei Proprietary and Confidential Copyright Huawei Technologies Co Ltd v Tables Table 1 1 System service features 1 4 ...

Page 22: ...logies Co Ltd 1 1 1 Product Overview About This Chapter The following table shows the contents of this chapter Section Description 1 1 Introduction This section describes the characteristics of the NE20 20E 1 2 Functional Features This section describes the functional features of the NE20 20E 1 3 Functions This section describes the main functions of the NE20 20E ...

Page 23: ...face Card HIC and Flexible Interface Card FIC The NE20 20E series routers provide coherent network interface user interface and management interface as well as strong flexibility and configurability The routers integrate many emerging technologies such as Multi protocol Label Switching MPLS Virtual Private Network VPN Quality of Service QoS traffic engineering multicast and user management The rou...

Page 24: ... OSAL Operating System 1 1 3 VRP The Versatile Routing Platform VRP is a versatile operating system platform It is developed for the data communication products of Huawei Technologies Co Ltd hereinafter referred to as Huawei VRP takes the IP service as its core service and has a modular architecture It can provide rich functional features and scalability based on applications With TCP IP as its co...

Page 25: ... unnumbered address DHCP relay and DHCP server IP policy based routing IP packet filtering Protocol stacks IPv4 and IPv6 dual protocol stacks IPv6 forwarding through the hardware IPv4 routing Static route management Dynamic unicast routing protocols RIP 1 RIP 2 OSPF IS IS BGP 4 MBGP BGP VPN V4 Routing policies IPv6 routing IPv4 to IPv6 transition technologies manual configuration of the tunnel aut...

Page 26: ... and TE tunnels Pseudo wire templates Interconnection with different media PW QoS Many encapsulation modes Ethernet VLAN FR PPP HDLC ATM n to 1 ATM 1 to 1 and ATM SDU Multi hop LDP PW loop detection PWE3 inter AS Interworking between PWE3 and VPLS ATM QoS class CLP DSCP 801 1p and MPLS EXP mapping ATM OAM transparent transmission VPN L3VPN MPLS BGP VPN serving as PE P Inter AS VPN Hierarchy of VPN...

Page 27: ...to AS protocol port source prefix destination prefix prefix and ToS Connecting normal ageing and compelled ageing configured by users Monitoring TCP link state Making a flow with fragments the first fragment NAT NetStream Inbound Outbound NetStream of MPLS Collecting packet information either in definite proportion or random proportion Multicast data flow ATM POS ETH including high speed and low s...

Page 28: ... router Redundancy hot backup 1 1 backup of RPU and NPU Power 1 1 redundancy backup Power fan and service interface module hot plugging as well as automatic adjustment of fan rotate speed GR Protocol level GR IS IS OSPF BGP and LDP FRR IP FRR MPLS TE FRR VPN FRR LDP FRR BFD Creating deleting and modifying a BFD session Bi directional fault detection for links Deleting faults in asynchronous and qu...

Page 29: ... port number layer 2 layer 3 and layer 4 packet information Traffic policing and shaping Traffic policing and shaping based on srTCM and trTCM Services such as EF and AF based on Diff Serv GTS Congestion management LLS LLQ NLS PQ CQ WFQ and CBWFQ Congestion avoidance RED WRED and SARED Policy based routing Route re direction and distribution of LSP explicit route of MPLS MPLS QoS Mapping between D...

Page 30: ...ckly diagnose the network The Telnet command to log in to and manage other routers FTP Server Client to download and upload configuration files and application programs through FTP TFTP Client to download and upload configuration files and application programs through TFTP To download configuration files and application programs locally by using the Xmodem protocol Log function Virtual file system...

Page 31: ...ervice You can log in to a router with a terminal emulation program or Telnet and run certain FTP command to establish a connection with the remote FTP Server to access the files on the remote host The NE20 20E can z Support the TFTP based file transmission to fit into the environments with simple client server interworking z Support Xmodem based file transmission that can be applied to the AUX po...

Page 32: ...effectively prevents the password from being intercepted z Meanwhile the SSH service encrypts the data in transmission to ensure the security and reliability of the data z All of these make it possible for secure remote access to be implemented over insecure networks z The RSA authentication in particular realizes secure key exchange and final secure session by generating a public key and a privat...

Page 33: ... is not physical but configured to carry out data exchange The NE20 20E supports the following physical interfaces z Ethernet interface z POS interface z CPOS interface z ATM interface z E1 CE1 CT1 CE3 The NE20 20E supports the following logical interfaces sub interface virtual Ethernet interface Loopback interface Null interface and Tunnel interface 1 3 6 Link Layer Protocols The NE20 20E support...

Page 34: ...s is to ensure that the packets heading for these addresses must be forwarded by the gateway When you desire to filter some illegal IP addresses you can configure the static ARP table manually DHCP Relay The standard DHCP only applies to the cases where the DHCP client and server lie on the same subnet It is necessary to set a DHCP server for every subnet in order to provide dynamic host configura...

Page 35: ...ndent Multicast Dense Mode PIM DM and Protocol Independent Multicast Sparse Mode PIM SM that are used in the same area z Multicast Source Discovery Protocol MSDP and Multi protocol Border Gateway Protocol MBGP that are used between areas 1 3 10 MPLS Features The Multiprotocol Label Switching MPLS uses short labels with fixed length to encapsulate network layer packets and it can z Act as an interm...

Page 36: ...otocols such as IP and IPX packets so that these encapsulated packets can be transmitted in the network running another network layer protocol such as IP As a tunnel protocol GRE uses the tunnel technology in the protocol layer GRE can be used to z Transmit data of local multi protocol network through the single protocol backbone network z Extend the network that is limited by hops such as IPX net...

Page 37: ...on the device processes the packets with the Best Effort BE service VPN QoS As a QoS Policy Propagation through the Border Gateway Protocol QPPB policy VPN QoS can transmit private network routes through BGP which extends QPPB application in L3VPN environment It can be applied to VPN instances and VPNv4 When VPN QoS is applied to the private network route of a specific VPN instance the inbound and...

Page 38: ...rypted text authentication z SNMP supports SNMPv3 encryption and authentication The NE20 20E supports the mirroring function Mirroring indicates that the system sends a copy of the packet on the current node to one specific packet analysis device from an observing port without interrupting services You can define the mirroring port number and connect the port with the packet analysis device to mon...

Page 39: ... Configuring Terminals 2 4 2 2 4 Logging In to the Router 2 4 2 3 Establishing the Configuration Environment Through Telnet 2 4 2 3 1 Establishing the Configuration Task 2 4 2 3 2 Establishing the Physical Connection 2 5 2 3 3 Configuring Login User Parameters 2 5 2 3 4 Logging In from the Telnet Client 2 5 2 4 Establishing the Configuration Environment Through the AUX Port 2 6 2 4 1 Establishing ...

Page 40: ...igure 2 1 Networking diagram of logging in through the console port 2 7 Figure 2 2 New connection 2 8 Figure 2 3 Setting the port 2 9 Figure 2 4 Setting the port communication parameters 2 9 Figure 2 5 Establishing the configuration environment through WAN 2 10 Figure 2 6 Running the Telnet program on the PC 2 11 Figure 2 7 Establishing the remote configuration environment 2 11 ...

Page 41: ...e Local Configuration Environment Through the Console This section describes how to establish configuration environments through the console port See Example for Login Through the Console Port 2 3 Establishing the Configuration Environment Through Telnet This section describes how to establish configuration environments through Telnet See Example for Login Through Telnet 2 4 Establishing the Confi...

Page 42: ...ot be established through Telnet or the AUX port 2 1 2 Configuring the Router Through Telnet Applicable Environment You can configure the router by local or remote login Applications Pre configure the IP addresses of interfaces on the router the user account the login authentication and the incoming and outgoing call restriction Also ensure that there are directly connected or reachable routes bet...

Page 43: ...ther routers connect the PC and the router through PSTN network Pre enable the Modem dialup of the AUX port through the console port and configure the username and password 2 2 Establishing the Local Configuration Environment Through the Console Port 2 2 1 Establishing the Configuration Task Applicable Environment You can connect the serial port of the PC to the console port of the router using th...

Page 44: ...on the PC Run the terminal emulation program on the PC setting the communication parameter of the terminal to 9600 bps data bit to 8 stop bit to 1 Specify no parity and no flow control 2 2 4 Logging In to the Router Do as follows on the PC Press Enter until a command line prompt such as Quidway appears Now enter the configuration environment in the user view 2 3 Establishing the Configuration Envi...

Page 45: ... 2 Establishing the Physical Connection Connect the router and the PC directly or connect the router and the PC respectively to the network through the network cable 2 3 3 Configuring Login User Parameters Do as follows on the router Step 1 Configure the authentication mode of login users Step 2 Configure the authority limitation of login user For details refer to the Quidway NetEngine20 20E Serie...

Page 46: ... AUX port dialup complete the following tasks z Preparing the PC terminal including the serial port and RS 232 cable z Preparing the PC terminal emulation program such as Windows XP hyper terminal z Preparing two Modems Data Preparation To configure the router you need the following data No Data 1 Type of terminals 2 Terminal communication parameters 3 Modem communication parameters Configuration ...

Page 47: ...rminal emulation program on the PC such as Windows XP HyperTerminal to enter the Connection Description window Step 2 Enter the connection name of the PC and the router such as Dial Step 3 Click OK to enter the Connect To window Step 4 Enter the parameters and select options Step 5 Click OK to enter the Connect window Step 6 Click Dial End 2 4 5 Logging In to the Router Enter the user name and pas...

