Home
/
Huawei
/
Quidway NetEngine80
/
Configuration Manual

Huawei Quidway NetEngine80, Configuration Manual

Share

Page: 210 / 265

Huawei Quidway NetEngine80 Configuration Manual Download Page 210

Quidway NetEngine80
Configuration Guide - Basic Configurations

9 Telnet and SSH

Issue 04 (2009-12-20)

Huawei Proprietary and Confidential

Copyright © Huawei Technologies Co., Ltd.

9-49

#

ssh client first-time enable

#

9.8.5 Example for Authenticating SSH Through RADIUS

Networking Requirements

When the RADIUS user is connected to the server, the SSH server sends the authentication
information about the SSH client, including the user name and password to the RADIUS
server that is compatible with the TACACS server for authentication.

The RADIUS server authenticates the user and sends the result (passed or failed) back to the
SSH server. If the authentication is passed, the user level is included in the result. The SSH
server determines whether the SSH client is allowed to set up a connection according to the
authentication result.

The networking diagram is shown in

Figure 9-10

.

Figure 9-10

Networking diagram of authenticating the SSH through RADIUS

SSH Server

SSH Client

RADIUS Server

Configuration Roadmap

The configuration roadmap is as follows:

1.

Configure the RADIUS template on the SSH server.

2.

Configure a domain on the SSH server.

3.

Create a user on the RADIUS server.

4.

Generate the local key pair on STelnet client and SSH server respectively. The SSH
server monitors the port number.

5.

Generate the local key pair on the client and SSH server respectively.

6.

Generate the RSA public key on SSH server and bind the RSA public key of the SSH
client to [email protected].

7.

Enable STelnet and SFTP services on the SSH server.

8.

Configure service mode and authorization directory of the SSH user.

9.

Users [email protected] and [email protected] log in to the SSH server through STelnet and
SFTP respectively.

Data Preparation

To complete the configuration, you need the following data:

z

Configure the password authentications for the two SSH users respectively.

z

RADIUS authentication

z

Name of the RADIUS template

«
...
208
209
210
211
212
...
»

Summary of Contents for Quidway NetEngine80

Page 1: ...Huawei Proprietary and Confidential Copyright Huawei Technologies Co Ltd Quidway NetEngine80 Core Router V300R005 Configuration Guide Basic Configurations Issue 04 Date 2009 12 20 Part Number 00407347 ...

Page 2: ... reserved No part of this document may be reproduced or transmitted in any form or by any means without prior written consent of Huawei Technologies Co Ltd Trademarks and Permissions and other Huawei trademarks are trademarks of Huawei Technologies Co Ltd All other trademarks and trade names mentioned in this document are the property of their respective holders Notice The information in this docu...

Page 3: ... 1 2 6 Perfect Diff Serv QoS 1 6 1 2 7 Excellent Security Mechanism 1 7 1 2 8 Practical NMS 1 7 1 2 9 Flexible Networking Capabilities 1 8 1 3 Features List of the NE80 1 8 2 Establishment of the Configuration Environment 2 1 2 1 Introduction 2 2 2 1 1 Login Through the Console 2 2 2 1 2 Login Through Telnet 2 2 2 1 3 Login Through AUX Port 2 2 2 2 Logging In to the Router Through the Console Port...

Page 4: ... 1 3 1 Introduction 3 2 3 1 1 Command Line Interface 3 2 3 1 2 Command Levels 3 2 3 1 3 Command Line Views 3 3 3 2 Online Help 3 6 3 2 1 Full Help 3 6 3 2 2 Partial help 3 6 3 2 3 Error Messages of the Command Line Interface 3 7 3 3 Features of Command Line Interface 3 7 3 3 1 Editing 3 7 3 3 2 Displaying 3 8 3 3 3 Regular Expressions 3 8 3 3 4 History Commands 3 10 3 4 Shortcut Keys 3 11 3 4 1 Cl...

Page 5: ... Terminal Attributes 5 7 5 2 4 Configuring the User Interface Priority 5 7 5 2 5 Configuring User Authentication 5 8 5 2 6 Checking the Configuration 5 10 5 3 Configuring AUX User Interface 5 10 5 3 1 Establishing the Configuration Task 5 10 5 3 2 Configuring AUX Interface Attributes 5 11 5 3 3 Configuring AUX Terminal Attributes 5 12 5 3 4 Configuring User Priority 5 13 5 3 5 Configuring Modem At...

Page 6: ...tory 5 28 5 7 5 Configuring Local User Status 5 28 5 7 6 Configuring Local User Priority 5 29 5 7 7 Configuring Access Restriction of the Local User 5 29 5 7 8 Checking the Configuration 5 29 5 8 Configuration Examples 5 30 5 8 1 Example for Configuring Logging In to the Router Through Password 5 31 5 8 2 Example for Logging In to the Router Through AAA 5 32 6 File System 6 1 6 1 Introduction 6 2 ...

Page 7: ...3 7 2 4 Saving Configuration File 7 4 7 2 5 Clearing Configuration Files 7 4 7 2 6 Comparing Configuration Files 7 5 7 2 7 Checking the Configuration 7 5 8 FTP TFTP and XModem 8 1 8 1 Introduction 8 2 8 1 1 FTP 8 2 8 1 2 TFTP 8 2 8 1 3 XModem 8 2 8 2 Configuring the Router to be the FTP Server 8 3 8 2 1 Establishing the Configuration Task 8 3 8 2 2 Configuring the source address of FTP server 8 4 ...

Page 8: ...g the Access to the TFTP Server 8 16 8 6 1 Establishing the Configuration Task 8 16 8 6 2 Configuring the Basic ACL 8 16 8 6 3 Configuring the Basic TFTP ACL 8 17 8 7 Configuring XModem 8 17 8 7 1 Establishing the Configuration Task 8 17 8 7 2 Getting a File Through XModem 8 18 8 8 Configuration Examples 8 18 8 8 1 Example for Configuring the FTP Server 8 18 8 8 2 Example for Configuring FTP ACL 8...

Page 9: ... 9 19 9 4 8 Checking the Configuration 9 19 9 5 Configuring the STelnet Client Function 9 20 9 5 1 Establishing the Configuration Task 9 20 9 5 2 Enabling the First Time Authentication on the SSH Client 9 21 9 5 3 Optional Configuring the SSH Client to Assign the RSA Public Key to the SSH Server 9 21 9 5 4 Enabling the STelnet Client 9 22 9 5 5 Checking the Configuration 9 22 9 6 Configuring the S...

Page 10: ... 1 Establishing the Configuration Task 10 7 10 4 2 Querying the Electronic Label 10 7 10 4 3 Backing Up the Electronic Label 10 7 10 5 Configuring a Cleaning Cycle for the Air Filter 10 8 10 5 1 Establishing the Configuration Task 10 8 10 5 2 Configuring a Checking of the Air Filter based on the Device Temperature 10 8 10 5 3 Configuring a Cleaning Cycle for the Air Filter 10 9 10 5 4 Remonitoring...

Page 11: ...12 7 12 4 1 Establishing the Configuration Task 12 7 12 4 2 Uploading the MPU Patch 12 7 12 4 3 Activating the MPU Patch 12 8 12 4 4 Running the MPU Patch 12 8 12 5 Stop Running the MPU Patch 12 9 12 5 1 Establishing the Configuration Task 12 9 12 5 2 Deactivating the MPU Patch 12 9 12 6 Unloading the MPU Patch 12 10 12 6 1 Establishing the Configuration Task 12 10 12 6 2 Deleting the MPU Patch 12...

Page 12: ...figuring FTP ACL 8 21 Figure 8 3 Configuring the FTP client 8 23 Figure 8 4 Networking diagram of configuring TFTP 8 24 Figure 8 5 Setting the Base Directory of the TFTP server 8 25 Figure 8 6 Specifying the file to be sent 8 26 Figure 9 1 Telnet client services 9 2 Figure 9 2 Telnet redirection services 9 3 Figure 9 3 Usage of Telnet shortcut keys 9 3 Figure 9 4 Establishing an SSH channel in a L...

Page 13: ...ble 1 1 Features list of the NE80 Series USR 1 8 Table 3 1 Command line views 3 4 Table 3 2 Common error messages of the command line 3 7 Table 3 3 Keys for editing 3 7 Table 3 4 Keys for displaying 3 8 Table 3 5 Describes metacharacters 3 9 Table 3 6 Access the history commands 3 10 Table 3 7 System defined shortcut keys 3 11 Table 5 1 Example for the absolute numbering 5 3 ...

Page 14: ...Quidway NetEngine80 Configuration Guide Basic Configurations Contents Issue 04 2009 12 20 Huawei Proprietary and Confidential Copyright Huawei Technologies Co Ltd i Contents About This Document 1 ...

Page 15: ...e following table lists the product versions related to this document Product Name Version Quidway NetEngine80 Core Router V300R005 Intended Audience This document is intended for z Network planning engineer z Hardware installation engineer z Commissioning engineer z On site maintenance engineer z System maintenance engineer Organization This document consists of twelve chapters and is organized a...

Page 16: ...e management of configuration file 7 Management of Configuration Files This chapter describes how to configure the file management 8 FTP TFTP and XModem This chapter describes how to configure the basic functions of the FTP server 9 Telnet and SSH This chapter describes how to log in to the router through Telnet and configure the router 10 Router Maintenance This chapter describes the principle an...

Page 17: ...ts of the main text General Conventions The general conventions that may be found in this document are defined as follows Convention Description Times New Roman Normal paragraphs are in Times New Roman Boldface Names of files directories folders and users are in boldface For example log in as user root Italic Book titles are in italics Courier New Examples of information displayed on the screen ar...

Page 18: ...ed as follows Convention Description Boldface Buttons menus parameters tabs windows and dialog titles are in boldface For example click OK Multi level menus are in boldface and separated by the signs For example choose File Create Folder Keyboard Operations The keyboard operations that may be found in this document are defined as follows Format Description Key Press the key For example press Enter...

Page 19: ...t moving the pointer Drag Press and hold the primary mouse button and move the pointer to a certain position Update History Updates between document issues are cumulative Therefore the latest document issue contains all updates made in previous issues Updates in Issue 04 2009 12 20 Fourth commercial release Updates in Issue 03 2009 08 01 Third commercial release Updates in Issue 02 2008 10 20 Seco...

Page 20: ...1 1 2 Hardware Architecture 1 2 1 1 3 Software Architecture 1 3 1 2 Characteristics of the NE80 1 5 1 2 1 Support for Flattened Network Architecture 1 5 1 2 2 Line Speed Forwarding 1 6 1 2 3 Multiple Interfaces 1 6 1 2 4 Carrier Class Availability 1 6 1 2 5 Rich Services 1 6 1 2 6 Perfect Diff Serv QoS 1 6 1 2 7 Excellent Security Mechanism 1 7 1 2 8 Practical NMS 1 7 1 2 9 Flexible Networking Cap...

Page 21: ...Engine80 Configuration Guide Basic Configurations Figures Issue 04 2009 12 20 Huawei Proprietary and Confidential Copyright Huawei Technologies Co Ltd iii Figures Figure 1 1 Software architecture of the NE80 8 1 4 ...

Page 22: ...etEngine80 Configuration Guide Basic Configurations Tables Issue 04 2009 12 20 Huawei Proprietary and Confidential Copyright Huawei Technologies Co Ltd v Tables Table 1 1 Features list of the NE80 Series USR 1 8 ...

Page 23: ...Co Ltd 1 1 1 NE80 Core Router Overview About This Chapter The following table lists the contents of this chapter Section Describes 1 1 Introduction This section describes the hardware and software architecture of the NE80 1 2 Characteristics of the This section describes the characteristics of the NE80 1 3 Features List of the This section describes the features of the NE80 ...

Page 24: ...QoS mechanism and carrier class reliability which provide abundant service processing capabilities and flexible networking capability The NE80 incorporates the powerful IP service processing capability of routers and the low cost Ethernet switching capability of Layer 3 Ethernet switches and serves as a powerful core router or a Layer 3 Ethernet switch Therefore the NE80 is an optimal choice for n...

Page 25: ...een private and public network addresses The NAT board is used to solve the problems like the shortage of public network addresses and ensure the network security on the Internet For more information about the NE80 hardware system refer to the Quidway NetEngiNE80 Core Router Installation Manual 1 1 3 Software Architecture The software system of the NE80 adopts the architecture of two physically in...