Page 48: ... Preparation Terminal communication parameters including baud bit data bit parity stop bit and flow control Configuration Procedure Step 1 Connect the serial port of the PC or terminal to the console port of the router through standard RS 232 configuration cable The local configuration environment is established Step 2 Run the terminal emulation program on the PC Set the terminal communication par...

Page 49: ...gies Co Ltd 2 9 Figure 2 3 Setting the port Figure 2 4 Setting the port communication parameters Power on the router to perform a self check and the system performs automatic configuration When the self check ends you are prompted to press Enter until a command line prompt such as Quidway appears Enter the command to check the running status of the router or configure the router Enter for help ...

Page 50: ...e physical connection 2 Configuring user login parameters 3 Logging in to the router from the client side Data Preparation z IP address of the PC z IP address of the Ethernet interface on the router z User information accessed through Telnet including the user name password and authentication mode Configuration Procedure Step 1 Connect the PC and the router respectively to the network Step 2 Confi...

Page 51: ...ogram on the PC Click OK Enter the user name and password in the login window After authentication a command line prompt such as Quidway appears Now enter the configuration environment in the user view End 2 5 3 Example for Login Through the AUX Port Networking Requirements If you cannot configure the router by local login and there is no reachable route to other routers connect the serial port of...

Page 52: ...way local aaa server local user huawei service type terminal Quidway local aaa server local user huawei level 3 Quidway local aaa server quit Quidway user interface aux 0 Quidway ui aux0 authentication mode aaa Quidway ui aux0 modem both Step 3 Configure Modem parameters Run the PC emulation terminal refer to Establishing the Configuration Environment by the Console Port Press Enter on the PC emul...

Page 53: ...ommand Line View 3 4 3 3 Online Help of the Command Line 3 7 3 4 Error Messages of the Command Line 3 8 3 5 History Commands 3 8 3 6 Editing Characteristics 3 9 3 7 Displaying Characteristics 3 10 3 8 Outputting the Display 3 11 3 8 1 Viewing the Display 3 11 3 8 2 Filtering the Display 3 11 3 9 Filtering the Information Through Regular Expressions 3 11 3 10 Shortcut Keys 3 12 3 10 1 Classifying S...

Page 54: ...opyright Huawei Technologies Co Ltd iii Tables Table 3 1 Command line views 3 5 Table 3 2 Common error messages of the command line 3 8 Table 3 3 Access the history commands 3 9 Table 3 4 Editing functions 3 9 Table 3 5 Displaying functions 3 10 Table 3 6 Metacharacter description 3 11 Table 3 7 System defined shortcut keys 3 12 ...

Page 55: ... the online help of the command line 3 4 Error Messages of the Command Line This section describes the error messages of the command line 3 5 History Commands This section describes the concepts and use of the history command 3 6 Editing Characteristics This section describes how to use the editing functions 3 7 Displaying Characteristics This section describes how to use the displaying functions ...

Page 56: ...erface of a router through Modem dialup to perform the remote configuration z Provides the user interface view for the terminal users to perform specific configuration z Hierarchical command protection for the users of different levels that is supports running the commands based on the corresponding level z Provides local authentication password authentication and Authentication Authorization and ...

Page 57: ...evel are commands that influence basis operation of the system and provide support to the service They include file system command FTP command TFTP command XModem downloading command configuration file switching command power supply control command backup board control command user management command level setting command system internal parameter setting command and so on z The default command le...

Page 58: ...ying the information add regular expressions begin exclude include regular expression to the specified commands to filter the information Three options are as follows z begin regular expression displays the information that begins with the line that matches regular expression z exclude text displays the information that excludes lines that match regular expression z include text displays the infor...

Page 59: ...aa author AAA authorization view aaa domain AAA domain view aaa recording AAA recording view acl adv Advanced ACL view acl basic Basic ACL view acl if ACL view based on interface aspf policy ASPF policy view Atm ATM interface view Atm class ATM view Atm pvc ATM PVC view aux AUX interface view bgp BGP view bgp af l2vpn BGP AF L2VPN view bgp af vpnv4 BGP AF VPNV4 view bgp af vpn instance BGP AF VPN ...

Page 60: ...psec proposal IPSEC view isis IS IS view l2tp L2TP view loopback Loopback interface view mp group Mp group interface view mpls MPLS view mpls l2vpn MPLS L2VPN view mpls ldp MPLS LDP view null Null interface view ospf OSPF view ospf area OSPF area view policy based route Policy based route view pos POS interface view radius RADIUS view rip RIP view rip af vpn instance RIP AF VPN instance view ripng...

Page 61: ...mmand and separated by a space If the key word is at this position all key words and their simple descriptions are displayed For example Quidway language mode chinese Chinese environment English English environment Chinese and English are keywords Chinese environment and English environment describe the keywords respectively Enter a command and separated by a space and if a parameter is at this po...

Page 62: ... command line Error messages Cause of the error The command cannot be found Unrecognized command The key word cannot be found Parameter type error Wrong parameter The parameter value exceeds the boundary Incomplete command Incomplete command inputted Too many parameters Too many parameters inputted Ambiguous command Indefinite parameters inputted 3 5 History Commands The command line interface aut...

Page 63: ...e earliest command is saved If the command is input in different forms they are considered as different commands z For example if the display ip routing table command is run for several times only one history command is saved If the display ip routing command and the display ip routing table command are run two history commands are saved 3 6 Editing Characteristics The command line interface provi...

Page 64: ... you can type a space to enter the next word z If a wrong key word is typed in press Tab and your input is displayed in a new line 3 7 Displaying Characteristics The command line interface provides the following displaying characteristics z To facilitate users the prompt and help information can be displayed in both Chinese and English z When the information displayed exceeds a full screen it can ...

Page 65: ...s of other characters in the regular expressionMetacharacters are described in Table 3 6 Table 3 6 Metacharacter description Metacharacter Connotation Escape character Matches any single character including the space except for n Characters on the left of it appear for 0 or many times continuously in the target object Characters on the left of it appear for 1 or many times continuously in the targ...

Page 66: ...ut keys CTRL_G CTRL_L and CTRL_O The user can correlate these shortcut keys with any commands When the shortcut keys are pressed the system automatically runs the corresponding command For the details of defining the shortcut keys see Defining Shortcut Keys z System defined shortcut keys These shortcut keys with fixed functions are defined by the system Table 3 7 lists the system defined shortcut ...

Page 67: ...eletes all the characters on the right of the cursor CTRL_Z Returns to the user view CTRL_ Terminates the inbound or redirection connections ESC_B The cursor moves leftward by the space of a word ESC_D Deletes a word on the right of the cursor ESC_F The cursor moves rightward to the next word end ESC_N The cursor moves downward to the next line ESC_P The cursor moves upward to the previous line ES...

Page 68: ...eys are captured by the terminal program and hence the shortcut keys do not function Run the following command in any view to display the use of shortcut keys Action Command View the use of shortcut keys display hotkey 3 11 Configuration Examples 3 11 1 Example for Using Shortcut Keys Defining Shortcut Keys Step 1 Correlate Ctrl_Gwith the display ip routing table command and run the shortcut keys ...

Page 69: ...command in any view Move the cursor to the beginning of the command and press ESC_SHIFT_ Move the cursor to the end and press ESC_SHIFT_ Then press CTRL_Cf for copying Quidway display ip routing table Step 2 Run the display clipboard command to view the contents on the clipboard Quidway display clipboard CLIPBOARD display ip routing table Step 3 Press Ctrl Shift V to paste the contents of clipboar...

Page 70: ...of User Levels 4 2 4 2 Configuring Basic System Environment 4 2 4 2 1 Establishing the Configuration Task 4 2 4 2 2 Switching Language Mode 4 3 4 2 3 Configuring the Device Name 4 4 4 2 4 Configuring the System Clock 4 4 4 2 5 Configuring the Header Text 4 4 4 2 6 Configuring the Password for Switching User Levels 4 5 4 2 7 Switching User Levels 4 5 4 2 8 Locking the User Interface 4 6 4 2 9 Confi...

Page 71: ...Copyright Huawei Technologies Co Ltd 4 1 4 Basic Configuration About This Chapter The following table shows the contents of this chapter Section Description 4 1 Introduction This section describes the basic configurations 4 2 Configuring Basic System Environment This section describes how to configure the basic system environment on the router ...

Page 72: ...f commands are not modified separately all the command levels are adjusted after advanced in batches z Commands at levels 0 and 1 remain unchanged z Commands at level 2 are advanced to level 10 z Commands at level 3 are advanced to level 15 z No command exists at levels 2 to 9 and 11 to 14 Command levels at 2 to 9 and 11 to 14 do not correspond to the visit monitoring configuration and management ...

Page 73: ...ocedure 1 Switching Language Mode 2 Configuring the Device Name 3 Configuring the System Clock 4 Configuring the Header Text 5 Configuring the Password for Switching User Levels 6 Switching User Levels 7 Locking the User Interface 8 Configuring Command Privilege Levels 9 Displaying System Status Messages 4 2 2 Switching Language Mode Do as follows on the router Run language mode chinese english Th...

Page 74: ... on the router Step 1 Run clock datetime HH MM SS YYYY MM DD The UTC standard time is set Step 2 Run clock timezone time zone name add minus offset The time zone is set Step 3 Run clock daylight saving time time zone name one year start time start data end time end data offset Or second third fourth fifth last weekday start date end time end year month first second third fourth fifth last weekday ...

Page 75: ...ed the password is saved in the configuration files in simple text Login users with lower level can get the password by viewing the configuration This may cause security problems Therefore cipher is used to save the password in encrypted text z When cipher is used to set a password the password cannot be taken back from the system You must keep well the password from being forgotten or lost Do as ...