Page 26: ...o each LPU for MPLS forwarding z Traffic control The RPS defines the traffic classification rules configures the traffic parameters configures the queue resources and flow control parameters for Diff Serv QoS z Maintenance and management The RPS maintains the devices manages the network and devices monitors the whole system diagnoses faults and collects statistics for services Running on the CPU o...

Page 27: ...ecture within which data services are typically provided after they are processed by four vertical function layers This classical architecture will still exist for a certain period This architecture reveals its deficiency increasingly because IP services are becoming leading services in the network Flattening of the network architecture is the trend with the development of technologies and the cha...

Page 28: ... All the components are hot swappable Thus the router can meet the high reliability requirement when it is used as the POP the convergence layer or the switching node on the backbone networks 1 2 5 Rich Services The IP multicast forwarding feature provides the foundation for carriers to carry on various network voice and video services Web TV E learning telemedicine and video conference With the r...

Page 29: ...tication modes local authentication and Remote Authentication Dial In User Service RADIUS authentication to prevent illegal configuration of the device The NE80 achieves the hardware implemented NAT In addition the NE80 provides abundant statistics including statistics of various types of traffic traffic sampling and NAT information statistics 1 2 8 Practical NMS Huawei Quidview NMS can manage Hua...

Page 30: ... network Intranet and MAN core The NE80 can also provide powerful service and flexible networking at the edge network and the MAN convergence layer Diversified entire network solutions from the access network to the core network can be provided for users when the NE80 is cooperated with Huawei s multi service switches Quidway Series routers broadband access series LAN Switch Series and Metro trans...

Page 31: ... HoVPN Multi AS VPN MPLS L2VPN Martini and Kompella VPLS HVPLS PWE3 AAA service CHAP authentication PAP authentication RADIUS Other security features NAT Port mirroring Port traffic sampling Flow control on the service LC and the MPU IP packet filtering URPF MAC address learning limit HWTACAS SSH V1 5 Network security Hierarchical protection of the command line so as to prevent unauthorized users ...

Page 32: ...ration through Console port Local or remote configuration through Aux port Local or remote configuration through Telnet Hierarchical protection for the command so as to prevent unauthorized users from accessing the router Detailed debugging information helpful in the diagnosis of network faults Network testing tools such as Tracert and Ping command for quick network diagnosis Telnet command for di...

Page 33: ...rgences alert critical error warning notification informational and debugging Information outputted to the log host and user terminal Alarm information and log information can be outputted through SNMP Agent and the cache Network Management SNMP V1 V2c V3 RMON others NQA NOTE HDLC High level Data Link Control RPR Resilient Packet Ring URPF Unicast Reverse Path Forwarding AAA Authorization Authenti...

Page 34: ... Router 2 3 2 3 Logging In to Router Through Telnet 2 4 2 3 1 Establishing the Configuration Task 2 4 2 3 2 Establishing the Physical Connection 2 5 2 3 3 Configuring Login User Parameters 2 5 2 3 4 Logging In from the Telnet Client 2 5 2 4 Logging In to the Router Through the AUX Port 2 5 2 4 1 Establishing the Configuration Task 2 5 2 4 2 Establishing the Physical Connection 2 6 2 4 3 Initializi...

Page 35: ... Networking diagram of logging in through the console port 2 7 Figure 2 2 New connection 2 8 Figure 2 3 Setting the port 2 8 Figure 2 4 Setting the port communication parameters 2 9 Figure 2 5 Establishing the configuration environment through Telnet 2 10 Figure 2 6 Running the Telnet program on the PC 2 11 Figure 2 7 Establishing the remote configuration environment through AUX 2 11 ...

Page 36: ...ts 2 2 Logging In to the Router Through the Console This section describes how to establish configuration environments through the console port See Example for Logging In Through the Console Port 2 3 Logging In to Router Through Telnet This section describes how to establish configuration environments through Telnet See Example for Logging In Through Telnet 2 4 Logging In to the Router Through the...

Page 37: ...indicates the login user should enter the correct user name and password z Non authentication indicates the login user need not enter the user name or password If the login succeeds a command line prompt such as Quidway appears on the Telnet client interface Enter the command to check the running status of the router or to configure the router Enter for help Do not modify the IP address of the rou...

Page 38: ...rameters including baud rate data bit parity stop bit and flow control Configuration Procedures To configure the router through the Console port complete the following configuration procedures No Procedure 1 Establishing the Physical Connection 2 Configuring Terminals 3 Logging In to the Router 2 2 2 Establishing the Physical Connection Do as follows on the router Step 1 Connect the COM port on th...

Page 39: ...remote configuration Pre configuration Tasks Before configuring the router through Telnet complete the following tasks z Powering on devices and performing a self check z Preparing the PC including the serial port and Ethernet crossover direct network cable Data Preparation To log in to the router through Telnet you need the following data No Data 1 IP address of the PC 2 IP address of the Etherne...

Page 40: ...t program on the PC and input the IP address of the interface on the destination router that provides the Telnet service Step 2 Enter the user name and password in the login window After authentication a command line prompt such as Quidway appears Now enter the configuration environment in the user view End 2 4 Logging In to the Router Through the AUX Port 2 4 1 Establishing the Configuration Task...

Page 41: ...stablishing the Physical Connection Do as follows on the login router Step 1 Connect the Modem with the PC and the network Step 2 Connect the Modem with the router through the AUX port and the network End 2 4 3 Initializing and Configuring the Modem on the Interface Do as follows on the router z Configure the authentication mode of login user z Configure the authority limitation of login user For ...

Page 42: ...ch as Quidway appears Now enter the configuration environment in the user view End 2 5 Configuration Examples 2 5 1 Example for Logging In Through the Console Port Networking Requirements Initialize the configuration of the router when the router is powered on for the first time Figure 2 1 Networking diagram of logging in through the console port Router PC Configuration Roadmap The configuration r...

Page 43: ...ect the serial port of the PC or terminal to the console port of the router through standard RS 232 configuration cable The local configuration environment is established Step 2 Run the terminal emulation program on the PC Set the terminal communication parameters to be 9600 bps data bit to be 8 stop bit to be 1 Specify no parity and no flow control as shown from Figure 2 2 to Figure 2 4 Figure 2 ...

Page 44: ...f check and the system performs automatic configuration When the self check ends you are prompted to press Enter until a command line prompt such as Quidway appears Enter the command to check the running status of the router or configure the router Enter for help For details refer to the following chapters End 2 5 2 Example for Logging In Through Telnet Networking Requirements You can log in to th...

Page 45: ...ss of the Ethernet interface on the router z User information accessed through Telnet including the user name password and authentication mode Configuration Procedure Step 1 Connect the PC and the router respectively to the network Step 2 Configure login user parameters Configure the login address Quidway system view Quidway interface GigabitEthernet 1 0 0 Quidway GigabitEthernet1 0 0 ip address 2...

Page 46: ...in the user view End 2 5 3 Example for Logging In Through the AUX Port Networking Requirements If you cannot configure the router by local login and there is no reachable route to other routers connect the serial port of the PC and the AUX port of the router through the Modem The detailed configuration environment is shown as Figure 2 7 Figure 2 7 Establishing the remote configuration environment ...

Page 47: ...e terminal Quidway local aaa server local user huawei level 3 Quidway local aaa server quit Quidway user interface aux 0 Quidway ui aux0 authentication mode aaa Quidway ui aux0 modem both Step 3 Configure Modem parameters Run the PC emulation terminal see 2 4 4 Configuring the Connection Between the Remote Terminal and the Router Press Enter on the PC emulation terminal or terminal until a command...

Page 48: ...6 3 2 1 Full Help 3 6 3 2 2 Partial help 3 6 3 2 3 Error Messages of the Command Line Interface 3 7 3 3 Features of Command Line Interface 3 7 3 3 1 Editing 3 7 3 3 2 Displaying 3 8 3 3 3 Regular Expressions 3 8 3 3 4 History Commands 3 10 3 4 Shortcut Keys 3 11 3 4 1 Classifying Shortcut Keys 3 11 3 4 2 Defining Shortcut Keys 3 12 3 4 3 Use of Shortcut Keys 3 13 3 5 Configuration Examples 3 13 3 ...

Page 49: ...opyright Huawei Technologies Co Ltd iii Tables Table 3 1 Command line views 3 4 Table 3 2 Common error messages of the command line 3 7 Table 3 3 Keys for editing 3 7 Table 3 4 Keys for displaying 3 8 Table 3 5 Describes metacharacters 3 9 Table 3 6 Access the history commands 3 10 Table 3 7 System defined shortcut keys 3 11 ...

Page 50: ...f this chapter Section Description 3 1 Introduction This section describes the basic concepts of the command line 3 2 Online Help This section describes how to use the online help of the command line 3 3 Features of Command Line Interface This section describes the error messages of the command line 3 4 Shortcut Keys This section describes how to use shortcut keys 3 5 Configuration Examples This s...

Page 51: ...nline help at any time z Network testing commands such as tracert and ping for rapidly diagnosing a network z Abundant debugging information to help in diagnosing the network z The telnet command for directly logging in to and manage other routers z FTP service for the file uploading and downloading z Running a history command like DosKey z A command line interpreter provides intelligent command r...

Page 52: ...evel may be higher than the command level defined according to the command rules in application z Login users have the same 16 levels as the command levels The login users can use only the command of the levels that are equal to or lower than their own levels For details of login user levels refer to section 5 1 2 User Management in Chapter 5 User Login 3 1 3 Command Line Views The command line in...

Page 53: ...L view based on interface Atm pvc ATM PVC view aux AUX interface view bgp BGP view bgp af l2vpn BGP AF L2VPN view bgp af vpnv4 BGP AF VPNV4 view bgp af vpn instance BGP AF VPN instance view vpls family VPLS address family view cpos CPOS interface view dhcp DHCP address pool view e1 E1 interface view e3 E3 interface view ethernet Ethernet interface view explicit path Explicit path view fr class Fra...

Page 54: ...ew ospf area OSPF area view policy based route Policy based route view pos POS interface view radius RADIUS view rip RIP view rip af vpn instance RIP AF VPN instance view ripng RIPng view route policy Route policy view rsa key code RSA key code view rsa public key RSA public key view serial Serial interface view shell Shell view system System view t1 T1 interface view t3 T3 interface view tunnel T...

Page 55: ...e environment English English environment Chinese and English are keywords Chinese environment and English environment describe the keywords respectively z Enter a command and separated by a space and if a parameter is at this position the related parameter names and parameter descriptions are displayed For example Quidway ftp timeout INTEGER 1 35791 Specify FTP timeout minutes Quidway ftp timeout...

Page 56: ...ntered by the user are run correctly if the grammar check has been passed Otherwise error messages are reported to the user See Table 3 2 for the common error messages Table 3 2 Common error messages of the command line Error messages Cause of the error The command cannot be found Unrecognized command The key word cannot be found Parameter type error Wrong parameter The parameter value exceeds the...

Page 57: ...mplete key word and displays it in a new line with the cursor a space behind z If there are several matches or no match at all the system displays the prefix first Then you can press Tab to view the matching key word one by one In this case the cursor is closely follows the word end and you can type a space to enter the next word z If a wrong key word is input press Tab and your input is displayed...

Page 58: ...sts between characters on the left and right sides of it Characters on the right of it must appear at the beginning of the target object Characters on the left of it must appear at the end of the target object xyz Matches the character listed in the square character xyz Matches any character that is not listed in the square bracket is on the left of the character a z Matches any character within t...

Page 59: ...he information that excludes lines that match regular expression z regular expression displays the information that includes lines that match regular expression Regular expressions are used to filter the output such as the metacharacter If the number of matching times exceeds the scope specified in the matching times out and the information cannot be displayed normally Thus ensure to avoid repeati...

Page 60: ...is run for several times only one history command is saved If the disp ip routing command and the display ip routing table command are run two history commands are saved 3 4 Shortcut Keys 3 4 1 Classifying Shortcut Keys The shortcut keys in the system are classified into the following types z User oriented and user defined shortcut keys CTRL_G CTRL_L and CTRL_O The user can correlate these shortcu...

Page 61: ...he cursor CTRL_X Deletes all the characters on the left of the cursor CTRL_Y Deletes all the characters on the right of the cursor CTRL_Z Returns to the user view CTRL_ Terminates the inbound or redirection connections ESC_B The cursor moves leftward by the space of a word ESC_D Deletes a word on the right of the cursor ESC_F The cursor moves rightward to the next word end ESC_N The cursor moves d...

Page 62: ... commands the syntax is recorded to the command buffer and log for fault location and querying The terminal in use may affect the functions of the shortcut keys For example if the customized shortcut keys of the terminal conflict with those of the router the input shortcut keys are captured by the terminal program and hence the shortcut keys do not function Run the following command in any view to...

Page 63: ...e display clipboard command to view the contents on the clipboard Quidway display clipboard CLIPBOARD display ip routing table Step 3 Press Ctrl Shift V to paste the contents of clipboard Quidway display ip routing table End 3 5 3 Example for Using Tab There are three cases in using Tab as shown in the following example z The matching key word is unique after the incomplete key word is typed in St...

Page 64: ...ss Tab The cursor is closely following the word end Quidway info center loghost Quidway info center logbuffer Quidway info center logfile Stop pressing Tab after the key word logfile that you need is displayed Step 3 Type a space to enter the next word channel Quidway info center logfile channel End z A wrong key word is typed in Step 1 Type a wrong key word loglog Quidway info center loglog Step ...

Page 65: ...ode 4 3 4 2 3 Configuring the Equipment Name 4 3 4 2 4 Configuring the System Clock 4 3 4 2 5 Configuring the Header Text 4 4 4 2 6 Configuring Command Levels 4 4 4 3 Configuring Basic User Environment 4 5 4 3 1 Establishing the Configuration Task 4 5 4 3 2 Configuring the Password for Switching User Levels 4 6 4 3 3 Switching User Levels 4 6 4 3 4 Locking User Interfaces 4 7 4 4 Displaying System...

Page 66: ...r Section Description 4 1 Introduction This section describes the basic configurations 4 2 Configuring the Basic System Environment This section describes how to configure the basic system environment on the router 4 3 Configuring Basic User Environment This section describes the configuration of the basic user configuration environment on the router 4 4 Displaying System Status Messages This sect...

Page 67: ...g the Basic System Environment 4 2 1 Establishing the Configuration Task Applicable Environment Before configuring the services you need to configure the basic system environments to meet the requirements of the practical environments By default the product supports commands of Level 0 to Level 3 namely visit level monitoring level configuration level and management level If the user needs to defi...

Page 68: ...ter Step 1 Run language mode chinese english The language mode is switched End By default the English mode is used The help information on the router can be in English and in Chinese When you need the help information in Chinese run this command to switch the language mode 4 2 3 Configuring the Equipment Name Do as follows on the router Step 1 Run system view The system view is displayed Step 2 Ru...

Page 69: ...th fifth last weekday end date offset The daylight time is set To guarantee cooperation with other devices you need to accurately set the system time The product supports setting the time zone and daylight time End 4 2 5 Configuring the Header Text Do as follows on the router Step 1 Run system view The system view is displayed Step 2 Run header login information text file file name The header text...

Page 70: ... End If the user does not adjust a command level separately after the command level is updated all originally registered command lines adjust automatically according to following rules z The commands of Level 0 and Level 1 remain still z The command Level 2 is updated to Level 10 and Level 3 is updated to Level 15 z No command lines exist in Level 2 to Level 9 and Level 11 to Level 14 The user can...

Page 71: ...en simple is used the password is saved in the configuration files in simple text Login users with lower level can get the password by viewing the configuration This may cause security problems Therefore cipher is used to save the password in encrypted text Do as follows on the router Step 1 Run system view The system view is displayed Step 2 Run super password level user level simple cipher passw...

Page 72: ...uterConfiguration Guide Security When the login user of lower levels is switched to the user of higher level through super the system automatically sends trap messages records the switchover in the log When the switched level is lower than that of the current level the system only records the switchover in the log 4 3 4 Locking User Interfaces Do as follows on the router Step 1 Run lock The user i...

Page 73: ...System Status Run one or more of following commands according to your needs z Run the display debugging interface interface type interface number module name command to display the debugging status z Run the display this command to display the configuration of the current view 4 4 3 Collecting System Diagostic Information Run the following command according to your needs Run the display diagnostic...

Page 74: ...tion Task 5 10 5 3 2 Configuring AUX Interface Attributes 5 11 5 3 3 Configuring AUX Terminal Attributes 5 12 5 3 4 Configuring User Priority 5 13 5 3 5 Configuring Modem Attributes 5 13 5 3 6 Configuring User Authentication 5 14 5 3 7 Checking the Configuration 5 15 5 4 Configuring VTY User Interface 5 16 5 4 1 Establishing the Configuration Task 5 16 5 4 2 Configuring Maximum VTY User Interfaces...

Page 75: ...iguring User Priority 5 26 5 6 7 Checking the Configuration 5 26 5 7 Configuring Local User Management 5 26 5 7 1 Establishing the Configuration Task 5 26 5 7 2 Creating Local User Account 5 27 5 7 3 Configuring the Service Type of the Local User 5 27 5 7 4 Configuring Local User Authority for FTP Directory 5 28 5 7 5 Configuring Local User Status 5 28 5 7 6 Configuring Local User Priority 5 29 5 ...

Page 76: ...etEngine80 Configuration Guide Basic Configurations Tables Issue 04 2009 12 20 Huawei Proprietary and Confidential Copyright Huawei Technologies Co Ltd iii Tables Table 5 1 Example for the absolute numbering 5 3 ...

Page 77: ...he user interface on console port 5 3 Configuring AUX User Interface This section describes how to configure the user interface on AUX port 5 4 Configuring VTY User This section describes how to configure the user interface of VTY 5 5 Managing User Interfaces This section describes how to send messages and clear users between interfaces 5 6 Configuring User Management This section describes how to...

Page 78: ...rt is a logical terminal line A virtual type line VTY is the Telnet connection with the router through a terminal It is used for local or remote access to the router User Interface Numbering The following are user interface numbering methods z Relative numbering The format of the relative numbering is user interface type number All type of user interfaces use relative numbering It is used only in ...

Page 79: ...e first time In such a condition any user can configure the router by connecting a PC with it through the console port The remote user accesses the router through Telnet if the router is configured with the IP address of the MCU or that of the interface board The remote user accesses the network by establishing a PPP connection with the router Configure the usernames and the user password for the ...

Page 80: ...he user with the level 3 can access all the commands For details of command level refer to section 3 1 2 Command Level in Chapter 3 Command Line Introduction User Authentication After the user configuration the system authenticates users when they access the router The four types of user authentication are as follows z Non authentication In this type a user accesses the router without the username...

Page 81: ... user interface complete the following tasks z Powering on the router z Connecting the PC with the router properly Data Preparation To configure console user interface you need the following data No Data 1 Transmission rate flow control mode checksum mode stop bit and data bit 2 Idle timeout period for user screen length of terminal and the size of history command buffer 3 User priority 4 User aut...

Page 82: ... Run user interface ui type first ui number last ui number The user interface view is displayed Step 3 Optional Run speed speed value The transmission rate is set By default the transmission rate is 9600 bit s By default the value is 9600 bit s Step 4 Optional Run flow control hardware none software The flow control mode is set By default the flow control mode is none Step 5 Optional Run parity ev...

Page 83: ...ystem view is displayed Step 2 Run user interface ui type first ui number last ui number The user interface view is displayed Step 3 Run Shell The terminal service is started Step 4 Run idle timeout minutes seconds The timeout period is set By default idle timeout period for users on the user interface is 10 minutes Step 5 Run screen length screen length One screen length of the terminal screen is...

Page 84: ...figuring User Authentication Three user authentication modes are available on the router z AAA authentication requires the user name and password z Password authentication needs no user name but a password Otherwise the user cannot log in to the router through the console interface z Non authentication requires the user name and password No authentication is needed when the user logs in to the rou...

Page 85: ...ew is displayed Step 2 Run user interface console 0 The console user interface view is displayed Step 3 Run authentication mode password You can set authentication mode as password authentication Step 4 Run set authentication password cipher simple password A password for authentication is set End Configuring Non Authentication Do as follows on the router Step 1 Run system view The system view is ...

Page 86: ... access user 5 3 Configuring AUX User Interface 5 3 1 Establishing the Configuration Task Applicable Environment When the user needs to maintain a remote router AUX user interface is required Pre configuration Tasks Before configuring AUX user interface complete the following tasks z Powering on the router z Connecting the PC with the router properly Data Preparation Before configuring AUX user in...

Page 87: ... Configuring User Priority 4 Configuring Modem Attributes 5 Configuring User Authentication 6 Checking the Configuration 5 3 2 Configuring AUX Interface Attributes Do as follows on the router Step 1 Run system view The system view is displayed Step 2 Run user interface aux 0 The AUX user interface view is displayed Step 3 Optional Run speed speed value The transmission rate is set By default the t...

Page 88: ...erminal should accord with the attributes of the port on the router Otherwise the user cannot log in to the router 5 3 3 Configuring AUX Terminal Attributes Do as follows on the router Step 1 Run system view The system view is displayed Step 2 Run user interface aux 0 The AUX user interface view is displayed Step 3 Run shell AUX terminal service is enabled Step 4 Run idle timeout minutes seconds U...

Page 89: ...tep 2 Run user interface aux 0 The AUX user interface view is displayed Step 3 Run user privilege level level The user priority is set End 5 3 5 Configuring Modem Attributes Do as follows on the router that the user logs in to Step 1 Run system view The system view is displayed Step 2 Run user interface aux 0 The AUX user interface view is displayed Step 3 Run modem timer answer seconds Set the pe...

Page 90: ...ot log in to the router through the console interface z None requires neither user name nor password No authentication is needed when the user logs in to the router Configuring AAA Authentication Do as follows on the router Step 1 Run system view The system view is displayed Step 2 Run user interface aux 0 The AUX user interface view is displayed Step 3 Run authentication mode aaa Authentication m...

Page 91: ...n password cipher simple password Step 5 Set password for this mode End Configuring Non Authentication Do as follows on the router Step 1 Run system view The system view is displayed Step 2 Run user interface aux 0 The AUX user interface view is displayed Step 3 Run authentication mode none Authentication mode is set to none End 5 3 7 Checking the Configuration Run the following commands to check ...

Page 92: ...s Before configuring VTY user interface complete the following tasks z Powering on the router z Correctly connecting PC and router Data Preparation To configure the VTY user interface you need the following data No Data 1 Maximum VTY user interfaces 2 Optional ACL code to limit VTY user interface to call in and out 3 Optional Timeout of command line authentication 4 Idle timeout period for user sc...

Page 93: ...s to be configured is larger than the number of current maximum interfaces the authentication mode and password need to be configured for newly added user interfaces For newly added user interfaces the system applies password authentication by default The prompt is shown as follows Warning Login password has not been set For example a maximum of five users are allowed online To allow 15 VTY users ...

Page 94: ... Do as follows the router that the user logs in to Step 1 Run system view The system view is displayed Step 2 Run user interface vty first ui number last ui number The VTY user interface view is displayed Step 3 Run authorization cmd timeout timeout value The timeout of command line authorization I set End The product supports to authorize HWTACACS command line to login users according to user lev...

Page 95: ...p 7 Set the size of the history command buffer End 5 4 6 Configuring User Authentication Three authentication modes are available on a router z AAA authentication requires the user name and password z Password authentication requires no user name but a password must be set Otherwise the user cannot log in to the router through console interface z None requires neither user name nor password No aut...

Page 96: ...assword End Configuring Password Authentication Do as follows on the router Step 1 Run system view The system view is displayed Step 2 Run user interface vty number1 number2 The VTY user interface view is displayed Step 3 Run authentication mode password Set the authentication mode as password Step 4 Run Set authentication password simple cipher password Set a password for this authentication mode...

Page 97: ...terfaces display user interface maximum vty View the physical attributes and configurations of the user interface display user interface ui typeui number number summary 5 5 Managing User Interfaces 5 5 1 Establishing the Configuration Task Applicable Environment To ensure the operator can manage routers safely you need to send messages between user interfaces and clear designated user and so on Pr...