Page 76: ...ugh super the system automatically sends trap messages records the switchover in the log When the switched level is lower than that of the current level the system only records the switchover in the log 4 2 8 Locking the User Interface Do as follows on the router Run lock The user interface is locked When you leave the operation terminals for the moment you can lock the user interface in case unau...

Page 77: ...tem display commands Run the following commands in all views Commands Displaying System Configuration Run the following commands as required z Run the display version command to display the system edition z Run the display clock command to display the system time z Run the display users all command to display the terminal user z Run the display saved configuration command to display the original c...

Page 78: ...on display cpu display interface display current configuration display saved configuration display history command Displaying the Restarting Information of the RPU Perform one or both of the following commands as required z Run the display system restart command to display the restarting information about the AMB for the last 10 times z Run the display system slave restart command to display the r...

Page 79: ...tions of the VTY User Interface 5 10 5 2 10 Configuring the Maximum Number of VTY User Interfaces 5 10 5 2 11 Configuring the Authentication Timeout Time for VTY Users 5 11 5 2 12 Disconnecting a Specified User Interface 5 11 5 2 13 Checking the Configuration 5 11 5 3 Configuring User Management 5 12 5 3 1 Establishing the Configuration Task 5 12 5 3 2 Configuring Authentication Mode 5 13 5 3 3 Co...

Page 80: ...t Huawei Technologies Co Ltd Issue 05 2010 01 30 5 4 7 Configuring the Access Restriction of the Local User 5 18 5 4 8 Checking the Configuration 5 18 5 5 Configuration Examples 5 18 5 5 1 Example for Logging In to the Router Through Password Authentication 5 19 5 5 2 Example for Logging In to the Router Through AAA 5 20 ...

Page 81: ...Engine20 20E Configuration Guide Basic Configurations Tables Issue 05 2010 01 30 Huawei Proprietary and Confidential Copyright Huawei Technologies Co Ltd iii Tables Table 5 1 Example for the absolute numbering 5 3 ...

Page 82: ...oncepts of the user interface and the user management 5 2 Configuring a User Interface This section describes how to configure and manage the physical and logical interfaces in the asynchronous interactive mode 5 3 Configuring User Management This section describes how to manage and authenticate the user that logs in to the router 5 4 Configuring the Local User Management This section describes ho...

Page 83: ... line device port The main control unit has one EIA TIA 232 DTE AUX port and is used by a terminal to access the router through the Modem z Virtual type line VTY The virtual port is a logical terminal line A virtual type line VTY is the Telnet connection with the router through a terminal It is used for local or remote access to the router User Interface Numbering The following are user interface ...

Page 84: ...red when a router is powered on for the first time In such a condition any user can configure the router by connecting a PC with it through the console port The remote user accesses the router through Telnet if the router is configured with the IP address of the Routing Process Unit RPU or that of the interface board The remote user accesses the network by establishing a PPP connection with the ro...

Page 85: ...s z Password authentication In this type a user accesses the router only with the password rather than the username This is safer when compared to non authentication z Authentication Authorization and Accounting AAA authentication It supports local authentication and remote authentication A user requires both the user name and password to access the router in local authentication The remote authen...

Page 86: ...router properly Data Preparation To configure a user interface you need the following data No Data 1 Transmission rate optional 2 Flow control mode optional 3 Parity mode optional 4 Stop bits optional 5 Data bits optional 6 Terminal user timeout optional 7 One screen length of the terminal screen optional All the default values of the data are stored on the router and does not need additional conf...

Page 87: ...ing Messages Between User Interfaces Do as follows on the router that the user logs in to Run send all ui number ui type ui number1 The message is transmitted between the user interfaces 5 2 3 Configuring Asynchronous Interface Attributes Do as follows on the router that the user logs in to Step 1 Run system view The system view is displayed Step 2 Run user interface ui type first ui number last u...

Page 88: ...stem view is displayed Step 2 Run user interface ui type first ui number last ui number The user interface view is displayed Step 3 Run Shell The terminal service is started Step 4 Run idle timeout minutes seconds The timeout period is set Step 5 Run screen length screen length One screen length of the terminal screen is set Step 6 Run history command max size size value The buffer of the history ...

Page 89: ...Configuring Modem Attributes Do as follows on the router that the user logs in to Step 1 Run system view The system view is displayed Step 2 Run user interface aux 0 The user interface view is displayed Step 3 Run modem timer answer seconds The interval between the system receiving the Ring signal and waiting for CD_UP is set The time it takes from off pick of the Modem to carrier detection is set...

Page 90: ...logging in to the system in other ways such as logging on the router through the console port Do as follows on the router that the user logs in to Step 1 Run system view The system view is displayed Step 2 Run user interface aux 0 The user interface view is displayed Step 3 Run auto execute command command The auto executed command is set End 5 2 8 Configuring the Redirection Function Do as follow...

Page 91: ...mber The maximum number of the VTY user interface is configured End In Step 2 you can configure the maximum number of the user that log in to the router at the same time If the maximum number of configured VTY user interfaces is smaller than that of the current maximum number you do not need other configurations If the maximum number of configured VTY user interfaces is greater than that of the cu...

Page 92: ...t value The authorization and authentication timeout time of the command line is configured End The NE supports HWTACACS command line authentication based on the login user level or the name of the SSH user When a user logs in to the router every input command should be authorized by HWTACACS server if the command line authorization is configured If the router receives no authorization result form...

Page 93: ...an log in to the router to access networks through Telnet or establish a PPP connection with the router This can be done if the router is configured with the IP address of the MCU or that of the interface board Remote users access the network by establishing PPP connection with the router To ensure network security and ease user management configure a username and the user password for the router ...

Page 94: ...iew is displayed Step 2 Run user interface ui type first ui number last ui number The user interface view is displayed Step 3 Run authentication mode simple cipher The user password authentication mode is configured End 5 3 3 Configuring the Authentication Password Do as follows on the router that the user logs in to Step 1 Run system view The system view is displayed Step 2 Run user interface ui ...

Page 95: ...n password cipher simple password The password of the local authentication is set Step 4 Run system view The system view is displayed Step 5 Run aaa The AAA view is displayed Step 6 Run local user user name password simple cipher password The local username and the password are configured End 5 3 5 Configuring the User Priority Refer to the Quidway NetEngine20 20E Series RoutersConfiguration Guide...

Page 96: ...ement you need the following data No Data 1 Username and password 2 Service type of the local user 3 FTP directory of the local user 4 The status of the local user 5 The maximum number of accessing local users Configuration Procedures No Procedure 1 Creating the Local User Account 2 Configuring the Service Type of the Local User 3 Configuring FTP Directory Authority of the Local User 4 Configuring...

Page 97: ...as follows on the broadband access router Step 1 Run system view The system view is displayed Step 2 Run aaa The AAA view is displayed Step 3 Run local user user name service type ftp ppp ssh telnet terminal The service type of the local user is configured End By configuring the service type of the local user you can manage the user based on service types 5 4 4 Configuring FTP Directory Authority ...

Page 98: ... The system view is displayed Step 2 Run aaa The AAA view is displayed Step 3 Run local user user name state active block The local user status is configured End 5 4 6 Configuring the Local User Priority Do as follows on the broadband access router Step 1 Run system view The system view is displayed Step 2 Run aaa The AAA view is displayed Step 3 Run local user user name level level The local user...

Page 99: ...mples After the following two configuration examples are completed the current user VTY0 cannot run commands at levels higher than two Ensure that you can log in to the router through other methods to delete the configuration This section provides the following examples z Example for Logging In to the Router Through Password z Example for Logging In to the Router Through AAA 5 5 1 Example for Logg...

Page 100: ...0 user privilege level 2 Quidway ui vty0 authentication mode password Quidway ui vty0 set authentication password simple huawei Quidway ui vty0 idle timeout 30 Use the display this command to check all configurations Quidway ui vty0 display this user interface con 0 user interface aux 0 user interface vty 0 user privilege level 2 set authentication password simple huawei idle timeout 30 0 user int...

Page 101: ... router within 30 minutes the connection with the router is disabled Configuration Roadmap 1 Enter the user interface view to configure the priority of VTY0 to be 2 and the disconnection time 2 Enter the AAA view to configure the username the password and the user level Data Preparation To complete the configuration you need the following data z Username and password for authentication z Disconnec...

Page 102: ... Management Issue 05 2010 01 30 Huawei Proprietary and Confidential Copyright Huawei Technologies Co Ltd 5 21 authorization scheme default accounting scheme default domain default user interface vty 0 authentication mode aaa user privilege level 2 idle timeout 30 0 return ...

Page 103: ... 2 6 2 2 Viewing the Current Directory 6 3 6 2 3 Switching the Directory 6 3 6 2 4 Displaying the Directory of File 6 4 6 2 5 Creating a Directory 6 4 6 2 6 Deleting a Directory 6 4 6 3 Managing Files 6 5 6 3 1 Displaying Contents of a File 6 6 6 3 2 Copying a File 6 6 6 3 3 Moving a File 6 6 6 3 4 Renaming a File 6 7 6 3 5 Deleting a File 6 7 6 3 6 Deleting Files in the Recycle Bin 6 7 6 3 7 Unde...

Page 104: ...stem 6 2 Managing Directories This section describes how to configure the directory management 6 3 Managing Files This section describes how to configure the file management 6 4 Configuring Batch This section describes how to execute the batch process 6 5 Managing Storage Devices This section describes how to display the storage devices management 6 6 Configuring Prompt Modes This section describe...

Page 105: ...ctions The file system has two functions managing the storage devices and managing the files that are stored in those storage devices 6 1 2 Storage Devices Storage devices are hardware devices for storing messages The storage device of the NE is the Flash NE20E also can use the compact flash CF as the storage devices 6 1 3 Files The file is a mechanism in which the system stores and manages messag...