Page 98: ...ep 1 Run send all interface type interface number number You can enable message sending between user interfaces Following the prompt you can enter the message to be sent You can press Ctrl Z or Enter key to end End 5 5 3 Clearing Online User Do as follows on the router Step 1 Run free user interface ui number ui type ui number1 Online users are cleared Upon the prompts you can confirm whether to c...

Page 99: ...emote users access the network by establishing PPP connection with the router To ensure network security and ease user management configure a username and the user password for the router Pre configuration Tasks Before configuring a user interface complete the following tasks z Powering on the router z Connecting the PC with the router properly Data Preparation To configure a user you need the fol...

Page 100: ...ntication mode aaa password none The user authentication mode is configured End 5 6 3 Configuring Authentication Password Do as follows on the router that the user logs in to Step 1 Run system view The system view is displayed Step 2 Run user interface ui type first ui number last ui number The user interface view is displayed Step 3 Run set authentication password cipher simple password The authe...

Page 101: ... Run aaa The AAA view is displayed Step 5 Run local user user name password simple cipher password The local username and the password are configured End 5 6 5 Configuring Non Authentication Do as follows on the router that the user logs in to Step 1 Run system view The system view is displayed Step 2 Run user interface ui type first ui number last ui number The user interface view is displayed St...

Page 102: ...ing the Configuration Run the following commands to check the previous configuration Action Command Check the user information display users all Check information about local users display local user Check information about the access users display access user 5 7 Configuring Local User Management 5 7 1 Establishing the Configuration Task Applicable Environment Create maintain and manage local use...

Page 103: ...ing the Service Type of the Local User 3 Configuring Local User Authority 4 Configuring Local User Status 5 Configuring Local User Priority 6 Configuring Access Restriction of the Local User 7 Checking the Configuration 5 7 2 Creating Local User Account Do as follows on the router Step 1 Run system view The system view is displayed Step 2 Run aaa The AAA view is displayed Step 3 Run local user use...

Page 104: ...onfigured End By configuring the service type of the local user you can manage the user based on service types 5 7 4 Configuring Local User Authority for FTP Directory Do as follows on the router Step 1 Run system view The system view is displayed Step 2 Run aaa The AAA view is displayed Step 3 Run local user user name ftp directory directory The local user authority for the FTP directory is confi...

Page 105: ...w The system view is displayed Step 2 Run aaa The AAA view is displayed Step 3 Run local user user name level level The local user priority is configured End 5 7 7 Configuring Access Restriction of the Local User Do as follows on the router Step 1 Run system view The system view is displayed Step 2 Run aaa The AAA view is displayed Step 3 Run local user user name access limit access limit The acce...

Page 106: ...tive All Dft No 0 Total 2 2 printed Run the display local user username user name command You can view details of the AAA local user such as the user level FTP authorization directory Quidway display local user username aaa User name aaa Password huawei State Active Service type All ACL number User CAR Idle cut No Access limit No Online number 0 MAC address User level 0 FTP directory Call number C...

Page 107: ...rface 2 Configure the priority of VTY0 as 2 3 Configure the simple authentication and the disconnect time Data Preparation To complete the configuration you need the following data z The password of the authentication mode z The connection time Configuration Procedure Quidway system view Quidway user interface vty 0 Quidway ui vty0 user privilege level 2 Quidway ui vty0 authentication mode passwor...

Page 108: ...t accounting scheme default domain default user interface con 0 user interface vty 0 user privilege level 2 set authentication password simple huawei idle timeout 30 0 user interface vty 1 4 return 5 8 2 Example for Logging In to the Router Through AAA Networking Requirements The COM port of the PC and the console port of the router are connected Configure the priority of VTY0 to be 2 perform AAA ...

Page 109: ...and password for authentication z Disconnection time Configuration Procedure Quidway system view Quidway user interface vty 0 Quidway ui vty0 user privilege level 2 Quidway ui vty0 authentication mode aaa Quidway ui vty0 idle timeout 30 Quidway ui vty0 quit Quidway aaa Quidway aaa local user huawei password cipher huawei Quidway aaa local user huawei level 2 Quidway aaa local user huawei idle cut ...

Page 110: ...ubles 6 3 6 2 3 Formatting Storage Devices 6 3 6 3 Managing the Directory 6 4 6 3 1 Establishing the Configuration Task 6 4 6 3 2 Viewing the Current Directory 6 5 6 3 3 Switching the Directory 6 5 6 3 4 Displaying the Directory of File 6 5 6 3 5 Creating a Directory 6 6 6 3 6 Deleting a Directory 6 6 6 4 Managing Files 6 6 6 4 1 Displaying Contents of Files 6 7 6 4 2 Copying Files 6 7 6 4 3 Movin...

Page 111: ...anaging Storage Devices This section describes how to configure to display the management of the storage devices 6 3 Managing the Directory This section describes how to configure to realize the directory management 6 4 Managing Files This section describes how to realize file management 6 5 Running Files in Batch This section describes how to configure to realize batch process 6 6 Configuring Pro...

Page 112: ...s that are stored in those storage devices 6 1 2 Storage Devices Storage devices are hardware devices for storing messages The storage device of the NE80 is the Hard Disk Flash 6 1 3 Files The file is a mechanism in which the system stores and manages messages 6 1 4 Directories The directory is a mechanism in which the system integrates and organizes the file It is the logical container of the fil...

Page 113: ...oubles 2 Formatting Storage Devices 6 2 2 Restoring Storage Devices with File System Troubles When the file system fails on some storage device the terminal of the router prompts to restoring Do as follows on the router Step 1 Run user view The user view is displayed Step 2 Run fixdisk device name Repair the storage devices with file system troubles End 6 2 3 Formatting Storage Devices Formatting ...

Page 114: ...shing the Configuration Task Applicable Environment When you need to transfer files between the client and the server configure the directory by using the file system Pre configuration Tasks Before configuring the management directory complete the following tasks z Powering on the router z Connecting the client with the server correctly Data Preparation To configure a management directory you need...

Page 115: ...he user view Step 2 Run pwd The current directory is displayed End 6 3 3 Switching the Directory Do as follows on the router Step 1 Enter the user view Step 2 Run cd directory A directory is specified and the specified directory is displayed Step 3 Run pwd The current directory is displayed End 6 3 4 Displaying the Directory of File Do as follows on the router Step 1 Enter the user view Step 2 Run...

Page 116: ...user view Step 2 Run cd directory The parent directory of the directory to be created is displayed Step 3 Run mkdir directory The directory is created End 6 3 6 Deleting a Directory Do as follows on the router Step 1 Enter the user view Step 2 Run cd directory The parent directory of the directory to be deleted is displayed Step 3 Run rmdir directory The directory is deleted End 6 4 Managing Files...

Page 117: ...ta No Data 1 File name to be created 2 File name to be deleted Configuration Procedures No Procedure 1 Displaying Contents of Files 2 Copying Files 3 Moving Files 4 Renaming Files 5 Deleting Files 6 Deleting Files in the Recycle Bin 7 Undeleting Files 6 4 1 Displaying Contents of Files Do as follows on the router Step 1 Enter the user view Step 2 Run cd directory The directory of the file is displ...

Page 118: ...is copied End The length of the file must exceed zero bytes otherwise the file cannot be copied 6 4 3 Moving Files Do as follows on the router Step 1 Enter the user view Step 2 Run cd directory The directory of the file is displayed Step 3 Run move source filename destination filename The file is moved End 6 4 4 Renaming Files Do as follows on the router Step 1 Enter the user view Step 2 Run cd di...

Page 119: ...le is displayed Step 3 Run delete unreserved filename The file is deleted End 6 4 6 Deleting Files in the Recycle Bin Do as follows on the router Step 1 Run reset recycle bin filename The file is deleted End Running this command deletes only the files in the recycle bin of the master MPU 6 4 7 Undeleting Files Do as follows on the router Step 1 Run undelete filename The file is undeleted End If th...

Page 120: ...complete the following tasks z Powering on the router z Uploading the batched files on the client end to the router Data Preparation To configure the batch process you need the following data No Data 1 Name of the batch file Configuration Procedures Do as follows on the router Step 1 Run system view The system view is displayed Step 2 Run execute filename The batched file is executed End 6 6 Confi...

Page 121: ...ew The system view is displayed Step 3 Run file prompt alert quiet The prompt mode of the file system is configured By default the prompt mode is alert End 6 7 Example of Configuration Networking Requirements By configuring the file system of the router the user can operate the router through the console port and copy files to the specified directory The file path in the storage device must be cor...

Page 122: ... flash log txt to slave flash log txt Quidway copy flash log txt slave flash log txt Copy flash log txt to flash log txt Y N y Copyed flash log txt slave flash log txt Step 3 Display the file information in the current directory and you can view that the file is copied to the specified directory Quidway dir slave flash Directory of slave flash 0 rw 37 Apr 28 2007 08 56 55 private data txt 1 rw 427...

Page 123: ...7 1 1 Definitions 7 2 7 1 2 Configuration Files and Current Configurations 7 2 7 2 Managing Configuration Files 7 2 7 2 1 Establishing the Configuration Task 7 2 7 2 2 Configuring System Software for a Router to Load 7 3 7 2 3 Configuring the Configuration File for Router to Load 7 3 7 2 4 Saving Configuration File 7 4 7 2 5 Clearing Configuration Files 7 4 7 2 6 Comparing Configuration Files 7 5 ...

Page 124: ... Copyright Huawei Technologies Co Ltd 7 1 7 Management of Configuration Files About This Chapter The following table shows the contents of this chapter Section Description 7 1 Introduction This section describes the basic concepts of the configuration file 7 2 Managing Configuration Files This section describes the method of managing configuration file ...

Page 125: ...form z If the configuration is in the incomplete form the command is saved in complete form Therefore the command length in the configuration file may exceed 255 characters When the system restarts those commands cannot be restored 7 1 2 Configuration Files and Current Configurations z Initial configurations On powering on the router retrieves the configuration files from the default save path to ...

Page 126: ...s Configuration Procedures You can perform Procedure 1 to Procedure 5 in a random order No Procedure 1 Configuring System Software for a Router to Load 2 Configuring the Configuration File for Router to Load 3 Saving Configuration File 4 Clearing Configuration Files 5 Comparing Configuration Files 6 Checking the Configuration 7 2 2 Configuring System Software for a Router to Load Do as follows on ...

Page 127: ...interface To set the current configuration as initial configuration when the router starts next time you can use the save command to save the current configuration in the flash memory When saving the configuration file for the first time if you do not specify the optional parameter config filename the router asks you whether to save the file as vrpcfg cfg or not 7 2 5 Clearing Configuration Files ...

Page 128: ...n Check the configuration file that the router loads the next time when it starts display saved configuration Check the configuration file that the router loads this time when it starts display saved configuration last Check the file information used by the device upon start display startup View the file information in storage device dir all filename After the configurations succeed run the preced...

Page 129: ...8 5 8 2 7 Checking the Configuration 8 6 8 3 Configuring FTP ACL 8 6 8 3 1 Establishing the Configuration Task 8 6 8 3 2 Enabling the FTP Server 8 7 8 3 3 Configuring the Basic ACL 8 7 8 3 4 Configuring the Basic FTP ACL 8 8 8 3 5 Checking the Configuration 8 8 8 4 Configuring the Router to Be the FTP Client 8 9 8 4 1 Establishing the Configuration Task 8 9 8 4 2 Configuring the source address of ...

Page 130: ... 15 8 6 Limiting the Access to the TFTP Server 8 16 8 6 1 Establishing the Configuration Task 8 16 8 6 2 Configuring the Basic ACL 8 16 8 6 3 Configuring the Basic TFTP ACL 8 17 8 7 Configuring XModem 8 17 8 7 1 Establishing the Configuration Task 8 17 8 7 2 Getting a File Through XModem 8 18 8 8 Configuration Examples 8 18 8 8 1 Example for Configuring the FTP Server 8 18 8 8 2 Example for Config...

Page 131: ...es Co Ltd iii Figures Figure 8 1 Networking diagram with FTP server basic functions 8 19 Figure 8 2 Networking diagram of configuring FTP ACL 8 21 Figure 8 3 Configuring the FTP client 8 23 Figure 8 4 Networking diagram of configuring TFTP 8 24 Figure 8 5 Setting the Base Directory of the TFTP server 8 25 Figure 8 6 Specifying the file to be sent 8 26 ...

Page 132: ...TP server See Example for Configuring the FTP Server 8 3 Configuring FTP ACL This section describes how to configure the specified client to log in to the router 8 4 Configuring the Router to Be the FTP Client This section describes how to configure a router to be a FTP client and log in to the FTP server 8 5 Configuring TFTP This section describes how to configure TFTP to log in to the server 8 6...

Page 133: ...example TFTP is used to obtain the memory image of the system when the system starts up TFTP is implemented based on UDP The client initiates the TFTP transfer To download files the client sends a read request packet to the TFTP server receives packets from the server and sends acknowledgement to the server To upload files the client sends a write request packet to the TFTP server sends packets to...

Page 134: ...orted only by the AUX port z XModem does not support simultaneous operations of multiple users 8 2 Configuring the Router to be the FTP Server 8 2 1 Establishing the Configuration Task Applicable Environment When the router serves as the FTP server after the client logs in to the router through FTP the user can transport files between the client and the server Pre configuration Tasks Before config...

Page 135: ...er Do as follows on the router that serves as the FTP server Step 1 Run system view The system view is displayed Step 2 Run ftp server source a source ip address i interface name interface type interface num The source address of FTP server is started End 8 2 3 Enabling the FTP Server Do as follows on the router that serves as the FTP server Step 1 Run system view The system view is displayed Step...

Page 136: ...ystem view is displayed Step 2 Run aaa The AAA view is displayed Step 3 Run local user user name password simple cipher password The local username and the password are configured End 8 2 6 Configuring Service Types and Authorization Information Do as follows on the router that serves as the FTP server Step 1 Run system view The system view is displayed Step 2 Run aaa The AAA view is displayed Ste...

Page 137: ...5 User count 1 Timeout value in minute 30 Acl number 0 The source address of the FTP server is 1 1 1 1 Run the display ftp users command to view the user name port number authorization directory of the FTP user configured currently Quidway display ftp users Username host port idle topdir huawei 100 2 150 211 4641 0 flash 8 3 Configuring FTP ACL 8 3 1 Establishing the Configuration Task Applicable ...

Page 138: ...FTP ACL you need to take following steps No Procedure 1 Enabling the FTP Server 2 Configuring the Basic ACL 3 Configuring the Basic FTP ACL 8 3 2 Enabling the FTP Server Do as follows on the router that serves as the FTP server Step 1 Run system view The system view is displayed Step 2 Run ftp server enable The FTP server is started End 8 3 3 Configuring the Basic ACL Do as follows on the router t...

Page 139: ...TP ACL Do as follows on the router that serves as the FTP server Step 1 Run system view The system view is displayed Step 2 Run ftp acl acl number The basic FTP ACL is configured End 8 3 5 Checking the Configuration Run the following commands to check the preceding configuration Action Command Check the configuration and running information about the FTP server display ftp server After configuring...

Page 140: ...er as an FTP client complete the following tasks z Powering on the router z Connecting the FTP client with the server Data Preparation To configure the router as an FTP client you need the following data No Data 1 Host name or IP address of the FTP server 2 Port number of connecting FTP 3 Login username and password Configuration Procedures To configure a router as an FTP client you need to take f...

Page 141: ...t serves as the client can be connected to the FTP server in different ways z In the user view run ftp a source ip address i interface name interface type interface num host port number vpn instance vpn instance name The router is connected to the FTP server z In the FTP view run open host port number vpn instance vpn instance name The router is connected to the FTP server End 8 4 4 Configuring Da...

Page 142: ...isplayed End 8 4 6 Uploading or Downloading Files Do as follows on the router that serves as the client Step 1 Run ftp a source ip address i interface name interface type interface num host port number vpn instance vpn instance name The router is connected to the FTP server and the FTP client view is displayed Step 2 Upload or download files z Run put local filename remote filename The local file ...

Page 143: ...ctory A directory is created on the FTP server z Run rmdir remote directory A directory is deleted on the FTP server z The directory to be created can comprise letters and digits rather than such special characters as and z When running the mkdir abc command you create a sub directory named abc End 8 4 8 Managing Files Do as follows on the router that serves as the client Step 1 Run ftp a source i...

Page 144: ... ftp a source ip address i interface name interface type interface num host port number vpn instance vpn instance name The router is connected to the FTP server Step 2 Run user user name password The current login user is changed and the user logs in again End 8 4 10 Disconnecting from the FTP Server Do as follows on the router that serves as the client Step 1 Run the following commands according ...

Page 145: ...mber authorization directory of the FTP user configured currently Quidway display ftp users username host port idle topdir zll 100 2 150 226 2320 0 cfcard 8 5 Configuring TFTP 8 5 1 Establishing the Configuration Task Applicable Environment You can transfer files through TFTP between the server and the client in a simple interaction environment Pre configuration Tasks Before configuring TFTP compl...

Page 146: ...tp client source a source ip address i interface name interface type interface num The source address of TFTP client is started End 8 5 3 Downloading Files Through TFTP Do as follows on the router that serves as the TFTP client Step 1 Run tftp a source ip address i interface name interface type interface num tftp server get source filename destination filename The router is configured to download ...

Page 147: ...ation Tasks Before configuring a limit to access the TFTP server complete the following tasks z Powering on the router z Connecting the TFTP client with the server Data Preparation To configure a limit to accesss to TFTP server you need the following data No Data 1 IP address of the TFTP server 2 ACL number Configuration Procedures To configure a limit to access to TFTP server you need to take fol...

Page 148: ... the TFTP client Step 1 Run system view The system view is displayed Step 2 Run tftp server acl acl number ACL is used to limit the access to the TFTP server End 8 7 Configuring XModem 8 7 1 Establishing the Configuration Task Applicable Environment Configure XModem to transfer files through serial interfaces Pre configuration Tasks Before configuring XModem complete the following tasks z Powering...

Page 149: ...formed Step 1 Run xmodem get filename XModem is used to get the file End z Before getting the file confirm the path and the name of the file that are to be sent z For the filename an absolute path name is required z If the filename is similar to an existing one the system sends a prompt asking you whether to overwrite or not 8 8 Configuration Examples 8 8 1 Example for Configuring the FTP Server N...

Page 150: ...erver z The destination file name and its position in the router Configuration Procedure Step 1 Enable FTP on the FTP server and configure the authentication information about the FTP user Quidway system view Quidway sysname server server ftp server enable server ftp timeout 30 server aaa server aaa local user quidway password simple huawei Step 2 Configure the authorization mode and directory of ...

Page 151: ... y 200 PORT command okay 150 Opening BINARY mode data connection for vrp bin 226 Transfer complete FTP 5805100 byte s received in 19 898 second s 291 74Kbyte s sec ftp dir 200 Port command okay 150 Opening ASCII mode data connection for 0 rw 5805100 May 25 2007 18 02 30 vrp bin 1 rw 354 Apr 30 2007 14 35 15 vrpcfg cfg 2 drw Apr 30 2007 14 35 36 lam 3 rw 852 May 25 2007 16 55 08 vrpcfg zip 226 Tran...

Page 152: ...04 111 to download and upload files in the FTP mode PC2 cannot be connected to the FTP server Figure 8 2 Networking diagram of configuring FTPACL Server 172 16 104 110 GE1 0 0 PC1 PC2 GE2 0 0 172 16 104 111 24 172 16 105 111 24 IP Network Configuration Roadmap The configuration roadmap is as follows 1 Configure the basic FTP functions 2 Configure ACL on the FTP server Data Preparation To complete ...

Page 153: ...ct to the FTP server from PC2 c ftp 172 16 104 110 Connected to ftp 172 16 104 110 Info Connection was denied by remote host according to ACL Connection closed by remote host End Configuration Files Configuration file of the FTP server sysname Server Ftp server enable FTP acl 2001 acl number 2001 rule 5 permit source 172 16 104 111 0 0 0 255 interface Ethernet2 0 0 undo shutdown ip address 172 16 ...

Page 154: ...ownload system files form the server to the storage devices on the client side Data Preparation To complete the configuration you need the following data z IP address of the FTP server z The destination file name and its position in the router Configuration Procedure Step 1 Log in to the FTP server from the router Quidway ftp 172 16 104 110 Trying ftp 172 16 104 110 Press CTRL K to abort Connected...

Page 155: ...gram of configuring TFTP TFTPServer Quidw ay PC 10 111 16 160 24 Configuration Roadmap The configuration roadmap is as follows 1 Run the TFTP software on the TFTP server 2 Set the position of the source file on the server 3 Use the TFTP command on the Quidway router to download the files Data Preparation To complete the configuration you need the following data z The TFTP software installed on the...

Page 156: ... to download file from remote tftp server please wait for a while TFTP 86235884 bytes received in 42734 second File downloaded successfully Step 3 Check the configuration Run the dir command to view whether the downloaded target file resides in the specified directory of the router Quidway dir flash Directory of flash 0 rw 10014764 Jun 20 2005 15 00 28 vrp bin 1 rw 40 Jun 24 2006 09 30 40 private ...

Page 157: ...and to download the files on the router 3 Specify the file path on the HyperTerminal Data Preparation To complete the configuration you need the following data z Files that are copied to the PC z The path of the file in PC Configuration Procedure Step 1 Log in to the router through the AUX port Refer to 02 Establishment of Configuration Environments Step 2 Specify the file to be sent on the HyperT...

Page 158: ...ter the system prompts that the file transmission succeeds you can view the directory of the Flash Memory Quidway Download successful Quidway Download successful Quidway dir flash Directory of flash 0 rw 10014764 Jun 20 2005 15 00 28 vrp bin 1 rw 98776 Jul 27 2005 09 36 12 matnlog dat 2 rw 28 Jul 27 2005 09 34 39 private data txt 3 rw 480 May 10 2003 11 25 18 vrpcfg zip 4 rw 10103172 Jul 22 2005 1...

Page 159: ...erating a Local RSA Key Pair 9 12 9 3 5 Configuring the Authentication Mode for SSH Users 9 12 9 3 6 Optional Configuring the Basic Authentication Information for SSH Users 9 14 9 3 7 Optional Authorizing SSH Users Through the Command Line 9 14 9 3 8 Configuring the Service Type of SSH Users 9 15 9 3 9 Optional Configuring the Authorized Directory of SFTP Service for SSH Users 9 15 9 3 10 Checking...

Page 160: ...SH Client 9 24 9 6 3 Configuring the SSH Client to Assign the RSA Public Key to the SSH Server 9 24 9 6 4 Enabling the SFTP Client 9 25 9 6 5 Optional Managing the Directory 9 25 9 6 6 Optional Managing the File 9 26 9 6 7 Optional Displaying the SFTP Client Command Help 9 27 9 6 8 Checking the Configuration 9 27 9 7 Maintaining Telnet and SSH 9 28 9 7 1 Debugging Telnet Terminal Services 9 28 9 7...

Page 161: ...e 9 4 Establishing an SSH channel in a LAN 9 5 Figure 9 5 Establishing an SSH channel in a WAN 9 5 Figure 9 6 Networking diagram of the Telnet terminal services mode 9 29 Figure 9 7 Networking diagram of connecting the STelnet client to the SSH server 9 31 Figure 9 8 Networking diagram of connecting the SFTP client to the SSH server 9 37 Figure 9 9 Networking diagram of accessing the SSH server th...

Page 162: ...describes how to log in to a router through Telnet and configure the router 9 3 Configuring SSH Users This section describes how to configure SSH users 9 4 Configuring the SSH Server This section describes how to configure the SSH server 9 5 Configuring the STelnet Client Function This section describes how to configure the STelnet client 9 6 Configuring the SFTP Client Function This section descr...

Page 163: ... service through the network The router provides the following Telnet services z Telnet server You can run the Telnet client program on a PC to log in to the router configure and manage it The router acts as a Telnet server z Telnet client You can run the terminal emulation program or the Telnet client program on a PC to connect with the router With the telnet command you can log in to other route...

Page 164: ...k is formed In this case Router A is the client of Router B and Router B is the client of Router C Figure 9 3 illustrates the usage of the two types of shortcut keys Figure 9 3 Usage of Telnet shortcut keys RouterA RouterB Telnet Server Telnet Session 1 Telnet Session 2 RouterC Telnet Client Ctrl_ The server interrupts the connection If the network connection is normal when you press Ctrl the Teln...