Page 106: ...Preparation To configure a file system you need the following data No Data 1 Directory name to be created 2 Directory name to be deleted Configuration Procedures No Procedure 1 Viewing the Current Directory 2 Switching 3 Displaying 4 Creating 5 Deleting 6 2 2 Viewing the Current Directory Do as follows on the router Step 1 Enter the user view Step 2 Run pwd The current directory is displayed End 6...

Page 107: ...ayed Step 3 Run dir all filename The file list in the directory is displayed By default running the dir command displays only the file information of the current directory End 6 2 5 Creating a Directory Do as follows on the router Step 1 Enter the user view Step 2 Run cd directory The parent directory of the directory to be created is displayed Step 3 Run mkdir directory The directory is created E...

Page 108: ... transfer files between the client and the server Pre configuration Tasks Before configuring the file system complete the following tasks z Powering on the router z Connecting the client with the server correctly Data Preparation To configure a file system you need the following data No Data 1 File name to be created 2 File name to be deleted Configuration Procedures No Procedure 1 Displaying Cont...

Page 109: ...name The content of the file is displayed End 6 3 2 Copying a File Do as follows on the router Step 1 Enter the user view Step 2 Run cd directory The directory of the file is displayed Step 3 Run copy source filename destination filename The file is copied End The length of the file must exceed zero bytes otherwise the file cannot be copied 6 3 3 Moving a File Do as follows on the router Step 1 En...

Page 110: ...me source filename destination filename The file is renamed End 6 3 5 Deleting a File Do as follows on the router Step 1 Enter the user view Step 2 Run cd directory The directory of the file is displayed Step 3 Run delete unreserved filename The file is deleted End 6 3 6 Deleting Files in the Recycle Bin Do as follows on the router Run reset recycle bin filename The file is deleted Running this co...

Page 111: ...cable Environment You can run the established batched files to automatically perform the fixed task Pre configuration Tasks Before configuring the file system complete the following tasks z Powering on the router z Logging in to the router z Uploading the batched files on the client end to the router Data Preparation To configure the batch process you need the following data No Data 1 Name of the ...

Page 112: ...s z Powering on the router z Logging in to the router by the client end Data Preparation To configure the storage devices management you need the following data No Data 1 Device name Configuration Procedure Do as follows on the router Step 1 Enter the user view Step 2 Run format device name The storage device is formatted Step 3 Run fixdisk device name Fix the storage device where the file system ...

Page 113: ...d the following data No Data 1 Name of the command Configuration Procedure Do as follows on the router Step 1 Enter the user view Step 2 Run system view The system view is displayed Step 3 Run file prompt alert quiet The prompt mode of the file system is configured End 6 7 Example for Configuring Directory Management Networking Requirements By configuring the file system of the router the user can...

Page 114: ...4 21 19 27 snmpboots 6 rw 80 Mar 09 2004 09 47 36 header file txt 7 drw Mar 09 2004 09 50 38 a 63881 KB total 20998 KB free Step 2 Copy files from flash file txt to slave flash file txt Quidway copy flash file txt slave flash file txt Copy flash file txt to flash file txt Y N y 100 complete Copied fileflash file txt toslave flash file txt Done Step 3 Display the file information in the current dir...

Page 115: ... 1 Introduction 7 2 7 1 1 Definitions 7 2 7 1 2 Configuration Files and Current Configurations 7 2 7 2 Displaying the Configuration of the Router 7 2 7 2 1 Viewing the Intial Configuration 7 2 7 2 2 Viewing the Current Configuration 7 3 7 2 3 Viewing the Running Configuration in the Current View 7 3 7 3 Saving the Current Configuration 7 3 7 4 Clearing the Running Information 7 3 7 5 Comparing Con...

Page 116: ...is section describes the basic concepts of the configuration file 7 2 Displaying the Configuration of the Router This section describes how to display the configuration of the router 7 3 Saving the Current Configuration This section describes how to save the current configuration to the configuration file 7 4 Clearing the Running Information This section describes how to clear the configuration fi...

Page 117: ... z If a command is entered in the incomplete form the command is saved in complete form Therefore the command length in the configuration file may exceed 256 characters When the system is restarted those commands cannot be restored 7 1 2 Configuration Files and Current Configurations z Initial configurations On powering on the router retrieves the configuration files from the default save path to ...

Page 118: ...n configuration configuration type controller interface interface type interface number begin exclude include regular expression The current configuration of the router is displayed 7 2 3 Viewing the Running Configuration in the Current View Do as follows on the router Run display this The running configuration in the current view is displayed z The configuration file is displayed in the same form...

Page 119: ...ei Proprietary and Confidential Copyright Huawei Technologies Co Ltd Issue 05 2010 01 30 7 5 Comparing Configuration Files Do as follows on the router Run compare configuration line number1 line number2 The current configuration is compared to the contents of the configuration file saved in the storage devices ...

Page 120: ...uration 8 5 8 3 Configuring FTP ACL 8 6 8 3 1 Establishing the Configuration Task 8 6 8 3 2 Enabling the FTP Server 8 6 8 3 3 Configuring the Basic ACL 8 7 8 3 4 Configuring the Basic FTP ACL 8 7 8 4 Configuring the Router to Be the FTP Client 8 8 8 4 1 Establishing the Configuration Task 8 8 8 4 2 Logging In to the FTP Server 8 8 8 4 3 Configuring File Transmission Mode 8 9 8 4 4 Viewing Online H...

Page 121: ...g the Basic ACL 8 14 8 6 3 Configuring the Basic TFTP ACL 8 14 8 7 Configuring XModem 8 15 8 7 1 Establishing the Configuration Task 8 15 8 7 2 Getting a File Through XModem 8 15 8 8 Configuration Examples 8 16 8 8 1 Example for Configuring the FTP Server 8 16 8 8 2 Example for Configuring FTP ACL 8 18 8 8 3 Example for Configuring the FTP Client 8 20 8 8 4 Example for Configuring TFTP 8 21 8 8 5 ...

Page 122: ...idential Copyright Huawei Technologies Co Ltd iii Figures Figure 8 1 Using FTP to download files 8 16 Figure 8 2 FTP ACL 8 18 Figure 8 3 Configuring the FTP client 8 20 Figure 8 4 Using TFTP to download files 8 21 Figure 8 5 Setting the Base Directory of the TFTP server 8 22 Figure 8 6 Specifying the file to be sent 8 23 ...

Page 123: ...asic functions of the FTP server 8 3 Configuring FTP ACL This section describes how to configure the specified client to log in to the router 8 4 Configuring the Router to Be the FTP Client This section describes how to configure a router to be a FTP client and log in to the FTP server 8 5 Configuring TFTP This section describes how to configure TFTP to log in to the server 8 6 Limiting the Access...

Page 124: ...ol TFTP is applicable in an environment where there is no complex interaction between the client and the server For example TFTP is used to obtain the memory image of the system when the system starts up TFTP is implemented based on UDP The client initiates the TFTP transfer To download files the client sends a read request packet to the TFTP server receives packets from the server and sends ackno...

Page 125: ...upported only by the AUX port z XModem does not support simultaneous operations of multiple users 8 2 Configuring the Router to be the FTP Server 8 2 1 Establishing the Configuration Task Applicable Environment Configure FTP to transfer files between the FTP client and the remote server When the router serves as the FTP server for security you can configure the router by ACL to be accessed by only...

Page 126: ...follows on the router that serves as the FTP server Step 1 Run system view The system view is displayed Step 2 Run ftp server enable The FTP server is started End 8 2 3 Configuring the Timeout Period Do as follows on the router that serves as the FTP server Step 1 Run system view The system view is displayed Step 2 Run ftp timeout minutes The timeout time of the FTP server is configured End 8 2 4 ...

Page 127: ...ervice type ftp The FTP service type is configured Step 3 Run local user user name ftp directory directory The authorized directory of the FTP user is configured End 8 2 6 Checking the Configuration Action Command Check the configuration and running information of the FTP server display ftp server Check the login FTP user display ftp users Run the display ftp server command If the configuration an...

Page 128: ...rver for security you can configure the router by ACL to be accessed by only those clients that satisfy the matching conditions Pre configuration Tasks Before configuring FTP complete the following tasks z Powering on the router z Connecting the FTP client with the server Data Preparation To configure FTP you need the following data No Data 1 FTP username and password 2 The file directory authoriz...

Page 129: ... that serves as the FTP server Step 1 Run system view The system view is displayed Step 2 Run acl acl number The ACL view is displayed Step 3 Run rule rule id deny permit source source ip address source wildcard 0 any time range time name vpn instance vpn instance name The ACL rule is configured End FTP supports only the basic ACL 8 3 4 Configuring the Basic FTP ACL Do as follows on the router tha...

Page 130: ...h the server Data Preparation If the router is configured as the FTP client you need the following data No Data 1 Host name or IP address of the FTP server 2 Port number of the FTP server used to create FTP connection 3 Login username and password Configuration Procedures No Procedure 1 Logging In to the FTP Server 2 Configuring File Transmission Mode 3 Viewing Online Help of the FTP Command 4 Upl...

Page 131: ...rt number vpn instance vpn instace name The router is connected to the FTP server and the FTP client view is displayed Step 2 Run ascii binary The data type of the file transfer is configured Step 3 Run passive The passive file transfer mode is configured End 8 4 4 Viewing Online Help of the FTP Command Do as follows on the router that serves as the client Step 1 Run ftp host port number vpn insta...