Page 165: ...ection and quit Telnet connection RouterA When the number of remote login users reaches to the maximum number of VTY user interfaces the system prompts that all user interfaces are in use and you cannot use Telnet to log in 9 1 3 SSH Terminal Services Overview of SSH When users on an insecure network log in to the router through Telnet the Secure Shell SSH feature offers security guarantee and pow...

Page 166: ...lems The system also faces serious threats from DOS attacks the host IP address spoofing and routing spoofing Telnet services are prone to network attacks SSH implements secure remote access on insecure networks and it has the following advantages compared to Telnet SSH supports RSA authentication mode In RSA authentication SSH implements secure key exchange by generating public and private keys T...

Page 167: ...he client It then calculates the session key In this way the server and the client have the same session keys to guarantee the session security z Negotiating authentication mode After the session key is calculated the server needs to authenticate the client The client sends the identity information to the server If the non authentication mode is configured on the server a session request is perfor...

Page 168: ...services complete the following tasks z Powering on the router z Configuring the IP addresses for interfaces of the router correctly z Configuring users authentication modes and call in or call out restrictions z Configuring a reachable route between the terminal and the router Data Preparation To configure Telnet terminal services you need the following data No Data 1 IP address of the router 2 V...

Page 169: ...lient to set up a connection with the router Do as follows the router logged in to from the client Step 1 Run system view The system view is displayed Step 2 Run interface aux interface number The interface view is displayed Step 3 Run async mode flow The asynchronous interface of the router connected with external devices is configured to the interactive mode Step 4 Run redirect The Telnet redire...

Page 170: ... Checking the Configuration Run the following commands to check the previous configuration Action Command Check the connection status of the current user interface display users Check the connection status of all user interfaces display users all Check the status of all the established TCP connections display tcp status Run the display tcp status command to view TCP connection status When ESTAB in...

Page 171: ...paration To configure SSH users you need the following data No Data 1 Name and password of SSH users 2 Authentication mode of SSH users 3 Service type of SSH users 4 Name of the peer RSA public key assigned to SSH users 5 Operating directory of the SFTP service for SSH users Configuration Procedures To configure the SSH user you need to take the following steps No Procedure 1 Creating an SSH User ...

Page 172: ...a is created you need to create a local user that has the same name in the AAA view 1 Run aaa The AAA view is displayed 2 Run local user username password cipher simple password The local user is created End If the SSH user is not created separately you can create the SSH user when performing the following configurations z Configuring the Authentication Mode for SSH Users z Configuring the Service...

Page 173: ...he server separately Step 1 Run system view The system view is displayed Step 2 Run rsa local key pair create A local RSA key pair is generated End To log in to the SSH server the local RSA key pair must be configured and generated first Before the other configurations of SSH you must configure the rsa local key pair create command to generate a local key pair 9 3 5 Configuring the Authentication ...

Page 174: ...me authentication type rsa The RSA authentication is configured for the SSH client 2 Run rsa peer public key key name The public key view is displayed 3 Run public key code begin The public key editing view is displayed 4 Run hex data The public key is edited 5 Run public key code end Quit the public key editing view 6 Run peer public key end Quit the public key view and return to the system view ...

Page 175: ...Optional Authorizing SSH Users Through the Command Line There are four authentication modes for an SSH user namely password rsa password rsa and all For the configuration of the command line authorization in password mode refer to the chapter AAA and User Management in the Quidway NetEngine80 Core Router Configuration Guide Security This section describes how to configure the command line authoriz...

Page 176: ...tem view The system view is displayed Step 2 Run ssh user username sftp directory directoryname The authorized directory of SFTP service for SSH users is configured End 9 3 10 Checking the Configuration Run the following commands to check the previous configuration Action Command Check the information of the SSH client on the SSH server display ssh user information Check the information of the spe...

Page 177: ...sed by the attacker s access to the standard port of the SSH server Pre configuration Tasks Before configuring SSH servers complete the following tasks z Connecting the SSH client and the SSH server correctly z Configuring reachable routes between the SSH client and the SSH server z Configuring the VTY user interface on the SSH server to support SSH z Configuring the SSH client on the SSH server z...

Page 178: ...tep 1 Run system view The system view is displayed Step 2 Run stelnet server enable The STelnet service is enabled End 9 4 3 Enabling the SFTP Service Do as follows on the router that serves as an SSH server Step 1 Run system view The system view is displayed Step 2 Run sftp server enable The SFTP service is enabled End 9 4 4 Optional Enabling the Earlier Version Compatible Function Do as follows ...

Page 179: ...addition the service capability of SSH2 0 is improved to support functions such as SFTP z This product supports the SSH versions that range from 1 3 to 2 0 including 1 3 and 2 0 9 4 5 Optional Configuring the Number of the Port Monitored by the SSH Server Do as follows on the router that serves as an SSH server Step 1 Run system view The system view is displayed Step 2 Run ssh server port port num...

Page 180: ...on Run the following command to check the previous configuration Action Command Check the global configuration of the SSH server display ssh server status When running the display ssh server status command you can view that the version of the protocol that the SSH session connects to is 1 99 and the times for the SSH session to retry connecting is 5 Quidway display ssh server status SSH version 1 ...

Page 181: ...uring the SSH user on the SSH server z Enabling the STelnet service on the SSH server Data Preparation To connect the STelnet client to the SSH2 server you need the following data No Data 1 Name of the SSH server 2 Number of the port monitored by the SSH server 3 Preferred encrypted algorithm from the STelnet client to the SSH server 4 Preferred encrypted algorithm from the STelnet server to the S...

Page 182: ...or the first time The check is skipped because the STelnet or SFTP server has not saved the RSA public key of the SSH server at this time z If the first time authentication is not enabled on the SSH client when the STelnet or SFTP client logs in to the SSH server for the first time the STelnet or SFTP client fails to pass the check on the RSA public key validity and cannot log in to the server Exc...

Page 183: ...96 md5 md5_96 prefer_stoc_hmac sha1 sha1_96 md5 md5_96 vpn instance vpn instance name command You can log in to the SSH server through STELNET End When accessing the SSH server the STelnet client can carry the source address and the name of the VPN instance and choose the key exchange algorithm encrypted algorithm and HMAC algorithm 9 5 5 Checking the Configuration Run the following commands to ch...

Page 184: ...he secure file transmission Pre configuration Tasks Before connecting the SFTP client to the SSH2 server complete the following tasks z Creating the local RSA key pair on the SSH server z Configuring the SSH client on the SSH server z Enabling the SFTP service on the SSH server Data Preparation To connect the SFTP client to the SSH2 server you need the following data No Data 1 Name of the SSH serv...

Page 185: ...aging the Directory 5 Optional Managing the File 6 Optional Displaying the SFTP Client Command Help 7 Checking the Configuration 9 6 2 Configuring the First Time Authentication on the SSH Client Do as follows on the router that serves as an SSH client Step 1 Run system view The system view is displayed ssh client first time enable Enable the first authentication of the SSH client End 9 6 3 Configu...

Page 186: ...lnet When accessing the SSH server the SFTP can carry the source address and the name of the VPN instance and choose the key exchange algorithm encrypted algorithm and HMAC algorithm 9 6 5 Optional Managing the Directory Do as follows on the router that serves as the SSH client Step 1 Run system view The system view is displayed Step 2 Run sftp a source address host ipv4 port prefer_kex dh_group1 ...

Page 187: ...pecified directory on the SFTP client side 9 6 6 Optional Managing the File Do as follows on the login router Step 1 Run system view The system view is displayed Step 2 Run sftp a source address host ipv4 port prefer_kex dh_group1 dh_exchange_group prefer_ctos_cipher des 3des aes128 prefer_stoc_cipher des 3des aes128 prefer_ctos_hmac sha1 sha1_96 md5 md5_96 prefer_stoc_hmac sha1 sha1_96 md5 md5_96...

Page 188: ...s128 prefer_stoc_cipher des 3des aes128 prefer_ctos_hmac sha1 sha1_96 md5 md5_96 prefer_stoc_hmac sha1 sha1_96 md5 md5_96 vpn instance vpn instance name You can log in to the SSH server through SFTP Step 3 Run help all command name The SFTP client command help is displayed End 9 6 8 Checking the Configuration Run the following commands to check the previous configuration Action Command Check the m...

Page 189: ...ging SSH Terminal Services 9 7 1 Debugging Telnet Terminal Services When a Telnet fault occurs run the following debugging command in the user view to locate the fault Debugging affects the performance of the system So after debugging run the undo debugging all command to disable it immediately Action Command Enable Telnet debugging debugging telnet 9 7 2 Debugging SSH Terminal Services This secti...

Page 190: ... function debugging ssh server vty index all message event packet all 9 8 Configuration Examples 9 8 1 Example for Configuring Telnet Terminal Services Networking Requirements As shown in Figure 9 6 Router A and Router B can ping through each other Users can log in to Router B from Router A through Telnet Figure 9 6 Networking diagram of the Telnet terminal services mode GE1 0 0 1 1 1 1 24 GE1 0 0...

Page 191: ... 2 Configure the authentication mode and the password of Telnet on Router B RouterB system view RouterB user interface vty 0 4 RouterB ui vty0 4 authentication mode password RouterB ui vty0 4 set authentication password simple 123456 RouterB ui vty0 4 quit Step 3 Log in to Router B from Router A through Telnet RouterA telnet 1 1 1 2 Trying 1 1 1 2 Press CTRL K to abort Connected to 1 1 1 2 All rig...

Page 192: ...figure Client002 adopt the RSA authentication and assign the public key RsaKey001 to Client002 The user interface supports only SSH Figure 9 7 Networking diagram of connecting the STelnet client to the SSH server STelnet Client SSH Server Configuration Roadmap The configuration roadmap is as follows 1 Configure both Client001 and Client002 on the SSH server 2 Generate the local key pairs on the ST...

Page 193: ...onfigure a local user of the same user name z If the RSA password RSA and all authentication is used the server must save the RSA public key of the SSH client Configure the VTY user interface Quidway user interface vty 0 4 Quidway ui vty0 4 authentication mode aaa Quidway ui vty0 4 protocol inbound ssh Quidway ui vty0 4 quit z Create an SSH user Client001 Set the password authentication for the SS...

Page 194: ...0001 Host public key for PEM format code BEGIN SSH2 PUBLIC KEY AAAAB3NzaC1yc2EAAAADAQABAAAAQQC 815LxhvXhvkHtd59Z3DD5f0XqyA8j8u7 yP3y98tnTlGehBkPa5eo6pH8S7nhiDZedL VTGh3Z6ica0Mdfj4b END SSH2 PUBLIC KEY Public key code for pasting into OpenSSH authorized_keys file ssh rsa AAAAB3NzaC1yc2EAAAADAQABAAAAQQC 815LxhvXhvkHtd59Z3DD5f0XqyA8j8u7yP3y98tn TlGehBkPa5eo6pH8S7nhiDZedL VTGh3Z6ica0Mdfj4b rsa key Tim...

Page 195: ... Client001 and Client002 Quidway system view Quidway ssh user client001 service type stelnet Quidway ssh user client002 service type stelnet Step 7 Connect the STelnet client to the SSH server For the first login you need to enable the first authentication on SSH client client001 ssh client first time enable client002 ssh client first time enable Client001 of the STelnet connects to SSH server thr...

Page 196: ...ay lead to prosecution Note The max number of VTY users is 10 and the current number of VTY users on line is 1 Quidway Step 8 Verify the configuration After the configuration run the display ssh server status and display ssh server session commands You can view that the STelnet service is enabled and the STelnet client is connected to the SSH server successfully Display the SSH status Quidway disp...

Page 197: ... Name client001 Authentication type password User public key name Sftp directory Service type stelnet Authorization cmd No User 2 User Name client002 Authentication type rsa User public key name RsaKey001 Sftp directory Service type stelnet Authorization cmd No End Configuration Files sysname Quidway rsa peer public key rsakey001 public key code begin 3047 0240 BFF35E4B C61BD786 F907B5DE 7D6770C3 ...

Page 198: ...server in the authentication mode password RSA Password RSA and all Figure 9 8 Networking diagram of connecting the SFTP client to the SSH server SFTP Client SSH Server Configuration Roadmap The configuration roadmap is as follows 1 Configure Clinet001 and Client002 on the router 2 Generate the local key pair on the STelnet client and the SSH server respectively 3 Generate the RSA public key on th...

Page 199: ...server should save the RSA public key for the SSH client Configure the VTY user Interface Quidway user interface vty 0 4 Quidway ui vty0 4 authentication mode aaa Quidway ui vty0 4 protocol inbound ssh Quidway ui vty0 4 quit z Create Client001 for the SSH user Create an SSH user with the name Client001 The authentication mode is password Quidway ssh user client001 Quidway ssh user client001 authen...

Page 200: ...f Key pair created 16 38 51 2007 5 25 Key name client002_Server Key type RSA encryption Key Key code 3067 0260 BCFAC085 49A2E70E 1284F901 937D7B63 D7A077AB D2797280 4BCA86C0 4CD18B70 5DFAC9D3 9A3F3E74 9B2AF4CB 69FA6483 E87DA590 7B47721A 16391E27 1C76ABAB 743C568B 1B35EC7A 8572A096 BCA9DF0E BC89D3DB 5A83698C 9063DB39 A279DD89 0203 010001 client002 Send the RSA public key generated on the client to ...

Page 201: ...nnect the STelnet client to the SSH server When you log in for the first time enable the first time authentication for the SSH client client ssh client first time enable Connect the STelnet client001 to the SSH server in the password authentication client001 system view client001 sftp 10 164 39 222 Please input the username client001 Trying 10 164 39 222 Press CTRL K to abort Connected to 10 164 3...

Page 202: ...hmac sha1 96 Kex diffie hellman group1 sha1 Service Type sftp Authentication Type password Session 2 Conn VTY 4 Version 2 0 State started Username client002 Retry 1 CTOS Cipher aes128 cbc STOC Cipher aes128 cbc CTOS Hmac hmac sha1 96 STOC Hmac hmac sha1 96 Kex diffie hellman group1 sha1 Service Type sftp Authentication Type rsa Display the information of the SSH user Quidway display ssh user infor...

Page 203: ...ftp directory flash ssh user client001 ssh user client002 user interface vty 0 4 authentication mode aaa protocol inbound ssh return 9 8 4 Example for Accessing the SSH Server Through Other Port Numbers Networking Requirements The standard monitored port number of the SSH protocol is 22 If the attacker accesses the standard port continuously the bandwidth is consumed and the performance of the ser...

Page 204: ...H server 2 Generate the local key pair on STelnet client and SSH server respectively The SSH server monitors the port number 3 Generate the local key pair on client and SSH server respectively 4 Generate the RSA public key on SSH server and bind the RSA public key of SSH client to Client002 5 Enable STelnet and SFTP service on the SSH server 6 Configure service mode and authorization directory of ...

Page 205: ...5 25 Key name client002_Host Key type RSA encryption Key Key code 3047 0240 BFF35E4B C61BD786 F907B5DE 7D6770C3 E5FD17AB 203C8FCB BBC8FDF2 F7CB674E 519E8419 0F6B97A8 EA91FC4B B9E18836 5E74BFD5 4C687767 A89C6B43 1D7E3E1B 0203 010001 Host public key for PEM format code BEGIN SSH2 PUBLIC KEY AAAAB3NzaC1yc2EAAAADAQABAAAAQQC 815LxhvXhvkHtd59Z3DD5f0XqyA8j8u7 yP3y98tnTlGehBkPa5eo6pH8S7nhiDZedL VTGh3Z6ica...

Page 206: ...ser has four authentication modes namely password RSA password rsa and all z When the SSH adopts the password or password rsa authentication it requires you to configure a local user with the same name z When the SSH user adopts the RSA password rsa or all authentication the server should save the RSA public key for the SSH client Configure the VTY user Interface Quidway user interface vty 0 4 Qui...

Page 207: ... the SSH server through the new port number client001 stelnet 10 164 39 222 1025 Please input the username client001 Trying 100 2 150 13 Press CTRL K to abort Connected to 100 2 150 13 he server is not authenticated Do you continue to access it Y N y Do you want to save the server s public key Y N y he server s public key will be saved with the name 10 164 39 222 Please wait Enter password Enter t...

Page 208: ...the SSH server successfully Display the SSH status Quidway display ssh server status SSH version 1 99 SSH connection timeout 60 seconds SSH server key generating interval 0 hours SSH Authentication retries 3 times SFTP server Enable STELNET server Enable SSH server port 1025 Display the connection of the SSH server Quidway display ssh server session Session 1 Conn VTY 3 Version 2 0 State started U...

Page 209: ...ser client001 service type ssh sftp server enable stelnet server enable ssh server port 1025 ssh user client001 ssh user client002 ssh user client001 authentication type password ssh user client002 authentication type RSA ssh user client002 assign rsa key RsaKey001 ssh user client001 service type stelnet ssh user client002 service type sftp ssh user client002 sftp directory flash user interface vt...

Page 210: ... is shown in Figure 9 10 Figure 9 10 Networking diagram of authenticating the SSH through RADIUS SSH Server SSH Client RADIUS Server Configuration Roadmap The configuration roadmap is as follows 1 Configure the RADIUS template on the SSH server 2 Configure a domain on the SSH server 3 Create a user on the RADIUS server 4 Generate the local key pair on STelnet client and SSH server respectively The...

Page 211: ...idway sysname client client rsa local key pair create Generate the RSA public key on the client client display rsa local key pair public Time of Key pair created 16 38 51 2007 5 25 Key name Quidway_Host Key type RSA encryption Key Key code 3047 0240 BFF35E4B C61BD786 F907B5DE 7D6770C3 E5FD17AB 203C8FCB BBC8FDF2 F7CB674E 519E8419 0F6B97A8 EA91FC4B B9E18836 5E74BFD5 4C687767 A89C6B43 1D7E3E1B 0203 0...

Page 212: ...B43 Quidway rsa key code 1D7E3E1B Quidway rsa key code 0203 Quidway rsa key code 010001 Quidway rsa key code public key code end Quidway rsa public key peer public key end Step 3 Create the SSH user On the RADIUS server add two users named ssh1 ssh com and ssh2 ssh com respectively in addition designate the NAS address 10 164 39 222 and the key huawei The NAS address refers to the address of SSH s...

Page 213: ...eme Test and RADIUS template ssh Quidway aaa Quidway aaa domain ssh com Quidway aaa domain ssh com authentication scheme test Quidway aaa domain ssh com radius server ssh Quidway aaa domain ssh com quit Quidway aaa quit Step 6 Connect the SSH client and the SSH server Enable STelnet and SFTP services on the SSH server Quidway system view Quidway stelnet server enable Quidway sftp server enable For...

Page 214: ...After the configuration run the display radius server configuration and display ssh server session commands on the SSH server You can view the configuration of the RADIUS server on the SSH server You can also view that the STelnet or SFTP client is connected to the SSH server successfully in the RADIUS authentication Display the configuration of the RADIUS server Quidway aaa display radius server ...

Page 215: ... diffie hellman group1 sha1 Service Type sftp Authentication Type password End Configuration Files sysname Quidway radius server template ssh radius server authentication 10 164 16 49 1812 rsa peer public key rsakey001 public key code begin 3047 0240 C4989BF0 416DA8F2 2675910D 7F2997E8 5573A35D 0163FD4A FAC39A6E 0F45F325 A4E3AA1D 54692B04 C6A28D3D C58DE2E8 E0D58D65 7A25CF92 A74D21F9 E917182B 0203 ...

Page 216: ...pyright Huawei Technologies Co Ltd 9 55 ssh user ssh2 ssh com authentication type password ssh user ssh1 ssh com assign rsa key RsaKey001 ssh user ssh1 ssh com service type stelnet ssh user ssh2 ssh com service type sftp ssh user ssh2 ssh com sftp directory flash user interface vty 0 4 authentication mode aaa protocol inbound ssh Return ...

Page 217: ... 3 Managing the Device Operation 10 5 10 3 1 Setting the Temperature Warning Threshold Upgrading the Board 10 5 10 3 2 Disabling or Re enabling the DASL Port of the LPU 10 5 10 3 3 Resetting the Device and Switching over the Channel 10 6 10 3 4 Displaying the Device Information 10 6 10 4 Configuring the Electronic Labelelectronic 10 7 10 4 1 Establishing the Configuration Task 10 7 10 4 2 Querying...

Page 218: ...owing table lists the contents of this chapter Section Describes 10 1 Introduction This section describes the principle and concepts of the router maintenance 10 2 Upgrading the Board This section describes how to upgrade the board software 10 3 Managing the Device Operation This section describes how to manage the device operation 10 4 Configuring the Electronic Label This section describes how t...

Page 219: ...the software upgrade the previous software version is backed up in the router The online download of software has no impact on the operation of the system The router series USR can upgrade each board respectively 10 1 2 Device Operation Management The device operation management is responsible for monitoring the running status of the device and the setting of the parameters of the device The funct...

Page 220: ...upgrade for this board only to save the software download time Preconfigured Tasks Before upgrading the board software complete the following tasks z Powering on the router normally z Connecting the router with PC correctly through the console port Data Preparations To upgrade the board software you need the following data No Data 1 Board software of the new version 2 Directory to store the softwa...

Page 221: ... Stratum 3 Clock Board Do as follows on the router to be upgraded Step 1 Run upgrade clock slot id file name startup bootrom software The BootROM of the stratum 3 clock board is upgraded End When the system software packet is being upgraded or the stratum 3 clock board runs abnormally you need to upload the software for the BootROM and the BootLoad again If the stratum 3 clock board runs normally ...

Page 222: ...rature The temperature threshold for the LPU is set End The temperature threshold can be set for the LPU of the router The system will send the alarm information if the temperature exceeds the threshold 10 3 2 Disabling or Re enabling the DASL Port of the LPU If an LPU is directly plugged out for resetting this may cause reboot of other LPUs with a probability less than 1 Therefore you can shut do...

Page 223: ...nds in any view to view the operation status of the device Action Command Display the basic information of the device display device pic status slot id Display the self test information of the device display selftest slot id Display the version of the device display version slot id Display the environment information display environment Display the alarm or status information display alarm record ...

Page 224: ...p the electronic label information to a specified FTP server you need to configure the electronic label function Pre configuration Tasks None Data Preparation None Configuration Procedures No Procedure 1 Querying the Electronic Label 2 Backing Up the Electronic Label 10 4 2 Querying the Electronic Label Step 1 Run display elabel slot id The electronic label is queried End 10 4 3 Backing Up the Ele...

Page 225: ...air filter after the air filter has been running for a period of time Preconfigured Tasks None Data Preparations To configure a cleaning cycle for the air filter you need the following data No Data 1 Cleaning cycle of the air filter Configuration Procedures No Procedure 1 Configuring a Checking of the Air Filter based on the Device Temperature 2 Configuring a Cleaning Cycle for the Air Filter 3 Re...

Page 226: ...ed on the MPU which may be inserted removed switched or replaced during usage Therefore the monitoring cycle may differ from the set cycle but this does not affect the monitoring function End 10 5 4 Remonitoring the Cleaning Cycle of the Air Filter The system generates an alarm about cleaning the air filter After ensuring that the air filter is cleaned or does not need to be cleaned you need to cl...

Page 227: ...e Quidway NetEngine80 Configuration Guide Basic Configurations 10 10 Huawei Proprietary and Confidential Copyright Huawei Technologies Co Ltd Issue 04 2009 12 20 Up to last clean days 1 day Clean alarm existence days 0 day ...

Page 228: ...11 2 1 Establishing the Configuration Task 11 3 11 2 2 Uploading the System Software and License to the Master MPU 11 3 11 2 3 Copying the System Software and License to the Slave MPU 11 4 11 2 4 Checking the Configuration 11 4 11 3 Specifying the System Software for the Next Startup of the Router 11 5 11 3 1 Establishing the Configuration Task 11 5 11 3 2 Specifying the System Software for the Ne...

Page 229: ...ble shows the contents of this chapter Section Description 11 1 Introduction This section describes the principle and concepts of the system software upgrade 11 2 Uploading the System Software and License Files This section describes how to upload the system software and license files 11 3 Specifying the System Software for the Next Startup of the Router This section describes how to specify the s...

Page 230: ...ot delete the previous system software When the upgrade fails the system software can restore to the previous version 11 1 2 License The license can be used to control the availability of some product features on a dynamic basis For example if the license file indicates that a particular feature is available you can see all related commands and functions after the system is started If a feature is...