Page 132: ... 6 Managing Directories Do as follows on the router that serves as the client Step 1 Run ftp host port number vpn instance vpn instace name The router is connected to the FTP server Step 2 Run one or more commands in the following to manage directories z Run cd pathname The working path of the remote FTP server is specified z Run cdup The working path of the FTP server is switched to the upper lev...

Page 133: ...dir remote filename local filename The specified directory or file on the local FTP server is displayed z Run delete remote filename The specified file on the FTP server is deleted End 8 4 8 Changing Login Users Do as follows on the router that serves as the client Step 1 Run ftp host port number vpn instance vpn instace name The router is connected to the FTP server Step 2 Run user user name pass...

Page 134: ... client with the server Data Preparation To configure TFTP you need the following data No Data 1 IP address of the TFTP server 2 Name of the specific file in the TFTP server 3 File directory 4 ACL number Configuration Procedures No Procedure 1 Downloading Files Through TFTP 2 Uploading Files Through TFTP 8 5 2 Downloading Files Through TFTP Do as follows on the router that serves as the TFTP clien...

Page 135: ...tftp tftp server put source filename destination filename The router is configured to upload files through TFTP z When the server IP address is in IPv6 format run tftp ipv6 tftp server i interface type interface number put source filename destination filename The router is configured to upload files through TFTP 8 6 Limiting the Access to the TFTP Server 8 6 1 Establishing the Configuration Task A...

Page 136: ...FTP client Step 1 Run system view The system view is displayed Step 2 Run acl acl number The ACL view is displayed Step 3 Run rule rule id deny permit source source ip address source wildcard 0 any time range time name vpn instance vpn instance name The ACL rule is configured End TFTP supports only the basic ACL rules 8 6 3 Configuring the Basic TFTP ACL Do as follows on the router that serves as ...

Page 137: ...XModem complete the following tasks z Powering on the router z Connecting the router and the PC through an AUX port or a console port z Logging in to the router through the terminal emulation program and specifying the file path in the terminal emulation program Data Preparation To configure XModem you need the following data No Data 1 Name of a specific file 2 Absolute path of the file Configurat...

Page 138: ...4 Log in to the router from the HyperTerminal and then download files from the FTP server Figure 8 1 Using FTP to download files Server 172 16 104 110 24 console cable Configuration Roadmap 1 Run the HyperTerminal on the PC and log in to the router 2 Use the correct username and password to log in to the FTP server to download the files on the memory of the router Data Preparation To complete the ...

Page 139: ...he system host software Log in to the FTP server to obtain system host software and save it in the root directory of the Flash Memory of the router Router cd flash Router pwd flash Router ftp 172 16 104 110 Trying 100 1 1 201 Press CTRL K to abort Connected to 100 1 1 201 220 FTP service ready User 100 1 1 201 none quidway 331 Password required for quidway Password 230 User logged in ftp binary 20...

Page 140: ... side PC1 PC2 and the FTP server are reachable After configuring ACL the router that serves as the FTP server allows only PC1 with the host address of 172 16 104 111 to download and upload files in the FTP mode PC2 cannot be connected to the FTP server Figure 8 2 FTPACL Server 172 16 104 110 GE1 0 0 PC1 PC2 GE2 0 0 172 16 104 111 24 172 16 105 111 24 IP Network Configuration Roadmap The configurat...

Page 141: ... 110 220 FTP service ready User 100 2 150 40 none quidway 331 Password required for quidway Password 230 User logged in Step 5 Connect to the FTP server from PC2 c ftp 172 16 104 110 Connected to ftp 172 16 104 110 Info ACL was denied by remote host Connection closed by remote host End Configuration Files Configuration file of the FTP server sysname Server ftp server enable FTP acl 2001 interface ...

Page 142: ...and download system files form the server to the storage devices on the client side Data Preparation z IP address of the FTP server z The destination file name and its position in the router Configuration Procedure Step 1 Log in to the FTP server from the router Quidway ftp 172 16 104 110 Trying ftp 172 16 104 110 Press CTRL K to abort Connected to ftp 172 16 104 110 220 FTP service ready User ftp...

Page 143: ...ng TFTP to download files TFTPServer Quidw ay PC 10 111 16 160 24 Configuration Roadmap 1 Run the TFTP software on the TFTP server 2 Set the position of the source file on the server 3 Use the TFTP command on the Quidway router to download the files Data Preparation To complete the configuration you need the following data z The TFTP software installed on the TFTP server z The path of the source f...

Page 144: ...uidway tftp 10 111 16 160 get ne20 bin flash ne20 bin Step 3 Check the configuration Run the dir command to view whether the downloaded target file resides in the specified directory of the router Quidway dir flash Directory of flash 0 rw 10014764 Jun 20 2005 15 00 28 ne20 bin 1 rw 40 Jun 24 2006 09 30 40 private data txt 2 rw 396 May 19 2006 15 00 10 rsahostkey dat 3 rw 540 May 19 2006 15 00 10 r...

Page 145: ... on the HyperTerminal Data Preparation To complete the configuration you need the following data z files copied to the PC z path of the file on the PC Configuration Procedure Step 1 Log in to the router through the AUX port Refer to the chapter on Establishing Configuration Environments Step 2 Specify the file to be sent on the HyperTerminal Figure 8 6 Specifying the file to be sent After configur...

Page 146: ...ion succeeds you can view the directory of the Flash Memory Quidway Download successful Quidway Download successful Quidway dir flash Directory of flash 0 rw 10014764 Jun 20 2005 15 00 28 vrp bin 1 rw 98776 Jul 27 2005 09 36 12 matnlog dat 2 rw 28 Jul 27 2005 09 34 39 private data txt 3 rw 480 May 10 2003 11 25 18 vrpcfg zip 4 rw 10103172 Jul 22 2005 16 40 37 date txt 5 rw 1515 Jul 19 2005 17 39 5...

Page 147: ... Key Pair 9 10 9 3 5 Configuring the Authentication Mode for SSH Users 9 11 9 3 6 Configuring the Basic Authentication Information for SSH Users 9 12 9 3 7 Authorizing SSH Users Through the Command Line 9 12 9 3 8 Configuring the Service Type of SSH Users 9 13 9 3 9 Configuring the Authorized Directory of SFTP Service for SSH Users 9 13 9 3 10 Checking the Configuration 9 13 9 4 Configuring the SS...

Page 148: ...21 9 6 3 Configuring the SSH Client to Assign the RSA Public Key to the SSH Server 9 21 9 6 4 Enabling the SFTP Client 9 21 9 6 5 Managing the Directory 9 22 9 6 6 Managing the File 9 23 9 6 7 Displaying the SFTP Client Command Help 9 23 9 6 8 Checking the Configuration 9 24 9 7 Maintaining Telnet and SSH 9 24 9 7 1 Debugging Telnet Terminal Services 9 24 9 7 2 Debugging SSH Terminal Services 9 25...

Page 149: ...an SSH channel in a LAN 9 4 Figure 9 4 Establishing an SSH channel in a WAN 9 4 Figure 9 5 Networking diagram of the Telnet terminal services mode 9 26 Figure 9 6 Networking diagram of connecting the STelnet client to the SSH server 9 28 Figure 9 7 Networking diagram of connecting the SFTP client to the SSH server 9 34 Figure 9 8 Networking diagram of accessing the SSH server through other port nu...

Page 150: ...g SSH Users This section describes how to configure SSH users 9 4 Configuring the SSH Server This section describes how to configure the SSH server 9 5 Configuring the STelnet Client Function This section describes how to configure the STelnet client 9 6 Configuring the SFTP Client Function This section describes how to configure the SFTP client 9 7 Maintaining Telnet and SSH This section describe...

Page 151: ...on layer protocol in the TCP IP protocol suite It provides remote login and a virtual terminal service through the network The router provides the following Telnet services z Telnet server You can run the Telnet client program on a PC to log in to the router configure and manage it z Telnet client You can run the terminal emulation program or the Telnet client program on a PC to connect with the r...

Page 152: ...disconnects the shortcut keys become invalid The instruction cannot be sent to the server Ctrl_K The client interrupts the connection When the server fails and the client is unaware of the failure the server does not respond to the input of the client In this case if you press Ctrl K the Telnet client interrupts the connection actively and quits the Telnet connection For example RouterC Press Ctrl...

Page 153: ...oblems The system also faces serious threats from DOS attacks the host IP address spoofing and routing spoofing Telnet services are prone to network attacks SSH implements secure remote access on insecure networks and it has the following advantages compared to Telnet SSH supports RSA authentication mode In RSA authentication SSH implements secure key exchange by generating public and private keys...

Page 154: ... the client It then calculates the session key In this way the server and the client have the same session keys to guarantee the session security z Negotiating authentication mode After the session key is calculated the server needs to authenticate the client The client sends the identity information to the server If the non authentication mode is configured on the server a session request is perf...

Page 155: ...uring Telnet terminal services complete the following tasks z Powering on the router z Configuring the IP addresses for interfaces of the router correctly z Configuring users authentication modes and call in or call out restrictions z Configuring a reachable route between the terminal and the router Data Preparation To configure Telnet terminal services you need the following data No Data 1 IP add...

Page 156: ... interface type interface number port number You can now log on to the router through Telnet and manage other routers Perform Step 2 to configure the network based on IPv4 and perform Step 3 to configure the network based on IPv6 End 9 2 3 Scheduled Telnet Disconnection Do as follows on the login router Step 1 Run system view The system view is displayed Step 2 Run user interface ui type first ui ...

Page 157: ...0 21 0 0 0 0 0 14849 Listening 34042c80 73 17 10 164 39 99 23 10 164 6 13 1147 0 Established 9 3 Configuring SSH Users 9 3 1 Establishing the Configuration Task Applicable Environment The STelnet or SFTP client can log in to the SSH server to perform operations only after SSH users are correctly configured on the SSH server Pre configuration Tasks Before configuring SSH users complete the followin...