Page 231: ...ploading the system software and license complete the following tasks z Ensuring that the router works normally z Ensuring that the router can be logged in to Data Preparation To upload the system software and license you need the following data z System software of the new version z License files of the new version Configuration Procedures No Procedure 1 Uploading the System Software and License ...

Page 232: ...peat the preceding steps 11 2 4 Checking the Configuration Run the following commands to check the previous configuration Action Command Check the file information on the of the master MPU dir flash dir Check the file information on the of the slave MPU dir flash dir slave After uploading the files run the preceding commands and you can view the information of the uploaded files For example check ...

Page 233: ...s to specify system software of the same version to the master and slave MPUs After the system software is specified the system uploads the software at the specified path when the router is restarted next time Pre configuration Tasks None Data Preparation Before specifying the system software for the next startup of the router you need to prepare the absolute path of the system software Configurat...

Page 234: ...d The PAF file is specified for the slave MPU after the next startup Step 3 Run startup license file name The License file is specified for the main MPU after the next startup Step 4 Run startup license file name slave board The License file is specified for the slave MPU after the next startup End 11 3 4 Optional Configuring Patch Packages To upgrade the version of the system software you need to...

Page 235: ... hd V300R005C01B323SPC001 bin Next startup system software hd V300R005C01B323SPC001 bin Startup saved configuration file flash vrpcfg zip Next startup saved configuration file flash vrpcfg zip Startup paf file flash paf_v300r005c01 txt Next startup paf file flash paf_v300r005c01 txt Startup license file flash license_v300r005c01 txt Next startup license file flash license_v300r005c01 txt Startup p...

Page 236: ...ch on the MPU 12 7 12 4 1 Establishing the Configuration Task 12 7 12 4 2 Uploading the MPU Patch 12 7 12 4 3 Activating the MPU Patch 12 8 12 4 4 Running the MPU Patch 12 8 12 5 Stop Running the MPU Patch 12 9 12 5 1 Establishing the Configuration Task 12 9 12 5 2 Deactivating the MPU Patch 12 9 12 6 Unloading the MPU Patch 12 10 12 6 1 Establishing the Configuration Task 12 10 12 6 2 Deleting th...

Page 237: ...e80 Configuration Guide Basic Configurations Figures Issue 04 2009 12 20 Huawei Proprietary and Confidential Copyright Huawei Technologies Co Ltd iii Figures Figure 12 1 Conversion between the statuses of a patch 12 2 ...

Page 238: ...on describes how to check the running of patch in the system 12 3 Loading a Patch This section describes how to load a patch 12 4 Installing a Patch on the This section describes how to install a patch on the MPU 12 5 Stop Running the MPU Patch This section describes how to stop running the MPU patch 12 6 Unloading the MPU Patch This section describes how to unload the MPU patch 12 7 Installing a ...

Page 239: ...tch z The LPU patch Before running a patch obtain the correct patch files based on the type of boards At the same time the system allows the running of only one MPU patch and one LPU patch As a result you need to confirm no patch is running in the current system before installing a patch If a patch runs in the system delete the patch before installing the new patch The NE80 provides the patch func...

Page 240: ...the next startup Viewing the current patch status file does not mean viewing the current patch status For example in the patch status file the patch status of a board is Active After the next startup the patch status of the board turns to Deactive however the patch status on this board in the patch status file is still Active 12 2 Checking the Running of Patch in the System 12 2 1 Establishing the...

Page 241: ...ve MPU is checked End Before installing a patch on the MPU you need to check the running of patch on the master and slave MPU s For example Quidway display patch information Service pack Version V300R005C01SPH007 Pack file name hd v300r005c01sph007 pat The patch information of slot 5 Total Patch Unit 1 Running Patch Unit 1 1 Active Patch Unit no patch Deactive Patch Unit no patch The patch informa...

Page 242: ...he LPU you need to check the running of patch on all LPUs For example Quidway display patch information history slot 3 Current patch state Type Slot ID State From To C 3 1 200 idle NP 3 1 idle Patch history Type Slot ID State From To Info No patch operation history information This indicates that no patch runs in the current system If there are patches running you must unload them before loading n...

Page 243: ...ocedures No Procedure 1 Uploading a Patch to the Root Directory of the Master 2 Copying a Patch to the Root Directory of the Slave 12 3 2 Uploading a Patch to the Root Directory of the Master MPU Upload a patch to the root directory of the Flash Memory of the master MPU The NE80 supports the uploading of files through FTP TFTP and Xmodem Choose an uploading method based on the requirements 12 3 3 ...

Page 244: ...two versions are not the same the system prompts that the patch uploading fails Before installing a patch on the MPU you need to check the running of patch on the master and slave MPU s Otherwise the patch becomes invalid after the master slave switchover Pre configuration Tasks Before installing a patch on the MPU upload the patch to the root directory of the Flash Memory of the master and slave ...

Page 245: ...s operation takes effect on all the boards 12 4 3 Activating the MPU Patch Do as follows on the router to be upgraded Step 1 Run system view The system view is displayed Step 2 Run patch active The MPU patch is activated Step 3 Run patch active slave The slave MPU patch is activated End A patch can be activated only when it is correctly uploaded and is in the deactivated state When a patch is acti...

Page 246: ...nning the MPU Patch 12 5 1 Establishing the Configuration Task Applicable Environment After a patch is activated you need to judge that the patch has achieved the expected effect If the patch does not become valid you need to activate the patch A patch can be deactivated only after it is activated Pre configuration Tasks None Data Preparation None Configuration Procedures No Procedure 1 Deactivati...

Page 247: ...icable Environment When upgrading the system software or installing a new patch you need to delete the running patch You can delete a patch of any status Pre configuration Tasks None Data Preparation None Configuration Procedures No Procedure 1 Deleting the MPU Patch 12 6 2 Deleting the MPU Patch Step 1 Run system view The system view is displayed Step 2 Do as follows on the router to be upgraded ...

Page 248: ...ecks that the patch version is the same as the system version If the two versions are not the same the system prompts that the patch uploading fails When installing a patch on the LPU you need to delete the running patch Pre configuration Tasks Before installing a patch on the LPU upload the patch to the root directory of the of the master and slave MPU s Data Preparation None Configuration Proced...

Page 249: ...tch can be activated only when it is correctly uploaded and is in the deactivated state When a patch is activated it becomes valid immediately After the board is reset however the patch does not remain valid After a patch is activated you need to judge that the patch has achieved the expected effect If the patch does not become valid you need to stop running the patch If the patch becomes valid yo...

Page 250: ...valid you need to activate the patch A patch can be deactivated only after it is activated Pre configuration Tasks None Data Preparation None Configuration Procedures No Procedure 1 Deactivating the LPU Patch 12 8 2 Deactivating the LPU Patch Do as follows on the router to be upgraded Step 1 Run system view The system view is displayed Step 2 Run patch deactive slot slot id The LPU patch is deacti...

Page 251: ...e 04 2009 12 20 You can delete a patch that is in any status Pre configuration Tasks None Data Preparation None Configuration Procedures No Procedure 1 Deleting the LPU Patch 12 9 2 Deleting the LPU Patch Do as follows on the router to be upgraded Step 1 Run system view The system view is displayed Step 2 Run patch delete slot slot id The LPU patch is deleted End ...

Page 252: ...tEngine80 Configuration Guide Basic Configurations Contents Issue 04 2009 12 20 Huawei Proprietary and Confidential Copyright Huawei Technologies Co Ltd i Contents A Glossary A 1 B Acronyms and Abbreviations B 1 ...

Page 253: ...A connection oriented network technology that uses the fixed cell 53 bytes to transfer services of multiple types such as text audio or video data The fixed length of the ATM cells enables the hardware processing of the cells and thus shortens the forwarding delay ATM takes full advantage of high speed media such as E3 SONET and T3 Authentication A method used to prove user identity Authorization ...

Page 254: ...by Xerox and developed by Xerox Intel and Digital Equipment Corporation DEC This specification is similar to IEEE802 3 Ethernet_II An encapsulation format of the Ethernet frame Ethernet_II that contains a 16 bit protocol type field is the standard ARPA Ethernet Version 2 0 encapsulation Ethernet_SNAP An encapsulation format of the Ethernet frame The frame format complies with RFC 1042 and enables ...

Page 255: ...e through which the router can exchange data with the network device in a LAN License Permission of some features that dynamically control the product Logical interface A configured interface that can exchange data but does not exist physically A logical interface can be a sub interface virtual template interface virtual Ethernet interface Loopback interface Null interface and Tunnel interface M M...

Page 256: ... is responsible for sending the packet to the destination host RRPP Rapid Ring Protection Protocol A protocol that is applied on the data link layer When the Ethernet ring is complete it can prevent the broadcast storm caused by the data loop When a link is disconnected on an Ethernet ring it can rapidly restore the communication link between the nodes on the ring network RSVP TE Traffic engineeri...

Page 257: ...Segment VPN Virtual Private Network A new technology developed with the Internet to provide an apparent single private network over a public network Virtual means that the network is a logical network VRP Versatile Routing Platform A versatile routing operating system platform developed for all data communication products of Huawei With the IP service as its core the VRP adopts the componentized a...

Page 258: ... Basic Configurations A 6 Huawei Proprietary and Confidential Copyright Huawei Technologies Co Ltd Issue 04 2009 12 20 XOT X 25 over TCP A protocol that implements the interconnection between two X 25 networks through the TCP packet bearing X 25 frames ...

Page 259: ...rics A AAA Authentication Authorization and Accounting ACL Access Control List ARP Address Resolution Protocol ASPF Application Specific Packet Filter ATM Asynchronous Transfer Mode AUX Auxiliary port B BGP Border Gateway Protocol C CBQ Class based Queue CHAP Challenge Handshake Authentication Protocol CQ Custom Queuing CR LDP Constrain based Routing LDP D DHCP Dynamic Host Configuration Protocol ...

Page 260: ...ering Task Force IKE Internet Key Exchange IPSec IP Security IS IS Intermediate System to Intermediate System intra domain routing information exchange protocol ITU T International Telecommunication Union Telecommunications Standardization Sector L L2TP Layer Two Tunneling Protocol LAPB Link Access Procedure Balanced LDP Label Distribution Protocol M MAC Medium Access Control MBGP Multiprotocol Ex...

Page 261: ...on and Maintenance OSPF Open Shortest Path First P PAP Password Authentication Protocol PE Provider Edge Ping Ping Packet Internet Groper PPP Point to Point Protocol PPPoA PPP over AAL5 PPPoE Point to Point Protocol over Ethernet PPPoEoA PPPoE on AAL5 PQ Priority Queuing Q QoS Quality of Service R RADIUS Remote Authentication Dial In User Service RIP Routing Information Protocol RPR Resilient Pack...

Page 262: ... Copyright Huawei Technologies Co Ltd Issue 04 2009 12 20 V VLAN Virtual Local Area Network VPLS Virtual Private LAN Service VPN Virtual Private Network VRP Versatile Routing Platform VRRP Virtual Router Redundancy Protocol W WAN Wide Area Network WFQ Weighted Fair Queuing WRED Weighted Random Early Detection X XOT X 25 Over TCP ...

Page 263: ...Quidway NetEngine80 Configuration Guide Basic Configurations Contents Issue 04 2009 12 20 Huawei Proprietary and Confidential Copyright Huawei Technologies Co Ltd i Contents Index i 1 ...

Page 264: ...minal services 9 7 configuring TFTP 8 14 configuring Xmodem 8 17 D device management setting the temperature threshold 10 5 displaying system status 4 7 F File System overview 6 2 FTP configuration 8 3 example 8 18 overview 8 2 H hot keys classification 3 11 use 3 13 M maintenance electronic label 10 2 introduction 10 2 online device management 10 2 online upgrade 10 2 maintenance configure electr...

Page 265: ...12 20 system software license 11 2 upgrade 11 3 system software upgrade 11 2 T Telnet configuration 9 7 overview 9 2 TFTP configuration 8 14 example 8 24 overview 8 2 U upgrading the board 10 3 user interface configuration 5 5 numbering 5 2 terminal attribute 5 7 user management configuration 5 16 5 23 X XModem configuration 8 17 example 8 26 overview 8 2 i ...

Reviews:

No comments

Brands by name

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Popular brands

Load more brands