Page 158: ... Configuring the Service Type of SSH Users 8 Configuring the Authorized Directory of SFTP Service for SSH Users Optional 9 Checking the Configuration 9 3 2 Creating an SSH User Do as follows on the login router Step 1 Run system view The system view is displayed Step 2 Run ssh user user name The SSH user is created If the SSH user that has the authentication mode of password or password rsa is cre...

Page 159: ...mode aaa The AAA authentication mode is configured Step 4 Run protocol inbound ssh The VTY is configured to support SSH End The authentication mode of the VTY user interface must be configured to AAA Otherwise the protocol inbound ssh command cannot be configured successfully 9 3 4 Generating a Local RSA Key Pair Do as follows on the router that serves as the client and the server separately Step ...

Page 160: ...word authentication is configured for the SSH client 2 Run ssh authentication type default password The default password authentication is configured for the SSH client When the local authentication or HWTACACS authentication is adopted if the number of SSH users is small configure the password authentication If the number of SSH users is great configure the default password authentication for the...

Page 161: ... 6 Configuring the Basic Authentication Information for SSH Users Do as follows on the login router Step 1 Run system view The system view is displayed Step 2 Run ssh server rekey interval hours The interval for updating the server key pair is configured Step 3 Run ssh server timeout seconds The timeout period of the SSH authentication is set Step 4 Run ssh server authentication retries times The ...

Page 162: ...he command line authorization does not become valid for the SSH client 9 3 8 Configuring the Service Type of SSH Users Do as follows on the login router Step 1 Run system view The system view is displayed Step 2 Run ssh user username service type sftp stelnet all The service type for the SSH client is configured End 9 3 9 Configuring the Authorized Directory of SFTP Service for SSH Users Do as fol...

Page 163: ...numbers so that the attacker does not know the change of the monitored port number This can prevent the consumption of the bandwidth and system resources caused by the attacker s access to the standard port of the SSH server Pre configuration Tasks Before configuring SSH servers complete the following tasks z Creating SSH user and a local user that has the same name in the AAA view z Connecting th...

Page 164: ...ir on the SSH Server Optional 7 Checking the Configuration 9 4 2 Enabling the STelnet Service Do as follows on the login router Step 1 Run system view The system view is displayed Step 2 Run stelnet server enable The STelnet service is enabled End 9 4 3 Enabling the SFTP Service Do as follows on the login router Step 1 Run system view The system view is displayed Step 2 Run sftp server enable The ...

Page 165: ...o support more authentication methods and key exchange methods In addition the service capability of SSH2 0 is improved to support functions such as SFTP z This product supports the SSH versions that range from 1 3 to 2 0 including 1 3 and 2 0 9 4 5 Configuring the Number of the Port Monitored by the SSH Server Do as follows on the login router Step 1 Run system view The system view is displayed S...

Page 166: ...ration of the SSH server display ssh server status If the default number of the monitored port is adopted information about the currently monitored port is not displayed 9 5 Configuring the STelnet Client Function 9 5 1 Establishing the Configuration Task Applicable Environment The SSH2 feature offers security guarantee and powerful authentication It protects the router form attacks such as IP add...

Page 167: ...d HMAC algorithm from the STelnet client to the SSH server 6 Preferred HMAC algorithm from the STelnet server to the SSH client 7 Preferred algorithm of key exchange 8 Name of the egress 9 Source address 10 Name of the VPN instance Configuration Procedures No Procedure 1 Enabling the First Time Authentication on the SSH Client 2 Configuring the SSH Client to Assign the RSA Public Key to the SSH Se...

Page 168: ... log in to the server successfully for the first time 9 5 3 Configuring the SSH Client to Assign the RSA Public Key to the SSH Server Do as follows on the router that serves as the SSH client Step 1 Run system view The system view is displayed Step 2 Run ssh client servername assign rsa key keyname The RSA public key is assigned to the SSH server End Before the peer RSA public key is assigned to t...

Page 169: ...Applicable Environment SFTP enables users to log in to the device from the secure remote end to manage the file This improves the security of data transmission for the remote end to update its system Meanwhile the client function enables you to log in to the remote device through SFTP for the secure file transmission Pre configuration Tasks Before connecting the SFTP client to the SSH2 server comp...

Page 170: ...he SSH Client 2 Configuring the SSH Client to Assign the RSA Public Key to the SSH Server 3 Enabling the SFTP Client 4 Managing the Directory 5 Managing the File 6 Displaying the SFTP Client Command Help 7 Checking the Configuration 9 6 2 Configuring the First Time Authentication on the SSH Client See 9 5 2 Enabling the First Time Authentication on the SSH Client 9 6 3 Configuring the SSH Client t...

Page 171: ...rithm encrypted algorithm and HMAC algorithm 9 6 5 Managing the Directory Do as follows on the router that serves as the SSH client Step 1 Run system view The system view is displayed Step 2 Run sftp a X X X X host ipv4 ipv6 a X X X X host ipv6 i interface type interface number interface name port prefer kex dh group1 dh exchange group prefer ctos cipher des 3des aes128 prefer stoc cipher des 3des...

Page 172: ... interface number interface name port prefer kex dh group1 dh exchange group prefer ctos cipher des 3des aes128 prefer stoc cipher des 3des aes128 prefer ctos hmac sha1 sha1 96 md5 md5 96 prefer stoc hmac sha1 sha1 96 md5 md5 96 vpn instance vpn instance name The SFTP client view is displayed Step 3 Perform the following as required z Run rename old name new name The name of the specified file on ...

Page 173: ...a1 sha1 96 md5 md5 96 vpn instance vpn instance name The SFTP client view is displayed Step 3 Run help all command name The SFTP client command help is displayed End 9 6 8 Checking the Configuration Run the following commands to check the previous configuration Action Command Check the mapping between the SSH server and the RSA public key on the SSH client side display ssh server info Check the se...

Page 174: ...er z Debugging SSH Deleting the SSH User Delete the SSH user using the following commands in the system view Action Command Delete the specified SSH user undo ssh user user name Debugging SSH Debugging affects the performance of the system So after debugging run the undo debugging all command to disable it immediately When a fault occurs run the debugging command in the user view to locate the fau...

Page 175: ... roadmap is as follows 1 Configure the authentication mode and the password of the user interface VTY0 to VTY4 on Router B 2 Users need to input the password when they log in to Router B from Router A through Telnet Data Preparation To complete the configuration you need the following data z The host address of Router B z The authentication mode and the password Configuration Procedure Step 1 Conf...

Page 176: ...all be allowed Notice This is a private communication system Unauthorized access or use may lead to prosecution Login authentication Password Note The max number of VTY users is 5 and the current number of VTY users on line is 1 RouterB End Configuration Files z Configuration file of Router A It is not mentioned here z Configuration file of Router B sysname RouterB interface GigabitEthernet1 0 0 i...

Page 177: ...the router 2 Generate the local key pair on the STelnet client and the SSH server respectively Data Preparation To complete the configuration you need the following data z Name and the authentication mode of the SSH user z Password or the RSA public key of the SSH user z Name of the SSH server Configuration Procedure Step 1 Generate a local key pair on the server Quidway system view Quidway rsa lo...

Page 178: ... huawei Quidway aaa Quidway aaa local user client001 password simple huawei Quidway aaa local user client001 service type ssh Quidway aaa quit z Create an SSH user Client002 Configure the RSA authentication for the SSH user Client002 Quidway ssh user client002 Quidway ssh user client002 authentication type rsa Step 3 Configure the RSA public key on the server Generate the RSA public key on the cli...

Page 179: ...9DF0E BC89D3DB 5A83698C 9063DB39 A279DD89 0203 010001 client Send the RSA public key generated on the client software to the server Quidway rsa peer public key RsaKey001 Enter RSA public key view return system view with peer public key end Quidway rsa public key public key code begin Enter RSA key code view return last view with public key code end Quidway rsa key code 3047 Quidway rsa key code 02...

Page 180: ... public key will be saved with the name 10 164 39 222 Please wait s Enter password Enter the password huawei and the following output is displayed after successful login All rights reserved 2000 2007 Without the owner s prior written consent no decompiling or reverse engineering shall be allowed Notice This is a private communication system Unauthorized access or use may lead to prosecution Note T...

Page 181: ...times STELNET server Enable Display the connection of the SSH server Quidway display ssh server session Session 1 Conn VTY 3 Version 2 0 State started Username client001 Retry 1 CTOS Cipher aes128 cbc STOC Cipher aes128 cbc CTOS Hmac hmac sha1 96 STOC Hmac hmac sha1 96 Kex diffie hellman group1 sha1 Service Type stelnet Authentication Type password Session 1 Conn VTY 4 Version 2 0 State started Us...

Page 182: ...001 public key code end peer public key end aaa local user client001 password simple huawei local user client001 service type ssh stelnet server enable ssh user client001 ssh user clietn002 ssh user client001 authentication type password ssh user client002 authentication type RSA ssh user client002 assign rsa key rsakey001 ssh user client001 service type stelnet ssh user client002 service type ste...

Page 183: ... or the RSA public key of the SSH user z Name of the SSH server Configuration Procedure Step 1 Generate a local key pair on the server See 9 8 2 Step 1 Generate a local key pair on the server Step 2 Create an SSH user on the server See9 8 2 Step 2 Create an SSH user on the server Step 3 Configure the RSA public key on the server See 9 8 2 Step 3 Configure the RSA public key on the server Step 4 Bi...

Page 184: ...s Connect the STelnet client to the SSH server in the RSA authentication client system view client sftp 10 164 39 222 Please input the username client002 Trying 10 164 39 222 Press CTRL K to abort Connected to 10 164 39 222 sftp client Step 8 Verify the configuration After the configuration run the display ssh server status and display ssh server session commands You can view that the STelnet serv...

Page 185: ...H user Quidway display ssh user information User 1 User Name client001 Authentication type password User public key name Sftp directory flash Service type sftp Authorization cmd No User 2 User Name client002 Authentication type rsa User public key name RsaKey001 Sftp directory Service type sftp Authorization cmd No End Configuration Files sysname Quidway rsa peer public key rsakey001 public key co...

Page 186: ...tocol is 22 If the attacker accesses the standard port continuously the bandwidth is consumed and the performance of the server is affected and other users cannot access the standard port After the number of the port monitored by the SSH server is set to the other port numbers the attacker does not know the change of the number of the monitored port and keeps sending the socket connection with the...

Page 187: ...rd port on the SSH server Data Preparation To complete the configuration you need the following data z Name and the authentication mode of SSH users z Password or the RSA public key of the SSH user z Name of the SSH server z Number of the port monitored by the SSH server Configuration Procedure Step 1 Generate a local key pair on the server See 9 8 2 Step 1 Generate a local key pair on the server ...

Page 188: ...RSA encryption Key Key code 3047 0240 BFF35E4B C61BD786 F907B5DE 7D6770C3 E5FD17AB 203C8FCB BBC8FDF2 F7CB674E 519E8419 0F6B97A8 EA91FC4B B9E18836 5E74BFD5 4C687767 A89C6B43 1D7E3E1B 0203 010001 Host public key for PEM format code BEGIN SSH2 PUBLIC KEY AAAAB3NzaC1yc2EAAAADAQABAAAAQQC 815LxhvXhvkHtd59Z3DD5f0XqyA8j8u7 yP3y98tnTlGehBkPa5eo6pH8S7nhiDZedL VTGh3Z6ica0Mdfj4b END SSH2 PUBLIC KEY Public key...

Page 189: ...e authenticated in four modes password RSA password RSA and all z If the password and password RSA authentication is used configure a local user of the same user name z If the RSA password RSA and all authentication is used the server must save the RSA public key of the SSH client Configure the VTY user interface Quidway user interface vty 0 4 Quidway ui vty0 4 authentication mode aaa Quidway ui v...

Page 190: ...r client system view client sftp 10 164 39 222 1025 Input Username client002 Trying 100 2 150 13 Press CTRL K to abort The server s public key does not match the one we cached The server is not authenticated Do you continue to access it Y N y Do you want to update the server s public key we cached Y N y sftp client Step 9 Verify the configuration After the configuration run the display ssh server ...

Page 191: ...name Quidway rsa peer public key rsakey001 public key code begin 3047 0240 C4989BF0 416DA8F2 2675910D 7F2997E8 5573A35D 0163FD4A FAC39A6E 0F45F325 A4E3AA1D 54692B04 C6A28D3D C58DE2E8 E0D58D65 7A25CF92 A74D21F9 E917182B 0203 010001 public key code end peer public key end aaa local user client001 password simple huawei local user client001 service type ssh sftp server enable stelnet server enable ss...

Page 192: ...lient is allowed to set up a connection according to the authentication result The networking diagram is shown in Figure 9 9 Figure 9 9 Networking diagram of authenticating the SSH through RADIUS SSH Server SSH Client RADIUS Server Configuration Roadmap The configuration roadmap is as follows 1 Configure the RADIUS template on the SSH server 2 Configure a domain on the SSH server 3 Create a user o...

Page 193: ...ord Quidway ssh user ssh1 ssh com service type stelnet If you have run the ssh authentication type default password command in the system view you can directly add users on the RADIUS server instead of creating SSH users on the SSH server otherwise you need to add users both on the SSH server and on the RADIUS server and the users can then log in to the device Step 3 Configure the RADIUS template ...

Page 194: ...ssh server session command on the SSH server You can view the configuration of the RADIUS server on the SSH server You can also view that the STelnet or SFTP client is connected to the SSH server successfully in the RADIUS authentication Display the configuration of the RADIUS server Quidway aaa display radius server configuration Server template name ssh Protocol version standard Traffic unit B S...

Page 195: ...sue 05 2010 01 30 authentication scheme test authentication mode radius domain ssh com authentication scheme test radius server ssh sftp server enable stelnet server enable ssh user ssh1 ssh com ssh user ssh1 ssh com authentication type password ssh user ssh1 ssh com service type stelnet user interface vty 0 4 authentication mode aaa protocol inbound ssh Return ...

Page 196: ...2 3 Checking the Configuration 10 3 10 3 Managing the Device Operation 10 4 10 3 1 Establishing the Configuration Task 10 4 10 3 2 Specifying the Slave RPU 10 5 10 3 3 Restarting the Router 10 5 10 3 4 Performing the Master Slave Switchover 10 6 10 4 Monitoring the Router Status 10 7 10 4 1 Displaying the Basic Device Information 10 7 10 4 2 Displaying the System Version Information 10 7 10 4 3 Di...

Page 197: ...on Describes 10 1 Introduction This section describes the principle and concepts of the router maintenance 10 2 Powering off the FIC HIC This section describes how to power off the Routing Process Unit RPU 10 3 Managing the Device Operation This section describes how to manage the device operation 10 4 Monitoring the Router Status This section describes how to monitor the router status 10 5 Config...

Page 198: ... 2 Electronic Label Electronic label is used to query about or back up the manufacturing information of the device Through the electronic label you can query or back up the manufacturing information of the board and the optical module of the NE20 20E The electronic label supports hierarchical query and backup of manufacturing information The information is of the boards and optical modules on the ...

Page 199: ...ot id The FIC HIC is powered off End 10 2 3 Checking the Configuration Action Command Check the registration of the FIC HIC display device After the power off operation run the display device command to check the displayed information Check the items under Slot to see whether there is a The indicates that the operation succeeds and you can pull out the FIC HIC For example Quidway display device Qu...

Page 200: ...y need to be restarted Restarting the router can be classified as the following three situations Restarting the specified board This operation only breaks off the services on the specified board and has no effect on other boards Restarting the router immediately After this operation is carried out the router restarts immediately and breaks off services of the whole router Restarting the router at ...

Page 201: ...itchover 10 3 2 Specifying the Slave RPU NE20 contains only one RPU so NE20 does not support this function Do as follows on the router to be configured Step 1 Run system view The system view is displayed Step 2 Run slave default slot number The default slot number of the slave RPU is specified The slot number specified by this command is reserved for the slave RPU each time after the router is res...

Page 202: ...Switchover NE20 contains only one RPU so NE20 does not support this function Do as follows on the router to be configured Step 1 Run system view The system view is displayed Step 2 Run slave switchover enable disable The router is configured to allow or forbid the master slave switchover forcibly If the master slave switchover needs to be carried out through the CLI you need to configure the route...

Page 203: ...aying the Basic Device Information NE20 does not support the abnormal parameter in this chapter Run display device slot id abnormal The basic device information is displayed Using the preceding command you can check the current boards in service and find out which board is faulty 10 4 2 Displaying the System Version Information Run display version slot id The system version information or the vers...

Page 204: ...sion information Uptime is 0day 0hour 30minutes Startup time 2007 03 28 13 48 Pico code Version 0 Pcb Version VER B 512M bytes DRAM AGR Logic Version 060 Slave Npu 12 NPU2 s version information Uptime is 0day 0hour 30minutes Startup time 2007 03 28 13 48 Pico code Version 0 Pcb Version VER B 512M bytes DRAM AGR Logic Version 060 Backboard Pcb Version VER A Using the preceding command you can also ...

Page 205: ...ards including the optical module and individual entity on the chassis or backing up the electronic label information to a specified FTP server you need to configure the electronic label function Pre configuration Tasks None Data Preparation None Configuration Procedures No Procedure 1 Querying the Electronic Label 2 Backing Up the Electronic Label 10 5 2 Querying the Electronic Label Run display ...

Page 206: ...ic Configurations 10 10 Huawei Proprietary and Confidential Copyright Huawei Technologies Co Ltd Issue 05 2010 01 30 The electronic label is backed up to a specified FTP server End The parameter filename should end with fls so as to backup the elabel up to the FTP server ...

Page 207: ... 2 1 Establishing the Configuration Task 11 3 11 2 2 Uploading the System Software and License to the Master RPU 11 3 11 2 3 Copying the System Software and License to the Slave RPU 11 4 11 2 4 Checking the Configuration 11 4 11 3 Specifying the System Software for the Next Startup of the Router 11 5 11 3 1 Establishing the Configuration Task 11 5 11 3 2 Specifying the System Software for the Next...

Page 208: ...table shows the contents of this chapter Section Description 11 1 Introduction This section describes the principle and concepts of the system software upgrade 11 2 Uploading the System Software and License Files This section describes how to upload the system software and license files 11 3 Specifying the System Software for the Next Startup of the Router This section describes how to specify the...

Page 209: ...previous system software When the upgrade fails the system software can restore to the previous version 11 1 2 License The license can be used to control the availability of some product features on a dynamic basis For example if the license file indicates that a particular feature is available you can see all related commands and functions after the system is started If a feature is specified as ...

Page 210: ...equirements you need to upgrade the system software Pre configuration Tasks Before uploading the system software and license complete the following tasks z Ensuring that the router works normally z Ensuring that the router can be logged in to Data Preparation To upload the system software and license you need the following data z System software of the new version z License files of the new versio...

Page 211: ... the following commands to check the previous configuration Action Command Check the file information on the of the master RPU dir flash dir Check the file information on the of the slave RPU dir flash dir slave The dir slave flash command applies only to the NE20E After uploading the files run the preceding commands and you can view the information of the uploaded files For example check the file...

Page 212: ...y system software of the same version to the master and slave RPUs After the system software is specified the system uploads the software at the specified path when the router is restarted next time Pre configuration Tasks None Data Preparation Before specifying the system software for the next startup of the router you need to prepare the absolute path of the system software Configuration Procedu...

Page 213: ...1 3 4 Checking the Configuration Run the following commands to check the previous configuration Action Command Display the information of startup system software display startup Running the display startup command you can learn that the system software in the next startup of the router is the system software specified in the upgrading operation The system software is the same for the master and sl...

Page 214: ... the Configuration Task 12 4 12 3 2 Uploading a Patch to the Root Directory of the Flash of the Master RPU 12 4 12 3 3 Copying a Patch to the Root Directory of the Flash of the Slave RPU 12 5 12 4 Installing a Patch on the RPU 12 5 12 4 1 Establishing the Configuration Task 12 5 12 4 2 Uploading the RPU Patch 12 6 12 4 3 Activating the RPU Patch 12 6 12 4 4 Running the RPU Patch 12 6 12 5 Stop Run...

Page 215: ...0 20E Configuration Guide Basic Configurations Figures Issue 05 2010 01 30 Huawei Proprietary and Confidential Copyright Huawei Technologies Co Ltd iii Figures Figure 12 1 Conversion between the statuses of a patch 12 2 ...

Page 216: ...on This section describes the principle and concepts of patch management 12 2 Checking the Running of Patch in the System This section describes how to check the running of patch in the system 12 3 Loading a Patch This section describes how to load a patch 12 4 Installing a Patch on the This section describes how to install a patch on the RPU 12 5 Stop Running the RPU Patch This section describes ...

Page 217: ...ame time the system allows the running of only one system patch As a result you need to confirm no patch is running in the current system before installing a patch If a patch runs in the system delete the patch before installing the new patch The NE provides the patch function and you can use the patch program released by Huawei to upgrade the system software A patch program has three statuses act...

Page 218: ... the running of patch in the system complete the following tasks z Ensuring that the router is started normally after power on z Ensuring that the router can be logged in to Data Preparation None Configuration Procedures No Procedure 1 Checking the Running of Patch on the 12 2 2 Checking the Running of Patch on the RPU Do as follows on the router to be upgraded Step 1 Run display patch information...

Page 219: ...hen copy the patch to the root directory of the Flash Memory of the RPU The three methods to upload a patch are FTP TFTP and XModem Pre configuration Tasks Before loading a patch complete the following tasks z Ensuring that the router is started normally after power on z Ensuring that the router can be logged in to Data Preparation Before running a patch you need to obtain a patch that is consiste...

Page 220: ...ask Applicable Environment When required to make up the defects of the RPU you can install a patch on the RPU Through installing a patch you can upgrade the system without upgrading the system software When a patch is uploaded the system checks that the patch version is the same as the system version If the two versions are not the same the system prompts that the patch uploading fails Before inst...

Page 221: ...ated state When a patch is activated it becomes valid immediately After the board is reset however the patch does not remain valid After a patch is activated you need to determine that the patch works normally If the patch does not become valid you need to stop running the patch If the patch becomes valid you need to run the patch 12 4 4 Running the RPU Patch Do as follows on the router to be upgr...

Page 222: ...e RPU Patch 12 5 2 Deactivating the RPU Patch Do as follows on the router to be upgraded Run patch deactive slave all The RPU patch is deactivated 12 6 Unloading the RPU Patch 12 6 1 Establishing the Configuration Task Applicable Environment When upgrading the system software or installing a new patch you need to delete the running patch You can delete a patch of any status Pre configuration Tasks...

Page 223: ...tion Guide Basic Configurations 12 8 Huawei Proprietary and Confidential Copyright Huawei Technologies Co Ltd Issue 05 2010 01 30 12 6 2 Deleting the RPU Patch Do as follows on the router to be upgraded Run patch delete slave all The RPU patch is deleted ...

Page 224: ...ngine20 20E Configuration Guide Basic Configurations Contents Issue 05 2010 01 30 Huawei Proprietary and Confidential Copyright Huawei Technologies Co Ltd i Contents A Glossary A 1 B Acronyms and Abbreviations B 1 ...

Page 225: ...iented network technology that uses a fixed cell 53 bytes to transfer services of multiple types such as text audio or video data The fixed length of the ATM cells enables hardware processing of the cells and shortens the forwarding delay ATM takes advantage of high speed media such as E3 SONET and T3 Authentication A method by which the system validates a user s logon information Authorization A ...

Page 226: ...r lower level D Interface mirroring A method of copying the packet of the mirrored interface to the other mirroring interfaces to forward the packet E Ethernet A baseband LAN specification created by Xerox and developed by Xerox Intel and Digital Equipment Corporation DEC This specification is similar to IEEE802 3 Ethernet_II An encapsulation format of the Ethernet frame Ethernet_II that contains ...

Page 227: ...interface so that the local interface accepts the IP address allocated by the peer end through the PPP negotiation IP unnumbered A mechanism in which the interface that is not configured with an IP address can borrow the IP address of the interface that is configured with an IP address to save the IP address resource ISATAP tunnel Intra site Automatic Tunnel Addressing Protocol A protocol that is ...

Page 228: ...ol that is used to synchronize the distributed server and the client side O OSPF TE Traffic engineering of OSPF For the information of OSPF refer to B Acronyms and Abbreviations P Policy based routing A routing scheme that forwards packets to specific interfaces based on user configured policies R Regular expression When a lot of information is output you can filter the unnecessary contents out wi...

Page 229: ...wide variety of remote systems Terminal A device that is connected with other devices through the serial port The keyboard and the display have no disk drives Traffic policing A process used to measure the actual traffic flow across a given connection and compare it to the total admissible traffic flow for that connection When the traffic exceeds the agreed upon flow some restrictions or penalties...

Page 230: ...1 CE1 interface T1 CT1 interface E2 CE3 interface E3 interface T3 CT3 interface T3 interface Packet Over SONET SDH POS interface Channelized POS CPOS interface or ATM interface The router can exchange data with the network device in the external network through the WAN interface X X 25 A protocol applied on the data link layer that defines how connections between Data Terminal Equipment DTE and Da...

Page 231: ...erics A AAA Authentication Authorization and Accounting ACL Access Control List ARP Address Resolution Protocol ASPF Application Specific Packet Filter ATM Asynchronous Transfer Mode AUX Auxiliary port B BGP Border Gateway Protocol C CBQ Class based Queue CHAP Challenge Handshake Authentication Protocol CQ Custom Queuing CR LDP Constrain based Routing LDP D DHCP Dynamic Host Configuration Protocol...

Page 232: ...ce IKE Internet Key Exchange IPSec IP Security IS IS Intermediate System to Intermediate System intra domain routing information exchange protocol ITU T International Telecommunication Union Telecommunications Standardization Sector L L2TP Layer Two Tunneling Protocol LAPB Link Access Procedure Balanced LDP Label Distribution Protocol M MAC Medium Access Control MBGP Multiprotocol Extensions for B...

Page 233: ...ance OSPF Open Shortest Path First P PAP Password Authentication Protocol PE Provider Edge Ping Ping Packet Internet Groper PPP Point to Point Protocol PPPoA PPP over AAL5 PPPoE Point to Point Protocol over Ethernet PPPoEoA PPPoE on AAL5 PQ Priority Queuing Q QoS Quality of Service R RADIUS Remote Authentication Dial In User Service RIP Routing Information Protocol RPR Resilient Packet Ring RSVP R...

Page 234: ...ial Copyright Huawei Technologies Co Ltd Issue 05 2010 01 30 VLAN Virtual Local Area Network VPLS Virtual Private LAN Service VPN Virtual Private Network VRP Versatile Routing Platform VRRP Virtual Router Redundancy Protocol W WAN Wide Area Network WFQ Weighted Fair Queuing WRED Weighted Random Early Detection X XOT X 25 Over TCP ...

Page 235: ...Quidway NetEngine20 20E Configuration Guide Basic Configurations Contents Issue 05 2010 01 30 Huawei Proprietary and Confidential Copyright Huawei Technologies Co Ltd i Contents Index i 1 ...

Page 236: ...figuring FTP 8 3 configuring SSH terminal services 9 24 configuring telnet terminal services 9 6 configuring TFTP 8 12 configuring VTY user interface 5 10 configuring Xmodem 8 15 D displaying system status 4 7 F FIC 1 2 File System overview 6 2 FTP configuration 8 3 example 8 16 overview 8 2 function features 1 4 overview 1 9 H HIC 1 2 hot keys classification 3 12 use 3 14 I introduction VRP 1 3 M...

Page 237: ...ue 05 2010 01 30 overview 9 3 system software license 11 2 upgrade 11 3 system software upgrade 11 2 T Telnet configuration 9 6 overview 9 2 TFTP configuration 8 12 example 8 21 overview 8 2 U user interface configuration 5 4 numbering 5 2 terminal attribute 5 7 user management configuration 5 12 X XModem configuration 8 15 example 8 23 overview 8 2 i ...

Search results

Summary of Contents for Quidway NetEngine 20 series

Reviews:

Related manuals for Quidway NetEngine 20 series

Brands by name

Popular brands

Huawei Quidway NetEngine 20 series, Configuration Manual

Search results

Summary of Contents for Quidway NetEngine 20 series

Reviews:

Related manuals for Quidway NetEngine 20 series

Brands by name

Popular brands